Contingency Strategies for Information System
Benchmark – Developing Contingency Strategies for Information System
Note: Company’s name is “Across The States Bank”
24/7 monitoring of all network activity is an invaluable tool for enhancing your security posture. An effective Incident Response Plan (IRP) is essential to mitigation of attacks, while a Disaster Recovery Plan (DRP) provides support for unexpected environmental obstacles to information systems. For both IRP and DRP, a company must develop strategies to recover from unexpected interruptions, and exercise these plans to ensure all applicable personnel are prepped and aware of their roles. In Topic 5, a minor Business Impact Analysis (BIA) was conducted, which identified the critical assets to the company. These assets will be used to aid in the development of a contingency plan to ensure business continuity in the presence of an event. (critical assets to the company from topic 5 attaached)
This assignment exercises the analysis and development of a Lite Contingency Plan (BIA, IRP, DRP, and Business Continuity Plan: BCP). The development of a workflow diagram is essential in displaying the relationship between the four components. This is critical for the IRP and DRP, as an IRP can launch a DRP when a threat disrupts a system through ransomware, DDoS, or other malicious attacks against a system.
Use the following guidelines to create an 8- to 12-page report using the same corporate profile selected earlier.
Business Impact Analysis
- In one to two paragraphs, summarize the objective of conducting a BIA for your selected company. Describe the benefits, potential outcomes, and company enhancements.
- Obtain the list of threats against the assets identified in your Topic 5 assignment, “Risk Management Assessment and Control,” and place them in a table.
- Prioritize this list from highest impact to lowest impact to the company.
- Add a column and describe how loss of the process, system, data, etc., will impact the company.
- Assuming worst-case scenario, add a column and describe the appropriate measures to recover from the threat.
Incident Response Plan (IRP)
In three to four pages, detail an IRP to include:
- Brief overview
- Roles and responsibilities (from Users to CISO)
- Reporting guidelines
- Example workflows diagram – Event to resolution
- Explain the six stages of incident handling as it relates to the company
- Escalation procedures with an associated chart
Disaster Recovery Plan (DRP)
Establish a DRP Policy in one to two pages that contains the following in alignment with the company:
- Roles and responsibilities
- Resource requirements
- Training requirements
- Exercise and testing schedules (include IRP exercise and schedules)
- Plan maintenance schedules
Business Continuity Plan (BRP)
In three to four pages, close out the assignment with a complete BC Plan that includes the following:
- Describe which usage strategy (Hot site, Warm site, or Cold site) the company will use and why (explain the benefit to the company).
- Explain how the company will use and sustain the usage strategy.
- Detail the critical systems/assets recovery procedures.
- Provide processes to reestablish business operations and security operations. Include disaster to alternate site and restoration back to original state.
- Provide and describe a worst-case scenario timeline (disaster to recovery).
- Describe readiness, training, exercises, and BC process reviews/updates.
Include diagrams, tables, and charts as directed by the instructor.
APA style is not required, but solid academic writing is expected.
This assignment uses a rubric. Review the rubric prior to beginning the assignment to become familiar with the expectations for successful completion.
You are required to submit this assignment to LopesWrite. Refer to the LopesWrite Technical Support articles for assistance.
This benchmark assignment assesses the following programmatic competencies:
B.S. Cyber Security
6.2 Conduct an exercise to test the disaster recovery plan in a predetermined scenario.
7.2 Perform activities to mitigate possible or real-time threats (e.g., system monitoring andCLICK HERE TO ORDER A SOLUTION FOR THIS ASSIGNMENT