Cyber Security Capstone Project Cyber Security-Comprehensive Business Continuity Capstone Project Problem Statement Background of the problem statement: ZZIIPPEE Bank is one of the fastest-gr

Cyber Security Capstone Project

Cyber Security-Comprehensive Business Continuity

Capstone Project Problem Statement

Background of the problem statement:

ZZIIPPEE Bank is one of the fastest-growing banks in India with more than 1200 branches across the country and manages $200 billion in assets. Handling millions of dollars of banking transactions per day, its customers depend upon the integrity and availability of their banking data.

The Bank has to comply with a new cybersecurity regulation that requires financial institutions to have DRPs and BCPs to prevent massive losses during a disaster or data breach.

The Bank realizes that it has to move its IT operations to a less risk-prone area. Furthermore, it has to separate its production and disaster-recovery facilities by a large distance to be immune to a widespread disaster. But it has to do this in such a way that it would lose no data in the event of a production data-center disaster.

The Bank plans to consolidate its multiple data centers into a single production data center with remote protection. It plans to have its disaster-recovery site in another state with an equipment configuration that is an exact mirror of the production facility.

The Bank plans to keep the backup data center’s databases in synchronism with the production data center via asynchronous replication.

However, the Bank estimates that it might lose up to 30 seconds of data following a production-site outage because of the asynchronous-replication solution. To solve this problem, the Bank can use a third minimal disk-only “bunker” site closer to the production site to act as a second up-to-date data repository.

The Bunker is a secure ex-military compound, purpose-built to protect data from every potential threat including nuclear attack. All infrastructure is kept 30 meters below ground, behind concrete walls three meters thick only accessible through two-ton steel doors and guarded 24/7. It is floodproof, bomb-proof, and immune to EMP and digital eavesdropping.

Therefore, should the production site fail, the nearby data bunker would contain all transactions that were executed up to the time of the outage. No data would be lost. This data bunker is designed to survive the effects of a disaster that could take down the production site. The data bunker would be linked to both the production site and the backup site. In the event of a production-site outage, the backup site would quickly bring its database up-to-date by establishing a session with the data bunker and downloading only the data changes that it had missed. Once this is accomplished, the backup site would be put into production with zero data loss.

Implementing a 3-Data-Center (3DC) architecture using a mix of asynchronous and synchronous replication ensures that no common disaster will prevent the Bank from offering its services to its customers and partners while at the same time ensures zero data loss and fast recovery times.

You are required to complete the following tasks to assist the Bank to implement a comprehensive business continuity, backup, recovery, and archiving solution.

Task 1                                                                                    

Identify minimum of three threats per category that could disrupt the bank’s operations.

System Events
Internal Events
External Events
Acts of Nature

Task 2

A new vulnerability was identified in the bank mobile app during a vulnerability assessment. The vulnerability allows a remote unauthorized user to easily upload and execute a simple script to cause a major denial-of-service (DoS) attack on the webserver.

Use the CVSS 3.1 calculator to calculate the base score and identify the vulnerability as critical, high, medium, or low.

Copy and paste the URL that includes the selected parameters.

Task 3

Complete the following Risk Register:

Brief summary of the riskRate

1 (Low)

5 (High)


1 (Low)

5 (High)


Address highest first

What can be done to minimize the risk?
Ransomware attack
SQL injection attack on the customer portal
Data breach by the third-party service provider
  • Use the following Risk Matrix to calculate the priority level:
Negligible (1)Minor


Moderate (3)Significant (4)Severe


LIKELIHOODVery Likely (5)510152025
Likely (4)48121620
Possible (3)3691215
Unlikely (2)246810
Very Unlikely (1)12345

 Task 4

  • If the primary database is corrupted by an incident, the bank might lose 30 seconds of data at the recovery site.
  • The transaction throughput at the recovery site will be 75%.
  • The bank will be able to use the database from the recovery site, but customer experience will be negatively affected after 24 hours.
  • The access to the primary database will be restored within eight hours.
  • Based on the given scenario, identify the values for the following parameters:
Recovery time objective (RTO)
Maximum tolerable outage (MTO)
Service delivery objective (SDO)
Recovery point objective (RPO)

Task 5

Draw the 3-data-center architecture diagram described in the above scenario

Private and Confidential

Yours all information is private and confidential; it is not shared with any other party. So, no one will know that you have taken help for your Academic paper from us.

This essay is written by:

Prof. Amanda Verified writer

Finished papers: 435

Proficient in:

English, History, Business and Entrepreneurship, Nursing, Psychology, Management

You can get writing help to write an essay on these topics
100% plagiarism-free

Hire This Writer
© 2017 theacademicessays. All Rights Reserved. Design & Developed by theacademicessays.

Ask Your Homework Today!

We have over 1000 academic writers ready and waiting to help you achieve academic success


Hello! Need help with your assignments?