Back to Course

Incident Response

0% Complete
0/0 Steps
  1. Incident Response
    Incident Reporting
  2. Incident Response Use Cases
    Lab Setup
  3. Role Playing - Shift Manager
  4. Demonstrating: Investigating and Escalating
  5. Report from Malware Analyst
  6. Exercise 1.1: Exploring Suspicious Executable Detected using SIEM
  7. Exercise 1.2: Investigating Multiple Failed Logins using SIEM
  8. Exercise 3: Mitigating Risk
  9. Exercise 4.1: Asking the Right Questions
  10. Scenario 4.1: Asking the Right Questions
  11. Scenario 4.2: Suspicious or Malicious?
  12. Exercise 4.2: Reviewing the Shift Log
  13. Exercise 4.3: Investigating an Unauthorized Login Attempt
  14. Exercise 4.4: Investigating Firewall Traffic
  15. Exercise 4.5: Reviewing the Security Operations Mailbox
  16. Exercise 5.1: Reviewing New Intelligence
  17. Exercise 5.2: Assessing Threat Severity
  18. Exercise 6: Recommending Remediation
  19. Exercise 7: Conducting a Post-Incident Review
  20. Exercise 8: Communicating with Operations and Senior Management
  21. Business Continuity
    Business Continuity Plan Development
    8 Topics
  22. BCP Invocation Process
    2 Topics
  23. Emergency Procedures
    7 Topics
  24. Crisis Management Team
    10 Topics
  25. BCP Seating Plan
  26. Overview
  27. Disaster Recovery
    Scope of Critical Services
  28. Network Services
  29. Application Hosting Service
  30. File Hosting Services
  31. Call Centre and Voice Recording Services
  32. Regulatory Links
  33. Thin Client Environment
  34. Voice System (Non-Service Desk)
  35. Printing Services
  36. Recovery Time Objective (RTO) & Recovery Point Objective
  37. Single Point of Failure
  38. Redundancy Requirements
  39. Alternate Locations
  40. Contact Protocol
    4 Topics
Lesson 34 of 40
In Progress

Voice System (Non-Service Desk)

1.1                    Voice Architecture


1.2                    Cisco Unified Communication Manager – CUCM / other voice components failure

Description:  As shown in Fig.1 in 10.1 we have one publisher CUCM in the DC, and three subscribers CUCM in DC, GC, and OM.

We have also Cisco gateways with number of PRI circuits, 2 Unity servers for the voice mail, 2 Presence servers for enterprise chatting and status, 1 meeting place server for the conference calls, and one voice recorder.

Impact: High.

Probability: Low for the voice system as we have 3 CUCM subscribers backing each other in 3 different locations.

Any failure in the publisher CUCM, The DB will only be locked, so no changes will be allowed to the system, but will not stop the call flow.

Probability: High for the voice recorder, as we only have one voice recorder in DC and we have no backup for it.

The recorder is used for the following departments:

  • Call Center in case of BCP 8 channels
  • Collections 20 channels
  • Compliance 3 channels
  • Corporate services 4 channels
  • Credit initiation 10 channels
  • Customer services 6 channels
  • Fraud Risk 2 channels
  • Service desk 7 channels
  • Treasury 13 channels

This will be highlighted in the SPOF section of this document.


  • For CUCM subscriber, automatic failover for the three of them.
  • For the Unity server, we have redundant server in DC. If we lost both of them, the user will work without voice mail till fixing the issue (low impact).
  • For the meeting place server, we only have one server so the service will stop till fixing the issue. (Low impact)
  • For the presence server, we have redundant server in DC. If we lost both of them, the user will work without the chatting services till fixing the issue (low impact).
  • If Garden City got isolated from the communication point of view, the users will continue to use the voice system since the building has his own CUCM subscriber.
  • If Omar Makram got isolated from the communication point of view, the users will not be able to use the phones since the building hasn’t CUCM subscriber, and the staff have to use their mobile phones till fixing the issue.
  • No BCP for the voice recorder. This is SPOF. IST / RAYA Vendor need to be contacted to fix the issue.

RTO: 4 hours to replace any H/W failure as per the SLA with BMB.