VII PPP
See attached.
12 hours ago 13
VIIPPT.docx
UnitVII1.pdf
VIIPPT.docx
This assignment will be a PowerPoint presentation that will touch on the various parts of the business continuity plan (BCP) that you have learned about in this unit. You will conduct Internet and CSU Online Library research about what should go into your BCP based on your previous choice of industries: aerospace, healthcare, or government agencies.
You are a security specialist and have been asked to provide a presentation to the organization’s upper management on the company’s BCP. The following information will be placed in your PowerPoint presentation:
· Slide 1: Title slide;
· Slide 2: Definition of business continuity plan;
· Slide 3: Names and contact information of those on the BCP committee;
· Slide 4: Business impact analysis (BIA);
· Slide 5: Business continuity strategies;
· Slide 6: Plan development to include a summary of the business processes that are the most critical in keeping the organization running, which ones should be budgeted for first, and which ones are critical to business recovery;
· Slide 7: Implementation and training (who is being trained and what they are being trained);
· Slide 8: How the BCP will be tested to explain who, what, where, when, how, and why in reference to the testing; and
· Slide 9: References slide.
See your study guide for additional information regarding the parts of a BCP.
Your PowerPoint presentation must be at least nine slides in length. Your slides should include speaker notes. Be sure to use bullets for your text on the slides and include a minimum of four graphics or pictures in the presentation. Include at least two references in your assignment, one of which should come from the CSU Online Library. Al sources used must be referenced on the references slide; paraphrased and quoted material must have accompanying APA Style citations.
UnitVII1.pdf
SEC 4320, IS Security Capstone 1
Course Learning Outcomes for Unit VII Upon completion of this unit, students should be able to:
2. Create an IS Security Plan. 2.1 Summarize the critical business processes that need to go into a business continuity plan.
3. Develop a budget plan for incident response and disaster recovery.
3.1 Categorize the critical business processes that need to be budgeted for first.
5. Construct preventative measures to ensure critical assets are secure. 5.1 Classify the business processes that are critical to recovery for business continuity.
Required Unit Resources In order to access the following resources, click the links below. Ferguson, C. (2018, Spring). Business continuity and disaster management within the public service in
relation to a national development plan. Journal of Business Continuity & Emergency Planning, 11(3), 243–255. https://libraryresources.columbiasouthern.edu/login?url=http://search.ebscohost.com/login.aspx?direc t=true&db=bsu&AN=128412940&site=ehost-live&scope=site
Hatton, T., Grimshaw, E., Vargo, J., & Seville, E. (2016, Autumn/Fall). Lessons from disaster: Creating a
business continuity plan that really works. Journal of Business Continuity & Emergency Planning, 10(1), 84–92. https://libraryresources.columbiasouthern.edu/login?url=http://search.ebscohost.com/login.aspx?direc t=true&db=bsu&AN=118205630&site=ehost-live&scope=site
McManamy, R. (2018, April). Did you hear about Atlanta? Heating/Piping/Air Conditioning Engineering, 90(4),
4. https://libraryresources.columbiasouthern.edu/login?url=http://search.ebscohost.com/login.aspx?direc t=true&db=asn&AN=129193231&site=ehost-live&scope=site
Phillips, R., & Tanner, B. (2019, Spring). Breaking down silos between business continuity and cyber
security. Journal of Business Continuity & Emergency Planning, 12(3), 224–232. https://libraryresources.columbiasouthern.edu/login?url=http://search.ebscohost.com/login.aspx?direc t=true&db=bsu&AN=135613396&site=ehost-live&scope=site
Unit Lesson On March 28, 2018, the city of Atlanta was crippled by ransomware that originated by the SamSam hacking group. The attack brought down the Atlanta municipal government including the Hartsfield-Jackson Atlanta International Airport. The SamSam group demanded $51,000 in Bitcoin, and basically Atlanta was pushed back to the Stone Age in reference because nothing related to information technology (IT) was functioning. This attack lasted for five days with no relief (McManamy, 2018). The city of Atlanta spent $2.7 million to recover from the $51,000 Bitcoin ransomware attack by the SamSam group (Blake, 2018). The city of Atlanta could have saved $2.7 million with a backup plan for the city’s IT infrastructure in the event of a catastrophe such as what happened in March, 2018. The business continuity plan (BCP) is one of many
UNIT VII STUDY GUIDE Business Continuity Plan
