7CCSMSEM
Security Management
Tutorial Week 9 Recall GANT from previous tutorials:
Question 1. The officers of GANT are deciding whether they should put in place robust business continuity management or disaster recovery plans, but they are not quite sure about the difference between them. Explain the difference.
Question 2. After your explanations they understand they will need both. In particular, they have started drafting a disaster recovery plan. What should the document of that plan include?
Question 3. GAN have heard about the ¡°human factor¡± in security and are concerned about putting in place security controls that are as usable as possible. What are the three main guideline advice that you would give them towards that aim?
Now let¡¯s talk about King¡¯s:
Recently (true story!!), CoreHR, a new system for managing some of the HR services, has been introduced. According to the College:
¡°The vision for CoreHR in King¡¯s is an internet-based suite of digital services, which can be accessed from anywhere, at any time, using multiple different types of device. Some of the functionality rolling in the next service releases such as booking annual leave, family friendly leave approval, manager requests and online payslips are designed to fit with a mobile workforce, working in a more agile manner with minimal barriers to use.
As CoreHR does not support Captcha, it is a potential target for brute force attacks, so with this in mind password length and complexity are the primary controls available for this system. The current password restrictions have been set in accordance to the recommendation of the King¡¯s IT Cyber Security Team. They have recommended that passwords should be 15 characters long with expiry set at 180 days.¡±
Question 4. What do you think about this password standard? As a security consultant, what would be the advice you would give to KCL¡¯s IT services?