1
©2013-2015, Edward J. Glantz
Use the PerSEC_TEMPLATE document to track results, before submitting (copy/paste) text into Angel as directed.
It is inevitable that, at some point, all students will experience either an attack or system failure resulting in loss of data and access. For example, most hard drives carry only a two-year warranty. Other vulnerabilities include fire, theft, loss, and accidents. As one student who lost everything commented,
"this can really happen to anyone."
Thus, a system catastrophe is not a question of "if," but "when." Risk control strategies can help students stay operational, while protecting privacy and data.
From this point forward, no crisis email to any faculty that an assignment was lost due to a computer crash!
Upon completing this exercise, students should be able to:
1.
Analyze system components, including system hardware, operating system, applications, and data
2.
Formulate a disaster recovery plan for a complete hard drive failure
3.
Formulate a business continuity strategy to continuously archive critical data files
4.
Put into action an online security plan

©2013-2015, Edward J. Glantz
2
Complete the table below with names and email IDs for one submitter OR optionally with one partner (if no partner, type “n/a” in both partner cells)
FIRST & LASTNAME PSU Email ID (xyz123)
MEMBER1
[submitter]
MEMBER2
[optional partner]
REMINDER: If optional partner, Member2 must confirm team membership by completing separate form in Angel

©2013-2015, Edward J. Glantz
SYSTEM/HARDWARE
Manufacturer (Dell, Apple, etc.)
Model/Model Number (“self” if home made)
Processor (e.g., 3.06 GHz Intel Core 2 Duo)
RAM Memory (e.g., 4 GB 800 MHz DDR2 SDRAM)
Graphics Video Controller (e.g., NVIDIA GeForce
8800 GS 512 MB)
Hard Drive Storage (e.g., 2 TB SATA, 500GB 5400
RPM)
NETWORK
Wired Ethernet Adaptor (if present, e.g., Marvell
Yukon Gigabit Adapter)
Wireless Network Adaptor (if present, e.g.,
Airport Extreme, 802.11 a/b/g/n)
Public IP Address
(only display digits following last two dots e.g.,
**.***.121.239)
3

©2013-2015, Edward J. Glantz
Operating System (e.g., Windows 8.1, OS X
10.8.2)
OPERATING SYSTEM
Operating System Bits (e.g., 32, 64)
Application Name (e.g.,
Mozilla Firefox v.7.0.1)
1.
2.
3.
APPLICATIONS (THREE FREQUENTLY USED)
Installed Path (e.g., C:\Program Files\Mozilla
Firefox, Mac24/Applications/Firefox)
License Type (e.g.,
Commercial, Freeware, Open
Source, Shareware)
APPLICATION DATA (TWO LARGEST)
Data Path (e.g., C:\Documents\My Pictures,
Mac24/Documents/MyMusic)
Data Size (e.g., 2 GB) Data Type (e.g., music, photos, Word documents)
1.
2.
4

5
©2013-2015, Edward J. Glantz
Formulate a disaster recovery plan in response to a complete hard drive failure.
Recovering from a complete hard drive crash, including a malware attack, is complicated because the operating system, applications, and data must be recovered and reinstalled, and the hardware possibly replaced.
A disaster recovery plan anticipates unplanned interruption of normal business processes
(hardware, software, data, networks, and people), and is a subset of business continuity planning. This plan includes restoring the operating system, applications, and data that resided on the failed drive.
A.
In one or two sentences, describe how frequently your computer’s files will be/is archived (i.e., describe the longest period of time you are willing to lose data, in the event of a complete storage drive failure). Explain why you feel this period of vulnerability between backups is acceptable.
For example, "If my storage drive was to fail, I would be willing to lose ____________ (e.g., hours, days, weeks) of data and applications, including the operating system. I believe this is reasonable because _______________.”
B.
In two or three sentences, describe a backup software brand and process you would use/are using, and cost (examples at http://download.cnet.com). For example: "Since I use a PC, my backup software is ___________. I would set this to run backups every ________ (e.g., hours, days, weeks). The cost for this is ________. My storage drive backup is/will be located__________." (i.e., note that storage drive backup should not be co-located with the original drive)
C.
In one or two sentences, describe the process you would use/are using to recover your applications (e.g., MS Office) and operating system in the event of storage drive failure. Explain
why you selected this process (e.g., price, size, speed, warranty, rating). For example: "If my application and operating system files were destroyed, I would restore them by __________ (i.e., noting where original software are stored/obtained). I chose this method because _________."

6
©2013-2015, Edward J. Glantz
Formulate a business continuity strategy to continuously archive critical data files, creating a fault tolerance process for critical files. This process can be combined with the previous disaster recovery plan to prevent any data loss of important files.
A.
List whether your solution involves local or cloud storage, or both. For example: "My critical data backups are located __________." (Note: backups may either be located on a separate drive adjacent to your system, or in a remote location such as PSU PASS Space, Dropbox, iCloud, Flickr, etc.)
B.
Describe in one or two brief paragraphs, each four to five sentences in length, the strategy you will use/are using to protect critical files used for our course assignments. For example: "If my system were to fail, my plan to continue working is __________." "If my DATA files on my system were to be destroyed, I would replace them by __________."

