Security policy & standarts – 07

Part 1: Research BIA and BCP (0/1 completed)

Note: In this part of the lab, you will review internet resources on BIA and BCP in order to form a basis for their purpose and usage. Understanding the reason behind a business continuity management policy is key to understanding the component policies and procedures. Please take the time to review the research thoroughly and think through the concepts of the policy itself.

  1. 1. In your browser, navigate to http://www.ready.gov/business/implementation/continuity and read the “Business Continuity Plan” article.
  2. 2. In your browser, navigate to http://www.ready.gov/business-impact-analysis and read the “Business Impact Analysis” article.
  3. 3. Write a brief summary of the information you found in the articles and websites. In your summary, describe what a BCP is and list the steps for developing a BCP.  Also, describe what a BIA is, how you conduct a BIA, and how the BIA is related to the BCP.

Part 2: Create a BCP Policy (0/9 completed)

Note: Conducting a BIA entails describing any mission-critical business functions and processes. The next step is to identify all threats and vulnerabilities. Once you have both of these deliverables, you can compare the findings with the organization’s existing policies. What stands out are the areas in your policies needing improvement.

BIAs are a reoccurring analysis, sometimes done once a year. BIAs are revisited because as a business and/or the market changes, the assets and processes deemed critical change. Moreover, recovery times might grow or tighten.

  1. 1. Review the following sample BIA template:

Business Function or ProcessBusiness Impact FactorIT Systems/Apps Infrastructure ImpactsRTO/RPOInternal and external voice communications with customers in real-time   Internal and external e-mail communications with customers via store and forward messaging   Domain Name System (DNS) server for internal and external Internet Protocol (IP) communications   Internet connectivity for e-mail and store-and-forward customer service   Self-service web site for customer access to information and personal account information   e-Commerce site for online customer purchases or scheduling 24x7x365   Payroll and human resources for employees   Real-time customer service via web site, e-mail, or telephone requires customer relationship management (CRM)   Network management and technical support   Marketing and events   Sales orders or customer/student registration   Remote branch office sales order entry to headquarters   Voice and e-mail communications to remote branches   Accounting and finance support: Accounts payable, Accounts receivable, etc.   

  1. 1. For each business function or process described above, assign a business impact factor of Critical, Major, Minor, or None.
  2. 2. For each business function or process described above, identify the IT systems and applications impacted by the business function (for example, determine what would be affected if the function or process failed).
  3. 3. Review the following metrics of the BCP policy definition:
    • Recovery Time Objective (RTO): Defines how quickly IT systems, servers, applications, and access to data services and processes must be operational following an incident, including recovery of applications and data and end-user access to those applications
    • Recovery Point Objective (RPO): Defines the point in time that marks the end of the period during which data can still be recovered using backups, journals, or transaction logs

Note: To best understand the difference between RTO and RPO, ask yourself these two questions:

  • If the data center blew up, how much time can pass before the business is doomed? That’s the RTO.
  • If the backups are failing, how far back can your backup losses go before business is ruined? That’s the RPO.
  1. 1. Review the following RTO and RPO metrics for the BIA:

CriticalRTO: 8 hoursRPO: 0 hoursMajorRTO: 24 hoursRPO: 8 hoursMinorRTO: 1 weekRPO: 3 daysNoneRTO: 1 monthRPO: 7 days

  1. 1. For each Business Function or Process, use the table above to assign an RTO/RPO according to the corresponding business impact factor.

Note: An important difference between RTO and RPO is the purpose behind each one. The RTO determines the business continuity management plan and how much money the business needs to resume operations. The RPO only affects the backup operations.

  1. 1. Create a business continuity plan policy for the fictional Bankwise Credit Union. In the plan, reference the RTO and RPO standards in the policy’s Standards section:

Bankwise Credit Union

Business Continuity Plan Policy

Policy Statement
Insert policy verbiage here.

Purpose/Objectives
Define the policy’s purpose and objectives. They should mirror the purpose/objectives of a business impact analysis (BIA).

Scope
Define this policy’s scope and whom it covers.

How to Gain Approval for Your Plan

The first step toward implementing your business continuity plan (BCP) lies in gaining executive management’s wholehearted support. You can’t wait to win this approval until after you’ve drawn up and presented your plan to management. You must make clear to management from the beginning the costs associated with any lasting disruptions to business and the pressing need for every business to have a BCP to protect itself.

