Expert answer:Complete the Final project template and fill the b
Expert answer:I have sent the all files and in that task 1 to task 4 is reference documents and after review those documents you can fill the” Final Project Part 2 – BIA-BCP-DRP-CIRT template” and also you can see the attached screenshot “Project” for your understanding.
final_project_part_2___bia_bcp_drp_cirt_template.docx
final_project_part_ii_task_1___business_impact_analysis_boiler_plate.pdf
final_project_part_ii_task_2___business_continuity_plan_boiler_plate.pdf
final_project_part_ii_task_3___it_disaster_recovery_boiler_plate.pdf
final_project_part_ii_task_4___computer_incident_response_team_plan_boilerplate.pdf
Unformatted Attachment Preview
ISOL 533 – Information Security and Risk Management
University of the Cumberlands
Task 1. Complete the BIA table below and use it for the remainder of the assignment. You may want
to review your Lab #07 assignment where you developed a BIA table. Information needed to create the
Business Functions and Processes below are in the “Project Management Plan” scenario and the
“Project Health Network Visual”. Hint: look at the processes that go from the customers and into the
systems/applications in the “Project Health Network Visual”.
Business Function or Process
Business
Impact
Factor
Recovery
Time
Objective
IT Systems/Apps
Infrastructure Impacts
ISOL 533 – Information Security and Risk Management
University of the Cumberlands
Task 1: Business Impact Analysis – extracts from the Boiler Plate
1.
Overview
This Business Impact Analysis (BIA) is developed as part of the contingency planning process for the
HNetExchange Message system, HNetConnect Directory system and HNetPay Payment system. It was
prepared for Health Network, Inc (Health Network).
2.
System Description
3.1.1
Identify Outage Impacts and Estimated Downtime
Estimated Downtime
The table below identifies the MTD, RTO, and RPO for the organizational business processes that rely on
the HNetExchange Message system, HNetConnect Directory system and HNetPay Payment system.
Mission/Business Process
For HNetExchange
MTD
RTO
RPO
Mission/Business Process
For HNetConnect
MTD
RTO
RPO
Mission/Business Process
For HNetPay
MTD
RTO
RPO
ISOL 533 – Information Security and Risk Management
University of the Cumberlands
Task 2: Business Continuity Plan – extracts from the Boiler Plate
EMERGENCY MANAGEMENT STANDARDS
Data backup policy
Full and incremental backups preserve corporate information assets and should be performed on a
regular basis for audit logs and files that are irreplaceable, have a high replacement cost, or are
considered critical. Backup media should be stored in a secure, geographically separate location from
the original and isolated from environmental hazards.
Department-specific data and document retention policies specify what records must be retained and
for how long. All organizations are accountable for carrying out the provisions of the instruction for
records in their organization.
IT follows these standards for its data backup and archiving:
Tape retention policy
Backup media is stored at locations that are secure, isolated from environmental hazards, and
geographically separate from the location housing the system.
Billing tapes
•
•
•
Tapes greater than three years old are destroyed every six months.
Tapes less than three years old must be stored locally off-site.
The system supervisor is responsible for the transition cycle of tapes.
System image tapes
•
•
•
A copy of the most current image files must be made at least once per week.
This backup must be stored offsite.
The system supervisor is responsible for this activity.
Off-site storage procedures
• Tapes and disks, and other suitable media are stored in environmentally secure facilities.
• Tape or disk rotation occurs on a regular schedule coordinated with the storage vendor.
Access to backup databases and other data is tested annually
ISOL 533 – Information Security and Risk Management
University of the Cumberlands
ISOL 533 – Information Security and Risk Management
University of the Cumberlands
Task 3: Disaster Recovery Plan – extracts from the Boiler Plate
DISASTER RECOVERY PLAN FOR
OVERVIEW
PRODUCTION SERVER
IT INFRASTRUCTURE
Location: Enter location
Provide details on what systems, applications, databases and
equipment are involved.
BACKUP STRATEGY FOR
SYSTEM ONE
DAILY / MONTHLY /
QUARTERLY
Choose which strategy on the left is use.
DISASTER RECOVERY
PROCEDURE
RISK #1: LOSS OF
COMPANY DATA DUE TO
HNETPAY HARDWARE
REMOVED FROM
PRODUCTION SYSTEMS.
Provide details
RISK #2: LOSS OF
CUSTOMERS DUE TO
PRODUCTION OUTAGES.
Provide details
ISOL 533 – Information Security and Risk Management
University of the Cumberlands
DISASTER RECOVERY PLAN FOR
OVERVIEW
PRODUCTION SERVER
IT INFRASTRUCTURE
Location: Enter location
Provide details on what systems, applications, databases and
equipment are involved.
BACKUP STRATEGY FOR
SYSTEM ONE
DAILY / MONTHLY /
QUARTERLY
Choose which strategy on the left is use.
DISASTER RECOVERY
PROCEDURE
RISK #1: LOSS OF
COMPANY DATA DUE TO
HNETCONNECT
HARDWARE REMOVED
FROM PRODUCTION
SYSTEMS.
