Risk Management and Business Continuity Solution
VerifiedAdded on 2019/09/30
|8
|2518
|116
Essay
AI Summary
This assignment involves designing a system that can automatically respond to errors or be controlled by experts who monitor the system, ensuring business continuity and minimizing risks. The requirement of risk assessment is unpredictable due to human error, but it can be reduced by analyzing patterns and implementing strategies to solve problems before they occur. External risks are caused by internal teams allowing other factors to affect the system. To ensure business continuity, the system should produce outputs with maximum throughput and minimum delay, with accurate and correct data. The software vendor must provide a cost-effective solution that maintains quality and transparency in service costs. The company must maintain its policies and procedures to safeguard employees' jobs and run efficiently.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Part 1: VULNERABILITIES Assessment
By: Gary W. Baker
SEPTEMBER 21, 2017
By: Gary W. Baker
SEPTEMBER 21, 2017
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Table of Contents
Introduction 2
Part 1: Vulnerabilities Assessment 3
Bibliography 6
Introduction 2
Part 1: Vulnerabilities Assessment 3
Bibliography 6
Introduction
I have found the patch management is the only thing in the system that produces error in a
network when the system gets updated, it won’t accept the patch and the OS will not start. This
will be the downtime of the server. The system should hold live migration and also it should take
the back up of the data where the data be moved to secured location. The data should not be
affected because of the current condition there will be passive data and active data in the
datacenter. So the data center with the both the container with active and passive datacenter
should not save the data which is affected. It should hold only the value data from the successful
update or able to rollback of the data from the server if there is any flaw in the data or any
operation failure occurs in the network.
Requirement of the infrastructure and secure infrastructure
The network system will hold the infrastructure which will handle some error in order to change
the network. The whole network should be passed and it should automatically recover the data
from the server. The network should be able to adopt the network and manage the change if the
server has no active request and response. We could manage with the backup server if the active
user of the servers is more active and more number of user by which they can make lot of
transaction on the website. So the network must able to take snapshot of the database and should
be entered in the log of the server so that any changes made in the network it would be traceable.
The solution we can try for this is we can lock data in the server. When the network change
happens in the network the system, save the data and won’t let the server to change the data.
Now we can prepare the local copy of the data and that data can be compared with the data saved
in the server which is the original data. Now the changes are measured and the data can be
updated. When the patch management gets updated and the network is running as like normal
they can now update the data with the compared value of the active data with recent transaction
data. Only some changes might be needed but this will be secured. Because there will not be
conflict in the data because the pervious data is been lock which is transacted recently. We will
have to wait for the data to get update. There is no threat of conflict error because everything is
checked after the conformation. The changed data in the recent data are changed in the lock data
so no redundancy will come and data will be secured.
The security policy
The security policy might include if network system should be accessible. The system should
have hierarchy of access in the network. Only some of the people are able to the operation
process not all the people can fix the fault that occurs in the system
I have found the patch management is the only thing in the system that produces error in a
network when the system gets updated, it won’t accept the patch and the OS will not start. This
will be the downtime of the server. The system should hold live migration and also it should take
the back up of the data where the data be moved to secured location. The data should not be
affected because of the current condition there will be passive data and active data in the
datacenter. So the data center with the both the container with active and passive datacenter
should not save the data which is affected. It should hold only the value data from the successful
update or able to rollback of the data from the server if there is any flaw in the data or any
operation failure occurs in the network.
Requirement of the infrastructure and secure infrastructure
The network system will hold the infrastructure which will handle some error in order to change
the network. The whole network should be passed and it should automatically recover the data
from the server. The network should be able to adopt the network and manage the change if the
server has no active request and response. We could manage with the backup server if the active
user of the servers is more active and more number of user by which they can make lot of
transaction on the website. So the network must able to take snapshot of the database and should
be entered in the log of the server so that any changes made in the network it would be traceable.
The solution we can try for this is we can lock data in the server. When the network change
happens in the network the system, save the data and won’t let the server to change the data.
Now we can prepare the local copy of the data and that data can be compared with the data saved
in the server which is the original data. Now the changes are measured and the data can be
updated. When the patch management gets updated and the network is running as like normal
they can now update the data with the compared value of the active data with recent transaction
data. Only some changes might be needed but this will be secured. Because there will not be
conflict in the data because the pervious data is been lock which is transacted recently. We will
have to wait for the data to get update. There is no threat of conflict error because everything is
checked after the conformation. The changed data in the recent data are changed in the lock data
so no redundancy will come and data will be secured.
The security policy
The security policy might include if network system should be accessible. The system should
have hierarchy of access in the network. Only some of the people are able to the operation
process not all the people can fix the fault that occurs in the system
Requirement of security policy
The security branch will happen in the environment where the security of the physical
infrastructure will be low. So the system should be secured in every region. For example in a
bank there will be branches in some regions, the bank will have more visitor so that the security
in the bank will be more in the region and in some other regions with the same bank in the rural
region the security of the system might not be tight because of the less people visiting the bank.