SEC 4320, IS Security Capstone 2
UNIT x STUDY GUIDE Title
important documents that many organizations tend to shy away from for one main reason: cost! Yes, it costs money to set up a well-established working business continuity plan. However, we have seen what can happen if an organization does not have a BCP. So, what is a BCP? Check out the video What is a Business Continuity Plan? PM in Under 5 to learn more. A transcript and closed captioning are available once you access the video. After reading the information above, you probably can guess that it would have to do with how to recover from a disaster. Well, you would be half right. The BCP must be a proactive and a reactive recovery plan to ensure that no matter what the disaster, the business process can continue despite some noncritical areas of the business not functioning. One of the first questions that should be asked before attempting to develop a BCP is the following: Does the organization have the budget to plan for a disaster? Whether the organization has the budget or not, there must be a clear way to establish what needs to be planned in order to see what needs to be budgeted in a BCP. The easiest thing to do is to start with a disaster recovery checklist. The example below is just a small sample of what to look for when considering a budget for a business continuity plan.
Budget Item Costs Full-time salaries $1.5 Million Part-time salaries $750K Hot Site/Cold Site $5K per month Data Backup/Recovery $15K per month Business Impact Assessments $1.8 Million Training/Awareness $25K Emergency Operations Center $15K per month
The above is just an example of the budget information that would be included in the BCP. Other items to consider adding to the BCP are replacement computer systems and/or relocation of assets and people. Not budgeting for a disaster could cost more than budgeting for the disaster. Classic cases, such as the one mentioned above, can leave your business’s budget with a huge deficit. Once the organization has a budget in place, the business continuity planning can take place. View video Disaster Recovery on a Budget to learn how a company can recover from a disaster. A transcript and closed captioning are available once you access the video. The BCP should include the following areas.
• BCP committee: This committee is made up of managers, supervisors, department heads, and all those identified by the chief executive officer (CEO). These individuals will constitute the organizational emergency planning team.
• Business impact analysis (BIA): The BIA identifies the critical business processes that need to be functional during an emergency and/or disaster so that the organization’s business processes are not impeded. This also includes your customers as well as possible vendors who support the organization and might be affected by the disruption of the business processes. So, the main function of the BIA is to identify, quantify, and qualify interruptions and the impact of the interruptions within the organization. The BIA must prioritize the most critical business process that needs to continue during a disaster. View the video Business Impact Analysis to learn more. A transcript and closed captioning are available once you access the video.
• Risk mitigation: Once the BIA has been completed, then risk mitigation can be assessed. Of course, this assessment should include the health and welfare of employees, customers, organizational assets, and the operation of the business. Not all risks can be mitigated, but those risks have been identified by management as acceptable risk levels.
• Business continuity strategies: This is a crucial area since this affects how the business will function in the event that it needs to outsource processes; conduct cross-training with employees; set up work facilities, such as home or alternate business sites; conduct manual work (which was once done by automation); and screen customers or vendors who can work for you or need priority customer assistance.
• Plan development: After reviewing the BIA processes, the BCP committee needs to develop a plan for disasters and/or emergencies and document that in the BCP. The plan should include the elements talked about previously as well as alternate strategies and identify who plays the key roles in the BCP and their responsibilities. One of the most overlooked documents is the disaster and
SEC 4320, IS Security Capstone 3
UNIT x STUDY GUIDE Title
emergency call list composed of who needs to be contacted in the event of a disaster. Many times, organizations do not have a call list and/or the call list is obsolete because a key member has left the organization or their contact phone number is not updated. So, this should be placed in the communication and notification plan portion of the BCP.
