UNIT 12- IT Assignment 3:
TECHNICAL Planning IT Support
SUPPORT
, Unit 12 – Assignment 3
Contents
Introduction...........................................................................................................................................2
Incident Response.................................................................................................................................2
Disaster Recovery..................................................................................................................................3
Incident Recovery..................................................................................................................................5
Capacity Planning..................................................................................................................................7
System capacity.....................................................................................................................................8
Sustainability and Environmental Waste Planning................................................................................8
Ergonomics............................................................................................................................................9
Network Diagram...................................................................................................................................9
Evaluation............................................................................................................................................10
,Introduction
As an IT technician, I have been hired by a company which specialises in computer repair. As
a result of this, my manager now provides local businesses with outsourced IT support and
management services. The clients have asked me to create a support plan for their clients.
Incident Response
Specialised teams within organisations called incident response teams (CSIRT) are in charge
of managing and resolving a variety of incidents that could have an effect on the company's
operations, security, or reputation. Usually, they are made up of professionals with
knowledge of IT, cybersecurity, risk management, and communications. The way CSIRT
typically operate and support their companies is by:
Incident response teams respond by setting up the policies, practices, and tools required to
deal with situations in an efficient manner. This might involve putting together incident
response plans, holding frequent exercises, and training sessions, and making sure the right
equipment and technology are available.
Identification: Determining the exact time of an incident is the first stage in incident
response. This could be keeping an eye out for unusual activity on systems, getting reports
from people or automatic warnings, or spotting behaviours that point to a possible issue.
Containment: The main goal after discovering an incident is to reduce its effects and stop it
from . To stop more harm, this may involve putting compromised services on hold, isolating
affected systems or networks, or applying temporary solutions.
Eradication: After the incident has been isolated, the next move is to get rid of the source of
the issue. To stop such occurrences in the future, which can involve eliminating malware,
patching vulnerabilities, restoring from backups, or putting in place long-term fixes.
Recovery: After the incident's removal, priority turns to resuming regular business activities
and recovering any potentially compromised data or services. To stop such situations in the
future, this may involve rebuilding compromised systems, restoring from backups, or adding
further security measures.
Lessons Learned: Lastly, incident response teams will carry out a post-event review to view
what went wrong, why it occurred, and what may be done to stop it from happening again.
This often includes recording lessons learned, revising incident response protocols, and
communicating information to stakeholders within the company.
For example, if a company's servers were targeted by a cyber-attack. The team will prepare,
identify, isolate, and remove the breach. After restoring data and implementing additional
security measures, they will conduct a post-incident analysis to identify weaknesses and
,improve their response capabilities. They will also update plans, enhanced monitoring tools,
and providing staff training to better prepare for future incidents.
Incident response teams assist companies by quickly addressing issues like a critical PC
failure. They identify and contain the problem, restoring functionality. They communicate
with stakeholders, maintain communication, and conduct a thorough post-incident review
to identify weaknesses and implement improvements to strengthen the organisation's
cybersecurity posture.
Another example is that if employees cannot access important documents stored on
internal network. The incident response team will establish protocols and procedures for
handling incidents, identifying potential cyberattacks or technical malfunctions, contain the
damage, eradicate the threat, and restore access to documents. After solving the incident,
they will conduct a post-incident analysis to identify what went wrong, what worked well,
and what needs improvement for future incidents. This information will be used to update
response plans, improve security measures, and provide employee training.
Disaster Recovery
Disaster recovery is a method of repairing and resuming vital IT infrastructure and business
operations after a disaster, such as a hardware failure, cyberattack, or natural disaster. In
order to secure the quick recovery of data, applications, and systems, minimise downtime,
and limit the impact of the disaster on the organisation, it involves putting strategies,
policies, and procedures . In order to ensure business continuity and protect the
organisation's reputation, income, and consumer trust, disaster recovery aims to restore
regular business activities quickly and efficiently.
Disaster Risk Severity Person1 Person2 Justification
Feedback Feedback
Ransomware on It is high risk as Person 1 Person2 stated Upon reviewing
file server all of the suggested to that files should the feedback, I
business’s data have a backup be encrypted, have concluded
is stored in the server in case which means that it is still a
server. anything is lost that even an high-risk
Response time attacker gains situation. So,
is 50 minutes access to the there should be
server, they will backup in order
not be able to prevent
view the files permanent loss
easily of any data,
, which will save
the business
stress and time.
The files should
also be
encrypted,
which ensures
advanced
security so that
not anyone can
just view the
files, and makes
it harder for
people to gain
access to them
Malware High risk since Person1 stated Person2 I choose
the malware to use firewall proposed using person2
will spread to as if someone antivirus as it feedback as the
different accidentally a monitors and antivirus will
computers and phishing email detects any able to
systems thus or an malicious quarantine and
damaging the illegitimate link, malware in files isolate the
organisation. firewall will and in malware,
block it. computers whereas
Response time firewall will not
would be 20-60 able to do it
mins with much high
malware
situations that
can incredibly
damage the
business
Switch failure Medium Person1 Person2 Overall, I will
severity. Switch recommended suggested choose the
failure might flowing power having multiple second
not impact the supply ensuring switches in case prevention as
organisation as that switches of one fails to having multiple
a whole, it may have high take the load switches in case
usually just reliability of one fails to
disrupt the data take the load
transmissions
and bandwidth
speed etc.