So like that the threat can be occur. So these free breach in the system. if the hacker exploit these
things the system could be compromised.
Proposing a solution
People who are able to access these network will have to follow some protocol in order for the
security reason like do not take electronic items in the bank and the clearance id card should be
checked all the time and person should not use other system without proper permission and every
changes done in the system should be noted in the log .so that if something goes the changes in
the system could be easily rectified.
Risk management
The risk management can be approx prediction in the system. The risk management can’t be
defined accurately. Only we can run test in the risk and we need expert advice of the senior
people. It should have the overall function of the project and how the things will occur and what
might be the chance that system will go out. It should be controlled only experience experts.
They are the persons which are able to find out this kind of solution because of the experience
gather by them and the projects similar project they have been working. The risk management is
very much necessary because the risk may occur anytime in the system where the starting of the
project or the ending of the project the system should be able to respond to the error
automatically or it should be controlled by the experts who monitors the system.
Requirements:
The requirement of the risk assessment is unpredictable. The requirement of the risk is
unpredictable because of the how well the preparation is done. There might be a chance for the
error to occur in the system. The risk may arise in the public side or the company side in a
company. If the worker doesn’t know what he is doing it might not affect him it might have
affected the public or the other department in the same company. It is like making error in the
system without knowing the effect it will cause in the system. The error caused by human is
unpredictable. We can figure out the pattern by when the error occur and what time this kind of
error occurs could be noted and where the analysis of the data are got and the solution to the
problem will be ready before the error occurs. This is how the risk management is reducing the
risk but it can be eliminated.
The security branch will happen in the environment where the security of the physical
infrastructure will be low. So the system should be secured in every region. For example in a
bank there will be branches in some regions, the bank will have more visitor so that the security
in the bank will be more in the region and in some other regions with the same bank in the rural
region the security of the system might not be tight because of the less people visiting the bank.
So like that the threat can be occur. So these free breach in the system. if the hacker exploit these
things the system could be compromised.
Proposing a solution
People who are able to access these network will have to follow some protocol in order for the
security reason like do not take electronic items in the bank and the clearance id card should be
checked all the time and person should not use other system without proper permission and every
changes done in the system should be noted in the log .so that if something goes the changes in
the system could be easily rectified.
Risk management
The risk management can be approx prediction in the system. The risk management can’t be
defined accurately. Only we can run test in the risk and we need expert advice of the senior
people. It should have the overall function of the project and how the things will occur and what
might be the chance that system will go out. It should be controlled only experience experts.
They are the persons which are able to find out this kind of solution because of the experience
gather by them and the projects similar project they have been working. The risk management is
very much necessary because the risk may occur anytime in the system where the starting of the
project or the ending of the project the system should be able to respond to the error
automatically or it should be controlled by the experts who monitors the system.
Requirements:
The requirement of the risk assessment is unpredictable. The requirement of the risk is
unpredictable because of the how well the preparation is done. There might be a chance for the
error to occur in the system. The risk may arise in the public side or the company side in a
company. If the worker doesn’t know what he is doing it might not affect him it might have
affected the public or the other department in the same company. It is like making error in the
system without knowing the effect it will cause in the system. The error caused by human is
unpredictable. We can figure out the pattern by when the error occur and what time this kind of
error occurs could be noted and where the analysis of the data are got and the solution to the
problem will be ready before the error occurs. This is how the risk management is reducing the
risk but it can be eliminated.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Preventable risks are some risks that are preventable by the analysis. These data got from the
past are responsible for the preventable risk. They will have the insights of the details and
strategy of how to solve the risk and it can be handled in the facing real-time problems. Strategy
risks are the risk that may occur when you don’t follow the given protocols. For example if the
client want to change some things in the network or deploy some new things in the networks
these thing will not be tested in the environment. This may lead to the project risk management.
External risks
External risk are caused by the internal team where there are allow other factors to be allowed in
the system this will affect the system. Risk requirement depends on the client need. If the client
is budget concerned, the risk assessment can be done effectively. Then it might have to spend
more on the project or rework on the project where he has to invest again.
Solution
In this problem where the backup server should be ready and the data should not be get delay and
again after the network comes to a normal stage. The system should adapt to the current
environment where load balancing should be done equally because the back server cannot handle
more data, the load should be distributed among the servers. There may be so much duplication
of the data. These data must be sorted out from the system because they cause the system to
respond late.
