...1. Go online and conduct research on business continuity planning (BCP). 2. In 600 words, write a APAv6 formatted paper which discusses the following: ◦ What does this term mean? ◦ What practices or procedures does it include? ◦ Why should IT personnel be concerned with business continuity planning? Business Continuity Plan Before businesses were involved in contingency management, disaster recovery and contingency planning were predominantly IT driven responses to the increased attacks of Mother nature and terrorist events in the late 80s and early 90s (Tangen & Austin, 2012). It became apparent to business owners the link between events and profit loss which led to the establishment of business led processes. These processes were developed and planned to address the types of threats that could occur and affect business operations. The discipline became known as business continuity management (BCM). Business continuity management is about identifying and understanding the risks to the everyday running of a business and planning how business will be maintained if an incident actually happens (Business Bolton, n.d.). When a business is disrupted, it suffers financially. A business continuity plan (BCP) is a collection of procedures and information which is developed, compiled and maintained in prep for use in the event of an emergency or disaster. of any kind. Types of incidents identified addresses IT system crashes along with , natural...
Words: 947 - Pages: 4
...Assessment Worksheet Perform Business Continuity Plan Implementation Planning Course Name & Number: ______________________________________________________________ Student Name: _______________________________________________________________________ Instructor Name: _____________________________________________________________________ Lab Due Date: _______________________________________________________________________ Overview The instructor will lead the class in discussions pertaining to a business continuity plan. Key elements of a business continuity plan starting with a risk analysis, business impact analysis, and alignment of critical business functions and processes will be discussed. Students will craft a business continuity implementation plan outline as part of this lab’s deliverables. Lab #6 Assessment Questions & Answers 1. What is the different between a risk analysis (RA) and a business impact analysis (BIA)? 2. What is the difference between a Disaster Recovery Plan and a Business Continuity Plan? Copyright © 2013 Jones & Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com -58All Rights Reserved. Current Version Date: 02/11/2012 Student Lab Manual 3. Typically, a business continuity plan is also a compilation or collection of other plans. What other plans might a BCP and all supporting documents include? 4. What is the main difference between a Disaster Recovery Plan (DRP) and a Business Continuity Plan (BCP)? 5. What is the purpose...
Words: 380 - Pages: 2
...aSSESSmENt WORKSHEEt Perform Business Continuity Implementation Planning Course Name and Number: Student Name: Instructor Name: lab due date: 6 Perform Business Continuity Implementation Planning Overview In this lab, you were asked to begin the business continuity planning process for an e-commerce company, Online Goodies. You reviewed the key business functions and a prioritized list of impacted IT systems, applications, and data provided by your supervisor. You also compared the components of the major documentation required by the business continuity planning process: risk analysis, business impact analysis, business continuity plan, disaster recovery plan, and the business continuity implementation plan. Lab Assessment Questions & Answers 1. What is the difference between a risk analysis (RA) and a business impact analysis (BIA)? Risk analysis is often identifying the potential threats and the associated vulnerabilities to the organizations .Risk analysis doesn’t view the organization from the mission critical Business Process point of view. BIA the organization from the impact that is going to occur for an organization if the critical business processes are interrupted or tampered 2. What is the difference between a disaster recovery plan (DRP) and a business continuity plan (BCP)? Disaster recovery plan is have a full access to recover any lost data or essentials after a disaster while the business continuity is having what ever bare bones essentials...
Words: 681 - Pages: 3
...business as part of its recovery during disaster recovery or business continuity operations. You may focus upon the incident reported upon in your cybersecurity research paper OR you may take a more general approach. Your research will then be used to prepare a presentation (Power Point slides) in which you discuss how your selected solutions could be used to address cybersecurity problems specific to DR / BCP operations. Your presentation must also address the importance of disaster recovery planning and/or business continuity planning with respect to maintaining the confidentiality, integrity, and availability of information and information systems. Consult the grading rubric for specific content and formatting requirements for this assignment. The focus of your research for this assignment should be DR / BCP technology solutions for response and recovery after a cyber security incident of sufficient duration and impact to require activation of the organization’s Disaster Recovery and/or Business Continuity Plan. Suggested technology solutions include: * General DR/BCP Services * Palindrome http://www.youtube.com/watch?v=d60m6hUpgvs * Data Backup Solutions * Acronis http://www.acronis.com/solutions/smallbusiness/ * Cloud Computing (Infrastructure as a Service, Software as a Service, Platform as a Service) * VMWare http://www.vmware.com/solutions/datacenter/business-continuity/disaster-recovery.html * NetApp http://www.netapp.com/us/solutions/data-protection/business-continuity...