Response time
should be 10-30
mins
TECHNICAL Planning IT Support
SUPPORT
, Unit 12 – Assignment 3
Contents
Introduction...........................................................................................................................................2
Incident Response.................................................................................................................................2
Disaster Recovery..................................................................................................................................3
Incident Recovery..................................................................................................................................5
Capacity Planning..................................................................................................................................7
System capacity.....................................................................................................................................8
Sustainability and Environmental Waste Planning................................................................................8
Ergonomics............................................................................................................................................9
Network Diagram...................................................................................................................................9
Evaluation............................................................................................................................................10
,Introduction
As an IT technician, I have been hired by a company which specialises in computer repair. As
a result of this, my manager now provides local businesses with outsourced IT support and
management services. The clients have asked me to create a support plan for their clients.
Incident Response
Specialised teams within organisations called incident response teams (CSIRT) are in charge
of managing and resolving a variety of incidents that could have an effect on the company's
operations, security, or reputation. Usually, they are made up of professionals with
knowledge of IT, cybersecurity, risk management, and communications. The way CSIRT
typically operate and support their companies is by:
Incident response teams respond by setting up the policies, practices, and tools required to
deal with situations in an efficient manner. This might involve putting together incident
response plans, holding frequent exercises, and training sessions, and making sure the right
equipment and technology are available.
Identification: Determining the exact time of an incident is the first stage in incident
response. This could be keeping an eye out for unusual activity on systems, getting reports
from people or automatic warnings, or spotting behaviours that point to a possible issue.
Containment: The main goal after discovering an incident is to reduce its effects and stop it
from . To stop more harm, this may involve putting compromised services on hold, isolating
affected systems or networks, or applying temporary solutions.
Eradication: After the incident has been isolated, the next move is to get rid of the source of
the issue. To stop such occurrences in the future, which can involve eliminating malware,
patching vulnerabilities, restoring from backups, or putting in place long-term fixes.
Recovery: After the incident's removal, priority turns to resuming regular business activities
and recovering any potentially compromised data or services. To stop such situations in the
future, this may involve rebuilding compromised systems, restoring from backups, or adding
further security measures.
Lessons Learned: Lastly, incident response teams will carry out a post-event review to view
what went wrong, why it occurred, and what may be done to stop it from happening again.
This often includes recording lessons learned, revising incident response protocols, and
communicating information to stakeholders within the company.
For example, if a company's servers were targeted by a cyber-attack. The team will prepare,
identify, isolate, and remove the breach. After restoring data and implementing additional
security measures, they will conduct a post-incident analysis to identify weaknesses and
,improve their response capabilities. They will also update plans, enhanced monitoring tools,
and providing staff training to better prepare for future incidents.
Incident response teams assist companies by quickly addressing issues like a critical PC
failure. They identify and contain the problem, restoring functionality. They communicate
with stakeholders, maintain communication, and conduct a thorough post-incident review
to identify weaknesses and implement improvements to strengthen the organisation's
cybersecurity posture.
Another example is that if employees cannot access important documents stored on
internal network. The incident response team will establish protocols and procedures for
handling incidents, identifying potential cyberattacks or technical malfunctions, contain the
damage, eradicate the threat, and restore access to documents. After solving the incident,
they will conduct a post-incident analysis to identify what went wrong, what worked well,
and what needs improvement for future incidents. This information will be used to update
response plans, improve security measures, and provide employee training.
Disaster Recovery
Disaster recovery is a method of repairing and resuming vital IT infrastructure and business
operations after a disaster, such as a hardware failure, cyberattack, or natural disaster. In
order to secure the quick recovery of data, applications, and systems, minimise downtime,
and limit the impact of the disaster on the organisation, it involves putting strategies,
policies, and procedures . In order to ensure business continuity and protect the
organisation's reputation, income, and consumer trust, disaster recovery aims to restore
regular business activities quickly and efficiently.
Disaster Risk Severity Person1 Person2 Justification
Feedback Feedback
Ransomware on It is high risk as Person 1 Person2 stated Upon reviewing
file server all of the suggested to that files should the feedback, I
business’s data have a backup be encrypted, have concluded
is stored in the server in case which means that it is still a
server. anything is lost that even an high-risk
Response time attacker gains situation. So,
is 50 minutes access to the there should be
server, they will backup in order
not be able to prevent
view the files permanent loss
easily of any data,
, which will save
the business
stress and time.
The files should
also be
encrypted,
which ensures
advanced
security so that
not anyone can
just view the
files, and makes
it harder for
people to gain
access to them
Malware High risk since Person1 stated Person2 I choose
the malware to use firewall proposed using person2
will spread to as if someone antivirus as it feedback as the
different accidentally a monitors and antivirus will
computers and phishing email detects any able to
systems thus or an malicious quarantine and
damaging the illegitimate link, malware in files isolate the
organisation. firewall will and in malware,
block it. computers whereas
Response time firewall will not
would be 20-60 able to do it
mins with much high
malware
situations that
can incredibly
damage the
business
Switch failure Medium Person1 Person2 Overall, I will
severity. Switch recommended suggested choose the
failure might flowing power having multiple second
not impact the supply ensuring switches in case prevention as
organisation as that switches of one fails to having multiple
a whole, it may have high take the load switches in case
usually just reliability of one fails to
disrupt the data take the load
transmissions
and bandwidth
speed etc.
Response time
should be 10-30
mins
