CSEC650 Individual Assignment 2 1 | Page
Disclaimer/Caveat/Disclosure/Whateveryouwouldliketocallthis:
You are more than welcome to use my paper below as a reference. But, please be smart and do not simply copy and paste because your Prof. or TA will know. Justlike you, they have access to this website as well. So be nice and smart and don't set yourself up for a failure, at the very least you should rephrase/paraphrase/reword/Whateveryouprefertocallthis.Just a suggestion, but at the end of the day, it will be your decision. :)
Also, I have got at the very least 90% in each of my papers, but that DOES NOT guarantee that you will get the same. It depends almost exclusively on how yourprofessor looks at your response and how s/he grades. The ones that I got were awesome professors and my workand my points went across to them, hence the higher grade. So, basically what I am trying to say here is that if you score less than 90% while using my papers as reference or as a whole, don't curse me out, you just got a stricter professor. :)
2 | P a g e
Abstract:
The paper talks about contingency/continuity plan for a
business organization and the benefits for having such plan. The
paper mentions the steps of contingency plan, and the steps of
recovery option that needs to be taken in case the contingency
plan is executed due to any reason. The paper also talks about
the testing requirement of the contingency plan and talks in
detail the benefit of the test phase. In the later part of the
paper, a 24-month contingency plan of an organization providing
Computer Forensic Investigation Services (CFIS) is discussed. The
paper further elaborates on the type of testing that should be
done during the CFIS contingency plan. The paper also talks about
the benefits of running the detailed testing in a CFIS
organization.
4 | P a g e
Table of Content:
Abstract:............................................................2
Table of Content:....................................................3
Introduction:........................................................4
Contingency Planning:................................................5
Recovery Options:....................................................7
Testing Requirement:.................................................9
Contingency Plan Recommendation:....................................10
Conclusion:.........................................................13
References:.........................................................14
6 | P a g e
Introduction:
In today's fast paced, technology driven world, it is
crucial for all types of businesses to have a continuity plan
that will help a business sustain on its own in case a disaster
happens. In many cases, it usually isn't something predictable or
extreme to bring a business to halt. Sometimes, act of nature
simple as rainfall can create situations where it becomes
absolute necessary to shut down the business facility, either to
protect its assets, people, or just to protect the surroundings.
Sometimes a business comes to halt if their security is breached
by either an internal or an external culprit.
Every business, may that be a small "Mom-Pops" business or a
multi region/nation business, needs a continuity plan to operate,
uninterruptedly, in this fast paced digital world. For some
organizations and businesses, even shutting down for an hour can
cause millions, in some cases billions, of dollars of loss.
Natural disasters are typically a reason for business shut down.
These disasters can be from up-above in the shape of heavy
7 | P a g e
rainfall, snow or wind, or down below in the form of earthquakes
or flooding. But lately, the power outage has been another reason
for the businesses to look for shelter. In the Northeast Black
out of 2003, majority of the businesses in the North Eastern
region of the U.S., and part of Canada, were in a total shut down
because the whole region was out of power for days, and in some
areas for weeks, due to the power trip caused by human error and
equipment failure (Minkel, 2008). This caused many of the
businesses to reconsider and rework their continuity plan to
survive something like that from re-occurring.
8 | P a g e
When dealing with the Forensics, may that be Computer
Forensics or any other form of Forensics, it is very important to
have a contingency plan in place, and tested throughout, to make
sure that the plan works when needed and there won't be any
delays in the processing of the evidence. Not only it helps keep
the business up and running, a continuity plan also saves
precious time of the Forensic experts that they can lose during a
down time. Not only the delay can set them behind their schedule,
it can also lead to many complications down the road, especially
if the forensics are been done to find a culprit, or it has been
done to set a wrongfully accused person free.
Contingency Planning:
Contingency plan is a process that enables and prepares an
organization to respond to a disaster, both natural or man-made,
in a proper way, without going in to a chaotic shut-down. It is
basically a backup plan that an organization can rely on if all
else fails and the organization regular, everyday, routine
process is shut-down abruptly (Rouse, 2008). A contingency plan
should consists of, at the very least, following five (5) steps:
9 | P a g e
Management - First of all, an organization should create a
contingency response team from each of the department that will
be called in for support, in case a need arises. These team
members must consist of experts from each of the department of an
organization, consisting of a team manager to all the way to the
lowest tier support member. These members will be key players to
assure the optimum support for their own departments, if the
contingency plan goes in effect.
