CSEC650 Individual Assignment 2

CSEC650 Individual Assignment 2

1 | P a g e

Disclaimer/Caveat/Disclosure/Whateveryouwouldliketocallthis:

You are more than welcome to use my paper below as a reference. But, please be smart and do not simply copy and paste because your Prof. or TA will know. Justlike you, they have access to this website as well. So be nice and smart and don't set yourself up for a failure, at the very least you should rephrase/paraphrase/reword/Whateveryouprefertocallthis.Just a suggestion, but at the end of the day, it will be your decision. :)

Also, I have got at the very least 90% in each of my papers, but that DOES NOT guarantee that you will get the same. It depends almost exclusively on how yourprofessor looks at your response and how s/he grades. The ones that I got were awesome professors and my workand my points went across to them, hence the higher grade. So, basically what I am trying to say here is that if you score less than 90% while using my papers as reference or as a whole, don't curse me out, you just got a stricter professor. :)

2 | P a g e

3 | P a g e

Abstract:

The paper talks about contingency/continuity plan for a

business organization and the benefits for having such plan. The

paper mentions the steps of contingency plan, and the steps of

recovery option that needs to be taken in case the contingency

plan is executed due to any reason. The paper also talks about

the testing requirement of the contingency plan and talks in

detail the benefit of the test phase. In the later part of the

paper, a 24-month contingency plan of an organization providing

Computer Forensic Investigation Services (CFIS) is discussed. The

paper further elaborates on the type of testing that should be

done during the CFIS contingency plan. The paper also talks about

the benefits of running the detailed testing in a CFIS

organization.

4 | P a g e

5 | P a g e

Table of Content:

Abstract:............................................................2

Table of Content:....................................................3

Introduction:........................................................4

Contingency Planning:................................................5

Recovery Options:....................................................7

Testing Requirement:.................................................9

Contingency Plan Recommendation:....................................10

Conclusion:.........................................................13

References:.........................................................14

6 | P a g e

Introduction:

In today's fast paced, technology driven world, it is

crucial for all types of businesses to have a continuity plan

that will help a business sustain on its own in case a disaster

happens. In many cases, it usually isn't something predictable or

extreme to bring a business to halt. Sometimes, act of nature

simple as rainfall can create situations where it becomes

absolute necessary to shut down the business facility, either to

protect its assets, people, or just to protect the surroundings.

Sometimes a business comes to halt if their security is breached

by either an internal or an external culprit.

Every business, may that be a small "Mom-Pops" business or a

multi region/nation business, needs a continuity plan to operate,

uninterruptedly, in this fast paced digital world. For some

organizations and businesses, even shutting down for an hour can

cause millions, in some cases billions, of dollars of loss.

Natural disasters are typically a reason for business shut down.

These disasters can be from up-above in the shape of heavy

7 | P a g e

rainfall, snow or wind, or down below in the form of earthquakes

or flooding. But lately, the power outage has been another reason

for the businesses to look for shelter. In the Northeast Black

out of 2003, majority of the businesses in the North Eastern

region of the U.S., and part of Canada, were in a total shut down

because the whole region was out of power for days, and in some

areas for weeks, due to the power trip caused by human error and

equipment failure (Minkel, 2008). This caused many of the

businesses to reconsider and rework their continuity plan to

survive something like that from re-occurring.

8 | P a g e

When dealing with the Forensics, may that be Computer

Forensics or any other form of Forensics, it is very important to

have a contingency plan in place, and tested throughout, to make

sure that the plan works when needed and there won't be any

delays in the processing of the evidence. Not only it helps keep

the business up and running, a continuity plan also saves

precious time of the Forensic experts that they can lose during a

down time. Not only the delay can set them behind their schedule,

it can also lead to many complications down the road, especially

if the forensics are been done to find a culprit, or it has been

done to set a wrongfully accused person free.

Contingency Planning:

Contingency plan is a process that enables and prepares an

organization to respond to a disaster, both natural or man-made,

in a proper way, without going in to a chaotic shut-down. It is

basically a backup plan that an organization can rely on if all

else fails and the organization regular, everyday, routine

process is shut-down abruptly (Rouse, 2008). A contingency plan

should consists of, at the very least, following five (5) steps:

9 | P a g e

Management - First of all, an organization should create a

contingency response team from each of the department that will

be called in for support, in case a need arises. These team

members must consist of experts from each of the department of an

organization, consisting of a team manager to all the way to the

lowest tier support member. These members will be key players to

assure the optimum support for their own departments, if the

contingency plan goes in effect.

Risk Identification - Secondly an organization should conduct a

risk identification of what will be at stake if the business goes

down because of any reason. Risk assessment is very important in

any type of contingency plan because that outlines the key

sections and projects of an organization that will require

immediate attention. Without having that important information on

hand, the contingency plan might not be an effective one.