• Implementation and training: Training employees who are identified as performing key roles in the BCP is important since these employees need to know their roles and responsibilities during the disaster. The key role members should be aware of who the other key role members are and their responsibilities. Therefore, once the plan is implemented, all of the key role members know exactly what to do.
• Test the BCP: Of all the elements, this is one of the most important. The BCP needs to be tested. How else will the organization know if the plan actually works? Therefore, the plan should be tested at least once a year. Once the plan is tested, it needs to be updated with any unforeseen changes that occurred during the test, and those areas that needed more detail in the planning phase should be reinforced.
The elements above are just the basic elements that organizations should have in their BCP documentation. Too often, the BCP has been written, documented, and tested and then found to be left on the shelf collecting dust never to be touched again until a disaster strikes. The BCP is a living document and needs to be updated periodically when the strategic vision of the organization changes or employees change. Phone numbers, vendors, and any areas that touch the business processes need to be monitored and updated on a regular basis.
References Blake, A. (2018, April 12). Ransomware infection already cost Atlanta $2.7 million: Report. The Washington
Times. https://www.washingtontimes.com/news/2018/apr/12/ransomware-infection-already-cost- atlanta-27-milli/
McManamy, R. (2018, April). Did you hear about Atlanta? Heating/Piping/Air Conditioning Engineering, 90(4),
4. https://libraryresources.columbiasouthern.edu/login?url=http://search.ebscohost.com/login.aspx?direc t=true&db=asn&AN=129193231&site=ehost-live&scope=site
- Course Learning Outcomes for Unit VII
- Required Unit Resources
- Unit Lesson
- References
VIIPPT.docx
This assignment will be a PowerPoint presentation that will touch on the various parts of the business continuity plan (BCP) that you have learned about in this unit. You will conduct Internet and CSU Online Library research about what should go into your BCP based on your previous choice of industries: aerospace, healthcare, or government agencies.
You are a security specialist and have been asked to provide a presentation to the organization’s upper management on the company’s BCP. The following information will be placed in your PowerPoint presentation:
· Slide 1: Title slide;
· Slide 2: Definition of business continuity plan;
· Slide 3: Names and contact information of those on the BCP committee;
· Slide 4: Business impact analysis (BIA);
· Slide 5: Business continuity strategies;
· Slide 6: Plan development to include a summary of the business processes that are the most critical in keeping the organization running, which ones should be budgeted for first, and which ones are critical to business recovery;
· Slide 7: Implementation and training (who is being trained and what they are being trained);
· Slide 8: How the BCP will be tested to explain who, what, where, when, how, and why in reference to the testing; and
· Slide 9: References slide.
See your study guide for additional information regarding the parts of a BCP.
Your PowerPoint presentation must be at least nine slides in length. Your slides should include speaker notes. Be sure to use bullets for your text on the slides and include a minimum of four graphics or pictures in the presentation. Include at least two references in your assignment, one of which should come from the CSU Online Library. Al sources used must be referenced on the references slide; paraphrased and quoted material must have accompanying APA Style citations.
UnitVII1.pdf
SEC 4320, IS Security Capstone 1
Course Learning Outcomes for Unit VII Upon completion of this unit, students should be able to:
2. Create an IS Security Plan. 2.1 Summarize the critical business processes that need to go into a business continuity plan.
3. Develop a budget plan for incident response and disaster recovery.
3.1 Categorize the critical business processes that need to be budgeted for first.
5. Construct preventative measures to ensure critical assets are secure. 5.1 Classify the business processes that are critical to recovery for business continuity.