The business community
The overall business can be migrated from one server to cloud by the migration to the AWS
server where process are done automatically so the configuration of the server for compatible is
needed because the Amazon team 3rd party will deal with the problems so the difficult in setup of
the server and the maintaining of the server may be secured and they also have the security who
may access the system and what the information they can see. Server control can be controlled
by the client and If any information they require is lost the 3rd party will hold the snap of the
database they will simply roll back to the system if there is a change or any loss. This will make
the work more effectively. Most of the Work can be automated. If any new version of the
software are implemented the system should respond to the changes for the change. For the
effective work, some software firms are configured automatically to adapt to the system. If there
any error in the system it is handled by alert.
In order to continue the business this should be given as a service where the owner will have the
full control of the system. The clients with multi vendor are added through a portal. This will
have the security layer of what space the clients will have so that they don’t mix the data. The
server will have the data according to the region where many vendor will upload the data and
those data will be stored in the place where no one can access only the data owner can be used to
access the data and administrator should maintain this data because all the data should not be
duplicated in the server and mixed in the storage area even though they get stored in the same
server. When the client call for the data what is stored in the server should be recalled or reflect
at the time of the output.
Requirement of the business continuity
The network system should be able the produce the output with maximum throughput with the
minimum delay. So for the efficiency the server must have the correct and accurate data in the
system. The network should be given as SAAS because only company handling this project must
generate month on month revenue. For this most of the companies are given these services as
premium service they are charged on the monthly basis.
past are responsible for the preventable risk. They will have the insights of the details and
strategy of how to solve the risk and it can be handled in the facing real-time problems. Strategy
risks are the risk that may occur when you don’t follow the given protocols. For example if the
client want to change some things in the network or deploy some new things in the networks
these thing will not be tested in the environment. This may lead to the project risk management.
External risks
External risk are caused by the internal team where there are allow other factors to be allowed in
the system this will affect the system. Risk requirement depends on the client need. If the client
is budget concerned, the risk assessment can be done effectively. Then it might have to spend
more on the project or rework on the project where he has to invest again.
Solution
In this problem where the backup server should be ready and the data should not be get delay and
again after the network comes to a normal stage. The system should adapt to the current
environment where load balancing should be done equally because the back server cannot handle
more data, the load should be distributed among the servers. There may be so much duplication
of the data. These data must be sorted out from the system because they cause the system to
respond late.
The business community
The overall business can be migrated from one server to cloud by the migration to the AWS
server where process are done automatically so the configuration of the server for compatible is
needed because the Amazon team 3rd party will deal with the problems so the difficult in setup of
the server and the maintaining of the server may be secured and they also have the security who
may access the system and what the information they can see. Server control can be controlled
by the client and If any information they require is lost the 3rd party will hold the snap of the
database they will simply roll back to the system if there is a change or any loss. This will make
the work more effectively. Most of the Work can be automated. If any new version of the
software are implemented the system should respond to the changes for the change. For the
effective work, some software firms are configured automatically to adapt to the system. If there
any error in the system it is handled by alert.
In order to continue the business this should be given as a service where the owner will have the
full control of the system. The clients with multi vendor are added through a portal. This will
have the security layer of what space the clients will have so that they don’t mix the data. The
server will have the data according to the region where many vendor will upload the data and
those data will be stored in the place where no one can access only the data owner can be used to
access the data and administrator should maintain this data because all the data should not be
duplicated in the server and mixed in the storage area even though they get stored in the same
server. When the client call for the data what is stored in the server should be recalled or reflect
at the time of the output.
Requirement of the business continuity
The network system should be able the produce the output with maximum throughput with the
minimum delay. So for the efficiency the server must have the correct and accurate data in the
system. The network should be given as SAAS because only company handling this project must
generate month on month revenue. For this most of the companies are given these services as
premium service they are charged on the monthly basis.
Problem with business continuity
In order to give this service effectively the software vendor must give a solution which is
effective as well as cost effective. Nowadays software price are very low because of the
competition around the world more than one company is trying to give the same service with
minimum price with excellent service the client might tends to switch the service. The quote of
the service and the hidden cost of the service should be transparent to the client. In some
company the service cost are not transparent so that the client should have long term relationship
and the price of the product must be transparent.
The problem with service based company is that maintaining the quality of the product first. It
seems that the company is doing well but the same person will be not in the company for a very
long time. So the knowledge of the person changes and then the new employee might not know
how to approach the issues and how to solve the error in the solution.
Solution
The problem is sorted by understanding the client thought and needs from the analysis and the
past revenue and how the company has generated revenue. The service methodology should be
well structured and when an employee is going to the new company he must be able to adapt the
nature of the organization and should understand the service requirement of the company to the
client and the policy of the company employee must not breach the company policy in order to
safe guard his job. The company must maintain the policy in order to run properly in the business
continuity plan the operation cost like labor resources and the technology they are using should
not cost more than the revenue that is being generated in the company.