Implementation - A thorough and step-by-step procedure should be

implemented that will spell out what to do during the un-planned

system shut-down. This way, each member of the contingency plan

10 | P a g e

will know what to do and will avert any chaos that usually

follows such scenarios.

Testing - No matter how fool-proof and extravagant the

contingency plan is, testing must be performed on regularly

bases. Perhaps every six (6) months, just to make sure that

everyone will have a firm understanding of their roles.

Improvements/Updates - No system is perfect. Even the most

properly planned and executed program can use improvements over

time. The improvement could be minor or major, but either way,

the organization should keep auditing and editing the contingency

plan to make sure that it is still up-to-date and any kinks or

issues are resolved beforehand. The testing phase is usually a

good time for that (Walsh, 2012).

11 | P a g e

Figure 1: Contingency Plan (Courtesy of ContingencySolutions.net)

Recovery Options:

The recovery options should be simple and effective. The

organization must simple approach to implement them and before

implementing these options, they should be discussed and explained to

the higher management of the organization. The recovery manager should

explain to the Tier-1 management the total cost of the recovery

options and also what will be at stake if such recovery options are

not put in place. The recovery manager should also clarify the impact

that a system shut down can cause on the organization, in general as

well as a whole, to prevent any future confusions.

12 | P a g e

13 | P a g e

The disaster recovery option typically consists of seven (7) key

steps:

Assessment.

Analyze Effects.

Requirements.

Design Strategy.

Develop/Implementation Plans.

Validate Plans.

Maintain.

Figure 2: Seven Steps to Recovery (Courtesy of computerworld.com)

Each of these steps is dependent on each other and basically

relies on the previous step. If step 1 fails, the whole recovery plan

is at risk of failing.

Another important part of the recovery option is the

simplicity. The recover manager must keep the recovery option as

simple as possible. By keeping it simple, the recovery manager

can assure his management that in an event of disaster, all of

14 | P a g e

the important information will be safe and sound and will be

readily available to the organization employees and its customers

(Castellano, 2003). Though contingency plan is of number one

importance, the recovery plan doesn't fall too far behind from

it. A well thought out contingency plan can avoid the need to use

the recovery plan, but there can be an instance when the

contingency plan might not be able to fully protect a business,

and that is when an organization will be in need of a recovery

plan, and for that time, it is important for the recovery plan to

work.

Testing Requirement:

Testing phase is important for a successful and well-

designed contingency and recovery plan. Without proper testing, a

contingency plan and a recovery plan might not execute properly

and effectively to protect an organization during and after a

disaster. Testing not only assures that a system is working

properly and in the way it is designed to work, but it also helps

the policy makers to identify ways to improve on their system.

Testing phase helps the system designers make tweaks and

15 | P a g e

adjustments to better support their organization and to reduce

the damage and increase the efficiency. During a testing phase,

it is important for the system designers to test each and every

component of a system to make sure that there is not "weak-link"

that will bring the whole system down in a real need.

Though the testing requirements vary by the type of system

it is supposed to implemented on, there are some basic

requirements that must addressed in the contingency plan test.

There are five (5) main areas that a test plan must address in

any contingency plan:

Notification procedures;

System recovery on an alternate platform from backup media;

Internal and external connectivity;

System performance using alternate equipment; and

Restoration of normal operations; (Swanson et al. 2010)

16 | P a g e

By addressing the areas above, the system designer can

identify any types of deficiency that their system might have and

can address them beforehand. This way there will be a greater

chance of a successful contingency plan execution if or when a

disaster strikes. Without proper testing, there is a chance that

something that was overlooked at the time of implementation will

cause the system to fail. These types of failures can cause

devastating effects on any organization.

Contingency Plan Recommendation:

Though all of the business are important, an organization

providing Computer Forensic Investigation Services (CFIS) serves

a slightly different importance in the business field. The type

of service CFIS provides has its own value because not only, in

some cases, it has to work with equipment that has been destroyed

beyond recognition, the forensic experts also have to come up

with viable results that can be used for many different uses. For

that reason, the contingency/continuity plan that CFIS requires

has to be absolutely failsafe and must work whenever a need

arises.

17 | P a g e

In the 24-month cycle business contingency plan for a CFIS

the basics will remain the same as any other business. The plan

must follow the same 5 step procedure discussed above. Must go

through the testing phase to make sure that the contingency plan

will work like it is supposed to work, and must also have a

recovery plan to make sure that the business must continue to

operate during and after a disaster.

18 | P a g e

CFIS should consider having a remote site for its business

continuity that will be able to provide back services, in case

the primary facility is down for any reason. The remote facility

must be on a different electrical grid than the primary facility,

in case there is a power outage, or must be able to run on a

self-sustaining power source, such as a gas powered generator.

