ESOFT HND COURSE

2nd semester
SECURITY

EMC CYBER

Binadi Jayarathne
Student Declaration

EMC Cyber Page 1

I hereby, declare that I know what plagiarism entails, namely to use another’s work and to
present it as my own without attributing the sources in the correct way. I further understand
what it means to copy another’s work.

1. I know that plagiarism is a punishable offence because it constitutes theft.

2. I understand the plagiarism and copying policy of the Edexcel UK.
3. I know what the consequences will be if I plagiarize or copy another’s work in any of
the assignments for this programme. .
4. I declare therefore that all work presented by me for every aspects of my programme,
will be of my own, and where I have made use of another’s work, I will attribute the
source in the correct way.
5. I acknowledge that the attachment of this document, signed or not, constitutes a
binding agreement between myself and Pearson UK.
6. I understand that my assignment will not be considered as submitted if this document
is not attached to the main submission.

Student’s Signature: Date: 13/07/2022

(Provide E-mail ID) (Provide Submission Date)

The CIA triad

EMC Cyber Page 2

A Brief Introduction

Confidentiality

C.I.A.
TRIAD

Integrity Availability

CIA stands for Confidentiality, Integrity and Availability. It is a highly efficient security
model that is used to form the basis of the development of security systems and policies. The
origin of this triad is unclear but it is said that even war generals such as Julius Caesar used
this model to safeguard critical information.

Confidentiality, the first factor, means that data should be kept secret, private and out of reach
from individuals who aren’t supposed to access them. For example, bank accounts must only
be accessed by the owner and the relevant employees in the bank and not anyone else.
Integrity involves in making sure that your data is trustworthy and free from being subjected
to unnecessary changes. The integrity of data only remains if it is authentic, accurate and
reliable. But there would be point in the first two factors if not for the last one. Availability
means that data must be available for individuals to whom they serve. This means individuals
who have access to specific information must be able to access it whenever they need
wherever they are, without having to wait for an inordinate amount of time. These three key
components in maintaining security can be compromised accidentally or deliberately.

How can the CIA triad be used to enhance the security of the EMC CYBER company?

1) Protecting the confidentiality of data

The confidentiality of data can be violated deliberately by attackers who may engage
in network spying and gaining access to credentials and therefore hacking into the
network system of the company or by positioning themselves in the stream of
information and intercepting data to steal or alter it. It may also happen accidentally
by our own mistakes. Employees may share their credentials with someone else or
login while someone is watching. These threats can be avoided by following the
below steps brought up by the concept of confidentiality.

EMC Cyber Page 3

 1. Using multi-factor authentication. (MFA)
MFA is an authentication method that requires the user to provide two or more
verification factors to gain access to a resource.
a. Set up a two or three step verification method to gain login to each
employee’s account.
Example:
Three step verification

2. Classifying data and encrypting restricted data.

Data can be classified under 4 main levels,
1. Public
2. Internal-only
3. Confidential
4. Restricted
From these 4 types, restricted data needs more privacy and security than the other
types.

a. Classify data and information in the company into these types according to
the privacy and security level.
b. Identify and label restricted data and collect them into one folder.
Example:
Financial data, IP addresses etc.
c. Encrypt restricted data.
Example:
Use full-disk encryption(FDE)
Whole disk encryption encrypts the entire disk including swap files,
system files, and hibernation files. If an encrypted disk is lost, stolen, or
placed into another computer, the encrypted state of the drive remains
unchanged, and only an authorized user can access its contents. It is the
most secure way to encrypt or hide data and it supports most OS. You can
get access to the data by a password or pin.

3. Enabling access control policies

EMC Cyber Page 4

 Internal control policies and procedures are checks that help protect a company
from internal threats, such as theft, embezzlement and mismanagement of funds
by employees, suppliers or customers.
a. Physical audit policy
Physical Security Audit covers the approaches, fencing, entry/exit points at
the perimeter, parking areas, lighting, control rooms in the innermost
secure area etc. in the company building. Therefore, by physical auditing
all the company’s physical security measures will be inspected regularly.
b. Approval Authority Policy
This policy establishes the approval authority that is required for each type
of transaction before it can be executed. Therefore, no employee can do
any type of transaction without getting the permission and approval of the
authority.
c. Standardized document policy
Standardised documents have a consistent appearance, structure and
quality, and should therefore be easier to read and understand. Hence,
every employee must produce documents according to a given set of
standards.
d. Separation of duties policy
Separating duties and assigning an employee for each duty will increase
the security of each activity happening within the company since the
person assigned will be held responsible for any mismanagement of the
given duty.