Required Unit Resources In order to access the following resources, click the links below. Ferguson, C. (2018, Spring). Business continuity and disaster management within the public service in
relation to a national development plan. Journal of Business Continuity & Emergency Planning, 11(3), 243–255. https://libraryresources.columbiasouthern.edu/login?url=http://search.ebscohost.com/login.aspx?direc t=true&db=bsu&AN=128412940&site=ehost-live&scope=site
Hatton, T., Grimshaw, E., Vargo, J., & Seville, E. (2016, Autumn/Fall). Lessons from disaster: Creating a
business continuity plan that really works. Journal of Business Continuity & Emergency Planning, 10(1), 84–92. https://libraryresources.columbiasouthern.edu/login?url=http://search.ebscohost.com/login.aspx?direc t=true&db=bsu&AN=118205630&site=ehost-live&scope=site
McManamy, R. (2018, April). Did you hear about Atlanta? Heating/Piping/Air Conditioning Engineering, 90(4),
4. https://libraryresources.columbiasouthern.edu/login?url=http://search.ebscohost.com/login.aspx?direc t=true&db=asn&AN=129193231&site=ehost-live&scope=site
Phillips, R., & Tanner, B. (2019, Spring). Breaking down silos between business continuity and cyber
security. Journal of Business Continuity & Emergency Planning, 12(3), 224–232. https://libraryresources.columbiasouthern.edu/login?url=http://search.ebscohost.com/login.aspx?direc t=true&db=bsu&AN=135613396&site=ehost-live&scope=site
Unit Lesson On March 28, 2018, the city of Atlanta was crippled by ransomware that originated by the SamSam hacking group. The attack brought down the Atlanta municipal government including the Hartsfield-Jackson Atlanta International Airport. The SamSam group demanded $51,000 in Bitcoin, and basically Atlanta was pushed back to the Stone Age in reference because nothing related to information technology (IT) was functioning. This attack lasted for five days with no relief (McManamy, 2018). The city of Atlanta spent $2.7 million to recover from the $51,000 Bitcoin ransomware attack by the SamSam group (Blake, 2018). The city of Atlanta could have saved $2.7 million with a backup plan for the city’s IT infrastructure in the event of a catastrophe such as what happened in March, 2018. The business continuity plan (BCP) is one of many
UNIT VII STUDY GUIDE Business Continuity Plan
SEC 4320, IS Security Capstone 2
UNIT x STUDY GUIDE Title
important documents that many organizations tend to shy away from for one main reason: cost! Yes, it costs money to set up a well-established working business continuity plan. However, we have seen what can happen if an organization does not have a BCP. So, what is a BCP? Check out the video What is a Business Continuity Plan? PM in Under 5 to learn more. A transcript and closed captioning are available once you access the video. After reading the information above, you probably can guess that it would have to do with how to recover from a disaster. Well, you would be half right. The BCP must be a proactive and a reactive recovery plan to ensure that no matter what the disaster, the business process can continue despite some noncritical areas of the business not functioning. One of the first questions that should be asked before attempting to develop a BCP is the following: Does the organization have the budget to plan for a disaster? Whether the organization has the budget or not, there must be a clear way to establish what needs to be planned in order to see what needs to be budgeted in a BCP. The easiest thing to do is to start with a disaster recovery checklist. The example below is just a small sample of what to look for when considering a budget for a business continuity plan.
Budget Item Costs Full-time salaries $1.5 Million Part-time salaries $750K Hot Site/Cold Site $5K per month Data Backup/Recovery $15K per month Business Impact Assessments $1.8 Million Training/Awareness $25K Emergency Operations Center $15K per month
The above is just an example of the budget information that would be included in the BCP. Other items to consider adding to the BCP are replacement computer systems and/or relocation of assets and people. Not budgeting for a disaster could cost more than budgeting for the disaster. Classic cases, such as the one mentioned above, can leave your business’s budget with a huge deficit. Once the organization has a budget in place, the business continuity planning can take place. View video Disaster Recovery on a Budget to learn how a company can recover from a disaster. A transcript and closed captioning are available once you access the video. The BCP should include the following areas.
• BCP committee: This committee is made up of managers, supervisors, department heads, and all those identified by the chief executive officer (CEO). These individuals will constitute the organizational emergency planning team.
• Business impact analysis (BIA): The BIA identifies the critical business processes that need to be functional during an emergency and/or disaster so that the organization’s business processes are not impeded. This also includes your customers as well as possible vendors who support the organization and might be affected by the disruption of the business processes. So, the main function of the BIA is to identify, quantify, and qualify interruptions and the impact of the interruptions within the organization. The BIA must prioritize the most critical business process that needs to continue during a disaster. View the video Business Impact Analysis to learn more. A transcript and closed captioning are available once you access the video.
• Risk mitigation: Once the BIA has been completed, then risk mitigation can be assessed. Of course, this assessment should include the health and welfare of employees, customers, organizational assets, and the operation of the business. Not all risks can be mitigated, but those risks have been identified by management as acceptable risk levels.
• Business continuity strategies: This is a crucial area since this affects how the business will function in the event that it needs to outsource processes; conduct cross-training with employees; set up work facilities, such as home or alternate business sites; conduct manual work (which was once done by automation); and screen customers or vendors who can work for you or need priority customer assistance.
• Plan development: After reviewing the BIA processes, the BCP committee needs to develop a plan for disasters and/or emergencies and document that in the BCP. The plan should include the elements talked about previously as well as alternate strategies and identify who plays the key roles in the BCP and their responsibilities. One of the most overlooked documents is the disaster and
SEC 4320, IS Security Capstone 3
UNIT x STUDY GUIDE Title
emergency call list composed of who needs to be contacted in the event of a disaster. Many times, organizations do not have a call list and/or the call list is obsolete because a key member has left the organization or their contact phone number is not updated. So, this should be placed in the communication and notification plan portion of the BCP.
• Implementation and training: Training employees who are identified as performing key roles in the BCP is important since these employees need to know their roles and responsibilities during the disaster. The key role members should be aware of who the other key role members are and their responsibilities. Therefore, once the plan is implemented, all of the key role members know exactly what to do.
• Test the BCP: Of all the elements, this is one of the most important. The BCP needs to be tested. How else will the organization know if the plan actually works? Therefore, the plan should be tested at least once a year. Once the plan is tested, it needs to be updated with any unforeseen changes that occurred during the test, and those areas that needed more detail in the planning phase should be reinforced.
The elements above are just the basic elements that organizations should have in their BCP documentation. Too often, the BCP has been written, documented, and tested and then found to be left on the shelf collecting dust never to be touched again until a disaster strikes. The BCP is a living document and needs to be updated periodically when the strategic vision of the organization changes or employees change. Phone numbers, vendors, and any areas that touch the business processes need to be monitored and updated on a regular basis.
References Blake, A. (2018, April 12). Ransomware infection already cost Atlanta $2.7 million: Report. The Washington
Times. https://www.washingtontimes.com/news/2018/apr/12/ransomware-infection-already-cost- atlanta-27-milli/
McManamy, R. (2018, April). Did you hear about Atlanta? Heating/Piping/Air Conditioning Engineering, 90(4),
4. https://libraryresources.columbiasouthern.edu/login?url=http://search.ebscohost.com/login.aspx?direc t=true&db=asn&AN=129193231&site=ehost-live&scope=site
- Course Learning Outcomes for Unit VII
- Required Unit Resources
- Unit Lesson
- References
- 12 pages research
- ASAP
- 1. Why are system safety principles not used by all safety professionals? Suggest some ways to overcome the obstacles to wider adoption of system safety.
- dq
- business writer only, as discssed,,just
- 2page
- LAS432-TeamA-Week1Assignment
- CoursePolicies-RES351%2B%25283%2529+%282%29
- The Role of Unions (2 Page)
- THANKYOU