The ACL access control list (ACL)
There are several types of ACL in the networked systems on and the most common one is Role
Based Access Control (RBAC). RBAC list this work with the priority of the people logging in
the system allow to assign users to roles.. The system will give only the access of the data only to
the to that people who are in the group. For example in a hospital if a clerk is opening the portal
he may be able to view the details but not be able to edit the details. In such when the doctor
opens the portal he may be able to edit the patient profile and mention and edit the fields in the
portal because he must make change for giving the accurate result about the patients. This is how
the RBAC play a role in the organization with the ACL. The list will be updated and maintained
in a key place where only the authority person is able to access it. It will be changed depending
upon the time.
Requirement
The requirement for the ACL is where in a real time example one may share the co working
space so if the hospital is running 24X7 so there will be shift in the hospital doctor will change
from time to time so the data have to be changed.
Purpose of the solution
The RABC system fails when some tries to login with the user name and password there is no
second layer security so we can use attribute based control list where this is added as the second
layer of security for people who are trying to access the information which they don’t have
permission . In order to access the information parameters will be added to login information the
attribute may depends on the user thing what he might give as attribute to access the information.
In order to give this service effectively the software vendor must give a solution which is
effective as well as cost effective. Nowadays software price are very low because of the
competition around the world more than one company is trying to give the same service with
minimum price with excellent service the client might tends to switch the service. The quote of
the service and the hidden cost of the service should be transparent to the client. In some
company the service cost are not transparent so that the client should have long term relationship
and the price of the product must be transparent.
The problem with service based company is that maintaining the quality of the product first. It
seems that the company is doing well but the same person will be not in the company for a very
long time. So the knowledge of the person changes and then the new employee might not know
how to approach the issues and how to solve the error in the solution.
Solution
The problem is sorted by understanding the client thought and needs from the analysis and the
past revenue and how the company has generated revenue. The service methodology should be
well structured and when an employee is going to the new company he must be able to adapt the
nature of the organization and should understand the service requirement of the company to the
client and the policy of the company employee must not breach the company policy in order to
safe guard his job. The company must maintain the policy in order to run properly in the business
continuity plan the operation cost like labor resources and the technology they are using should
not cost more than the revenue that is being generated in the company.
The ACL access control list (ACL)
There are several types of ACL in the networked systems on and the most common one is Role
Based Access Control (RBAC). RBAC list this work with the priority of the people logging in
the system allow to assign users to roles.. The system will give only the access of the data only to
the to that people who are in the group. For example in a hospital if a clerk is opening the portal
he may be able to view the details but not be able to edit the details. In such when the doctor
opens the portal he may be able to edit the patient profile and mention and edit the fields in the
portal because he must make change for giving the accurate result about the patients. This is how
the RBAC play a role in the organization with the ACL. The list will be updated and maintained
in a key place where only the authority person is able to access it. It will be changed depending
upon the time.
Requirement
The requirement for the ACL is where in a real time example one may share the co working
space so if the hospital is running 24X7 so there will be shift in the hospital doctor will change
from time to time so the data have to be changed.
Purpose of the solution
The RABC system fails when some tries to login with the user name and password there is no
second layer security so we can use attribute based control list where this is added as the second
layer of security for people who are trying to access the information which they don’t have
permission . In order to access the information parameters will be added to login information the
attribute may depends on the user thing what he might give as attribute to access the information.
Bibliography
“Business continuity trends and challenges” retrieve from:
http://www.continuitycentral.com/index.php/news/business-continuity-news/1738-business-
continuity-trends-and-challenges-2017
“7 Patching management practices guaranteed to help protect your data” retrieve from:
“https://www.networkworld.com/article/3192124/security/7-patch-management-
practices-guaranteed-to-help-protect-your-data.html
“Patch management” retrieve from: https://www.networkworld.com/article/3192124/security/7-
patch-management-practices-guaranteed-to-help-protect-your-data.html
“Role based Access control “retrieve from: https://stormpath.com/blog/new-rbac-resource-based-
access-control
“Attribute based Access control” retrieve from: https://dzone.com/articles/simple-attribute-
based-access-control-with-spring
“Business continuity trends and challenges” retrieve from:
http://www.continuitycentral.com/index.php/news/business-continuity-news/1738-business-
continuity-trends-and-challenges-2017
“7 Patching management practices guaranteed to help protect your data” retrieve from:
“https://www.networkworld.com/article/3192124/security/7-patch-management-
practices-guaranteed-to-help-protect-your-data.html
“Patch management” retrieve from: https://www.networkworld.com/article/3192124/security/7-
patch-management-practices-guaranteed-to-help-protect-your-data.html
“Role based Access control “retrieve from: https://stormpath.com/blog/new-rbac-resource-based-
access-control
“Attribute based Access control” retrieve from: https://dzone.com/articles/simple-attribute-
based-access-control-with-spring
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1 out of 8
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.