To win executive management’s endorsement of your BCP, research the costs associated with business disruptions, the costs of implementing a business continuity plan, and the steps for continuity and recovery that are specific to your organization, and then use this data to strengthen the arguments for implementing your plan. Also, ask management what it is looking for. Understand the executives’ short- and long-term concerns and what concrete benefits they are looking for from a BCP. Find out as well how much they are willing and able to invest in such a plan. Remind them that while a BCP requires ongoing upgrades, which will also come with a price tag, to go without such a plan and its upgrades could result in even longer and far costlier business disruptions.

To win executive management support takes proper planning. Too many well-intentioned managers and consultants devote all their time to their plan’s presentation and not enough time consulting with management. Use information from your conversations with management to plan your approach, presentation materials, and time. Remember, you’ll likely get just one try at this.

Standards
Does this policy point to any hardware, software, or configuration standards? In this case, you need to reference the recovery time objectives (RTOs) and recovery point objectives (RPOs) as standards and metrics. List them here and explain the relationship of this policy to these standards.

Procedures
Explain how you intend to implement this policy across the entire organization.

Guidelines
Explain any roadblocks or implementation issues that you must address in this section and how you will overcome them per defined policy guidelines.

Challenge Exercise (0/1 completed)Note: The following challenge exercise is provided to allow independent, unguided work – similar to what you will encounter in a real situation.

The C-level executives of the Bankwise Credit Union are confused about the differences between a business continuity policy and business continuity plan and how they work together. It is your job as CISO to create a document to explain these topics.

Use the internet to find further information on the differences between policies and plans in information security in general. Use this information to create a high-level explanation for C-level executives. Provide examples of real business continuity policies and how they could be useful in your organization.

Qualified Writings
Get 20% Discount on this Paper
Pages (550 words)
Approximate price: -

Why Work with Us

Top Quality and Well-Researched Papers

We always make sure that writers follow all your instructions precisely. You can choose your academic level: high school, college/university or professional, and we will assign a writer who has a respective degree.

Professional and Experienced Academic Writers

We have a team of professional writers with experience in academic and business writing. Many are native speakers and able to perform any task for which you need help.

Free Unlimited Revisions

If you think we missed something, send your order for a free revision. You have 10 days to submit the order for review after you have received the final document. You can do this yourself after logging into your personal account or by contacting our support.

Prompt Delivery and 100% Money-Back-Guarantee

All papers are always delivered on time. In case we need more time to master your paper, we may contact you regarding the deadline extension. In case you cannot provide us with more time, a 100% refund is guaranteed.

Original & Confidential

We use several writing tools checks to ensure that all documents you receive are free from plagiarism. Our editors carefully review all quotations in the text. We also promise maximum confidentiality in all of our services.

24/7 Customer Support

Our support agents are available 24 hours a day 7 days a week and committed to providing you with the best customer experience. Get in touch whenever you need any assistance.

Try it now!

Calculate the price of your order

Total price:
$0.00

How it works?

Follow these simple steps to get your paper done

Place your order

Fill in the order form and provide all details of your assignment.

Proceed with the payment

Choose the payment system that suits you most.

Receive the final file

Once your paper is ready, we will email it to you.

Our Services

No need to work on your paper at night. Sleep tight, we will cover your back. We offer all kinds of writing services.

Essays

Essay Writing Service

No matter what kind of academic paper you need and how urgent you need it, you are welcome to choose your academic level and the type of your paper at an affordable price. We take care of all your paper needs and give a 24/7 customer care support system.

Admissions

Admission Essays & Business Writing Help

An admission essay is an essay or other written statement by a candidate, often a potential student enrolling in a college, university, or graduate school. You can be rest assurred that through our service we will write the best admission essay for you.

Reviews

Editing Support

Our academic writers and editors make the necessary changes to your paper so that it is polished. We also format your document by correctly quoting the sources and creating reference lists in the formats APA, Harvard, MLA, Chicago / Turabian.

Reviews

Revision Support

If you think your paper could be improved, you can request a review. In this case, your paper will be checked by the writer or assigned to an editor. You can use this option as many times as you see fit. This is free because we want you to be completely satisfied with the service offered.

See all services