The separation of duties concept prohibits the assignment of responsibility to one

person for the acquisition of assets, their custody, and the related record keeping.
For example, one person can place an order to buy an asset, but a different person
must record the transaction in the accounting records.

2) Maintaining the integrity of data

Data can be altered and edited in many ways by people who are interested in
damaging the reputation of the company. To do this an attacker may bypass the
intrusion detection system, gain unauthorised access and even cover up the attack
using different methods. Alothough Integrity is often violated deliberately; it can also
be compromised accidently because of an employee’s careless mistake. Given below
are some security policies made using this factor to safeguard data and information.
1. Hashing
2. Using digital signatures and certificates
3. Employing trustworthy certificates for websites
4. Non-repudiation

EMC Cyber Page 5

 3) Making data available to those who have access
For availability to be ensured all systems, networks and applications in the company
must be functioning as they should and when they should without unnecessary delay.
Availability can be sabotaged deliberately by Denial-of-service (DoS) attacks and
ransom ware. Data and information can also be unavailable because of unavoidable
reasons such as country/island wide power outages and natural disasters etc.
Given below are some ways to make data and information available to those who
access.
1. Staying alert on upgrades
2. Using redundant networks, servers and applications
3. Having backups and full disaster recovery plans

EMC Cyber Page 6

 Threats, Vulnerabilities and Risks and how to deal with them.

What are Threats?

A threat exploits a vulnerability and can damage or destroy an asset. They have the potential
to steal or damage data, disrupt business, or create harm in general. Threats in cyber security
are often called cyber threats. These threats can be divided into 3 main parts.

Intentional threats
Threats

Unintentional threats

Natural threats

Intentional threats are methods like malware, ransomware, phishing, malicious code that are
used to intentionally compromise a security or software system.

Unintentional threats often occur by human error. Being unaware about threats, leaving
sensitive information unmonitored, not doing regular updates when needed and simply
keeping the door open for thieves to sneak in are some of the many ways these threats could
occur.

Natural threats are acts of nature such as floods, tornadoes, earthquakes etc. While they aren’t
typically associated with cyber security, they are unpredictable and can damage your assets.

Below are some threats that may have an impact on the EMC Cyber Company.

1. Computer Virus

EMC Cyber Page 7

The most well-known computer security threat. It is a program written to alter the way a
computer operates, without the permission or knowledge of the user. A virus replicates and
executes itself, usually doing damage to your computer in the process. Carefully evaluating
free software, downloads from peer-to-peer file sharing sites, and emails from unknown
senders are crucial to #to-date antivirus software. Every virus has a payload that performs an
action. The threat actor can code any malicious activity into the virus payload, including
simple, harmless pranks. While a few viruses have harmless payloads, most of them cause
damage to the system.

2. Trojan Horse

A Trojan Horse Virus is a type of malware that downloads onto a computer disguised as a
legitimate program. When the program is downloaded the malicious codes that the attacker
hid in the program will execute the task the attacker designed it for, such as gain access to
corporate systems, spy on user’s online activity or steal sensitive data.Just like the actual
Trojan horse, a real enormous wooden horse, in which the enemies of the city of Troy were
able to get inside the city gates pretending the horse was a gift. When inside the soldiers
inside the horse climbed out and let the rest in as well.

There are a few elements of the history of the real Trojan horse makes it an appropriate name
for these types of cyber attacks :

 In the original story, the attackers hadn’t succeeded in defeated the city’s defence
system for 10 years until they came up with the Trojan horse. Similarly, this type of
malware can be a good way to get behind an otherwise tight set of defences.
 The Trojan horse appeared to be a legitimate gift, just like how the Trojan virus seems
to be a legitimate system.
 The soldiers in the Trojan horse controlled the city’s defence system. Similarly, the
malware takes control of your computer, potentially leaving it vulnerable to other
“invaders”.