Words: 646 - Pages: 3
...high-level principles on business continuity and was issued to various financial industry participants as guidelines. The 7 principles provide a comprehensive overview of the necessary steps for business continuity planning. Financial industry participants are required to develop respective business continuity planning in accordance to the 7 high-level principles. There are various incidents within the last decade that has resulted in major operational disruption to financial industry. However, with the guidance of the 7 high-level principles, most of the participants were able to cope with crisis well and survive through the crisis. In this report, several case studies were researched and commented on their business continuity planning. Subprime crisis which caused the collapse of Lehman Brothers has caused a significant stir in the financial industry. Many counterparties ended up with huge exposure and default due to the fall of Lehman Brothers. However, Euroclear was able to manage the crisis well after it activated its crisis management plan which has been developed before the crisis. Similarly, terrorist’s attack on New York World Trade Center has not only caused major security issues but has also significantly affecting the financial industry. Bank of America and Deutsche Bank were the direct victims of the terrorist attack. Both banks remained sound operation and survived through the crisis due to well business continuity planning. Besides, Hurricane Gustav that...
Words: 2887 - Pages: 12
...information on the GAMP 5 Guide and provides a mapping to the previous version, GAMP 4. It specifically provides: 1. 2. 3. 4. 5. 6. Summary of Need for GAMP 5 Overview of GAMP Documentation Structure GAMP 5 Main Body Structure GAMP 5 Appendices New and Revised Material GAMP 4 to GAMP 5 Mapping 1 Summary of Need for GAMP 5 The GAMP Guide has been significantly updated to align with the concepts and terminology of recent regulatory and industry developments. These regulatory and industry developments focus attention on patient safety, product quality, and data integrity. This is a key driver for GAMP 5. Coupled to this there is the need to: • • • • • Avoid duplication of activities (e.g., by fully integrating engineering and computer system activities so that they are only performed once) Leverage supplier activities to the maximum possible extent, while still ensuring fitness for intended use Scale all life cycle activities and associated documentation according to risk, complexity, and novelty Recognize that most computerized systems are now based on configurable packages, many of them networked Acknowledge that traditional linear or waterfall development models are not the most appropriate in all cases © Copyright ISPE 2008. All rights reserved. Page 1 of 10 2 Overview of GAMP Documentation Structure The GAMP Guide forms part of a family of documents that together provide a powerful and comprehensive body of knowledge covering all...
Words: 2860 - Pages: 12
...CISSP: The Domains Table of Contents INTRODUCTION 4 DOMAIN 1: ACCESS CONTROL WHAT’S NEW IN ACCESS CONTROL? AN OVERVIEW 5 5 7 DOMAIN 2: SOFTWARE DEVELOPMENT SECURITY WHAT’S NEW IN APPLICATIONS SECURITY (NOW SOFTWARE DEVELOPMENT SECURITY)? AN OVERVIEW 9 9 10 DOMAIN 3: BUSINESS CONTINUITY & DISASTER RECOVERY WHAT’S NEW? AN OVERVIEW 12 12 13 DOMAIN 4: CRYPTOGRAPHY WHAT’S NEW? AN OVERVIEW 17 17 18 DOMAIN 5: INFORMATION SECURITY GOVERNANCE & RISK MANAGEMENT WHAT’S NEW? AN OVERVIEW 21 21 22 DOMAIN 6: LEGAL, REGULATIONS, INVESTIGATIONS, AND COMPLIANCE WHAT’S NEW? AN OVERVIEW 24 24 26 DOMAIN 7: SECURITY OPERATIONS WHAT’S NEW? AN OVERVIEW 28 28 29 DOMAIN 8: PHYSICAL & ENVIRONMENTAL SECURITY WHAT’S NEW? AN OVERVIEW 32 32 33 DOMAIN 9: SECURITY ARCHITECTURE & DESIGN WHAT’S NEW? AN OVERVIEW 36 36 38 DOMAIN 10: TELECOMMUNICATIONS & NETWORK SECURITY WHAT’S NEW? AN OVERVIEW 40 40 41 INFOSEC INSTITUTE’S CISSP BOOT CAMP COURSE OVERVIEW COURSE SCHEDULE 44 44 45 INTRODUCTION (ISC)²’s CISSP Exam covers ten domains which are: Access Control Application Development Security Business Continuity and Disaster Recovery Planning Cryptography Information Security Governance and Risk Management Legal regulations, investigations, and compliance Operations Security Physical and Environmental Security Security Architecture and Design Telecommunications...
