User Account

All Pages

Develop a comprehensive business continuity plan

Assignment Help Management Information Sys
Reference no: EM131360458

Assignment: Planning for Information Security

You have been hired as a consultant to design BCP for SanGrafix, a video and PC game design company. SanGrafix's newest game has become a hot seller, and the company anticipates rapid growth. It's moving into a new facility and will be installing a new network. Because competition is fierce in the game industry, SanGrafix wants to be fully secured, documented, and maintained while providing high availability, scalability, and performance.

Based on your current technology and information security knowledge, for this project you will design a BCP based off of the company profile below:

A. Primary location in San Francisco, CA

B. Secondary location/hot site in Sunnyvale, CA

C. Capable of supporting 220 users in these departments: Accounting and Payroll, 16; Research and Development, 48; Sales and Marketing, 40; Order Processing, Shipping, and Receiving, 36; secretarial and office management staff, 20; upper management (including the president, vice president, and general manager), 10; Customer Relations and Support, 30; Technology Support, 20.

D. Full OC3 Internet connection

First step is to issue a clear policy statement on the Business Continuity Plan. At a minimum, this statement should contain the following instructions:

• The organization should develop a comprehensive Business Continuity Plan.

• A formal risk assessment should be undertaken in order to determine the requirements for the Business Continuity Plan.

• The Business Continuity Plan should cover all essential and critical business activities.

• The Business Continuity Plan should be periodically tested in a simulated environment to ensure that it can be implemented in emergency situations and that the management and staff understand how it is to be executed.

• All staff must be made aware of the Business Continuity Plan and their own respective roles.

• The Business Continuity Plan is to be kept up to date to take into account changing circumstances.

• BELOW IS THE EXAMPLE

• Policy Statement1. Agencies are required to develop, implement, test and maintain a Business Continuity Plan (BCP) for all Information Technology Resources (ITR) that deliver or support core systems and services on behalf of the Commonwealth of Massachusetts. For purposes of this policy, the BCP is the overall plan that facilitates sustaining critical operations while recovering from a disruption. BCP's are required to include, at a minimum:

o Standard Incident Response Procedures: An information system-focused set of procedures to be used when an event occurs that is not part of the standard operation of a service and may or does cause disruption to or a reduction in the quality of services and Customer productivity.

o Disaster Recovery Plan (DRP): An information system-focused plan designed to restore operability of the target system, application, or computer facility infrastructure in the event of large scale disaster and/or other cataclysmic event.

o Continuity of Operations Plans (COOP): An information system-focused plan invoked under a DRP when access to the primary facility infrastructure is prevented for an extended period, requiring operations to be restored from an alternate site after an emergency. The COOP may be supported by multiple information system contingency plans to address recovery of impacted individual systems once the alternate facility has been established. The COOP only addresses information system disruptions that require relocation. (From NIST SP 800-34).

2. Agencies are required to conduct risk assessments to identify, estimate, and prioritize risks to organizational operations and conduct business impact analyses to identify all critical functions of the agency, entity or business unit and their supporting information systems. ITD's Compliance Assurance Office is available to assist and/or conduct such assessments.3. Agencies are required to articulate specific information, including the details necessary to effectively respond, manage, and recover from either an incident or a catastrophic event. Further, protecting data and confidential information should be integrated into the above referenced details.4. Agencies are required to ensure that all BCPs and supporting DRPs and COOPs are in alignment with and in support of any and all legal and regulatory requirements that the agency ITR's are subject to.5. Agencies are required, at a minimum, to include the following documentation and procedures in their BCP and its supporting components:

1.

1. Scope / Objectives
2. Risk Evaluation and Required Security Controls
3. Business Impact Analysis
4. Communications Procedures
5. BCP Organization Structure

1. Activation of plans
2. Succession of Authority Procedures
3. BCP Team Roles and Responsibilities

1. Incident/Event Response Teams
2. Emergency/DR Response Teams

4. Primary and Alternate Contact Lists

6. Damage Assessment
7. Recovery Plans

1. Critical System Recovery

1. Prioritization of Recovery
2. Interdependencies
3. Resource requirements
4. Security Controls
5. COOP

1. Mobilizing Alternate Locations / Resources
2. Managing Alternate Locations / Resources
3. Critical System Support

1. Short term
2. Long term
3. Local
4. Regional
5. Pandemic

6. Agencies are required to verify that critical third party vendors meet agency business continuity requirements during the contract negotiating process and prior to contract agreement and signature. Alternate third party vendors are required to be identified where appropriate.