Provide details
RISK #2: LOSS OF
CUSTOMERS DUE TO
PRODUCTION OUTAGES.
Provide details
ISOL 533 – Information Security and Risk Management
University of the Cumberlands
DISASTER RECOVERY PLAN FOR
OVERVIEW
PRODUCTION SERVER
IT INFRASTRUCTURE
Location: Enter location
Provide details on what systems, applications, databases and
equipment are involved.
BACKUP STRATEGY FOR
SYSTEM ONE
DAILY / MONTHLY /
QUARTERLY
Choose which strategy on the left is use.
SYSTEM DISASTER
RECOVERY PROCEDURE
RISK #1: LOSS OF
COMPANY DATA DUE TO
HNETEXCHANGE
HARDWARE REMOVED
FROM PRODUCTION
SYSTEMS.
Provide details
RISK #2: LOSS OF
CUSTOMERS DUE TO
PRODUCTION OUTAGES.
Provide details
ISOL 533 – Information Security and Risk Management
University of the Cumberlands
Task 4: Computer Incident Response Team Plan – extracts from the Boiler Plate
Appendix A – Incident Response Worksheet
Preparation:
What tools, applications, laptops, and communication devices were needed to address the Computer
Incident Response for this specific breach?
Identification: When an incident is reported, it must be identified, classified, and documented. During
this step, the following information is needed:
•
Identify the nature of the incident
o What Business Process was impacted
o What threat was identified
o What weakness was identified
o What risk was identified
o What was the Risk Factor/Impact of the incident
o What was the RTO, MTD and RPO assigned to the business process
o What hardware, software, database and other resource were impacted
Containment: The immediate objective is to limit the scope and magnitude of the computer/securityrelated incident as quickly as possible, rather than allow the incident to continue to gain evidence for
identifying and/or prosecuting the perpetrator.
•
What needs to be done to limit the scope of the incident
Eradication: The next priority is to remove the computer/security-related incident or breach’s effects.
•
What needs to be done to mitigate the risk of the incident
Recovery: Recovery is specific to bringing back into production those IT systems, applications, and
assets that were affected by the security-related incident.
•
What needs to be done to recover the IT systems
o What procedures need to be used and are they covered in the Disaster Recovery Plan
o Would the Business Continuity Plan be executed in response to this incident
o Would any issues be identified that would lead to updates to the BIA, BCP or DR plans.
ISOL 533 – Information Security and Risk Management
University of the Cumberlands
1.
BUSINESS IMPACT ANALYSIS
Overview
This Business Impact Analysis (BIA) is developed as part of the contingency planning process for the
HNetExchange Message system, HNetConnect Directory system and HNetPay Payment system. It was
prepared on Health Network, Inc (Health Network).
1.1
Purpose
The purpose of the BIA is to identify and prioritize system components by correlating them to the
mission/business process(es) the system supports, and using this information to characterize the impact
on the process(es) if the system were unavailable.
The BIA is composed of the following three steps:
1. Determine mission/business processes and recovery criticality. Mission/business processes
supported by the system are identified and the impact of a system disruption to those processes
is determined along with outage impacts and estimated downtime. The downtime should
reflect the maximum that an organization can tolerate while still maintaining the mission.
2. Identify resource requirements. Realistic recovery efforts require a thorough evaluation of the
resources required to resume mission/business processes and related interdependencies as
quickly as possible. Examples of resources that should be identified include facilities, personnel,
equipment, software, data files, system components, and vital records.
3. Identify recovery priorities for system resources. Based upon the results from the previous
activities, system resources can more clearly be linked to critical mission/business processes.
Priority levels can be established for sequencing recovery activities and resources.
This document is used to build the HNetExchange Message system, HNetConnect Directory system and
HNetPay Payment system Business Contingency Plan (BCP) and is included as a key component of the
BCP. It also may be used to support the development of other contingency plans associated with the
system, including, but not limited to, the Disaster Recovery Plan (DRP).
2.
System Description
{Provide a general description of system architecture and functionality as provided in the scenario
instructions. Indicate the operating environment, physical location, general location of users, and
partnerships with external organizations/systems. Include information regarding any other technical
considerations that are important for recovery purposes, such as backup procedures. Provide a diagram,
as an appendix, of the architecture, including inputs and outputs and telecommunications connections.}
BUSINESS IMPACT ANALYSIS
ISOL 533 – Information Security and Risk Management
University of the Cumberlands
3.
BIA Data Collection
{Normally data collection can be accomplished through individual/group interviews, workshops, email,
questionnaires, or any combination of these. For this assignment, review the scenario and include
information you would expect to obtain during the normal data collection process}
3.1
Determine Process and System Criticality
Step one of the BIA process – Working with input from users, managers, mission/business process
owners, and other internal or external points of contact (POC), identify the specific mission/business
processes that depend on or support the information system.
Mission/Business Process
3.1.1
Description
Identify Outage Impacts and Estimated Downtime
Outage Impacts
The following impact categories represent important areas for consideration in the event of a disruption
or impact.