Risk Identification - Secondly an organization should conduct a
risk identification of what will be at stake if the business goes
down because of any reason. Risk assessment is very important in
any type of contingency plan because that outlines the key
sections and projects of an organization that will require
immediate attention. Without having that important information on
hand, the contingency plan might not be an effective one.
Implementation - A thorough and step-by-step procedure should be
implemented that will spell out what to do during the un-planned
system shut-down. This way, each member of the contingency plan
10 | P a g e
will know what to do and will avert any chaos that usually
follows such scenarios.
Testing - No matter how fool-proof and extravagant the
contingency plan is, testing must be performed on regularly
bases. Perhaps every six (6) months, just to make sure that
everyone will have a firm understanding of their roles.
Improvements/Updates - No system is perfect. Even the most
properly planned and executed program can use improvements over
time. The improvement could be minor or major, but either way,
the organization should keep auditing and editing the contingency
plan to make sure that it is still up-to-date and any kinks or
issues are resolved beforehand. The testing phase is usually a
good time for that (Walsh, 2012).
11 | P a g e
Figure 1: Contingency Plan (Courtesy of ContingencySolutions.net)
Recovery Options:
The recovery options should be simple and effective. The
organization must simple approach to implement them and before
implementing these options, they should be discussed and explained to
the higher management of the organization. The recovery manager should
explain to the Tier-1 management the total cost of the recovery
options and also what will be at stake if such recovery options are
not put in place. The recovery manager should also clarify the impact
that a system shut down can cause on the organization, in general as
well as a whole, to prevent any future confusions.
12 | P a g e
The disaster recovery option typically consists of seven (7) key
steps:
Assessment.
Analyze Effects.
Requirements.
Design Strategy.
Develop/Implementation Plans.
Validate Plans.
Maintain.
Figure 2: Seven Steps to Recovery (Courtesy of computerworld.com)
Each of these steps is dependent on each other and basically
relies on the previous step. If step 1 fails, the whole recovery plan
is at risk of failing.
Another important part of the recovery option is the
simplicity. The recover manager must keep the recovery option as
simple as possible. By keeping it simple, the recovery manager
can assure his management that in an event of disaster, all of
14 | P a g e
the important information will be safe and sound and will be
readily available to the organization employees and its customers
(Castellano, 2003). Though contingency plan is of number one
importance, the recovery plan doesn't fall too far behind from
it. A well thought out contingency plan can avoid the need to use
the recovery plan, but there can be an instance when the
contingency plan might not be able to fully protect a business,
and that is when an organization will be in need of a recovery
plan, and for that time, it is important for the recovery plan to
work.
Testing Requirement:
Testing phase is important for a successful and well-
designed contingency and recovery plan. Without proper testing, a
contingency plan and a recovery plan might not execute properly
and effectively to protect an organization during and after a
disaster. Testing not only assures that a system is working
properly and in the way it is designed to work, but it also helps
the policy makers to identify ways to improve on their system.
Testing phase helps the system designers make tweaks and
15 | P a g e
adjustments to better support their organization and to reduce
the damage and increase the efficiency. During a testing phase,
it is important for the system designers to test each and every
component of a system to make sure that there is not "weak-link"
that will bring the whole system down in a real need.
Though the testing requirements vary by the type of system
it is supposed to implemented on, there are some basic
requirements that must addressed in the contingency plan test.
There are five (5) main areas that a test plan must address in
any contingency plan:
Notification procedures;
System recovery on an alternate platform from backup media;
Internal and external connectivity;
System performance using alternate equipment; and
Restoration of normal operations; (Swanson et al. 2010)
16 | P a g e
By addressing the areas above, the system designer can
identify any types of deficiency that their system might have and
can address them beforehand. This way there will be a greater
chance of a successful contingency plan execution if or when a
disaster strikes. Without proper testing, there is a chance that
something that was overlooked at the time of implementation will
cause the system to fail. These types of failures can cause
devastating effects on any organization.
Contingency Plan Recommendation:
Though all of the business are important, an organization
providing Computer Forensic Investigation Services (CFIS) serves
a slightly different importance in the business field. The type
of service CFIS provides has its own value because not only, in
some cases, it has to work with equipment that has been destroyed
beyond recognition, the forensic experts also have to come up
with viable results that can be used for many different uses. For
that reason, the contingency/continuity plan that CFIS requires
has to be absolutely failsafe and must work whenever a need
arises.
17 | P a g e
In the 24-month cycle business contingency plan for a CFIS
the basics will remain the same as any other business. The plan
must follow the same 5 step procedure discussed above. Must go
through the testing phase to make sure that the contingency plan
will work like it is supposed to work, and must also have a
recovery plan to make sure that the business must continue to
operate during and after a disaster.
