Search “scholar.google.com” for a company or school that has defined the role of end-users in the creation of a contingency plan. Discuss why it is (or is not) important to include end users in the process of creating the contingency plan? What are the possible pitfalls of end user inclusion?
1) what are the most common downtime metrics used to express recovery criticality?
2) what is maximum tolerable downtime (mtd)?
3) what is recovery time objective (RTO)
4) what is recovery point objective rpo and how does it differ from recovery time objective
5)what are the primary means for collecting data for the bia
6) what is facilitated data gathering?
7)what are some items usually included in routine it operations budgets that can be considered part of CP requirements
8) beyond those items that are funded in the normal course of IT operations, what are the additional budgeting areas of CP needs?
The Cost of Inadequate Controls
Because you performed so well in the scenario for Assignment 1, upper management at LOTR Experience has consulted with you again as their IT Security Specialist. This time, they are concerned about a pressing new issue. They inform you about the high costs associated with creating a secure network environment. Unfortunately, they also explain that the IT budget is being cut by 30%. A recent request for permission to hire an additional IT member was denied. The proposed additional employee would have been dedicated to the database security controls. Finally, based on the budget constraints, a request for a new NAC Router was also denied.
Your task is to write an effective counter argument to convince upper management that inadequate controls would cost the company more if security vulnerabilities are exploited.
Write a counter-argument in which you address the following:
1. Analyze the annual loss of revenue by the professional sector as it relates to access control. (Summarize and provide this information in a graph)
2. After reviewing the LOTR Network Design artifacts, outline three critical areas of concern related to access control.
3. Outline the potential risks, vulnerabilities, and threats that could be incurred through the lack of a dedicated database security specialist.
4. Outline the potential risks, vulnerabilities, and threats that could be incurred through the lack of a NAC router.
5. Using the Internet, find three qualified vendors that support the need for an NAC router. Provide the companies and the industry knowledge that will support your argument.
6. Use at least three quality resources in this assignment. Note: Wikipedia and similar websites do not qualify as quality resources.
Your assignment must follow these formatting requirements:
· Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA format.
The specific course learning outcomes associated with this assignment are:
· Determine appropriate access controls for information systems within IT infrastructures.