The steps in the business continuity planning process include:
- Scope of the plan and business areas: This involves establishing the services that the organization must deliver. The mission and vision provide such information.
- Critical functions: This involves establishing and prioritizing the functions that facilitate product delivery in order to determine the extent of the likely loss of revenue.
- Dependencies between business functions: This involves identifying internal and external dependencies. Such include employee availability, organization’s assets, support services, suppliers, government services, etc.
- Acceptable downtime for a critical function: This involves identifying the impact of a disruption to the business. The duration for which the organization could continue operations without the critical services and also the duration that clients can tolerate the outage are important factors to consider in this process.
- Create a plan to maintain operations: this involves preparing a response plan to ensure continuity of operations. Such plans provide solutions to ensure the delivery of critical services at minimum levels within acceptable downtimes.
Comprehensive understanding of the company’s holistic structure is critical to the planning process because it helps to identify potential risks to critical systems and establish a certain level of risk that the company can tolerate. It also helps the company to make appropriate plans to mitigate such risks for extended business survivability.
Backup sites
A recovery plan that minimizes the impact of disaster strikes is the most effective disaster recovery plan. Backup sites provide locations for disaster recovery as follows:
- Hot Sites: these are proactive sites that contain virtual production environments of existing data. A hot site usually has all systems configured and can resume production within hours.
- Warm Sites: These sites usually have preinstalled hardware representing a duplicate environment of the data center. In the instance of adversity, the only requirement is loading of software applications and data necessary for business restoration.
- Cold Sites: cold sites are usually spaces in a building configured with power and network connectivity. As such, procurement and delivery of hardware necessary for service restoration must take place before commencing the recovery process.
Intellectual Property
Intellectual property refers to creations of original works. Such creations include; innovations; literary and artistic works; projects; cryptograms, styles and imageries used in commerce. Intellectual property laws exist to protect original works from unauthorized use through trademarks, patents and copyrights. Such laws protect artistic expressions and at the same time promote economic growth.
A termination policy should contain specific clauses to prevent disclosure of an organization’s information. Sample clauses include; confidentiality clause, non-compete covenant and removal of access rights. These clauses seek to protect the organization and its information.
Web Application Attacks (Brute Force Attack)
There are different forms of brute force attacks. The main form, however, is a trial-and-error method where the attacker uses system software to generate guesses of passwords and personal identification numbers. The attacker configures predetermined values for passwords and PINs and initiates server requests to analyze responses. Dictionary attack is a form of brute force attack where the attacker tries out all the words in a dictionary. There are also other forms of brute force attacks where the attacker tries out commonly-used passwords including combinations of numeric and alphanumeric characters. The use of complex passwords and implementations of limited login trials with lock outs on instances of exceeded attempts are important steps towards protection against brute force attacks. Criminals use brute force attacks to crack encrypted data. Security analysts also use brute force attacks to test the network security of organizations.
Password attacks are network attacks against confidentiality. Brute force attack is, therefore, a confidentiality attack since it compromises the confidentiality of data on successful attempts.
Advanced Persistent Threats
Advanced Persistent Threats are cybercrime threats that gain unauthorized access to a network system, evade exposure through high-quality stealth mechanisms and acquire critical information about an organization over a long period. APT attackers normally target big businesses and political computerized systems.
In other attacks, the attackers’ main intentions are to gain unauthorized access to systems and exit within the shortest duration possible without exposing themselves. On the contrary, APT attackers focus on gaining unauthorized access and retain malicious code for as long as possible so as to gather valuable information.
APTs possess certain characteristics that make it difficult to detect and remove them. Intruders using such attacks keep on constantly rewriting malicious code and employ urbane circumvention practices. Spear fishing is one of the main methods that an intruder may use to access the system. Having gained access, the intruder gathers genuine user credentials and establishes multiple back-doors. Such backdoors enable the attacker to create a ghost structure for spread malicious code that remains concealed from users.
Malware (Win32/Poison) Removed by Microsoft Malicious Software Removal Tool
Win32/Poison is one of the most recent malicious software added by Microsoft to its list of malicious software in an attempt to address the latest threats. It belongs to a group of backdoor Trojans that gain control of computer systems through unauthorized entry. Execution of Windows processes such as iexplore.exe and explorer.exe enable the malicious software to inject and conceal itself into such processes. As such, it maintains backdoor access by replicating itself and deleting original processes. It also modifies the registry settings to allow execution of its Trojan copy in every instance of Windows start-up. The attacker then sends malicious commands remotely for execution by Poison malicious software. The commands may include actions such as; key-logging, port-scanning, proxy-redirection and theft of passwords.
Attacks based on passwords, key-logging and port-scanning, are network attacks against confidentiality. Win32/Poison malicious software, therefore, compromises the confidentiality of computerized systems.
References
8.3.2. Backup Sites: Cold, Warm, and Hot. (n.d.). Retrieved November 20, 2014, from https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/4/html/Introduction_To_System_Administration/s2-disaster-recovery-sites.html
A Guide to Business Continuity Planning. (n.d.). Retrieved November 20, 2014, from http://www.publicsafety.gc.ca/cnt/rsrcs/pblctns/bsnss-cntnt-plnnng/index-eng.aspx
Brute force attack. (n.d.). Retrieved November 20, 2014, from https://www.owasp.org/index.php/Brute_force_attack
Rouse, M. (2010). Advanced persistent threat (APT). Retrieved November 20, 2014, from http://searchsecurity.techtarget.com/definition/advanced-persistent-threat-APT
Types of Network Attacks against Confidentiality, Integrity and Avilability. (n.d.). Retrieved November 20, 2014, from http://www.omnisecu.com/ccna-security/types-of-network-attacks.php
Whitman, M., & Mattord, H. (2004). Management of information security. Boston, Mass.: Thomson Course Technology.
Win32/Poison. (n.d.). Retrieved November 20, 2014, from http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Win32/Poison#tab=2
World Intellectual Property Organization. (n.d.). Retrieved November 20, 2014, from http://www.wipo.int/about-ip/en/