Words: 11687 - Pages: 47
...disasters (earthquake) or a power outage (northeast power outage of 2003) can prevent companies from continuing to provide services to their customers and could affect trust between the customer and business in the long term. Such an event could bring down the company, possibly affecting everyone connected in its organization. “Business continuity (BC) refers to maintaining business functions or quickly resuming them in the event of a major disruption.” (Tittel, 2013) An organization creates a plan that will contain instructions on how to continue in lieu of an activating event. The military has simple contingency plans for communications called “PACER”. (P) Primary, (A) Alternate, (C) Contingency, (E) Emergency and (R) Redundancy. Every unit has these plans whether it is during combat operations or back at their home base. The best way to establish your business continuity plan is to understand your organization and what areas are vulnerable if certain systems are lost, such as a loss of electricity. The plan must cover short term, long term and finally the recovery from the event. Every company will have their own steps in creating a continuity plan. Some of the basic steps include: (1) Identifying the scope of the plan. There should be multiple plans for different events you can’t only have one plan for one event. (2) Identify key business areas. Can we survive without these branches of the organization but make it with these. (3) Identify Critical functions. Once you have...
Words: 687 - Pages: 3
...Richman Investments Business Continuity Plan Implementation Planning By Quentin Ward Introduction Richman Investments is emerging as one of the top e-commerce businesses. In order to better protect our great company I have created a BCP or Business Continuity Plan to be able to offset any problems that may arise and threaten our company’s functions and activities. Included in this BCP will be a BIA (Business Impact Analysis) and a RA (Risk Analysis). Overview 1.1 Policy Statement It is the policy of Richman Investments to always have a Business Continuity Plan in place for all non-critical and critical functions. To ensure that the BCP is implemented each department manager is asked to see to it that the plan is carried through. 1.2 Introduction This is a Business Continuity Plan for Richman Investments located at 834 Harrison Lane Beverley Hills, CA 90210. It has been developed in compliance with the National Fire Protection Association (NFPA) Standard 1600. This plan was created in order to aid Richman Investments in any type of recovery effort needed. Employees should read and adhere in conjunction to the Business Continuity Plan to ensure their safety and the company’s well being. 1.3 Confidentiality Statement This document is classified as confidential property of Richman Investments. The sensitivity of the information contained in this document is only intended for the viewing and use of Richman Investment employees. Unauthorized use...
Words: 794 - Pages: 4
...Disaster Recovery Plan: A Brief Overview IT244 Axia Online College of University of Phoenix This following paper will highlight a brief overview of a DRP, covering the purpose of a DRP, key elements of a DRP, methods to test a DRP, and why testing should be done on a DRP. The main function or purpose of a DRP is to basically help identify a logical plan to recover from a disaster. Such as in any business, especially dealing with information technology, a DRP can help a business or company continue to run smoothly, with minimum disruption to normal operations. Every DRP is created differently and key elements that make a DRP may differentiate. To give an example onto what kind of key elements are found in a DRP; according to the information shown by the University of Arkansas, Fayetteville Department of Computing Services website, DRP can contain the following key elements: 1. General Information About The Plan 2. Disaster Planning 3. Initiation of Emergency Procedures 4. Initiation of Recovery Procedures 5. Maintaining the Plan A DRP cannot be fully realized or put into action unless a testing of the DRP can be done. The testing basically helps find any weak areas in the DRP so planner can improve in those areas. According to Mark S. Merkow and Jim Breithaupt authors of Information Security: Principles and Practices there are five methods to test a DRP and they are as follow: 1. Walk-through: Members...
Words: 583 - Pages: 3
...Chapter 3 Planning for Contingencies Chapter Overview The third chapter of the book will articulate the need for contingency planning and explore the major components of contingency planning. In this chapter, the reader will learn how to create a simple set of contingency plans using business impact analysis and prepare and execute a test of contingency plans. Chapter Objectives When you complete this chapter, you will be able to: • Understand the need for contingency planning • Know the major components of contingency planning • Create a simple set of contingency plans, using business impact analysis • Prepare and execute a test of contingency plans • Understand the unified contingency plan approach Introduction This chapter focuses on planning for the unexpected event, when the use of technology is disrupted and business operations come close to a standstill. “Procedures are required that will permit the organization to continue essential functions if information technology support is interrupted.” On average, over 40% of businesses that don't have a disaster plan go out of business after a major loss. What Is Contingency Planning? The overall planning for unexpected events is called contingency planning (CP). CP is the process by which organizational planners position their organizations to prepare for, detect, react to, and recover from events that threaten the security of information resources and assets, both human and...