EMC Cyber Page 8

Unlike computer viruses, a Trojan horse cannot manifest by itself, so it needs a user to
download the server side of the application for it to work. A Trojan virus spreads in many
ways. Some of the most common ways are given below.

 By legitimate-looking emails and files attached to emails

 Through social engineering tactics ( banner advertisements, pop-up advertisements,
links on websites )
 From one computer to another by sharing malware without the knowledge of the user
 In smartphones and tablets using a strand of mobile malware.
Trojans Malware varies according to cyber criminals’ need to carry out different actions and
different attack methods. The most common types include:

Backdoor Trojan
Banker Trojan
Distributed denial-of-service Trojan
Downloader Trojan
Exploit Trojan

3. Computer worm

A computer worm self-replicates and infects other uninfected computers while remaining
active on infected systems. It often does this by exploiting parts of an operating system that
are automatic and invisible to the user. It is common for worms to be noticed only when their
uncontrolled replication consumes system resources, slowing or stopping other tasks.

How do computer worms work?

Computer worms rely on the actions of, and vulnerabilities in, networking protocols to
propagate. After a computer worm loads and begins running on a newly infected system, it
will remain active on an infected system for as long as possible and to spread to as many
other vulnerable systems as possible. Worms can also be disguised to look like a
nonthreatening resource, such as work file or link, which a user clicks on or downloads, only
to later be revealed as a worm. Worms can also spread through USB Drives.

There are several types of malicious computer worms:

EMC Cyber Page 9

Email worms
File-sharing worms
Crypto worms
Internet worms
Instant-messaging worms

4. Bots

A ‘bot’ – short for robot – is a software program that performs automated, repetitive, pre-
defined tasks. Bots typically imitate or replace human user behaviour. Because they are
automated, they operate much faster than human users. They carry out useful functions, such
as customer service or indexing search engines, but they can also come in the form of
malware – used to gain total control over a computer. A bot can also appear as a warning
saying that your computer will get a virus if you do not click on the associated link. Clicking
the link subsequently infects your computer with a virus. Internet bots can also be referred to
as spiders, crawlers, or web bots.

Malware bots and internet bots can be programmed/hacked to break into user accounts, san
the internet for contact information, to send spam, or perform other harmful acts. To carry out
these attacks and disguise the source of the attack traffic, attackers may distribute bad bots in
a botnet. ( a bot network ) A botnet is a number of internet connected devices, each running
one or more bots, often without the device owners’ knowledge. Because each device has its
own IP address, botnet traffic comes from numerous IP addresses, making it harder to
identify and block the source of the malicious bot traffic. Botnets can often grow themselves
by using devices to send out spam emails, which can infect more machines.

One of the most common ways in which bots infect your computer is via downloads.
Malware is delivered in download format via social media or email messages that advise
clicking a link. The link is often in picture or video form, with either containing viruses and
other malware. If your computer is infected with malware, it may be part of a botnet. While
malware bots create problems and issues for organizations, the dangers for consumers include
their potential for carrying out data and identity theft, keylogging sensitive information such
as passwords, bank details and addresses, and phishing.

EMC Cyber Page 10

Malicious bots can easily go unnoticed. They are easily hidden within a computer and often
have file names and processes similar if not identical to regular system files or processes.

Examples of malicious bots include:

Spambots
Malicious chatterbots
File-sharing bots
Credential stuffing
DoS or Ddos bots

5. Adware

Adware is unwanted software designed to throw advertisements up on the user’s screen, most
often within a web browser. It uses an underhanded method to either disguise itself as
legitimate, or hide itself within another program to trick the user into installing it on their
device. Once adware hijacks someone’s device, it might carry out all sorts of unwanted tasks.
The software's functions may be designed to analyse the location and which Internet sites the
user visits, and then present advertising pertinent to the types of goods or services featured
there. While adware is more of a nuisance than a harmful malware threat to cyber security, if
the adware authors sell the user’s browsing behaviour and information to third parties, they
can even use it to target the user with more advertisements customized to the user’s viewing
habits.

