Student Name

Academic Institution

Class

Professor

February 29, 2024

i|Page
Contents
1. INTRODUCTION.......................................................................................................................1

2. BIA FOR WSU............................................................................................................................1

3. POTENTIAL THREATS AND CYBER INCIDENTS...............................................................3

4. INCIDENT RESPONSE STRATEGIES AND PROCESSES....................................................4

5. INCIDENT MANAGEMENT TEAM ROLES AND RESPONSIBILITIES.............................5

6. CONCLUSION............................................................................................................................6

7. REFERENCES............................................................................................................................7

ii | P a g e
 1. INTRODUCTION
Western Sydney University is a renowned university committed to high academic
standards and significant research. The university faces increased cybersecurity threats
accentuated by remote learning post-pandemic. Cybersecurity is also a considerable concern for
the school because it handles extensive data. As evident in 1,851 data breaches from 2005 to
2021 in colleges and universities, Western Sydney University's outdated systems increase
vulnerability to potential security threats. This report contains a Business Impact Analysis (BIA)
and Cyber Security Incident Response Plan for WSU outlining methods to preserve operational
continuity and safeguard its educational purpose.

2. BIA FOR WSU

Business Impact Analysis (BIA) is a systematic component of business continuity
planning, focusing on the assessment of potential disruptions' impacts on essential business
processes and systems (Torabi et al., 2014). BIA seeks to ascertain the effects of occurrences like
natural catastrophes or cyberattacks on business finances, operations, and reputation. The main
objective of BIA is to improve overall organizational resilience by establishing a detailed
strategy for preserving or quickly restoring essential operations and prioritizing recovery actions
while ensuring resource allocation (Al-Essa & Al-Sharidah, 2018).

The Business Impact Analysis (BIA) for Western Sydney University (WSU) identifies
critical processes and systems pivotal to its continued success. These encompass the Student
Information System, which manages enrollment and academic records, Research Data
Repositories housing valuable research data, Financial Systems handling budgeting and payroll,
and Email and Communication Systems facilitating campus-wide interactions (Swanson et al.,
2010).

Table 1: Business Impact Analysis

Business Process Potential Impact Maximum

Tolerable
Duration
Student enrollment and Academic disruption (enrollment, 48 hours

1|Page
 registration registration, student records)
Academic programs and Disruption in course offerings and 72 hours
curriculum management academic progress
Teaching and learning Interruption of classes and academic 24 hours
support services
Research and scholarly Research delays 48 hours
activities
Financial management Financial consequences (budgeting, 24 hours
accounting, payroll) (Krahulec &
Jurenka, 2015)
Human resources and Staffing issues and payroll delays 24 hours
payroll
Facilities and Disruptions in facilities and IT 48 hours
infrastructure management infrastructure
Library and information Limited access to research materials 48 hours
resources
Student support services Impact on student advising and support 24 hours
services
Information technology IT system downtime, data breach, and 48 hours
and cybersecurity communication breakdown.

Table 2: Weighted Ranking of WSU's Processes

Business Impact Impact of Impact on Impact on Public Total

Process on academic communication Internal Image Weights
Profit Operation Impact
s
 Student 0.3 0.2 0.2 0.2 0.1 1.00
enrollment
and
registration

2|Page
Academic 4 3 3 3 3 3.3
programs and
curriculum
management
Teaching and 4 3 3 3 3 3.3
learning
Research and 5 5 2 3 3 3.8
scholarly
activities
Financial 4 4 3 3 2 3.6
management
Human 2 3 1 5 4 2.8
resources and
payroll
Facilities and 2 3 1 5 4 2.8
infrastructure
management
Library and 2 3 1 5 4 2.8
information
resources
Student 4 3 3 3 3 3.3
support
services
Information 4 3 3 3 3 3.3
technology
and
cybersecurity

3|Page
 3. POTENTIAL THREATS AND CYBER INCIDENTS
Western Sydney University (WSU) faces several critical cyber threats that require a
proactive response. Firstly, there is the menace of malware and ransomware, which can infiltrate
the university's systems, encrypt data, and demand ransom for its release (Chesti et al., 2020).
Secondly, phishing attacks pose a significant risk, with cyber-criminals using deceptive emails to
trick users into divulging sensitive information. Thirdly, insider threats are a concern, as
disgruntled employees or students with system access can intentionally cause harm (Baracaldo &
Joshi, 2013). Lastly, Denial of Service (DoS) attacks are a threat whereby attackers overload
WSU's network or services, leading to operational disruptions.