Words: 3573 - Pages: 15
...today’s business world. In fact, businesses use information technology too quickly and effectively process information, Carlson 1998. Within these businesses, employees use these advanced technologies in which to communicate. Electronic data interchange is used to transmit data. This serves a purpose of transmitting orders and payments from one company to another. With electric data interchange in mind, servers process an immense amount of data. For a business to be rendered effective, a disaster recovery plan should be develop in correlation with the priorities of the business. As noted, due to the rapid growth technology, planning strategies should be refined overtime to maintain its vigilant awareness to keep up with modern technology. Overview A disaster recovery plan is a process in which to secure intellectual property. Disaster Recovery planning involves procedures to recover, as well as, maintain accountability of a business’s information integrity in the event of a disaster. Business, no matter the size, creates large volumes of important data. Most of which is crucial to an organizations survival in its market. Disaster recovery is a documented guideline, usually in written form. These guidelines specify the procedures an organization is to follow in the event of a disaster. The disaster recovery should...
Words: 1871 - Pages: 8
...review is necessary for this company as the reason that ITGC is the foundation of every categories of the internal control. To review the ITGC will help the audit committee to determine the risk assessment of the internal controls in the company’s information system. The ITGC mainly classified by five areas, such as IT Management, Data Security, Change Management, System Development and Business Continuity Planning. The auditor need to review all the internal controls for this five area to define the risk assessment level in order to main and improve the company’s information system. This will help the company keep operating their business by using their information system correctly and continuously. As I am one of the external auditor team for Foods Fantastic Company, we work to auditor the company’s internal controls for the information technology general control respective. Our team first review the company’s internal controls through five areas that I have talked above; and set up the key aspects for review, which we specialized to suit the FFC. Second, we took an overview of the company’s organization cart, and then interview the CFO, Internal Audit, CIO and VP, HR, Applications, Operations, information Security. Those are all the key persons who responsible for the company’s information system and internal controls. In addition, we need and already did observations ourselves without talking with anyone. We took notes and collect...
Words: 1057 - Pages: 5
...Declaration This report entitled the overview of understand the risk management functions in business, understand how business risk is assessed and managed, understand the effects of business risks and how they can be managed and understand approaches to crisis management and business continuity planning. The aim of this assignment is to raise business risk awareness and develop skills to assess, monitor and control business risks and to develop an appreciation of the implications of business risks I certify that the work submitted for this assignment is my own and research sources are fully acknowledged. Name: Date: Table of content Content | Page | Declaration | 1 | LO1: Understand the risk management function in business | 3 | P1.1 Examine the role of the risk management function in business | 3 | P1.2 Assess the role of business function sin the management of risk | 4 | LO2: Understand how business risk is assessed and managed | 5 | P2.1: Analyse the risk assessment process | 5 | P2.2 Evaluate approaches to managing risk | 7 | P2.3 Examine the risk management process | 8 | LO3: Understand the effects of business risks and how they can be managed | 9 | P3.1 Analyse the main drivers of business risk | 9 | P3.2 Appraise the impact of different types of risk for a business organisation | 10 | P3.3 Assess which business areas are high risk | 11 | P3.4 Analyse risk management strategies | 12 | LO4: Understand approaches...
Words: 3970 - Pages: 16
...436_XSS_FM.qxd 4/20/07 1:18 PM Page ii 443_Disaster_Rec_FM.qxd 5/25/07 3:07 PM Page i Visit us at w w w. s y n g r e s s . c o m Syngress is committed to publishing high-quality books for IT Professionals and delivering those books in media and formats that fit the demands of our customers. We are also committed to extending the utility of the book you purchase via additional materials available from our Web site. SOLUTIONS WEB SITE To register your book, visit www.syngress.com/solutions. Once registered, you can access our solutions@syngress.com Web pages. There you may find an assortment of valueadded features such as free e-books related to the topic of this book, URLs of related Web sites, FAQs from the book, corrections, and any updates from the author(s). ULTIMATE CDs Our Ultimate CD product line offers our readers budget-conscious compilations of some of our best-selling backlist titles in Adobe PDF form. These CDs are the perfect way to extend your reference library on key topics pertaining to your area of expertise, including Cisco Engineering, Microsoft Windows System Administration, CyberCrime Investigation, Open Source Security, and Firewall Configuration, to name a few. DOWNLOADABLE E-BOOKS For readers who can’t wait for hard copy, we offer most of our titles in downloadable Adobe PDF form. These e-books are often available weeks before hard copies, and are priced affordably. SYNGRESS OUTLET Our outlet store at syngress...
Words: 189146 - Pages: 757