Some types of adware are: Mobile/android adware

Mac Adware
Windows adware

EMC Cyber Page 11

 6. Ransomware

Ransomware is a form of malware designed to encrypt files on a device, rendering any files
and the systems that rely on them unusable. Malicious actors then demand ransom in
exchange for decryption.

What are Vulnerabilities?

Vulnerabilities are a weaknesses in your hardware, software or procedures. They can be

exploited by threats like a cyber attack to gain unauthorized access or to perform
unauthorized actions on a computer system. There are 4 main types of security
vulnerabilities.
V ulen rability

Network vulnerabilities

OS vulnerabilities

Human vulnerabilities

Process vulnerabilities

Network vulnerabilities are issues with a network’s hardware or software that expose it to
intrusion by someone outside. Examples include, insecure Wi-Fi access points and poorly-
configured firewalls.

OS vulnerabilities or operating system vulnerabilities are weaknesses within an operating

system that hackers may exploit to gain access to an asset the OS is installed on.

EMC Cyber Page 12

Human vulnerabilities are errors done by humans themselves. This is the weakest link in
many cyber security networks. Human errors can easily expose sensitive data or disrupt
systems.

Process vulnerabilities are vulnerabilities created by specific process controls or a lack of

them. One example would be the use of weak passwords. ( which can also be taken as a
human vulnerability)

What are risks?

Cyber risk is the intersection of assets, threats and vulnerabilities. It’s the potential for loss,
damage or destruction of an asset when a threat takes advantage of a vulnerability. If you put
it in another way:

Threats Vulnerability Risk

EMC Cyber Page 13

 Facilitating a trusted network
DMZ
A DMZ Network is a perimeter network that protects and adds an extra layer of security to an
organization’s internal local-area network from untrusted traffic. Because of this a DMZ would
be very efficient when ensuring that EMC CYBER is a ‘trusted network’.A common DMZ is a
subnetwork that sits between the public internet and private networks.

The end goal of a DMZ is to allow an organization to access untrusted networks, such as the
internet, while ensuring its private network or LAN remains secure. Organizations typically store
external-facing services and resources, as well as servers for the Domain Name System (DNS),
File Transfer Protocol (FTP), mail and web servers in the DMZ. 

These servers and resources are isolated and given limited access to the LAN to ensure they can
be accessed via the internet but the internal LAN cannot. As a result, a DMZ approach makes it
more difficult for a hacker to gain direct access to an organization’s data and internal servers via
the internet.

The main benefit of a DMZ is to provide an internal network with an advanced security layer by
restricting access to sensitive data and servers. A DMZ enables website visitors to obtain certain
services while providing a buffer between them and the organization’s private network. As a
result, the DMZ also offers additional security benefits, such as:

1. Enabling access control: Businesses can provide users with access to services outside the
perimeters of their network through the public internet. The DMZ enables access to these services
while implementing network segmentation to make it more difficult for an unauthorized user to
reach the private network. A DMZ may also include a proxy server, which centralizes internal
traffic flow and simplifies the monitoring and recording of that traffic.

2. Preventing network investigation: By providing a buffer between the internet and a private
network, a DMZ prevents attackers from performing the investigation work they carry out the
search for potential targets. Servers within the DMZ are exposed publicly but are offered another
layer of security by a firewall that prevents an attacker from seeing inside the internal network.
Even if a DMZ system gets compromised, the internal firewall separates the private network from
the DMZ to keep it secure and make external investigation difficult.

3. Blocking Internet Protocol (IP) fooling: Attackers attempt to find ways to gain access to
systems by spoofing an IP address and impersonating an approved device signed in to a network.
A DMZ can discover and stall such spoofing attempts as another service verifies the legitimacy of

EMC Cyber Page 14

the IP address. The DMZ also provides network segmentation to create a space for traffic to be
organized and public services to be accessed away from the internal private network.

Static IP address

 A static IP address can be thought of as a non-changing internet address for a business. Much

like a physical street address, a static IP address can tell other computers or servers on the
internet exactly where a specific computer is located or connected to the internet. This is
useful for many small businesses that have internet-related needs, such as hosting a web,
email or an FTP server, remote access to a corporate network, or hosting a webcam for video
streaming and videoconferencing applications.

