Expert answer:Need help with Disaster Recovery homework

Answer & Explanation:Hello, I need some help with my assignment, but please, a few sentences each is not going to work!”1.  Case Study: After
reviewing the case studies (Cyber
Security Planning Guide) answer:(A) what
are the issues & best practices of Privacy and Data Security and Network
Security and (B) what are the issues & best practices of Website Security and
Email and (C) what are the issues & best practices of Mobile Devices?Cyber Security Guide.pdf 
2.  Internet/Exercise
Problem: After reviewing these templates, (Network Disaster Recovery
Plan & Voice Communications Disaster Recovery Template) what are the key
components, what’s their value, usefulness for the organization?Network Disaster Recovery Plan.doc Voice Communications Disaster Recovery Template.docx  “Thanks!
cyber_security_guide.pdf

network_disaster_recovery_plan.doc

voice_communications_disaster_recovery_template.docx

Unformatted Attachment Preview

Cyber Security
Planning Guide
The below entities collaborated in the creation of this guide. This does not constitute or imply
an endorsement by the FCC of any commercial product, service or enterprise of these entities.
This guide is not a substitute for consulting trained cyber security professionals.
Table of Contents
Thank you for using the FCC’s Small Biz Cyber Planner, a tool for small businesses to create customized cyber
security planning guides. Businesses large and small need to do more to protect against growing cyber threats. As
larger companies take steps to secure their systems, less secure small businesses are easier targets for cyber criminals.
This planning guide is designed to meet the specific needs of your company, using the FCC’s customizable Small Biz
Cyber Planner tool. The tool is designed for businesses that lack the resources to hire dedicated staff to protect their
business, information and customers from cyber threats. Even a business with one computer or one credit card
terminal can benefit from this important tool. We generally recommend that businesses using more sophisticated
networks with dozens of computers consult a cyber security expert in addition to using the cyber planner. The FCC
provides no warranties with respect to the guidance provided by this tool and is not responsible for any harm that
might occur as a result of or in spite of its use.
The guidance was developed by the FCC with input from public and private sector partners, including the Department
of Homeland Security, the National Cyber Security Alliance and The Chamber of Commerce.
Section
Page #s
Privacy and Data Security
PDS-1 – PDS-5
Scams and Fraud
SF-1 – SF-3
Network Security
NS-1 – NS-3
Website Security
WS-1 – WS-5
Email
E-1 – E-2
Mobile Devices
MD-1 – MD-3
Employees
EMP-1 – EMP-3
Facility Security
FS-1 – FS-2
Operational Security
OS-1 – OS-3
Payment Cards
PC-1 – PC-2
Incident Response and Reporting
IRR-1 – IRR-2
Policy Development, Management
PDM-1 – PDM-3
Cyber Security Glossary
CSG-1 – CSG-10
Cyber Security Links
CSL-1 – CSL-3
TC-1
Privacy and Data Security
Data security is crucial for all small businesses. Customer and client information, payment information, personal
files, bank account details – all of this information is often impossible replace if lost and dangerous in the hands of
criminals. Data lost due to disasters such as a flood or fire is devastating, but losing it to hackers or a malware
infection can have far greater consequences. How you handle and protect your data is central to the security of your
business and the privacy expectations of customers, employees and partners.
Cyber Plan Action Items:
1. Conduct an inventory to help you answer the following questions:
•
What kind of data do you have in your business?
A typical business will have all kinds of data, some of it more valuable and sensitive than others, but all data has
value to someone. Your business data may include customer data such as account records, transaction
accountability and financial information, contact and address information, purchasing history, buying habits and
preferences, as well as employee information such as payroll files, direct payroll account bank information, Social
Security numbers, home addresses and phone numbers, work and personal email addresses. It can also include
proprietary and sensitive business information such as financial records, marketing plans, product designs, and state,
local and federal tax information.
•
How is that data handled and protected?
Security experts are fond of saying that data is most at risk when it’s on the move. If all your business-related data
resided on a single computer or server that is not connected to the Internet, and never left that computer, it would
probably be very easy to protect.
But most businesses need data to be moved and used throughout the company. To be meaningful data must be
accessed and used by employees, analyzed and researched for marketing purposes, used to contact customers, and
even shared with key partners. Every time data moves, it can be exposed to different dangers.
As a small business owner, you should have a straightforward plan and policy – a set of guidelines, if you like –
about how each type of data should be handled, validated and protected based on where it is traveling and who will
be using it.