7. Agencies are required to securely store copies of plans and supporting materials in a remote location; at a sufficient distance to escape any damage from a disaster at the agency's main information processing facilities and be available (via remote connection, external e-mail location, etc.).

8. Agencies are required to document, implement and annually test plans including the testing of all appropriate security provisions to minimize impact to systems or processes from the effects of major failures of IT Resources or disasters.

9. Agencies are required to identify appropriate mechanisms to ensure that plans remain current and updated between annual tests and reviews accounting for:

1.

1. Change management implications
2. New/Major upgrades of system implementations
3. New policy adoption
4. New contract implementations
5. New threat/risk identification
6. Staff/resource/responsibility changes

1. Agencies are required to publish plans and sufficiently train any and all individuals that are required or responsible for supporting the BCP.

Reference no: EM131360458

Questions Cloud

Find and plot the magnitude and phase spectra : Find and plot the magnitude and phase spectra.
Calculate the shear and bending moment : Refer to the indicated problem and draw complete shear and bending moment diagrams.- Calculate the shear and bending moment at 5 ft and at 15 ft from the left for the beams shown. Show free-body diagrams.
Discuss about the childhood obesity and smoking : From the second e-Activity, evaluate the efficacy of the steps to producing a contingency plan for battling childhood obesity. Be specific.From the case study and third e-Activity, evaluate the effectiveness of laws on smoking in your home state. ..
What is the present value : What is the present value of $4,000 paid at the end of each of the next 87 years if the interest rate is 6% per year?
Develop a comprehensive business continuity plan : The organization should develop a comprehensive Business Continuity Plan. A formal risk assessment should be undertaken in order to determine the requirements for the Business Continuity Plan.
What choice offers the greatest gain : Zhu Manufacturing is considering the introduction of a family of new products. Long-term demand for the product group is somewhat predictable, Based on expected value, what choice offers the greatest gain
How large will the last deposit be : Your last deposit will be less than $1,250 if less is needed to round out to $10,000. How many years will it take you to reach your $10,000 goal, and how large will the last deposit be?
Describe the sudden infant death syndrome : From the first e-Activity, evaluate the concepts of incidence and prevalence in relation to SIDS in children.From the second e-Activity, analyze and report on the morbidity and mortality rates of SIDS in your home state. Based on your analysis, giv..
Calculate the shear and bending moment : Calculate the shear and bending moment at 5 m and 10 m from the left end of the beam shown. Show free-body diagrams.

Reviews

Write a Review

Management Information Sys Questions & Answers

  Summarise the major opportunities and risks

Discuss the requirements for remote administration, resource management and SLA management. It may be useful to consider Morad and Dalbhanjan's operational checklists for DSI's OSDS. This section should be no more than two to three pages in length..

  Research available logistics and inventory

Research available logistics, inventory, and warehouse management technology software tools that could be used in a supply chain.

  Important goals and considerations of information security

Why are information security and privacy important considerations in the design, development, and maintenance of HRIS. What are the important goals and considerations of information security

  Integrated software application for patient records mgmt

Assume that you have been asked to procure a new integrated software application for patient records management.

  Explain strategic decision support and e-health applications

Explain the following types of computerized information systems: Clinical, Management, Strategic decision support

  What you have learned about informatics systems

Consider what you have learned about informatics systems and how we use data to improve patient care and decrease costs. How is data collected, stored, and used to protect patients and improve care

  Explain internal controls and risk management

Internal Controls and Risk Management - The separation of the programming and operating functions is explained step-by-step in this solution. The response also has the sources used.

  Which aspects or areas of a project plan are more likely to

which aspects or areas of a project plan are more likely to be affected by risk responses? how do risk responses affect

  Where could you apply a similar interactive system

From the e-Activity, think of one (1) potential area where you could use an interactive system based on Michael Bodekaer's idea of using virtual reality and smart devices to revolutionalize science education. In your response, address the followi..

  Practices around information management

What is the most challenging problems often encountered when implementing more effective processes and practices around information management?

  Issues and challenges encountered in general industry

Analyse and compare the suitability of these two IT architectural styles in meeting the current and future system integration challenges within the healthcare domain.

  Create a graphical representation of your architecture

Explain what type of architecture the new payroll application should use and why.Identify what types of technology will be involved in the architecture and explain the purpose of each technology. Create a graphical representation of your recommended ..

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd