● Business Continuity Plan
● Disaster Response Plan
● Training and Awareness
● Security Certainty

Business Continuity Plan
A Business Continuity Plan (BCP) is a document that consists of the critical
information (plan) an organization needs during a time of emergency or
These risks ranges from cyberattacks to natural disasters to human error.
In BCP, the plans and procedure are developed through a regular program
of personal training, plan testing and maintenance.
A proper BCP decreases the chance of a costly outage.

Business Continuity Plan
A business continuity plan has three key elements:
● Resilience
● Recovery
● Contingency

Steps for BCP
A business continuity plan involves the following:
1. Analysis of organizational threats
2. listing primary tasks that required to keep the organization operational
3. Easily located management contact information
4. Explaining staff about emergency exit plan if disastrous event occur.
5. Information of data backups and organization site backup
6. Collaboration among all department of the organization
7. Buy-in from everyone in the organization
Disaster Recovery Plan:
A disaster recovery plan (DRP) include set of procedures to recover and
protect a business IT infrastructure to unplanned incidents.
The disaster could be natural, environmental or man-made.
Man-made disasters could be intentional (terrorist attack) or unintentional (
such as the breakage of a man-made dam).
It involves an analysis of business processes and continuity needs.

Disaster Recovery Plan
In Disaster Recovery Planning, the remote sites are constructed to provide
services and continue operations.
Type of secondary sites constructed are:
● Cold Backup Site
● Warm Backup Site
● Hot Backup Site

Disaster Recovery Plan
Issues considered by organization while determining recovery strategy
● Budget
● Resources — people and physical facilities
● Management’s position on risks
● Technology
● Data
● Suppliers
Once disaster recovery strategies have been developed and approved, they
can be translated into disaster recovery plans.

Steps for DRP
A Disaster Recovery Planning involves the following:
1. Establishing the scope of the activity
2. Gathering network infrastructure documents
3. Identifying most serious attacks and vulnerabilities
4. Identifying most critical assets
5. Reviewing the history of unplanned incidents and their results, and
their handled plan
6. Identifying the current DR strategies
7. Identifying the emergency response team
8. Management review and approve the disaster recovery plan
9. Testing the plan
10. Updating the plan when any change is occur in management
11. Implementing a DR plan audit.

Training & Awareness

1. Vulnerability Scanning:
A vulnerability scanner is a computer program designed to assess
computers, computer systems, networks or applications for weaknesses.
It determine where a system can be exploited and/or threatened by
accessing week points.
It use software that find out security flaws and create a database on the
basis of these known flaws.

Security Certainty
1. Vulnerability Scanning:
It generating a report of the findings flaws that an individual or an
enterprise can use to tighten the network’s security.
Most popular vulnerability scanning tools are Microsoft Baseline Security
Analyzer (MBSA), Nmap, Nessus and openVAS.
2. Network Penetration testing:
Penetration testing (also called pen testing) is the method of testing a
computer system or network to find vulnerabilities that an attacker could
Penetration tests are sometimes called white hat attacks because in a pen
test, the good guys are attempting to break in the system and provide
solution to further harden the system.
Pen tests can be automated with software applications or they can be
performed manually.
2. Network Penetration testing:
This process includes gathering information about the target before the
test, identifying possible entry points, attempting to break in and reporting
back the findings.
The main objective of penetration testing is to determine security
Tools used for penetration testing are : Aircrack-ng and Metasploit