18 | P a g e
CFIS should consider having a remote site for its business
continuity that will be able to provide back services, in case
the primary facility is down for any reason. The remote facility
must be on a different electrical grid than the primary facility,
in case there is a power outage, or must be able to run on a
self-sustaining power source, such as a gas powered generator.
The remote facility should also have a back-up server that will
make a mirror image of everything that the primary facility
contains, that way if the primary facility server is out of
service, the traffic could be re-directed and accessed from the
remote site. The remote site should also be manned with support
staff that has similar skill set as the primary location, but in
the lower numbers. For example, if the primary site has three (3)
forensic experts working as permanent support, the remote site
will be assigned with only one (1) forensic expert. If the
primary site has nine (9) forensic support staff, the remote site
will have three (3), so on and so forth.
The remote site also will have the limited number of
equipment set up, similar to what the CFIS primary location will
have. That way, for a short time period, the remote site will be 19 | P a g e
able to provide the same services that the primary location
provides, but on a limited scale.
The contingency plan for a CFIS organization must be tested
throughout the year for its effectiveness and successful
operation and for enhancement purposes. The CFIS organization
should test the plan using various techniques and intervals. The
contingency plan should be reviewed every 2 - 3 months for any
required changes or adjustments. That way, if there is a need of
any edit to the plan, they can be done and reviewed in advance. A
table-top exercise should be conducted every six (6) months,
using the most up-to-dated contingency plan. Even if there are no
changes or adjustments made in the 2 - 3 month review, the table-
top exercise should still commence to make sure that each of the
steps are followed by the employees. Once a year, the CFIS
organization must conduct a full-blown backup and recovery
testing of the contingency plan. The advantage of doing a full-
blown testing is that it will give the CFIS employees a hands-on
practice of the contingency plan, and it will also update the
backup of the media that is saved on the primary server. Though a
daily backup of all of the content from primary to remote site 20 | P a g e
server must be executed, the yearly test will ensure that there
are no glitches remaining and that all of the backup is
successfully transferring to the remote servers.
The process of running the test is such manner could be a
higher than just running the test once a year. But, considering
the type of business it is, the extra cost is recoverable in the
form of successfully securing the important content that is
retrieved using the forensic techniques. Depending on the size of
the primary location, cost of running the remote site, with 1/3
of the workforce and equipment, may not be too high. And in an
event of total shut down of the primary facility because of any
unforeseeable and unpredictable reason, the production cost will
actually be lower than the primary facility because the remote
facility will be operating under limited capacity. Typically, the
contingency plan is made with the worst case scenario. So the
chances of a primary facility of a CFIS organization been out of
business for the full 24-months are negligible. But, if for any
reason that might happen, the CFIS will be able to sustain its
operation, with limited resources, and will be able to provide
services to its customers without any major interruptions. 21 | P a g e
Conclusion:
It is crucial for every business organization to have a
contingency plan. Regardless of the nature of its business,
location and/or resources. The contingency plan is basically a
"Plan-B" approach. Meaning, if all else fails, there will be
something to fall back on to survive. Some might argue that
having a contingency plan is not important for their business
because their business is not too vast and that they do not
require to be up and running all the time. But they would be
wrong. In the fast paced digital world with every increasing
competition among the businesses, one day down time can mean a
long term disadvantage. The contingency plan doesn't have to be
very elaborate and/or costly. Depending on the business size and
type, it can be something really small and cheap, but it will be
a life saver when needed.
Regardless of what type of business it is, the business
owners must spare their resources and invest in creating,
implementing and testing an effective contingency/continuity
23 | P a g e
plan. It might not be feasible and cost-effective in the
beginning, but in the long run, it will be very beneficial for a
business.
24 | P a g e
References:
Castellano, P. A. (April 2003). How to build realistic disaster
recovery options. Retrieved from,
http://www.computerworld.com/s/article/77236/How_to_build_realist
ic_disaster_r ecovery_options?taxonomyId=83&pageNumber=2
ContingencySolutions.net. Retrieved from,
http://www.contingencysolutions.net/contingency.htm
Minkel, J. R. (August 2008). The 2003 Northeast Blackout--Five
Years Later. Retrieved from,
http://www.scientificamerican.com/article.cfm?id=2003-blackout-
five-years- later
Rouse, M. (November 2008). Contingency Plan. Retrieved from,
http://whatis.techtarget.com/definition/contingency-plan
Swanson et al. (May 2010). Contingency Planning Guide for Federal
Information Systems. Retrieved from,
25 | P a g e