Having Static IP addresses can help in many ways when it comes building an entrusted
system. Some of these ways are list down below,

 Remote-access convenience: For businesses that use a virtual private network (VPN)

or other remote-access solution, a static IP address can make it much easier for
employees to work remotely.
 Reliability of communications: It is much easier to use Voice over Internet Protocol
(VoIP) for voice and video communications applications such as teleconferencing.
 Server hosting: For businesses hosting any kind of server, such as web servers, email
servers or other internet servers, a static IP address makes it easier for customers and
employees to find them via the Domain Name System (DNS).
 Improved DNS support: Having a static IP address greatly simplifies the setup and
management of DNS servers and makes it quicker and easier for customers to find a
business’s websites and services

NAT

Network Address Translation (NAT) is a process that enables one, unique IP address to,
represent an entire group of computers. In network address translation, a network device,
often a router or NAT firewall, assigns a computer or computers inside a private network a
public address. In this way, network address translation allows the single device to act as an
intermediary or agent between the local, private network and the public network that is the
internet. NAT’s main purpose is to conserve the number of public IP addresses in use, for
both security and economic goals.

It conserves IP addresses by enabling private IP networks using unregistered IP addresses to

go online. Before NAT forwards packets between the networks it connects, it translates the
private internal network addresses into legal, globally unique addresses.

EMC Cyber Page 15

NAT configurations can reveal just one IP address for an entire network to the outside world
as part of this capability, effectively hiding the entire internal network and providing
additional security. Network address translation is typically implemented in remote-access
environments, as it offers the dual functions of address conservation and enhanced security.

EMC Cyber
Disaster
Recovery Plan

EMC Cyber Page 16

 Binadi Jayarathne
Introduction
Many disasters can quickly knock out your entire corporate network or database. If you don’t
have a disaster recovery plan in place, chances are that the consequences will be severe. The
National Archives and Records Administration reports that 93 percent of companies that
experience data loss and downtime, extending for 10 or more days, will file for bankruptcy
within 12 months. In addition, 43 percent of companies that do not have a disaster recovery
plan will go out of business in the aftermath of major data loss.
A disaster recovery plan describes scenarios for resuming work quickly and reducing
interruptions in the aftermath of a disaster. It is a documented, structured approach that
describes how an organization can quickly resume work after an unplanned incident.
The obvious benefit of having a disaster recovery plan is business continuity, regardless of
the circumstances. Having a strategic approach to business continuity can help a company in
a number of other important ways. It is an essential part of a business continuity plan. The
plan consists of steps to minimize the effects of a disaster so the organization can continue to
operate or quickly resume mission-critical functions. Typically, a DRP involves an analysis
of business processes and continuity needs. As cybercrime and security breaches become
more sophisticated, it is important for an EMC Cyber to define its data recovery and
protection strategies. Moreover, with the current economic crisis of the country and the
Covid19 virus forcing employees to work from home, disaster can struck anytime anywhere
whether it’s voluntary or involuntary. The ability to quickly handle these kinds of incidents
can reduce downtime and minimize financial and reputational damages. This DRP will also
help EMC Cyber meet compliance requirements, while providing a clear roadmap to
recovery.

EMC Cyber IT Disaster Recovery Plan Revision History

Revision Date Name Description

N/A 25/05/2022 Binadi Jayarathne First DRP

EMC Cyber Page 17

Table of Contents
1)EMC Cyber IT Disaster Recovery Plan Revision history
………………………………………………………………………………………….……02
2)Statement of Intent & Policy Statement
…............................................................................................................................................05
3)Objectives ………………………………………………………....
…………………………………….05
4)Key Personnel Contact info
…………………………………………………………………………………..………......06
5)Notification Calling Tree …………………………………………………………………...
………………………..…07
6)External Contacts
……………………………………………………………………………..….……………..08
1.Plan Overview …………………………………………………………………………….….
……………...09
1.1.Plan Updating
…………………………………………………………………………………….…………09
1.2.Plan Documentation Storage
……………………………………………………………………………………………….09
1.3.Back Strategy
………………………………………………………….…………………………………....09
1.4.Risk Management
………………………………………………………………………………………...……..10
2.Emergency …………………………………………………….
………………………………………....12
2.1.Assembly Points ………………………………………………………………………..
…………...………...12
2.2.Emergency Response Team(ERT)
……………………………………………………………………………………..………..12
2.3.Disaster Recovery Team(DRT)
………………………………………………………………………………………………12
2.4.Emergency Alert, Escalation and DRP Activation
………………………………………………………………………………………………12
3.Media
…………………………………………………………..…………………………………..13
3.1.Media Contact
…………………………………………………………..…………………………………..13
3.2.Media Strategies
…………………………………………………………..…………………………………..13
3.3.Media Team
…………………………………………………………..…………………………………..13