The identified threats give rise to potential cyber incident consequences. A ransomware
attack could paralyze WSU by encrypting critical data and demanding a ransom for
decryption(Laudon & Laudon, 2016). A phishing incident might compromise sensitive
information when employees or students inadvertently fall victim to phishing attempts (Alkhalil
et al., 2021). An insider data breach could occur if an insider with malicious intent leaks
confidential data, posing risks to the university's reputation and data security. Lastly, a DoS
attack could render WSU's online services inaccessible, impacting students, faculty, and
administrative functions(Laudon & Laudon, 2016).

4. INCIDENT RESPONSE STRATEGIES AND PROCESSES

Incident response is a structured process used by companies to determine and deal with
cybersecurity incidents. The incident response lifecycle will include 4 processes as defined by
NIST (Shen, 2014). A robust incident response and preparedness strategy is paramount to protect
the WSU's critical operations and data(Wiley et al., 2020)in a manner aligned with the incident
response phases

4|Page
 Figure 1: The NIST Incident Response Life Cycle (Cynet 360, 2023).

Preparation

WSU must identify its vital IT assets, their importance, and sensitivity levels(Uchendu et
al., 2021). By establishing comprehensive monitoring systems and crafting response procedures
for common incidents, WSU can proactively detect and mitigate potential threats. This includes
safeguarding crucial systems like the Student Information System and Research Data
Repositories (Shinde & Kulkarni, 2021).

Detection and Analysis

WSU should continuously collect and analyze data to identify precursors and indicators
of potential incidents. This involves monitoring network traffic, system logs, and user activity for
any deviations from normal behavior, such as phishing attempts or unusual data access patterns.
Leveraging integrated security tools like Cynet 360 can streamline this process.

Containment, Eradication, and Recovery

WSU's response efforts should focus on swiftly containing incidents to minimize damage
and validate the source of the attack(Meszaros & Buchalcevova, 2017). Tools like Cynet 360 can
enable remote actions for containment and facilitate threat eradication. The ultimate goal is to
restore systems and ensure they are resilient against similar attacks in the future.

5|Page
Post-Incident Activity

WSU should rigorously document each incident, evaluating the effectiveness of the
response and identifying areas for improvement(Renaud et al., 2020). These findings should
inform updates to incident response policies and procedures(Naseer et al., 2021; Atkins &
Lawson, 2021), ensuring that WSU continually strengthens its cybersecurity posture and is better
prepared for future incidents.

5. INCIDENT MANAGEMENT TEAM ROLES AND

RESPONSIBILITIES
The execution of an incident response plan requires a robust incident response team. At
WSU, these roles will be carried out by dedicated staff. Key roles within the team include:

 Incident Response Managers: These individuals, typically at least two, will be responsible
for approving the incident response plan and coordinating actions when an incident occurs.
They will ensure that the response is well-organized and aligns with the plan (Cynet 360,
2023).
 Security Analysts: Security analysts will play a crucial role in reviewing alerts, identifying
potential incidents, and conducting initial investigations to assess the extent and impact of an
attack. Their insights will help in understanding the nature of the incident (Awan,2022).
 Threat Researchers: Threat researchers will deliver valuable contextual information about
security threats. They will gather data from various sources, such as the web, threat
intelligence feeds, and security tools, to offer insights that assist in responding effectively to
incidents (Steinke et al., 2015).
 Other Stakeholders: This category includes senior management, board members, HR
personnel, PR professionals, and senior security staff like the Chief Information Security
Officer (CISO). They will contribute their expertise and decision-making authority to ensure
the incident is managed comprehensively and in alignment with organizational goals and
reputation protection (Cynet 360, 2023).
 Third Parties: External entities like lawyers, outsourced security services, or law
enforcement agencies will be involved when necessary. They will provide legal counsel,

6|Page
 additional expertise, or law enforcement support in handling certain incidents, particularly
those with legal or criminal implications.

