Please check the attachment for Lab details
Lab 9
In the browser, type the URL http://www.bluelock.com/blog/rpo-rto-pto-and-raas-disaster-recovery-explained/ and press Enter to open the Web site.
7. Read the article titled “RPO, RTO, PTO and RaaS: Disaster recovery explained.”
8. In the browser type the URL http://www.computerweekly.com/feature/How-to-write-a-disaster-recovery-plan-and-define-disaster-recovery-strategies/ and press Enter to open the Web site.
9. Read the article regarding disaster recovery strategies.
10. Make a backup of any Lab Assessment Worksheets you may have completed from this lab manual. If this is the only lab you’ve worked on, then make a mock Lab Assessment Worksheet using the worksheet from this lab and back that one up instead.
11. Attach the file(s) to an e-mail to your personal e-mail address. You may need to send multiple e-mails depending on your e-mail’s size limitations.
Note: At this point, ask yourself questions from the perspective of recovering from a disaster: Would I be able to access this e-mail from an offsite computer? Where is the e-mail stored? If I were incapacitated, is someone else able to proceed without me? This is the mindset of someone crafting business continuity plans.
12. Verify receipt of the e-mail message(s), and then open and verify file integrity for each attachment.
13. In your Lab Report file, write the backup procedures and recovery procedures you used.
Note: Arguably, the most important section of any business continuity plan is the Procedures section. A business can plan disaster recovery scenarios extensively, carefully weighing all possible risk likelihood and impacts. However, without detailed procedures with which to execute the recovery, a business will not resume operations efficiently, if at all. And this is especially true in times of near-panic and extreme “executive oversight” immediately following a disaster. The key source for documenting accurate and helpful recovery procedures is testing.
14. In your Lab Report file, describe your personal procedures in terms of your RTO as
explained in Web sites visited earlier in this lab.
15. Test your backup and recovery procedures per your RTO.
16. In your Lab Report file, describe ways you can lower the RTO.
Lab 10
Review the Mock IT infrastructure for a health care IT infrastructure servicing patients with life-threatening conditions (see Figure 1).
Figure 1 Mock IT infrastructure
4. Identify and then document the security controls and security countermeasures you can implement throughout Figure 1 to help mitigate risk from unauthorized access and access to intellectual property or customer
privacy data
.
5. Review the steps for creating a CIRT plan as outlined in the following table:
Step – Description of Step
Preparation – What tools, applications, laptops, and communication devices are needed to address computer/security incident response for this specific breach?
Identification – When an incident is reported, it must be identified, classified, and documented. During this step, the following information is needed: validating the incident; identifying its nature, if an incident has occurred; identifying and protecting the evidence; and logging and reporting the event or incident.
Containment – The immediate objective is to limit the scope and magnitude of the computer/security-related incident as quickly as possible, rather than allow the incident to continue to gain evidence for identifying and/or prosecuting the perpetrator.
Eradication – The next priority is to remove the computer/security-related incident or breach’s effects.
Recovery – Recovery is specific to bringing back into production those IT systems, applications, and assets that were affected by the security-related incident.
Post-Mortem Review – Following up on an incident after the recovery tasks and services are completed is a critical last step in the overall methodology. A post-mortem report should include a complete explanation of the incident and the resolution and applicable configuration management, security countermeasures, and implementation recommendations to prevent the security incident or breach from occurring again.
Note: The post-mortem review is arguably the most important step as CIRT team members re-evaluate their actions with the valuable luxury of hindsight. When the CIRT members are able to look back to compare what they saw and how it related to what happened next, they can continually improve what they offer the organization.
6. Create a CIRT response plan approach according to the six-step methodology unique to the risks associated with the item you choose from the following:
Internet ingress/egress at ASA_Student
Headquarters’ departmental VLANs on LAN Switch 1 and 2 with cleartext
privacy data
Remote branch office locations connected through the WAN
Data center/server farm at ASA_Instructor