EMC Cyber Page 18

3.4.Rules for dealing with media
…………………………………………………………..…………………………………..13
4.Insurance …………………………………………………………..
…………………………………..14
5.Financial and Legal Issues
………………………………………………………………………………….…………...15
5.1.Financial Assessment
……………………………………………………………………….……………..……….15
5.2.Financial Requirements
………………………………………………………………………………………………15
5.3.Legal Actions
……………………………………………………………………………….…………..….15
6.DRP Exercising
………………………………………………………………………………………………16

EMC Cyber Page 19

1)Statement of Intent
This document consists of all the policies and procedures that should be followed and put in
to action in case of an emergency. Our process-level plans for recovering critical technology
platforms and the telecommunications infrastructure are also included. In an event of a real-
life emergency, modifications may be made to ensure physical safety of our company’s
people, data and systems.
Our mission is to have minimum downtime, fast data recovery in the face of disaster, hence,
ensuring business continuity and efficiency in EMC Cyber.

2)Policy Statement
Corporate management has approved the following policy statement:
 The disaster management team of the company shall design a widespread IT disaster
recovery plan.
 A formal risk assessment shall be undertaken for the determination of the
requirements for the disaster recovery plan.
 The disaster recovery plan should cover all essential and critical infrastructure
elements, systems and networks, in accordance to the main business activities.
 The disaster recovery plan should be tested in a virtual environment tested once every
couple of months so that it can be implemented in emergencies without hesitation and
that the management and staff understand how to act accordingly to it without doubt.

 All staff members must be made aware of the disaster recovery plan and their own
respective roles.
 The disaster recovery plan is to be kept up to date and is to be modified when needed
to avoid future mishaps.

3)Objectives
The main objective of this disaster recovery plan (DRP) is to for it to be well-structured,
comprehensive and easily understood so that it will be most helpful to maintain the business
continuity of our company, EMC Cyber, in case of an anticipated or unforeseen disaster.
Further objectives are as follows:

EMC Cyber Page 20

  Ensuring that the management and staff fully understand their role in implementing
the plan.
 Ensuring that operational policies are followed.
 Ensuring that the proposed plan is profitable to the company.
 Considering the effects on the other company sites.
 Ensuring that disaster recovery capabilities are applicable to key customers and
vendors of the company.

4)Key Personnel Contact Info

Name, Title Contact Option Contact Number

Mrs. Nalini Gunawardhana– CEO Work 011-456-1234
Mobile 071-345-2322
Email Address [email protected]

Mr. Ajitha de Zoysa – Manager Work 011-678-1234

Mobile 077-458-3777
Email Address [email protected]

Ms. Samadhi Nisansala - Business Work 011-875-1234

Continuity/ Backup Disaster
Recovery Head
Mobile 071-879-3900
Email Address [email protected]

Mr. Edward De Silva – Head Fire Work 011-693-1234

Warden
Mobile 077-253-3964
Email Address [email protected]

Mr. Anjana Gunasekara – Head of Work 011-911-1234

Security
Mobile 078-368-5535

EMC Cyber Page 21

 Email Address [email protected]

5)Notification Calling Tree

In case of a disaster, the person who identified it must immediately contact the first two
contacts in the diagram given below.