•
Who has access to that data and under what circumstances?
Not every employee needs access to all of your information. Your marketing staff shouldn’t need or be allowed to
view employee payroll data and your administrative staff may not need access to all your customer information.
When you do an inventory of your data and you know exactly what data you have and where it’s kept, it is important
to then assign access rights to that data. Doing so simply means creating a list of the specific employees, partners or
contractors who have access to specific data, under what circumstances, and how those access privileges will be
managed and tracked.
Your business could have a variety of data, of varying value, including:
•
•
•
•
Customer sales records
Customer credit card transactions
Customer mailing and email lists
Customer support information
PDS-1
FCC SMALL BIZ CYBER PLAN N IN G GU ID E
•
•
•
•
•
•
•
•
•
•
Customer warranty information
Patient health or medical records
Employee payroll records
Employee email lists
Employee health and medical records
Business and personal financial records
Marketing plans
Business leads and enquiries
Product design and development plans
Legal, tax and financial correspondence
2. Once you’ve identified your data, keep a record of its location and move it
to more appropriate locations as needed.
3. Develop a privacy policy
Privacy is important for your business and your customers. Continued trust in your business practices, products and
secure handling of your clients’ unique information impacts your profitability. Your privacy policy is a pledge to
your customers that you will use and protect their information in ways that they expect and that adhere to your legal
obligations.
Your policy starts with a simple and clear statement describing the information you collect about your customers
(physical addresses, email addresses, browsing history, etc), and what you do with it. Customers, your employees
and even the business owners increasingly expect you to make their privacy a priority. There are also a growing
number of regulations protecting customer and employee privacy and often costly penalties for privacy breaches.
You will be held accountable for what you claim and offer in your policy.
That’s why it’s important to create your privacy policy with care and post it clearly on your website. It’s also
important to share your privacy policies, rules and expectations with all employees and partners who may come into
contact with that information. Your employees need to be familiar with your legally required privacy policy and
what it means for their daily work routines.
Your privacy policy will should address the following types of data:
•
Personally Identifiable Information: Often referred to as PII, this information includes such things as
first and last names, home or business addresses, email addresses, credit card and bank account numbers,
taxpayer identification numbers, patient numbers and Social Security numbers. It can also include gender,
age and date of birth, city of birth or residence, driver’s license number, home and cell phone numbers.
•
Personal Health Information: Whether you’re a healthcare provider with lots of sensitive patient
information or you simply manage health or medical information for a small number of employees, it’s
vital that you protect that information. A number of studies have found most consumers are very concerned
about the privacy and protection of their medical records. They do not want their health information falling
into the hands of hackers or identity thieves who might abuse it for financial gain. But they also may not
want employees or co-workers prying into their personal health details. And they often don’t want future
employers or insurers finding out about any medical conditions or history.
•
Customer information: This includes payment information such as credit or debit card numbers and
verification codes, billing and shipping addresses, email addresses, phone numbers, purchasing history,
buying preferences and shopping behavior.
PDS-2
FCC SMALL BIZ CYBER PLAN N IN G GU ID E
The Better Business Bureau has a copy of a privacy policy that you are free to download and use. It is available
here: http://www.bbbonline.org/reliability/privacy/.
4. Protect data collected on the Internet
Your website can be a great place to collect information – from transactions and payments to purchasing and
browsing history, and even newsletter signups, online enquiries and customer requests.
This data must be protected, whether you host your own website and therefore manage your own servers or your
website and databases are hosted by a third party such as a web hosting company.
If you collect data through a website hosted by a third party, be sure that third party protects that data fully. Apart
from applying all the other precautions that have been described, such as classifying data and controlling access, you
need to make sure any data collected through your website and stored by the third party is sufficiently secure. That
means protection from hackers and outsiders as well as employees of that hosting company.
5. Create layers of security
Protecting data, like any other security challenge, is about creating layers of protection. The idea of layering security
