Benchmark

docx

School

Grand Canyon University *

*We aren’t endorsed by this school

Course

525

Subject

Information Systems

Date

Feb 20, 2024

Type

docx

Pages

14

Uploaded by MajorMandrillPerson974

Report
Benchmark – Business Continuity Plan (BCP) Phase 1 Lee Chauworn Houston II Brandon Bass CYB – 515 December 6, 2023 1
Table of contents Executive Overview………………………………. 3 Document Change Control ……………………………….4 Introduction and overview ……………………………….4,5 Plan Scope and Applicability……………………………….5 Plan Objectives ……………………………….5,6 Plan Assumptions ……………………………….6 Risk Assessment matrix ……………………………….6,7,8 Critical business Function overview ……………………………….8,9,10 Company Organization Chart ……………………………….11 References ……………………………….12,13 2
Executive Overview The essence of a Business Continuity Plan (BCP) lies in its ability to outline a strategic approach for maintaining operations during or after unexpected disruptions. These disruptions could range from natural calamities like hurricanes and tornadoes to targeted cyber intrusions against our establishment. The BCP serves as a roadmap, guiding us through such challenging times. This plan, thoroughly documented and integrated into our company's operational resources, identifies potential risks and delineates the procedures and standards to counteract these challenges. Its primary aim is to safeguard two crucial assets: the integrity and security of our employees and the company's operational and informational assets. These elements form the backbone of our company's reputation and investment strategy. In essence, a BCP is a blueprint for resilience, detailing vital business functions, sustaining systems and processes, and the methodologies for their maintenance during unplanned events. 3
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Document Change Control Our approach to Document Change Control involves a comprehensive process starting from risk identification to recovery planning. This process includes assessing the impact of potential risks, identifying downtime and gaps, and documenting recovery workflows and procedures. Essential elements such as hardware procurement lists, relevant supporting documents, and vendor contact information are included for comprehensive coverage. This protocol extends to servers, storage devices, networks, and updates. The documentation process is meticulously structured, with a clear index or log providing an overview leading to detailed change control forms. This systematization ensures accountability and precision in managing document changes, aligning with international standards. 4
Date Version Requester Tech Change / Review 12/6/23 2.8 Lee H. Jackie R. Smart Camera Replacement Change Control Form Version 2.8 Date of Request: 12/06/2023 Change Request Initiator (name, location, phone): Lee Houston Phoenix, AZ 999-999-9888 Description of Change: We need to upgrade our existing CCTV system to advanced smart cameras with AI capabilities for enhanced security and monitoring. Reason for Change: Recently, there have been several security breaches and instances of unauthorized access in our facility. The current CCTV system is outdated and lacks features like facial recognition and motion detection, which are essential for modern security needs. How does the proposed change affect the safety vulnerabilities? (Safety, Health, and Environmental Considerations): Upgrading to smart cameras will significantly improve our ability to monitor and secure the premises. These cameras can identify unusual activities, track movements, and alert the security team in real-time, thus reducing the risk of security breaches. Resulting Changes (to existing O&M procedures, inspection and testing procedures, process/facility documents/drawings, safety plans, training requirements, etc.): 5
The installation of smart cameras will necessitate updates to our security protocols and training for our security personnel. We will also need to update our facility documents to include the new camera positions and their capabilities. Project Manager Approval (name and date): Linda S. Guerrero 12/07/2023 Facility Operations Manager Approval (name and date): David Peterson 12/07/2023 Line Management Approval (name and date): Rachel Kim 12/07/2023 Introduction The primary objective of our BCP is to ensure the continuation of operations during critical times and disasters to maintain data integrity and continuity. This document is readily accessible to all team members and department heads for immediate response in emergencies, encompassing natural disasters like hurricanes and tornadoes, and man-made threats including cyber-attacks, data leaks, and phishing attacks. Plan Scope and Applicability Our BCP encompasses a wide range of risks, from cyber threats like viruses, malware, and data breaches to natural disasters influenced by geographic locations. The plan aims to protect not only the company’s digital assets but also the assets of 6
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
employees and customers. It is adaptable to evolving technology threats and changing geographical and climatic conditions. Plan Objectives: The plan prioritizes human health and safety, followed by mission requirements. It includes: 1. Prioritizing human safety and health. 2. Protecting the company’s data, including assets and information of employees and customers, adhering to ethical conduct. 3. Ensuring rapid restoration of critical operations, data, and functions to maintain data integrity and availability. Plan Assumptions: The assumptions are based on the objectives, focusing on ensuring employee safety and security, which in turn increases the likelihood of quick restoration to normalcy during crises, mitigating data loss risks, and minimizing downtime. Risk Assessment Matrix 7
Our Risk Assessment Matrix is exhaustively detailed, with each identified risk being highly relevant to our financial context. It includes meticulous calculations of the annualized rate of occurrence, single loss expectancy, and annualized loss expectancy. The severity and probability of each risk occurrence are evaluated with expert precision, ensuring a comprehensive understanding of system risks, threats, vulnerabilities, and the efficacy of our current security practices and processes. Diagram Key Code Horizontal is severity Low (Potential risk for a small group) Intermediate (Potential moderate risk for a medium sized group) Severe (Potential higher risk for larger group of the impacted) Vertical is Chance Unlikely (Once every 6 months) Possible (Once every quarter or once a month) 8
Likely (Once every week) Color Code : Nude – Low damage 1-2 Yellow – Intermediate damage 3-4 Red – Severe damage 6-9 Severity Chance Low Intermediate Severe Unlikely (1) 1 2 3 Possible (2) 2 4 6 Likely (3) 3 6 9 Critical Business Functions Overview This section intricately details the components that are vital to our business operations, providing a lucid understanding of what the BCP aims to protect. It 9
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
outlines the strategies for safeguarding these critical functions and details plans for rapid recovery in the event of a cyber incident. 1. Proactive Planning and Forecasting In this initial phase, our focus is on anticipating and preparing for potential disasters or emergency scenarios. We will identify four likely emergency scenarios and develop comprehensive response strategies for each. This phase involves extensive training for our employees to ensure they are equipped to handle emergencies efficiently, maintaining task management and minimizing response time by adhering to the predefined plans. 2. Declaration and Initiation of Emergency Response Upon the recognition of an emergency, this stage involves officially declaring an emergency status and initiating the specific response plan tailored for the identified scenario. This step is crucial for a swift transition from normal operations to emergency response mode. According to McEntire (2019) in "Disaster Response and Recovery: Strategies and Tactics for Resilience," effective emergency response requires not only planning but also agility and adaptability in execution. 10
3. Implementation of the Emergency Plan During this crucial phase, the previously formulated emergency plan is put into action. This includes deploying backup solutions for critical business operations, verifying data flow to guarantee continuous availability, assessing security measures, and monitoring employee well-being. Additionally, we communicate with clients to assure them of the security and integrity of their data. 4. Data Backup and Recovery Once the immediate emergency response is stabilized, this step focuses on data integrity and recovery. We conduct thorough checks to ensure continuous data access for our clients and initiate the process of data backup retrieval to restore any data that may have been compromised or lost during the emergency. As highlighted by Wallace & Webber (2017) in "The Disaster Recovery Handbook: A Step-by- Step Plan to Ensure Business Continuity and Protect Vital Operations, Facilities, and Assets," data recovery is a critical component of business continuity, requiring regular backups and rigorous testing of recovery procedures. 5. Restoration and Resumption of Full Operations 11
CEO Chief Executive Officer In the final phase, we ensure that all systems and data are secure and operational. We then communicate the return to normal operations to our management and stakeholders, confirming that the integrity of our operations and data remains intact. Company Organizational Chart 12
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
FCM Facility Security Manager COO Chief Operating Officer CISO Chief Information Security Officer CIO Chief Information Officer CFO Chief Financial Officer References : Hopkin, P. (2018). Fundamentals of Risk Management: Understanding, Evaluating and Implementing Effective Risk Management (5th ed.). Kogan Page. Hillson, D. (2009). Managing Risk in Projects. Gower Publishing, Ltd. McEntire, D. A. (2019). Disaster Response and Recovery: Strategies and Tactics for Resilience. Wiley. Wallace, M., & Webber, L. (2017). The Disaster Recovery Handbook: A Step-by- Step Plan to Ensure Business Continuity and Protect Vital Operations, Facilities, and Assets. AMACOM. Techtarget. (2022). What is a Business Continuity Plan (BCP)? 13
Qualityze. (2022). Document Change Control: A Must-Have Process to meet Compliance. 14

Related Documents

BUSS230 WK 2 Quiz.docx
MIS 655 Topic 8 DQ 2.docx
BUSS230 WK 5 Quiz.docx
BUSS230 WK 4 Quiz.docx
Module 3 open book written assignment lalita.docx
CITC 2326_Case Project 13-4.docx
View.docx
baker week 8.docx
PMGT701 Group Term Project Instructions - PART 12.pdf
Access Control Firewall Assessment Lab.docx
Intrusion Detection System (IDS) Lab.docx
Assignment 3 - Feasibility Assessment (1).docx