Team Wardens
Ayan Abbas Samadhi Nisansala
011-345-1234 011-875-1234
077-678-3333 071-879-3900
Team Leads

Person identifying
incident
Edward De Silva
011-693-1234
David Williams Nalini Gunasekara 077-253-3964
011-387-1234 011-456-1234
071-778-3441 071-345-2322 Anjana Gunasekara
011-911-1234
078-368-5535

EMC Cyber Page 22

6)External Contacts

Name, Title Contact Option Contact Number

Duke Loft – Property Manager Work 011-456-1111

Mobile 077-173-7812

Email Address [email protected]

Sam Feldt - Electricity Company Work 011-456-4444

Mobile 074-145-7452

Email Address [email protected]

Bart Simpson - Telecom Work 011-222-3333

Mobile 077-244-3579

Email Address [email protected]

Tony Strange - Hardware Supplier Work 011-456-4486

Mobile 072-654-4577

EMC Cyber Page 23

 Email Address [email protected]

Johnny De Silva - Insurance Work 011-456-0123

Mobile 078-788-2369

Email Address [email protected]

Thomas Pereira - Off/recovery site Work 011-478-1597

Mobile 077-777-7776

Email Address [email protected]

1. Plan Overview

1.1. Plan Updating

The DRP will be updated whenever mistakes are recognized during a disaster. This updating
process must be properly structured and controlled. Whenever a change is needed, it will be
fully tested before updating the plan. All of these procedures will be controlled under the IT
director.

1.2. Plan Documentation Storage

Hardcopies and softcopies (as PDFs) of the plan will be given to the senior management and
the members of the disaster management team. A master protected copy will also be stored
on specific resources established for this purpose.

1.3. Backup Strategy

All key processes in the company will have a backup strategy as mentioned below. It will
mainly take place in a recovery site. This is a fully mirrored duplicate site which will enable
immediate switching between the live site (headquarters) and the backup site.
Live site (headquarters) address: 64/1, Gamunu Street, Colombo 07.
Recovery site address: 2/28, 4th lane, Barrel Avenue, Nugegoda.
Business Process Backup Strategy

EMC Cyber Page 24

 Call Center Work from home

Tech Support – Hardware Recovery site

Tech Support – Software recovery site

Human Resources Recovery site

IT operations Recovery site

Warehouse and Inventory Recovery site

Facilities Management Recovery site

Finance Recovery site

Sales (product and maintenance) Recovery site

Purchasing Recovery site

Email Work from home

1.4. Risk Management

There are many potential disruptive threats which can occur at any time and affect the normal
business process. We have considered and examined a wide range of potential threats, as
given below. By examining them, we have come to conclusions of the level of disruption
each threat may cause to the company.
Potential Disaster Probability Rating Impact Rating Curative actions

Power outage/failure 1 4 Use of UPS

Auto standby
generator (tested
regularly)

Act of 4 2 CCTV cameras

Sabotage/Thievery
Strong security
system

Direct line to nearby

police station

EMC Cyber Page 25

 through security
officer

Nearest police
station: Town hall
Police station,
Colombo 7

Flood/water damage 4 4 All critical devices

and systems located
on the 1st floor and
above.

Fire 3 4 Fire extinguishers on

all floors.

Fire and smoke

detectors on all
floors.

Practiced fire drill.

Hardware failure 3 4 Regular backup and

maintenance of all
hardware devices.

In-charge of all
company’s hardware
devices – Mr.
Marcus Fernando
(Tel no. : 077-123-
7653)

Malware attacks 2 2 Anti-virus software

on all devices,

EMC Cyber Page 26

 private or belonging
to the company.
Anti-virus software
used- ESEC anti-
virus software)

Regular software
updates on all
devices.

Probability: 1=Very high

(1-5) 5=Very Low
Impact: 1=Total destruction
(1-5) 5=Minor annoyance

2. Emergency

2.1. Assembly Points

In case of an evacuation, the DRP plan identifies two assembly points.
Primary: Main parking lot
Alternate: NSC ground situated behind the company

2.2. Emergency Response Team (ERT)

In case of a disaster, the ERT ( Emergency Response Team) must be activated immediately.
Then the ERT will decide up to what extent the DRP should be evoked. All employees must
be issued a quick reference card containing ERT contact details.
Head of ERT- Ms. Samadhi Nisansala
Responsibilities of this team are as follows,
 Respond immediately to a potential disaster and call emergency services.
 Assess how much damage the disaster may do to the company.
 Assemble the Disaster Recovery Team. (refer 2.3.)
 Decide which elements of the DRP should be executed.
 Ensure all employees are notified and allocate responsibilities as needed.
 Notifying employees and guiding them to the necessary assembly points, in case of an
evacuation.

