Syllabus Point
- Test and evaluate the security and resilience of software by determining vulnerabilities, hardening systems, handling breaches, maintaining business continuity and conducting disaster recovery
Organisations must continuously evaluate security, harden systems against attacks, prepare for breaches with incident response plans, maintain business continuity during incidents, and have disaster recovery plans to restore operations quickly.
Determining vulnerabilities
Continuously or regularly scanning software to identify potential security weaknesses like code flaws, configuration issues or unprotected data.
- DAST or SAST are often used for automated vulnerability detection
- Penetration testing actively probes the software to exploit weaknesses
Hardening systems
Hardening is the process of configuring systems to minimise vulnerabilities by reducing the 'attack surface' - which is the total points where an unauthorised user could to enter or extract data.
- Disabling unnecessary features, services or ports
- Securing all parts of the software and its underlying systems (databases, networks and servers)
- Implementing encryption, strong passwords, firewalls
- Applying principle of least privilege
Handling breaches
An incident response plan is a structured approach to detect, manage and mitigate security breaches.
During a Breach
- Quick containment of a breach and mitigation
- Isolating affected systems, disabling user access, temporary blocks
After a Breach
Post breach analysis (post-mortem) is conducted to identify the cause and determine necessary fixes.
Maintaining business continuity
Business continuity refers to the ability of an organisation to maintain critical operations during and after a disruptive event.
Business Continuity Plan
A business continuity plan outlines strategies and processes to stay operational during and after a security incident.
- Prioritising critical systems and data
- Setting up backup systems and planning for staff
- Reliable data backups and redundant systems
- Testing plans with simulations or tabletop exercises
Conducting disaster recovery
A disaster recovery plan is a documented approach for restoring systems, data and infrastructure after a disruptive event.
Key Objectives
- Regular testing and drills of the plan
- Recovery Point Objective (RPO) - the maximum tolerable amount of data loss measured in time. Eg if the RPO is 1 hour, the business should not lose more than an hour's worth of data during a recovery
- Recovery Time Objective (RTO) - the target time to restore systems to normal functionality
Backup and Recovery
| Backup | Disaster Recovery | |
|---|---|---|
| Purpose | Protect data from loss or corruption | Restores full systems and operations |
| Scope | Focuses on data (files, databases) | IT infrastructure, hardware, software, networks, business processes |
| Recovery objective | Restore individual files or data sets | Restore entire systems and business functions - RTO - maximum time for operations to be restored - RPO - maximum amount of tolerable data loss measured in time |
| Storage location | Local drives, offsite servers or cloud platforms | Failover sites, hot/cold sites, or replicated virtual environments |
| Speed | Can be slower, depending on data size | Faster, due to rapid restoration of operations |
| Cost | Low from cloud options | High due to complexity and resources |
Related Resources
Keep Progressing
Use the lesson navigation below to move through the module sequence.
