Develop a comprehensive business continuity plan

Assignment Help Management Information Sys
Reference no: EM131360458

Assignment: Planning for Information Security

You have been hired as a consultant to design BCP for SanGrafix, a video and PC game design company. SanGrafix's newest game has become a hot seller, and the company anticipates rapid growth. It's moving into a new facility and will be installing a new network. Because competition is fierce in the game industry, SanGrafix wants to be fully secured, documented, and maintained while providing high availability, scalability, and performance.

Based on your current technology and information security knowledge, for this project you will design a BCP based off of the company profile below:

A. Primary location in San Francisco, CA

B. Secondary location/hot site in Sunnyvale, CA

C. Capable of supporting 220 users in these departments: Accounting and Payroll, 16; Research and Development, 48; Sales and Marketing, 40; Order Processing, Shipping, and Receiving, 36; secretarial and office management staff, 20; upper management (including the president, vice president, and general manager), 10; Customer Relations and Support, 30; Technology Support, 20.

D. Full OC3 Internet connection

First step is to issue a clear policy statement on the Business Continuity Plan. At a minimum, this statement should contain the following instructions:

• The organization should develop a comprehensive Business Continuity Plan.

• A formal risk assessment should be undertaken in order to determine the requirements for the Business Continuity Plan.

• The Business Continuity Plan should cover all essential and critical business activities.

• The Business Continuity Plan should be periodically tested in a simulated environment to ensure that it can be implemented in emergency situations and that the management and staff understand how it is to be executed.

• All staff must be made aware of the Business Continuity Plan and their own respective roles.

• The Business Continuity Plan is to be kept up to date to take into account changing circumstances.

• BELOW IS THE EXAMPLE

• Policy Statement1. Agencies are required to develop, implement, test and maintain a Business Continuity Plan (BCP) for all Information Technology Resources (ITR) that deliver or support core systems and services on behalf of the Commonwealth of Massachusetts. For purposes of this policy, the BCP is the overall plan that facilitates sustaining critical operations while recovering from a disruption. BCP's are required to include, at a minimum:

o Standard Incident Response Procedures: An information system-focused set of procedures to be used when an event occurs that is not part of the standard operation of a service and may or does cause disruption to or a reduction in the quality of services and Customer productivity.

o Disaster Recovery Plan (DRP): An information system-focused plan designed to restore operability of the target system, application, or computer facility infrastructure in the event of large scale disaster and/or other cataclysmic event.

o Continuity of Operations Plans (COOP): An information system-focused plan invoked under a DRP when access to the primary facility infrastructure is prevented for an extended period, requiring operations to be restored from an alternate site after an emergency. The COOP may be supported by multiple information system contingency plans to address recovery of impacted individual systems once the alternate facility has been established. The COOP only addresses information system disruptions that require relocation. (From NIST SP 800-34).

2. Agencies are required to conduct risk assessments to identify, estimate, and prioritize risks to organizational operations and conduct business impact analyses to identify all critical functions of the agency, entity or business unit and their supporting information systems. ITD's Compliance Assurance Office is available to assist and/or conduct such assessments.3. Agencies are required to articulate specific information, including the details necessary to effectively respond, manage, and recover from either an incident or a catastrophic event. Further, protecting data and confidential information should be integrated into the above referenced details.4. Agencies are required to ensure that all BCPs and supporting DRPs and COOPs are in alignment with and in support of any and all legal and regulatory requirements that the agency ITR's are subject to.5. Agencies are required, at a minimum, to include the following documentation and procedures in their BCP and its supporting components:

1.

1. Scope / Objectives
2. Risk Evaluation and Required Security Controls
3. Business Impact Analysis
4. Communications Procedures
5. BCP Organization Structure

1. Activation of plans
2. Succession of Authority Procedures
3. BCP Team Roles and Responsibilities

1. Incident/Event Response Teams
2. Emergency/DR Response Teams

4. Primary and Alternate Contact Lists

6. Damage Assessment
7. Recovery Plans

1. Critical System Recovery

1. Prioritization of Recovery
2. Interdependencies
3. Resource requirements
4. Security Controls
5. COOP

1. Mobilizing Alternate Locations / Resources
2. Managing Alternate Locations / Resources
3. Critical System Support

1. Short term
2. Long term
3. Local
4. Regional
5. Pandemic

6. Agencies are required to verify that critical third party vendors meet agency business continuity requirements during the contract negotiating process and prior to contract agreement and signature. Alternate third party vendors are required to be identified where appropriate.