is simple: You cannot and should not rely on just one security mechanism – such as a password – to protect
something sensitive. If that security mechanism fails, you have nothing left to protect you.
When it comes to data security, there are a number of key procedural and technical layers you should consider:
Inventory your data
We mentioned before the need to conduct a data inventory so you have a complete picture of all the data your
business possesses or controls. It’s essential to get a complete inventory, so you don’t overlook some sensitive data
that could be exposed.
Identify and protect your sensitive and valuable data
Data classification is one of the most important steps in data security. Not all data is created equal, and few
businesses have the time or resources to provide maximum protection to all their data. That’s why it’s important to
classify your data based on how sensitive or valuable it is – so that you know what your most sensitive data is,
where it is and how well it’s protected.
Common data classifications include:
HIGHLY CONFIDENTIAL: This classification applies to the most sensitive business information that is
intended strictly for use within your company. Its unauthorized disclosure could seriously and adversely
impact your company, business partners, vendors and/or customers in the short and long term. It could
include credit-card transaction data, customer names and addresses, card magnetic stripe contents,
passwords and PINs, employee payroll files, Social Security numbers, patient information (if you’re a
healthcare business) and similar data.
SENSITIVE: This classification applies to sensitive business information that is intended for use within
your company, and information that you would consider to be private should be included in this
classification. Examples include employee performance evaluations, internal audit reports, various
financial reports, product designs, partnership agreements, marketing plans and email marketing lists.
INTERNAL USE ONLY: This classification applies to sensitive information that is generally accessible by
a wide audience and is intended for use only within your company. While its unauthorized disclosure to
PDS-3
FCC SMALL BIZ CYBER PLAN N IN G GU ID E
outsiders should be against policy and may be harmful, the unlawful disclosure of the information is not
expected to impact your company, employees, business partners, vendors and the like.
Control access to your data
No matter what kind of data you have, you must control access to it. The more sensitive the data, the more
restrictive the access. As a general rule, access to data should be on a need-to-know basis. Only individuals who
have a specific need to access certain data should be allowed to do so.
Once you’ve classified your data, begin the process of assigning access privileges and rights – that means creating a
list of who can access what data, under what circumstances, what they are and are not allowed to do with it and how
they are required to protect it. As part of this process, a business should consider developing a straightforward plan
and policy – a set of guidelines – about how each type of data should be handled and protected based on who needs
access to it and the level of classification.
Secure your data
In addition to administrative safeguards that determine who has access to what data, technical safeguards are
essential. The two primary safeguards for data are passwords and encryption.
Passwords implemented to protect your most sensitive data should be the strongest they can reasonably be. That
means passwords that are random, complex and long (at least 10 characters), that are changed regularly and that are
closely guarded by those who know them. Employee training on the basics of secure passwords and their
importance is a must.
Passwords alone may not be sufficient to protect sensitive data. Businesses may want to consider two-factor
authentication, which often combines a password with another verification method, such as a dynamic personal
identification number, or PIN.
Some popular methods of two-factor identification include:
ƒ Something the requestor individually knows as a secret, such as a password or a PIN.
ƒ Something the requestor uniquely possesses, such as a passport, physical token or ID card.
ƒ Something the requestor can uniquely provide as biometric data, such as a fingerprint or face geometry.
Another essential data protection technology is encryption. Encryption has been used to protect sensitive data and
communications for decades, and today’s encryption is very affordable, easy-to-use and highly effective in
protecting data from prying eyes.
Encryption encodes or scrambles information to such an advanced degree that it is unreadable and unusable by
anyone who does not have the proper key to unlock the data. The key is like a password, so it’s very important that
the key is properly protected at all times.
Encryption is affordable for even the smallest business, and some encryption software is free. You can use
encryption to encrypt or protect an entire hard drive, a specific folder on a drive or just a single document. You can
also use encryption to protect data on a USB or thumb drive and on any other removable media.
Because not all levels of encryption are created equal, businesses should consider using a data encryption
