Contingency Plan

Contingency Plan

By Lisa Christian.

1.1  Overview

Th purpose of a contingency plan is to have a fall back plan, ready if some kind of problem or disaster happens.

1.2  A Business Impact Analysis (BIA)

Having the precision farming web application is quintessential to Globex being economical and making a profit at harvest time. 

1.3  An Incident Response (IR) Plan

Incidents, may include, fire, floods, theft, copying, website being attacked and viruses/malware.

1.4  A Backup plan

The first option of the backup plan, is to rely on the webhost. They d backups and can restore the data, if something happens to the web application, if it is hacked or gets a virus or malware, or sql injections, deforming the data.

They can also backup the data in php my admin.

A copy of the web application can be kept by the web designer/developer.

1.5  A Disaster Recovery (DR) plan

In the event of a disaster, such as fire, the website will still be safe as it is stored online, on the webhost. The structure of the backend database can also be stored and extracted from online in phpmyadmin.

2. Security Models

2.1  Security Models recommendation

Bella-LaPadula security model.

"SIMPLE CONFIDENTIALITY RULE: Simple Confidentiality Rule states that the Subject can only Read the files on the Same Layer of Secrecy and the Lower Layer of Secrecy but not the Upper Layer of Secrecy, due to which we call this rule as NO READ-UP ".(Geeksforgeeks.org, 2022)

So this means the files on the web application and the user in the database are marked with 0755. Which is write safe for interacting with, but to the user, files are only read only.

2.2 Access Control Models

"Access control is the combination of policies and technologies that decide which authenticated users may access which resources. Security requirements, infrastructure, and other considerations lead companies to choose among the four most common access control models:

Mandatory Access Control (MAC)

Discretionary Access Control (DAC)

Role-Based Access Control (RBAC)

Privileged Access Management (PAM)"(twingate, 2022.)

So it means, that every person has a security login and password with access defined.

This is the principle of the MAC model - that every user is tied to their access rights.

References:

Geeksforgeeks.org, 2022. Introduction to Classic Security Models.

Accessed on: 19/1/23, from: https://www.geeksforgeeks.org/introduction-to-classic-security-models/

Risk, E., Twingate.com, 2021. Access Control Models.

Accessed on 19/1/23, from: https://www.twingate.com/blog/access-control-models/