7. Agencies are required to securely store copies of plans and supporting materials in a remote location; at a sufficient distance to escape any damage from a disaster at the agency's main information processing facilities and be available (via remote connection, external e-mail location, etc.).

8. Agencies are required to document, implement and annually test plans including the testing of all appropriate security provisions to minimize impact to systems or processes from the effects of major failures of IT Resources or disasters.

9. Agencies are required to identify appropriate mechanisms to ensure that plans remain current and updated between annual tests and reviews accounting for:

1.

1. Change management implications
2. New/Major upgrades of system implementations
3. New policy adoption
4. New contract implementations
5. New threat/risk identification
6. Staff/resource/responsibility changes

1. Agencies are required to publish plans and sufficiently train any and all individuals that are required or responsible for supporting the BCP.

Reference no: EM131360458

Questions Cloud

Find and plot the magnitude and phase spectra : Find and plot the magnitude and phase spectra.
Calculate the shear and bending moment : Refer to the indicated problem and draw complete shear and bending moment diagrams.- Calculate the shear and bending moment at 5 ft and at 15 ft from the left for the beams shown. Show free-body diagrams.
Discuss about the childhood obesity and smoking : From the second e-Activity, evaluate the efficacy of the steps to producing a contingency plan for battling childhood obesity. Be specific.From the case study and third e-Activity, evaluate the effectiveness of laws on smoking in your home state. ..
What is the present value : What is the present value of $4,000 paid at the end of each of the next 87 years if the interest rate is 6% per year?
Develop a comprehensive business continuity plan : The organization should develop a comprehensive Business Continuity Plan. A formal risk assessment should be undertaken in order to determine the requirements for the Business Continuity Plan.
What choice offers the greatest gain : Zhu Manufacturing is considering the introduction of a family of new products. Long-term demand for the product group is somewhat predictable, Based on expected value, what choice offers the greatest gain
How large will the last deposit be : Your last deposit will be less than $1,250 if less is needed to round out to $10,000. How many years will it take you to reach your $10,000 goal, and how large will the last deposit be?
Describe the sudden infant death syndrome : From the first e-Activity, evaluate the concepts of incidence and prevalence in relation to SIDS in children.From the second e-Activity, analyze and report on the morbidity and mortality rates of SIDS in your home state. Based on your analysis, giv..
Calculate the shear and bending moment : Calculate the shear and bending moment at 5 m and 10 m from the left end of the beam shown. Show free-body diagrams.

Reviews

Write a Review

 

Management Information Sys Questions & Answers

  Who was involved in the decision making

Describe an effort that you organization has undertaken to invest in technology. How was the decision made and Who was involved in the decision making

  Which site would be best for the new garage

Which site would be best for the new garage? What other criteria are important in making a final garage location decision? What concepts in the assigned reading are illustrated by this case study?

  How will you know if technology improved student learning

Standards and objectives for each activity, Basic steps of the activity, Benefits and challenges for the technology activity and Explanation of how the technology is integrated in the curriculu.

  Most salient intellectual property issues

In your opinion, what are the most salient intellectual property issues raised by the use of IT? Explain.

  Explain internal controls and risk management

Internal Controls and Risk Management - The separation of the programming and operating functions is explained step-by-step in this solution. The response also has the sources used.

  Building successful information systems

Explain the fundamental strengths and weaknesses-or the advantages and disadvantages-of the concept that you have chosen. Justify your response. Global information systems and Building successful information systems

  Identify and discuss potential political impacts and ethics

Identify and discuss potential political impacts and ethical questions that could result from the program or policy evaluation you are proposing in your Final Paper. Make sure to identify relevant stakeholder variables and any other extrinsic soci..

  Define the security strategies of defense in depth

Define the security strategies of Defense in Depth and Layered Security along with comparing and contrasting the strategies by explaining, at least, two advantages and disadvantages of implementing each security strategy. Support your information..

  What is true loss when customers leave because of hacking

Many online retailers and services store your credit card and personal information. What steps should organizations take to protect your information? Is it a reasonable expectation that organizations have the infrastructure to protect the American..

  Analyze the stages of the organizational buying process

Recall a situation in which you sought health care of some type (not including care for an injury or illness). Determine if your situation followed the five steps of the buying decision model and what role marketing may have played in your seeking..

  Perform systems analysis in a variety of industries

Analyze a company, its business position, and the attainment of a competitive advantage through the understanding and application of information systems and technologies. Perform systems analysis in a variety of industries and competitive situatio..

  Harnessing information management

Harnessing Information Management

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd