Business Continuity Planning in

¶ … component of effective incident handling is a security management team that is engaged in constant preparation and network scanning for such a breach. "Once your security team declares there has been a breach, it should inform the incident management team, and it should assemble within minutes" (Schilling, 2013, p.3). The team should then conduct "network forensics, systems forensics and malware analysis" to understand the extent of the threat and "by reviewing network and security event logs, a forensic analyst can determine which computer systems are likely compromised" (Schilling 2013, p.3).

There may not be a need to shut down the entire system; the question is the extent to which the threat can be isolated and contained. "Once an infected system is recovered for analysis, the forensics analysts will examine the system to retrieve the files that are responsible for the threat activity. These files are normally hiding some type of Trojan or back door" (Schilling 2013, p.3).

The purpose of such deep forensic analysis is to determine the threat indicators and to construct the necessary security controls to prevent the incident from reoccurring. The containment plan is, of course, the most critical part of the response: to prevent the threat from happening again. After the threat is isolated, the team can "update antivirus and intrusion protection signatures, change firewall rules, and block communications with the Internet addresses of the suspected 'bad guy' followed by an eradication of all of the infected files (Schilling, 2013, p.4).

Going over why the incident occurred and debriefing non-technical as well as IT staff on how to prevent it from reoccurring in the future is also essential, particularly if it was due to human error rather than intrinsic systemic vulnerabilities.

Topic 2 - Business continuity planning As well as having a plan to deal with possible security incidents, it is also imperative to have a business continuity plan, or a plan on how to proceed even in the face of a disaster, such as a network failure or even a natural disaster like a blizzard that impedes the ability of the organization to function.

"A BC plan outlines procedures and instructions an organization must follow in the face of such disasters; it covers business processes, assets, human resources, business partners and more" (Lindros & Tittel 2013). It does not cover the demands of 'mopping up' the 'spillover' or fallout of a disaster of any kind, rather it ensures that a business can still make money and serve its customers with minimal interruption.

For example, if an office is hit by a hurricane and loses power (or is leveled), one possible option might be to have workers operate from home. Working from home might be an option for an IT breach of security that caused the main network to crash if the incident. Or it might involve attempting to isolate and contain the problem so workers could go about their business as usual with a secured and limited system and continue to serve customers.

All cloud-based systems without a physical, hardware component of data storage should have some sort of a backup system in use; a cloud-based system alone is not a backup. Incident recovery plans should go on simultaneously with the business continuity plan: as the IT staff workers, regular employees should be able to do their jobs, or at least keep the business' essential functions going.

A key component of this is rehearsing the continuity plan as much as possible and planning for the most likely disaster scenarios (which will be different for every organization). And just as incident recovery plans may vary in their trajectory given that hackers are always trying out new methods, business continuity plans must evolve depending on the exposure to new threats. (For example, in recent years, many businesses have added continuity planning in the face of terrorist attacks to their list of possible critical incidents).

Topic 3 - Security model The Bell-Lapadula security model focuses on informational flow. It is classified as "a linear non-discretionary model" that consists of subjects, objects, and an access control matrix along with a series of security levels. "Each subject has a clearance and each object has a classification which attaches it to a security level. Each subject also has a current clearance level which does not exceed its clearance level. Thus a subject can only change to a clearance level below its assigned clearance level" (Manocha 2015).

Different access rights are given to every subject to minimize security risk. For example, one subject may only have the right to read an object while another subject may be able to both read and also alter the object through writing. A control attribute gives the ability of the creator (known as the controller) to limit access according to different levels (Manocha 2015).

Restrictions upon users include "reading down" in which "a subject has only read access to objects whose security level is below the subject's current clearance level" and "writing up" which means that a "subject has append.