Victor Anosike
Learning Aim C IT Technical Support and Management
Assignment 3
Unit 12: Assignment – Develop a plan to support
and manage a new IT system using industry
standards and methods
In this assignment, I will create a support plan for a start-up company that runs
an internet-based business and is looking to hire between 25 and 30 people.
They will require desktop computers, as will senior management, who will be
supplied with tablet computers that will be connected to Wi-Fi via the company's
LAN. To suit the client's needs, they have requested that three black and white
printers and two colour printers be included and shared. It has been said that
the system is critical to the company's operations, thus I must make it available
24 hours a day, 365 days a year.
When developing the IT support and management plan for the company I will
need to cover the following:
ï‚· Incident response
ï‚· Disaster recovery
ï‚· Capacity planning
ï‚· Sustainability and environmental waste planning
ï‚· IT support and management plan
I will also design an appropriate layout for the organisation, indicating where the
system and cabling will be installed to guarantee a safe working environment in
accordance with health and safety regulations.
Incident Response
Incident response is the procedure of handling and resolving any form of
technical or security incident or disruption that occurs and threatens the
functioning of a company’s IT system. It entails taking measures to try to avoid
future harm to the IT system by reducing the impact of the incident’s
consequences. I propose that the company hire a Computer Incident Response
Team (CIRT), which are qualified specialists in managing and responding to
computer security problems. The major goal of the CIRT is to effectively identify
an incident or interruption and conduct an in-depth examination in order to
reduce and rapidly restore normal functionality to the IT system.
In the following sections, I will provide a full description of how the CIRT can
handle issues that occur within the IT system:
1. Incident Identification – This is the initial phase, which entails
recognising and acknowledging an occurrence that affects the IT system’s
regular operation. Security breaches, system failures, and other
catastrophes are all possible. It is the CIRT’s responsibility to determine
the cause of the occurrence
2. Incident Reporting – Following the identification of the event, it must be
reported to the proper persons or team, which would be the CIRT, who
would then be in charge of conducting the incident response
3. Incident Triage – After receiving the incident report, the CIRT would
examine the severity and probable consequences of the incident. The
assessment would take into account criteria such as the criticality of the
, Victor Anosike
Learning Aim C IT Technical Support and Management
Assignment 3
impacted systems, how sensitive the data involved was, and the likelihood
of future harm.
4. Containment and Mitigation – The next step would be to contain the
situation and prevent it from spreading further; this may include isolating
impacted systems or deactivating compromised accounts, for example.
Mitigation entails applying strategy ideas to reduce the impact of the
incident and restore regular IT system operations.
5. Investigation and Root Cause Analysis – After the CIRT has
successfully confined the incident, they may perform a detailed
investigation to determine both the cause and the source of the issue.
Examining logs, network traffic, and system setup would be actions taken
to gather as much information as possible. Implementing root cause
analysis would aid in identifying weaknesses in the IT systems, flaws in
security management, and a lack of procedure protocols that may have
led to the incident.
6. Remediation and Recovery – Depending on the results of the inquiry,
the CIRT would be able to take reasonable steps to resolve the situation.
This indicates that by patching software vulnerabilities and changing
security parameters, the impacted system would be returned to a secure
and functioning state.
7. Documentation and Reporting – Throughout the incident response
process, detailed documentation would be maintained. An incident report,
measures done to rectify difficulties, and lessons gained would be included
in the record. All of this information would be useful for future reference
and for strengthening incident response protocols.
8. Post-Incident Review and Improvement – Once the CIRT has resolved
the incident, a post-incident evaluation will be done to determine the
effectiveness of the response procedure. Lessons gathered from the entire
situation are utilised to improve security procedures and update rules. It
can also be useful to give further training in order to avoid such incidents
in the future.
The CIRT would want to adhere to the incident response plan in order to
successfully manage and reduce the effects of the IT issues while also
assuring the security and stability of its systems and data.
Incident Recovery
The process of returning an IT system to its regular condition following an
event or interruption is known as incident recovery. Planned actions are taken
to return operations to normal and restore the impacted systems t to what it
was before the incident, all while guaranteeing minimal downtime. Incident
recovery entails a variety of tasks that must be completed after recovering
the lost data, such as system validation and testing to ensure that the IT
system is functioning properly, and service verification to ensure that all
affected IT services are fully operational, and that users and stakeholders can
use them. If the CIRT can successfully and quickly perform the incident
recovery method, the organisation will be able to restart company operations,
which can help to preserve user satisfaction.