method that is FIPS-certified (Federal Information Processing Standard), which means it has been certified for
compliance with federal government security protocols.
Back up your data
Just as critical as protecting your data is backing it up. In the event that your data is stolen by thieves or hackers, or
even erased accidentally by an employee, you will at least have a copy to fall back on.
PDS-4
FCC SMALL BIZ CYBER PLAN N IN G GU ID E
Put a policy in place that specifies what data is backed up and how; how often it’s backed up; who is responsible for
creating backups; where and how the backups are stored; and who has access to those backups.
Small businesses have lots of affordable backup options, whether it’s backing up to an external drive in your office,
or backing up automatically and online so that all your data is stored at a remote and secure data center.
Remember, physical media such as a disc or drive used to store a data backup is vulnerable no matter where it is, so
make sure you guard any backups stored in your office or off site and also make sure that your backup data storage
systems are encrypted.
6. Plan for data loss or theft
Every business has to plan for the unexpected, and that includes the loss or theft of data from your business. Not
only can the loss or theft of data hurt your business, brand and customer confidence, it can also expose you to the
often-costly state and federal regulations that cover data protection and privacy. Data loss can also expose
businesses to significant litigation risk.
That’s why it’s critical to understand exactly what data or security breach regulations affect your business and how
prepared you are to respond to them. That should be the foundation of a data breach response plan that will make it
easier to launch a rapid and coordinated response to any loss or theft of data.
At the very least, all employees and contractors should understand that they must immediately report any loss or
theft of information to the appropriate company officer. And because data privacy and breach laws can be very
broad and strict, no loss should be ignored. So even if you have sensitive data that just can’t be accounted for, such
as an employee who doesn’t remember where he left a backup tape, it may still constitute a data breach and you
should act accordingly.
And just in case you don’t think a data breach could happen at your small business, think about this. In 2010, the
U.S. Secret Service and Verizon Communications Inc.’s forensic analysis unit responded to a combined 761 data
breaches. Of those, 482, or 63 percent, were at companies with 100 employees or fewer. And in 2011 Visa estimated
that about 95 percent of the credit-card data breaches it discovers are on its smallest business customers.
The Online Trust Alliance has a comprehensive guide to understand and preparing for data breaches, available at
https://otalliance.org/resources/2011DataBreachGuide.pdf.
The Federal Trade Commission has materials to help small businesses secure data in their care and protect their
customers’ privacy, including an interactive video tutorial, at http://business.ftc.gov/privacy-and-security.
PDS-5
Scams and Fraud
New telecommunication technologies may offer countless opportunities for small businesses, but they also offer
cyber criminals many new ways to victimize your business, scam your customers and hurt your reputation.
Businesses of all sizes should be aware of the most common scams perpetrated online.
To protect your business against online scams, be cautious when visiting web links or opening attachments from
unknown senders, make sure to keep all software updated, and monitor credit cards for unauthorized activity.
Cyber Plan Action Items:
1. Train employees to recognize social engineering
Social engineering, also known as “pretexting,” is used by many criminals, both online and off, to trick unsuspecting
people into giving away their personal information and/or installing malicious software onto their computers,
devices or networks. Social engineering is successful because the bad guys are doing their best to make their work
look and sound legitimate, sometimes even helpful, which makes it easier to deceive users.
Most offline social engineering occurs over the telephone, but it frequently occurs online, as well. Information
gathered from social networks or posted on websites can be enough to create a convincing ruse to trick your
employees. For example, LinkedIn profiles, Facebook posts and Twitter messages can allow a criminal to assemble
detailed dossiers on employees. Teaching people the risks involved in sharing personal or business details on the
Internet can help you partner with your staff to prevent both personal an …
Purchase answer to see full
attachment

How it works

1. Paste your instructions in the instructions box. You can also attach an instructions file
2. Select the writer category, deadline, education level and review the instructions 
3. Make a payment for the order to be assignment to a writer
4.  Download the paper after the writer uploads it 

Will the writer plagiarize my essay?

You will get a plagiarism-free paper and you can get an originality report upon request.

Is this service safe?

All the personal information is confidential and we have 100% safe payment methods. We also guarantee good grades