Incident Response
Managers

Security Analysts Senior management

Threat Researchers Board members

Incident Response Team

Other Stakeholders HR personnel

PR professionals

Chief Information
Security Officer (CISO)

Lawyers

Outsourced Security
Third Parties
Services

Law nforcement
Agencies

Figure 2: Incident Response Team

6. CONCLUSION
Western Sydney University's BIA and Cyber Security Incident Response Plan are vital
safeguards for its critical processes. Understanding disruption impacts and having a structured
response plan mitigates risks, ensuring educational and research continuity. Ongoing training,
testing, and plan updates are essential for maintaining cyber resilience in a dynamic threat
landscape.

7|Page
 7. REFERENCES
Al-Essa, H. A., & Al-Sharidah, A. H. (2018). An approach to automate business impact analysis.
2018 IEEE International Systems Engineering Symposium (ISSE), 1-3.
Atkins, S., & Lawson, C. (2021). An improvised patchwork: Success and failure in
cybersecurity policy for critical infrastructure. Public Administration Review, 81(5),
847-861. https://doi.org/10.1111/puar.13322
Awan, U. (2022). Exploring cyber security risk in the Digital Era: An integrated approach for
modelling and implementing cyber security risk management practices in high-reliability
organizations. SSRN Electronic Journal. https://doi.org/10.2139/ssrn.4300073
Alkhalil, Z., Hewage, C., Nawaf, L., & Khan, I. (2021). Phishing attacks: A recent
comprehensive study and a new anatomy. Frontiers in Computer Science, 3, 563060.
Baracaldo, N., & Joshi, J. (2013). An adaptive risk management and access control framework to
mitigate insider threats. Computers & Security, 39, 237-254.
Chesti, I. A., Humayun, M., Sama, N. U., & Jhanjhi, N. (2020). Evolution, mitigation, and
prevention of ransomware. 2020 2nd International Conference on Computer and
Information Sciences (ICCIS), 1-6.
Cynet 360. (2023). NIST Incident Response. Retrieved September 18, 2023 from
https://www.cynet.com/incident-response/nist-incident-response/#:~:text=Incident
%20response%20is%20a%20structured,%3B%20and%20post%2Dincident%20activity.
Krahulec, J., & Jurenka, M. (2015). Business impact analysis in the process of Business
continuity management. Security and Defence Quarterly, 6(1), 29-36.
Laudon, K. C., & Laudon, J. P. (2016). Management information system. Pearson Education
India.
Meszaros, J., & Buchalcevova, A. (2017). Introducing OSSF: A framework for online service
cybersecurity risk management. Computers & Security, 65, 300-
313. https://doi.org/10.1016/j.cose.2016.12.008

Naseer, H., Maynard, S. B., & Desouza, K. C. (2021). Demystifying analytical information
processing capability: The case of cybersecurity incident response. Decision Support
Systems, 143, 113476.

8|Page
Renaud, K., Orgeron, C., Warkentin, M., & French, P. E. (2020). Cyber security
Responsibilization: An evaluation of the intervention approaches adopted by the Five
Eyes countries and China. Public Administration Review, 80(4), 577-
589. https://doi.org/10.1111/puar.13210
Shen, L. (2014). The NIST cybersecurity framework: Overview and potential impacts. Scitech
Lawyer, 10(4), 16-19.
Shinde, N., & Kulkarni, P. (2021). Cyber incident response and planning: a flexible approach.
Computer Fraud & Security, 2021(1), 14-19.
Steinke, J., Bolunmez, B., Fletcher, L., Wang, V., Tomassetti, A. J., Repchick, K. M., . . . Tetrick,
L. E. (2015). Improving cybersecurity incident response team effectiveness using teams-
based research. IEEE Security & Privacy, 13(4), 20-29.
Swanson, M., Bowen, P., Phillips, A. W., Gallup, D., & Lynes, D. (2010). Contingency Planning
Guide for Federal Information Systems. NIST Special Publication 800-34 Rev. 1, 1-57.
Torabi, S., Soufi, H. R., & Sahebjamnia, N. (2014). A new framework for business impact
analysis in business continuity management (with a case study). Safety science, 68, 309-
323.

Uchendu, B., Nurse, J. R., Bada, M., & Furnell, S. (2021). Developing a cyber security culture:
Current practices and future needs. Computers & Security, 109,
102387. https://doi.org/10.1016/j.cose.2021.102387
Wiley, A., McCormac, A., & Calic, D. (2020). More than the individual: Examining the
relationship between culture and information security awareness. Computers &
Security, 88, 101640. https://doi.org/10.1016/j.cose.2019.101640

9|Page