SWEET 3

QUESTION 1 ========== What is the importance of testing a contingency plan? Present four strategies that can be used to test contingency planning. Justify your rationale. QUESTION 2 =========== Notice that you have been creating a Business Continuity Plan (BCP) based upon an industry that is of interest to you. continue building on the Business Continuity Plan (BCP) content developed earlier Part 1: Issue-Specific Security Policies ---------------------------------------- NIST SP 800-12 Rev 1 recommends three types of information security policies to help organizations create, maintain, and develop an effective Information Security Program, with the objective of reducing risks, complying with laws and regulations, assuring operational continuity, and applying informational confidentiality, integrity, and availability. One type is Issue-Specific Security Policies (ISSP).For each of the following issues, use "NIST SP 800-12 Rev 1, to create an ISSP document. Make sure to address the following for each policy: Issue Statement, Statement of the Organization's Position, Applicability, Roles and Responsibilities, Compliance, Points of Contact, and Supplementary information. a)Use of personal equipment on your company's network (BYOD) b)Internet access c)Personal use of company equipment d)Removal of organizational equipment from your company's property e)Use of unofficial software Part 2: Legal Standard Operating Policies and Procedures ======================================================== A thorough legal standard operating policies and procedures (SOP) document is the foundation of a good business continuity plan. Standard operating procedures and polices provide the roadmap for management and staff to follow. These steps become the backbone of the business continuity plan, and they must govern every aspect of your chosen company. Using our Business Continuity Plan (BCP), design a 4- to 6-page manual presenting the legal standard operating policies and procedures to describe incidents including fire evacuation, ransomware attack, power outage, and pandemic situations. Each policy or procedure must include information related to: Industry Compliance Business Operations Training and Awareness Disaster Recovery Incident Response Support the BCP with a minimum of three scholarly resources. Part 3: Incident Response ======================== Once an adverse event that has targeted a business is confirmed, it is labeled as an incident. That is the time to activate the incident response plan. After the plan is activated, procedures are followed for incident reaction. Most of the time, the incident is contained. Then, clean up of all the problems begins and the organization makes a full recovery, with everything back to normal. This is incident recovery. Use the guidelines provided by "NIST SP 800-61 Rev. 2: The Computer Security Incident Handling Guide," to design an Incident Response Plan (IRP) for your company. Include actions to be taken if each of the following adverse events occur: a)Ransomware attack on one PC/user b)Power failure c)ISP failure If a disaster renders the current business location unusable for a long time, and there is no alternate site to reestablish critical business functions, what would you suggest in a situation like this? Hint: Use the 8-step model recommended by NIST to develop and maintain a viable BC program for your company. Support the BCP with a minimum of three scholarly resources.