EMC Cyber Page 27

2.3. Disaster Recovery Team(DRT)
The team will be contacted and assembled by the business continuity/backup disaster
recovery head and head of ERT, Ms. Samadhi Nisansala. The team’s responsibilities include:
 Establish facilities for an emergency level of service within 2.0 hours
 Restore key business procedures within 4.0 hours of the incident
 Recover all business procedures within 8.0 to 24.0 hours after the incident

2.4. Emergency Alert, Escalation and DRP Activation

In an emergency situation, the ERT must be contacted immediately.
In any case any the ERT members can’t be contacted, the below individuals must be
contacted.
I. Mrs. Minna Kwafosky : 077-456-8791
II. Mr. Nakamura Yamada : 071-345-5562
The ERT will then assess the situation and assemble the DRT.
The DRT will then get to work on re-establishing the company’s business continuity.
All employees will be given a role to play in recovering from the disaster. If any employee is
unavailable or incapacitated to do their part of the DRP, a backup staff member will perform
necessary services.

3. Media

3.1. Media Contact

The media team (refer 3.3.) will coordinate with the media, working according to previously
approved guidelines.

3.2. Media Strategies

I. Avoiding adverse publicity.
II. Take advantage of opportunities for useful publicity.
III. Having precise responses for basic questions such as,
 What happened?
 How did it happen?
 What are you going to do about it?

3.3. Media team

 Mr. Kannasami Narayan – 077-877-3333

EMC Cyber Page 28

  Mrs. Rhani Narayan – 071-323-4455
 Mr. P. Kodithuwakku – 074-567-7888

3.4. Rules for dealing with media

Only the media team has permission to get in contact with the media; anyone else contacted
should refer callers or in-person media representatives to the media team.
Always keep the good name of the company.

4. Insurance
Insurance policies are also a part of the DRP for it is an important business continuity
strategy. These policies include, errors and omissions, liability and business interruption
insurance.
Policy Coverage Amount of Person Next Renewal
Period Coverage Responsible for Date
Coverage
General liability 02 years 100,000 Mr. Indika 01/01/2024
insurance Dayarathne
Directors and 02 Years 120,000 Mrs. Anupama 01/01/2024
officers liability Perera
insurance
Property 03 Years 900,000 Mrs. Chen Yee 01/01/2025
insurance
Vehicle 03 Years 800,000 Mr. M. Nazeem 01/01/2025
insurance
Business 01 Year 1,000,000 Mr. Shawn 01/01/2023

EMC Cyber Page 29

interruption Oakland
insurance

5. Financial and Legal Issues

5.1. Financial Assessment

The ERT shall prepare an initial assessment of the impact of the incident on the financial
affairs of the company. The assessment should include:

 Loss of financial documents

 Loss of revenue
 Theft of check books, credit cards, Salary slips etc.
 Loss of cash

5.2. Financial Requirements

The immediate financial needs of the company must also be addressed by the ERT.
These may include,

 Cash flow position

EMC Cyber Page 30

  Upcoming payments
 Availability of company credit cards to pay for supplies and services
 Temporary burrowing capability

5.3. Legal Actions

The legal team and Emergency response team shall work together and review the aftermath
of the incident and decide whether there may be legal actions resulting from the disaster.

The following individual can be contacted if any legal assistance is needed:

Mrs. Mione Granwill – 071-385-5437

6. DRP Exercising

To launch a successful disaster recovery plan into action smoothly and efficiently with a
minimum number of mistakes, every employee must play their assigned role properly. To do
this everyone should have their duty practiced and rehearsed more than one time. Therefore,
DRP exercises are a crucial part of the DRP. No one fails or passes in these exercises and no
one will be judged on them. They will be done simply to ensure that all members of the
emergency teams as well as everyone who has at least a small part in the DRP are confident
of their capabilities, familiar with their roles and well-practiced and ready whenever a
disastrous situation unravels itself.

EMC Cyber Page 31

EMC Cyber Page 32