7
©2013-2015, Edward J. Glantz
1.
Security Tools: Please list the Anti-Spyware, Anti-Virus, and Firewall software you would use/ are using.
For example:
 Anti-spyware: __________________
 Anti-Virus: __________________
 Firewall: __________________
2.
Security Tool Configuration: Describe, in at least one paragraph, current or planned online security practices. Choose ONE question below, and include, followed by your answer:
 How often do you run, or should you run, full scans compared to partial scans?
 Describe customized settings used on your tools. If you don't have any, what are some customized settings that you could look into?
 Does your firewall block specific content? If not, what specific content do you think should be blocked? What content could be hazardous to your system?
 Do you receive alerts when browsing potentially hazardous sites? If not, what sites do you think would be potentially hazardous? Do you plan to set up an alert system for your browser?

©2013-2015, Edward J. Glantz
3.
Tool Update Source: Describe, in at least one paragraph, current or planned online security practices. Choose ONE question below, and include, followed by your answer:
 Do you download updates from the product's Web site or directly from the application?
 What process is used to update tools (manual, automatic updates, update when alerted, etc.)?
Do you think your update process is best? Why or why not?
 If you do not use any updates, research the benefits of updating tools, and provide the links.
8
4.
Tool Upgrades: Describe, in at least one paragraph, current or planned online security practices.
Choose ONE question below, and include, followed by your answer:
 How often do you upgrade your tools? Is this frequent enough?
 Research how often you should upgrade your tools, and provide the links.
5.
Tool Support: Describe, in at least one paragraph, current or planned online security practices.
Choose ONE question below, and include, followed by your answer:
 What Web sites provide effective tool support? Provide the links.
 Research successful tutorials for tool support, and provide the links.
 Who should you contact for customer support for the tools on your system?

©2013-2015, Edward J. Glantz
Windows and MAC tips to find:
 System Components
 Public IP Address
 Operating System Bits
Terms used in this assignment, including:
 Software License (Freeware, Shareware, Commercial)
 Business Continuity
 Risk Management
9

©2013-2015, Edward J. Glantz
[1] http://www.youtube.com/watch?v=SVp9wbn_E-4&feature=player_embedded [2]
Follow link for the video at the bottom of the page if you need help with steps 1 – 5.
1.
Navigate to the Start/Windows button
2.
Go to “All Programs”
3.
Go to “Accessories”
4.
Go to “System Tools”
5.
Go to “System Information”
6.
From the main screen (Figure 2), you should be able to determine:
 Operating System (OS Name)
 Manufacturer
 Model
 Processor
 RAM
10
Figure 2 - Main Screen of System Information

©2013-2015, Edward J. Glantz
7.
Go to Components -> Display in order to find out your Video Interface (Graphics Card) (Figure 3)
11
Figure 3 – Graphics card Name
8.
Go to Components -> Sound Device in order to find your Audio Interface (Sound Card) (Figure 4)
Figure 4 – Audio Card Name

12
©2013-2015, Edward J. Glantz
9.
Go to Components -> Network -> Adapter. You will be looking for the word “Ethernet” under the
“Adapter Type” line. This may be in the list multiple times, however the ones that you are looking
10.
for will have either the name of an adapter (for hard-lined internet), or for the wireless adapter it will have the words wireless in product type. (Figure 5)
Figure 5 - Network Adapter

13
©2013-2015, Edward J. Glantz
OPTIONAL: WINDOWS SYSTEM INFORMATION USING BELARC ADVISOR
Belarc Advisor will audit your computing system and display it for you through your Internet browser. It is compatible with Windows 7, Vista, and XP. You can download the program at http://www.belarc.com/free_download.html
[3]. All of the information created by Belarc Advisor is kept private and is not relayed over the Internet to any third party services.
Follow these steps to find your hardware information:
1.
Follow the link above to download and install Belarc Advisor
2.
Follow the steps and allow Belarc Advisor to create a profile of your system
3.
Your Operating System, System Model, and Processor will be the first line under their respective sections.
4.
The Display section will be your Graphics Card.
5.
The Multimedia section will be your Audio Card.
6.
RAM information will be found under Memory Modules.
7.
Under the Communications section (Figure 6) you can find both your hard line network card and wireless network card (if your computer is capable of wireless). Your hard line network card should have “Ethernet Controller” in the name. Your wireless card will have “Wireless” in its name.
Figure 6 - Network Card Information

©2013-2015, Edward J. Glantz
-
[4] http://www.youtube.com/watch?v=W-XOR_v_nq8 
 [4]
1.
Click on the “Apple Icon”
2.
Go to “About this MAC” (Figure 7). In bold letters, under the Apple logo will be the Operating System.
14
Figure 7 - "About this MAC" Screen with MAC Operation System
3.
Now click “More info…” and you will be taken to a screen with the title of “Hardware Overview” (Figure
10) This will give you:
 Model
 Processor
 Memory (RAM)
Figure 8 - MAC Model, Processor, and Memory

©2013-2015, Edward J. Glantz
4.
Go to Hardware -> Audio in order to find your Audio Interface (Sound Card), which will be in bold letters at the top (Figure 9).
15
Figure 9 - Audio Card
5.
Go to Hardware ->Graphics/Display in order to find your Video Interface (Graphics Card), which will be in bold letters at the top (Figure 10).
Figure 10 - Graphics Card
6.
Go to Network -> ------ Card (In this example there is an AirPort Card, however your system may differ).
The information for your card will be under “Card Type” (Figure 11)
Figure 11 - Network Card
OPTIONAL: MAC SYSTEM INFORMATION USING APPLE TECH SPECS
Enter your Mac’s serial number in the “ Search Tech Specs ” field at http://support.apple.com/specs [5] and press Enter to display detailed technical specifications for your machine.

16
©2013-2015, Edward J. Glantz
Similar to a unique address for mailing letters, every device connected to the Internet must have a unique
IP address to send email and download content from servers. For the Internet to function, packets can only be exchanged with the specific device making the request.
Attackers can also take advantage of your unique IP address to probe vulnerable Internet ports on your computer. Thus, many computers hide the true IP address by having a firewall or proxy server use network address translation (NAT) to mask the “true” IP address with a “public” IP address.
For our exercise, identify your “public” IP Address by simply typing “IP ADDRESS” into Google. You may also use web tools (Figure 12), such as What is my IP at http://whatismyip.com [6].
Figure 12 – Public IP Address
As a separate exercise, you may also evaluate your system to discover its true IP address in the operating system’s Control Panel. In addition, you may test your system for open vulnerable Internet ports (File
Sharing, Common Ports, All Service Ports, Messenger Spam, and Browser Headings), such as ShieldsUP!
at http://grc.com [7]. To read more about port probing see PC Magazine’s Probe My Ports!
at http://bit.ly/V7upbL [8]
Users often need to know if the operating system is 32 or 64-bit for software compliance. See tips to
Determine 64-bit Compliance : http://www.stata.com/support/faqs/windows/64-bit-compliance/ [9]
[1] http://www.youtube.com/watch?v=SVp9wbn_E-4&feature=player_embedded
[2] http://www.youtube.com/watch?v=SVp9wbn_E-4&feature=player_embedded
[3] http://www.belarc.com/free_download.html
[4] http://www.youtube.com/watch?v=W-XOR_v_nq8
[5] http://support.apple.com/specs
[6] http://whatismyip.com
[7] http://grc.com
[8] http://www.pcmag.com/article2/0,2817,1231761,00.asp

©2013-2015, Edward J. Glantz
[9] http://www.stata.com/support/faqs/windows/64-bit-compliance/
17

18
©2013-2015, Edward J. Glantz
Term
Business
Continuity Plan
(BCP)
Commercial
Software
Data
Disaster-
Recovery (DR)
Fault Tolerance
Freeware
Software
Hardware
IP Address
Open Source
Software
Operating
System
RAM
Risk
Management
InfoSec SDLC
Shareware
Software
Software
Definition
Process of developing advanced arrangements and procedures that enable an organization to respond to an event such that mission critical services continue with acceptable levels of interruption or essential change
Copyrighted application licensed to users at a price (i.e. “Payware”), e.g., MS Office
Personal files a user creates using an application, or uses with an application (i.e. Word documents, MP3 files, photos, etc.)
Unplanned interruption of normal business processes (hardware, software, data, networks and people); subset of Business Continuity
System or process design allowing an operation to continue, possibly at a reduced level, when part of the system fails.
Copyrighted application licensed to users at no cost or optional donation, e.g.,
Macrium
Reflect Free,
Spybot - Search & Destroy, Apple iTunes, Google Picasa, Google Chrome
Physical equipment directly involved in the performance of data-processing or communications functions. Includes memory (RAM), CPU, hard drives, CD/ DVD drives, etc.
A unique numeric network identifier for each computing device connected to a network.
Software application licensed to users at no cost with source code available, e.g., Apache
OpenOffice, Google Chromium, Mozilla Firefox, Linux
Hardware-specific software layer (i.e. Windows 7, Mac OS 10.6.3, etc.) that runs between computer applications and computer hardware. Allows a user to easily access hardware from an application, such as a printer when using MS Word.
Stands for random access memory, one of the fastest primary storage devices and best known hardware forms of computer memory
Process of identifying vulnerabilities in an information system and taking carefully reasoned steps to ensure Confidentiality, Integrity, and Availability (i.e. CIA) of all system components.
Information Security System Development Life Cycle is a progressive methodology addressing the security of information assets in a system.
Copyrighted application licensed to users at a modest price, often including either a free trial period, or try-before-you-buy version with reduced features, e.g., Carbon Copy Cloner for Mac
Programs designed to perform specific tasks. Major software categories include 1)
Applications (i.e. web browsing, word processing, etc.), and 2) Operating Systems.