Info Security & Risk Mgmt

 Discuss the difference between a Continuity of Operations Plan (COOP), a Business Continuity Plan (BCP), and a Disaster Recovery Plan (DRP).  You might want to start with the definitions from the NIST SP 800-34, located at http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-34r1 .  Section 3.5 discusses the different types of Plan Testing, Training, and Exercises. 

Managing Risk in Information Systems

Don't use plagiarized sources. Get Your Custom Essay on
Info Security & Risk Mgmt
Just from $13/Page
Order Essay

Lesson 6

Business Impact Analysis
and Continuity Planning

© 20

1

5 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

1

Learning Objectives

Perform a business impact analysis.

Create a business continuity plan (BCP) based on the findings of a given risk assessment for an organization.

Page ‹#›

Managing Risk in Information Systems

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com
All rights reserved.
Key Concepts
Purpose of BIA
Critical success factors of BIA
Steps involved in implementing a BIA
BIA best practices
Comparing a BCP and a DRP
Major elements of BCP
Phases of a BCP
Steps for implementing a BCP

Page ‹#›
Managing Risk in Information Systems
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Chapter 13 Slides

Chapter 13: “Mitigating Risk with a
Business Continuity Plan”

Page ‹#›
Managing Risk in Information Systems
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
What Is a Business Continuity Plan?
A plan designed to help an organization continue to operate during and after a disruption
BIA is included as part of a BCP

Page ‹#›
Managing Risk in Information Systems
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
What Is a Business Continuity Plan?
BIA key objectives that directly support the BCP:
Identify critical business functions (CBFs)
Identify critical processes supporting the CBFs
Identify critical IT services supporting the CBFs, including any dependencies
Determine acceptable downtimes for CBFs, processes, and IT service

Page ‹#›
Managing Risk in Information Systems
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Elements of a BCP
Purpose and scope
Assumptions and planning principles
System description and architecture
Responsibilities
Phases
Plan training, testing, and exercises
Plan maintenance

Page ‹#›
Managing Risk in Information Systems
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.

System Description and Architecture

Page ‹#›
Managing Risk in Information Systems
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
System Description and Architecture
Show system
interaction

Page ‹#›
Managing Risk in Information Systems
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
BCP Roles and Responsibilities
BCP program manager
BCP coordinator
BCP teams
Emergency Management Team (EMT)
Damage Assessment Team (DAT)
Technical Recovery Team (TRT)

Page ‹#›
Managing Risk in Information Systems
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Phases within a BCP Plan

Page ‹#›
Managing Risk in Information Systems
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Notification/activation phase

Recovery phase

Reconstitution phase

Defining Data that Needs to Be Protected

Page ‹#›
Managing Risk in Information Systems
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
The BCP should list all the critical components for the system.
There are two reasons for including this data:
First, it makes it clear which components are needed for the critical business functions (CBF).
Second, it provides a list that you can use to restore the system from scratch.
This list includes any equipment, such as servers, switches, and routers.
The servers may need to be rebuilt from scratch. Therefore, the BCP should list the operating system and any applications needed to support the system.
If an image is used to rebuild servers, it will list the version number.
Data can include a database hosted on the system.
It can also include any type of files, such as documents or spreadsheets.
Last, the list can include any needed supplies:
This can be simple office supplies, such as printer paper and toner.
For some systems, it can include technical supplies, such as special oils for machinery or tools needed for maintenance.

12

Identify all critical components for the system

Identify all equipment ~ servers, switches, routers

Include databases hosted on the system

Include files ~ documents or spreadsheets

Include necessary supplies

BCP Best Practices
Complete the BIA early
Exercise caution when returning functionality from alternate locations
Restore least critical functions first
Review and update the BCP
Test all individual pieces of the plan
Conduct test exercises of the plan

Page ‹#›
Managing Risk in Information Systems
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Complete the BIA early—Ensure the BIA is done early in the process for the BCP.
Without the BIA, you won’t know what systems are critical.
Exercise caution when returning functionality from alternate locations—When restoring functionality from an alternate location to the primary location, consider these best practices:
Restore least critical functions first to the primary location—This allows you to get the bugs out of the process without affecting critical functions.
Review and update the BCP regularly—The BCP coordinator should review and update the BCP at least annually.
If critical systems are changed or modified between annual reviews, the BCP should be reviewed when those changes or modifications occur.
Test all the individual pieces of the plan—This includes basic procedures, such as recalls.
Exercise the plan—Verify the plan works by performing test exercises.
These exercises should not affect normal operations.
13

Summary
Purpose of BIA
Critical success factors of BIA
Steps involved in implementing a BIA
BIA best practices
Comparing a BCP and a DRP
Major elements of BCP
Phases of a BCP
Steps for implementing a BCP

Page ‹#›
Managing Risk in Information Systems
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
OPTIONAL SLIDES

Page ‹#›
Managing Risk in Information Systems
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.