The remote facility should also have a back-up server that will

make a mirror image of everything that the primary facility

contains, that way if the primary facility server is out of

service, the traffic could be re-directed and accessed from the

remote site. The remote site should also be manned with support

staff that has similar skill set as the primary location, but in

the lower numbers. For example, if the primary site has three (3)

forensic experts working as permanent support, the remote site

will be assigned with only one (1) forensic expert. If the

primary site has nine (9) forensic support staff, the remote site

will have three (3), so on and so forth.

The remote site also will have the limited number of

equipment set up, similar to what the CFIS primary location will

have. That way, for a short time period, the remote site will be 19 | P a g e

able to provide the same services that the primary location

provides, but on a limited scale.

The contingency plan for a CFIS organization must be tested

throughout the year for its effectiveness and successful

operation and for enhancement purposes. The CFIS organization

should test the plan using various techniques and intervals. The

contingency plan should be reviewed every 2 - 3 months for any

required changes or adjustments. That way, if there is a need of

any edit to the plan, they can be done and reviewed in advance. A

table-top exercise should be conducted every six (6) months,

using the most up-to-dated contingency plan. Even if there are no

changes or adjustments made in the 2 - 3 month review, the table-

top exercise should still commence to make sure that each of the

steps are followed by the employees. Once a year, the CFIS

organization must conduct a full-blown backup and recovery

testing of the contingency plan. The advantage of doing a full-

blown testing is that it will give the CFIS employees a hands-on

practice of the contingency plan, and it will also update the

backup of the media that is saved on the primary server. Though a

daily backup of all of the content from primary to remote site 20 | P a g e

server must be executed, the yearly test will ensure that there

are no glitches remaining and that all of the backup is

successfully transferring to the remote servers.

The process of running the test is such manner could be a

higher than just running the test once a year. But, considering

the type of business it is, the extra cost is recoverable in the

form of successfully securing the important content that is

retrieved using the forensic techniques. Depending on the size of

the primary location, cost of running the remote site, with 1/3

of the workforce and equipment, may not be too high. And in an

event of total shut down of the primary facility because of any

unforeseeable and unpredictable reason, the production cost will

actually be lower than the primary facility because the remote

facility will be operating under limited capacity. Typically, the

contingency plan is made with the worst case scenario. So the

chances of a primary facility of a CFIS organization been out of

business for the full 24-months are negligible. But, if for any

reason that might happen, the CFIS will be able to sustain its

operation, with limited resources, and will be able to provide

services to its customers without any major interruptions. 21 | P a g e

22 | P a g e

Conclusion:

It is crucial for every business organization to have a

contingency plan. Regardless of the nature of its business,

location and/or resources. The contingency plan is basically a

"Plan-B" approach. Meaning, if all else fails, there will be

something to fall back on to survive. Some might argue that

having a contingency plan is not important for their business

because their business is not too vast and that they do not

require to be up and running all the time. But they would be

wrong. In the fast paced digital world with every increasing

competition among the businesses, one day down time can mean a

long term disadvantage. The contingency plan doesn't have to be

very elaborate and/or costly. Depending on the business size and

type, it can be something really small and cheap, but it will be

a life saver when needed.

Regardless of what type of business it is, the business

owners must spare their resources and invest in creating,

implementing and testing an effective contingency/continuity

23 | P a g e

plan. It might not be feasible and cost-effective in the

beginning, but in the long run, it will be very beneficial for a

business.

24 | P a g e

References:

Castellano, P. A. (April 2003). How to build realistic disaster

recovery options. Retrieved from,

http://www.computerworld.com/s/article/77236/How_to_build_realist

ic_disaster_r ecovery_options?taxonomyId=83&pageNumber=2

ContingencySolutions.net. Retrieved from,

http://www.contingencysolutions.net/contingency.htm

Minkel, J. R. (August 2008). The 2003 Northeast Blackout--Five

Years Later. Retrieved from,

http://www.scientificamerican.com/article.cfm?id=2003-blackout-

five-years- later

Rouse, M. (November 2008). Contingency Plan. Retrieved from,

http://whatis.techtarget.com/definition/contingency-plan

Swanson et al. (May 2010). Contingency Planning Guide for Federal

Information Systems. Retrieved from,

25 | P a g e

http://csrc.nist.gov/publications/nistpubs/800-34-

rev1/sp800-34-rev1_errata-Nov11-2010.pdf

Walsh, D. (November 2012). The 5 Steps of Contingency Planning.

Retrieved from, http://lifescienceleader.com/magazine/past-

issues3/item/4349-the-5-steps-of- contingency-planning?list=n

26 | P a g e