Unlock the full potential of your projects.
Show full map

CyberSecurity for Business Continuity

Other
ES
Emerson Son
Get Started. It's Free
or sign up with your email address
Similar Mind Maps Mind Map Outline
CyberSecurity for Business Continuity by Mind Map: CyberSecurity for Business Continuity

1. Technology

1.1. Malware / Ransomware

1.1.1. IT Man: 100% computers / servers install AV (McAfee)

1.2. Patching

1.2.1. IT Man: request local Infrastructure Team to do patching MONTHLY. For example: MM Servers was patched from March.

1.3. Backup & Restore

1.3.1. IT Man: request local Infrastructure Team to do backup and check for the result. If backup fails for any reasons, must manually run it again until success

1.4. Monitoring

1.5. iOT devices

1.5.1. IT Man: Review all iOT devices, especially printers & camera in our network.

1.6. MFA

1.6.1. IT Man: Advice users to apply MFA to both personal & company accounts. Normally we use company device to access personal social media services

1.7. Secure Remote Desktop Servers

1.7.1. IT Man: emphasis the important of securing remote desktop server (especially for servers that published to internet)

1.8. Email O365 Security

1.8.1. Emerson: working with Victor & Group IT for improve the filtering

1.9. Cisco Meraki Firewall

1.9.1. IT Man: request IO team to review the firewall rules & other security configuration on Cisco Meraki

2. Join-venture

2.1. MM: Belga FAST server is in MM DC - using De HEus network

3. People

3.1. Prior

3.1.1. Documentation / Knowhow / KB

3.1.1.1. Task : Update document

3.1.1.2. Emerson to check

3.1.2. Training

3.1.2.1. Object: train technical guys can handle the crisis situation to build up the ciritical systems

3.1.2.2. Username / password (dedicated)

3.1.2.3. Fred: [HR] Dont have proper success plan. (Covid-19, long holiday): Poc refer to add dba profile in BUs. Action: MM (will consider) ID (discuss with Kay about dba profile) VN (Hardy & Fred are backup for each other) Poc: discuss with James about current resource in VN

3.2. During

3.2.1. Communication Plan

3.2.1.1. Internal: local / regional / group

3.2.1.1.1. ID & MM: Use template from VN and customize for each BUs Arrange 1 session to make it final - Take out sensitive information

3.2.1.2. Software supplier / Internal Bussiness Partner

3.2.1.2.1. Support contract include the recovery support: Thuan & Nhan ID: Louis to keep relationship with thoses supplier, arrange the support in advance.

3.2.1.2.2. Contact points in critical situation

3.2.2. Team-member Availability

3.2.2.1. IT Managers : "rescure team" agreement Short term: Share the holiday plan for other relevent colleagues Long term: ... cost vs benefit : outsource or internal ... consider to sign contract with PCS/ ERP (CDN / Dynamic) ... compare ...

3.3. After

3.3.1. Lesson Learnt

3.3.1.1. Apply to other BUs

3.3.1.1.1. MM: Clara update to Emerson about folow action....after ransomware

4. Process

4.1. Incident Response Process

4.1.1. MM & ID: revisit the process and implement it

4.1.2. Emerson to send again

4.2. DRP process

4.2.1. Backup Readiness

4.2.1.1. Production

4.2.1.2. Backup on NAS/SAN

4.2.1.3. Replicated to DR

4.2.1.4. Replicated to Cloud

4.2.2. Recovery Procedure

4.2.3. 4 steps

4.2.3.1. Risk Analyze

4.2.3.1.1. Emerson to do the risk analys with each IT Man

4.2.3.1.2. Quick win

4.2.3.1.3. Estimated to completed: End of September

4.2.3.2. BIA

4.2.3.2.1. Critical Business Function

4.2.3.2.2. Impacted process

4.2.3.2.3. IT Man: map it to sale volume (quantity)

4.2.3.2.4. Emerson: arrange the BIA template

4.2.3.3. Develop DRP Plan

4.2.3.3.1. DRP Metrics

4.2.3.3.2. 1. Emerson to build completed DRP plan which listed most common scanerios. (standard template from DRP theory)

4.2.3.4. Excercise

4.2.3.4.1. 1. IT Managers commitment for testing (secure the resource) ...

4.2.3.4.2. James: latest Nov... (avoid Year-end: Dec & Jan)