7/15/2018
15

Chapter 13 Optional Slides

Chapter 13: “Mitigating Risk with a
Business Continuity Plan”

Page ‹#›
Managing Risk in Information Systems
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Business Continuity vs. Disaster Recovery

Page ‹#›
Managing Risk in Information Systems
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
BCP
Covers all functional areas of a business, it ensures the entire business can continue to operate in the event of a disruption.
Includes a BIA, and also address other non-technical elements of the event.
Focused on getting the overall business functions back to normal.
DRP
Is a function of the IT department,
Includes the elements necessary to recover from a disaster, once one is declared.
Involves copying the critical data to media or online and then, if required, moving the IT operations off site to recover, if required.
Focused on restoring and recovering IT functions.
17

BCP

Covers all functional areas of business

Includes a business impact analysis (BIA)

Focused on business function recovery

DRP

Function of the IT department

Focused on IT function recovery

Recovery from a declared disaster

Steps for Implementing a BCP
Create BCP scope statements
Conduct business impact analysis (BIA)
Identify countermeasures and controls
Develop individual disaster recovery plans (DRPs)
Implement training
Test and exercise plans
Maintain and update plans

Page ‹#›
Managing Risk in Information Systems
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Why Use a Business Continuity Plan?
What happens if electrical power is lost?
What happens if servers go down?
What are the critical business functions to maintain?
What must remain intact to conduct business?
What is the risk of being without a BCP?

Page ‹#›
Managing Risk in Information Systems
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.

What Will You Get?

We provide professional writing services to help you score straight A’s by submitting custom written assignments that mirror your guidelines.

Premium Quality

Get result-oriented writing and never worry about grades anymore. We follow the highest quality standards to make sure that you get perfect assignments.

Experienced Writers

Our writers have experience in dealing with papers of every educational level. You can surely rely on the expertise of our qualified professionals.

On-Time Delivery

Your deadline is our threshold for success and we take it very seriously. We make sure you receive your papers before your predefined time.

24/7 Customer Support

Someone from our customer support team is always here to respond to your questions. So, hit us up if you have got any ambiguity or concern.

Complete Confidentiality

Sit back and relax while we help you out with writing your papers. We have an ultimate policy for keeping your personal and order-related details a secret.

Authentic Sources

We assure you that your document will be thoroughly checked for plagiarism and grammatical errors as we use highly authentic and licit sources.

Moneyback Guarantee

Still reluctant about placing an order? Our 100% Moneyback Guarantee backs you up on rare occasions where you aren’t satisfied with the writing.

Order Tracking

You don’t have to wait for an update for hours; you can track the progress of your order any time you want. We share the status after each step.

image

Areas of Expertise

Although you can leverage our expertise for any writing task, we have a knack for creating flawless papers for the following document types.

Areas of Expertise

Although you can leverage our expertise for any writing task, we have a knack for creating flawless papers for the following document types.

image

Trusted Partner of 9650+ Students for Writing

From brainstorming your paper's outline to perfecting its grammar, we perform every step carefully to make your paper worthy of A grade.

Preferred Writer

Hire your preferred writer anytime. Simply specify if you want your preferred expert to write your paper and we’ll make that happen.

Grammar Check Report

Get an elaborate and authentic grammar check report with your work to have the grammar goodness sealed in your document.

One Page Summary

You can purchase this feature if you want our writers to sum up your paper in the form of a concise and well-articulated summary.

Plagiarism Report

You don’t have to worry about plagiarism anymore. Get a plagiarism report to certify the uniqueness of your work.

Free Features $66FREE

  • Most Qualified Writer $10FREE
  • Plagiarism Scan Report $10FREE
  • Unlimited Revisions $08FREE
  • Paper Formatting $05FREE
  • Cover Page $05FREE
  • Referencing & Bibliography $10FREE
  • Dedicated User Area $08FREE
  • 24/7 Order Tracking $05FREE
  • Periodic Email Alerts $05FREE
image

Our Services

Join us for the best experience while seeking writing assistance in your college life. A good grade is all you need to boost up your academic excellence and we are all about it.

  • On-time Delivery
  • 24/7 Order Tracking
  • Access to Authentic Sources
Academic Writing

We create perfect papers according to the guidelines.

Professional Editing

We seamlessly edit out errors from your papers.

Thorough Proofreading

We thoroughly read your final draft to identify errors.

image

Delegate Your Challenging Writing Tasks to Experienced Professionals

Work with ultimate peace of mind because we ensure that your academic work is our responsibility and your grades are a top concern for us!

Check Out Our Sample Work

Dedication. Quality. Commitment. Punctuality


Fatal error: Uncaught PDOException: SQLSTATE[HY000]: General error: 1021 Disk full (/tmp/#sql-temptable-57e-86f7-4e60.MAI); waiting for someone to free some space... (errno: 28 "No space left on device") in /home/assignmentnsolut/assignmentresearchwriter.com/prox-classes/Database/DbPDOCore.php:147 Stack trace: #0 /home/assignmentnsolut/assignmentresearchwriter.com/prox-classes/Database/DbPDOCore.php(147): PDO->query('\n SE...') #1 /home/assignmentnsolut/assignmentresearchwriter.com/prox-classes/Database/DbCore.php(379): Proxim\Database\DbPDOCore->_query('\n SE...') #2 /home/assignmentnsolut/assignmentresearchwriter.com/prox-classes/Database/DbCore.php(616): Proxim\Database\DbCore->query('\n SE...') #3 /home/assignmentnsolut/assignmentresearchwriter.com/wp-content/plugins/samples/samples.php(71): Proxim\Database\DbCore->executeS('\n SE...') #4 /home/assignmentnsolut/assignmentresearchwriter.com/wp-includes/shortcodes.php(433): Proxim_Samples::displaySamples('', '', 'display_samples') #5 [internal function]: do_shortcode_tag(Array) #6 /home/assignmentnsolut/assignmentresearchwriter.com/wp-includes/shortcodes.php(273): preg_replace_callback('/\\[(\\[?)(displa...', 'do_shortcode_ta...', '[display_sample...') #7 /home/assignmentnsolut/assignmentresearchwriter.com/wp-content/themes/assignmentmavens/widgets/samples.php(8): do_shortcode('[display_sample...') #8 /home/assignmentnsolut/assignmentresearchwriter.com/wp-includes/template.php(792): require('/home/assignmen...') #9 /home/assignmentnsolut/assignmentresearchwriter.com/wp-includes/template.php(725): load_template('/home/assignmen...', false, Array) #10 /home/assignmentnsolut/assignmentresearchwriter.com/wp-includes/general-template.php(206): locate_template(Array, true, false, Array) #11 /home/assignmentnsolut/assignmentresearchwriter.com/wp-content/themes/assignmentmavens/single.php(46): get_template_part('widgets/samples') #12 /home/assignmentnsolut/assignmentresearchwriter.com/wp-includes/template-loader.php(106): include('/home/assignmen...') #13 /home/assignmentnsolut/assignmentresearchwriter.com/wp-blog-header.php(19): require_once('/home/assignmen...') #14 /home/assignmentnsolut/assignmentresearchwriter.com/index.php(17): require('/home/assignmen...') #15 {main} thrown in /home/assignmentnsolut/assignmentresearchwriter.com/prox-classes/Database/DbPDOCore.php on line 147

Notice: fwrite(): Write of 2231 bytes failed with errno=28 No space left on device in /home/assignmentnsolut/assignmentresearchwriter.com/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php on line 42

Fatal error: Uncaught wfWAFStorageFileException: Unable to verify temporary file contents for atomic writing. in /home/assignmentnsolut/assignmentresearchwriter.com/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php:51 Stack trace: #0 /home/assignmentnsolut/assignmentresearchwriter.com/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php(658): wfWAFStorageFile::atomicFilePutContents('/home/assignmen...', '<?php exit('Acc...') #1 [internal function]: wfWAFStorageFile->saveConfig('livewaf') #2 {main} thrown in /home/assignmentnsolut/assignmentresearchwriter.com/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php on line 51