Evaluate threats on business system

• describe all possible future threats to the business,
• identify all critical business elements for business continuity
• report possible resolutions to ensure business continuity

Use your own words for the answers.

• Determine key WHS legislation relevant to disaster recovery.
• Identify business critical functions and the security environment (1.1)

Work Health and Safety (WHS) legislation requires that all foreseeable risks/disasters in a business are identified and the risks arising from these hazards are eliminated or controlled.

Discuss the following:

How do we identify the potential risks/disasters for KTC? (e.g. workplace inspection, meetings or survey)

Describe the following risk control mechanisms:

Re-design control

Eliminate/substitute control

Engineering control

Procedural/administrative control

It is important to understand the roles of each critical business elements prior to making a disaster recovery plan or business continuity plan.

Discuss the following business critical elements/functions for KTC to maintain its normal operation.

Discuss their requirements in terms of hardware, software, and data as shown below (1.2):

Business critical function	Hardware requirements	Software requirements	Data requirements
Online customer service
Customer record management
Gateway and Internet service provider
Online server with operating system and management software

• Identify threats to the system, considering security analysis and internal and external business environment.
• Assess potential impact of business risk and threats on ICT systems (1.3)

Discuss the general descriptions of the following attack types, and discuss their potential impacts on KTC in less than 50 words per each.

• physical security
• system failure, accident or sabotage (hackers)
• denial of service
• virus attack
• cyber attack
• telecommunications failure

Fill out the table with the threats identified in question 5, and rate their probability, impact and potential risk for KTC.

Threat	Probability (Low, Medium, High)	Impact (Low, Medium, High)	Potential business loss to KTC (in dollar values)
Earthquake
Flood
War/civil riot
DDoS attack
Virus attack
Penetration attack
Telecommunication failure

part B

• Describe the following computing technologies required in disaster recover planning (in less than 50 words for each topic).
• Describe the basic mechanism of following potential threats/attacks (in less than 50 words for each attack):
• Research one case study of Denial of service attack, and summarize it in less than 100 words.
• Describe the potential impacts of DoS attack on our college learning website.

Network operating systems

Computer servers – file, application and print servers

Gateway server – proxy server

Internet service provider

Cloud-based database applications

Denial of service attacks

Malicious software attacks

Website hijacking attacks

Man-in-the-middle attacks