Values for assessing category Risk Factors/Impact:
Critical = “1”
Major = “2”
Minor = “3”
Values for assessing category Recovery Time Objectives (RTO):
Critical-1 = 4 hours
Critical-2 = 8 hours
Critical-3 = 24 hours
Major-1 = 36 hours
Major-2 = 48 hours
Minor = 1 week
The table(s) below summarizes the impact on each mission/business process if the HNetExchange
Message system, HNetConnect Directory system and HNetPay Payment system were unavailable.
ISOL 533 – Information Security and Risk Management
University of the Cumberlands
Mission/Business Process
for HNetExchange
Mission/Business Process
for HNetConnect
Mission/Business Process
for HNetPay
BUSINESS IMPACT ANALYSIS
Impact Category
Risk Factor
RTO
Describe the Impact if unavailable
Impact Category
Risk Factor
RTO
Describe the Impact if unavailable
Impact Category
Risk Factor
RTO
Describe the Impact if unavailable
Estimated Downtime
Working directly with mission/business process owners, departmental staff, managers, and other
stakeholders, estimate the downtime factors for consideration as a result of a disruptive event.
Maximum Tolerable Downtime (MTD). The MTD represents the total amount of time
leaders/managers are willing to accept for a mission/business process outage or disruption and
includes all impact considerations. Determining MTD is important because it could leave
continuity planners with imprecise direction on (1) selection of an appropriate recovery method,
and (2) the depth of detail which will be required when developing recovery procedures,
including their scope and content.
Recovery Time Objective (RTO). RTO defines the maximum amount of time that a system
resource can remain unavailable before there is an unacceptable impact on other system
resources, supported mission/business processes, and the MTD. Determining the information
ISOL 533 – Information Security and Risk Management
University of the Cumberlands
BUSINESS IMPACT ANALYSIS
system resource RTO is important for selecting appropriate technologies that are best suited for
meeting the MTD.
Recovery Point Objective (RPO). The RPO represents the point in time, prior to a disruption or
system outage, to which mission/business process data must be recovered (given the most
recent backup copy of the data) after an outage.
The table below identifies the MTD, RTO, and RPO for the organizational mission/business processes
that rely on the HNetExchange Message system, HNetConnect Directory system and HNetPay Payment
system.
3.2
Mission/Business Process
For HNetExchange
MTD
RTO
RPO
Mission/Business Process
For HNetConnect
MTD
RTO
RPO
Mission/Business Process
For HNetPay
MTD
RTO
RPO
Identify Resource Requirements
The following table identifies the resources that compose the HNetExchange Message system,
HNetConnect Directory system and HNetPay Payment system including hardware, software, and other
resources such as data files.
System Resource/Component
Description
It is assumed that all identified resources support the mission/business processes identified in Section 3.1
unless otherwise stated.
ISOL 533 – Information Security and Risk Management
University of the Cumberlands
3.3
BUSINESS IMPACT ANALYSIS
Identify Recovery Priorities for System Resources
The table below lists the order of recovery for resources. The table also identifies the
expected time for recovering the resource following a “worst case” (complete rebuild/repair or
replacement) disruption.
Recovery Time Objective (RTO) – RTO defines the maximum amount of time that a system
resource can remain unavailable before there is an unacceptable impact on other system
resources, supported mission/business processes, and the MTD. Determining the information
system resource RTO is important for selecting appropriate technologies that are best suited for
meeting the MTD.
Priority #
System Resource/Component
Recovery Time
Objective
ISOL 533 – Information Security and Risk Management
University of the Cumberlands
BUSINESS IMPACT ANALYSIS
Table 1 – BIA worksheet
Business Function or Process
Business
Impact
Factor
Recovery
Time
Objective
IT Systems/Apps
Infrastructure Impacts
ISOL 533 – Information Security and Risk Management
BUSINESS CONTINUITY PLAN
University of The Cumberlands
Purpose
The purpose of this business continuity plan is to prepare Health Network, Inc. (Health Network)
in the event of extended service outages caused by factors beyond our control (e.g., natural
disasters, man-made events), and to restore services to the widest extent possible in a minimum
time frame. All Health Network, Inc. (Health Network) sites are expected to implement
preventive measures whenever possible to minimize operational disruptions and to recover as
rapidly as possible when an incident occurs.
The plan identifies vulnerabilities and recommends necessary measures to prevent extended
voice communications service outages. It is a plan that encompasses all Health Network, Inc.
(Health Network) system sites and operations facilities.
Scope
The scope of this plan is limited to the three major systems used by Health Network, Inc. (Health
Network); the HNetExchange Message system, HNetConnect Directory system and HNetPay
Payment system. This is a business continuity plan, not a daily problem resolution procedures
document.
Plan objectives
Serves as a guide for the Health Network, Inc. (Health Network) recovery teams.
References and points to the location of critical data.
Provides procedures and resources needed to assist in recovery.
Identifies vendors and customers that must be notified in the event of a disaster.
Assists in avoiding confusion experienced during a crisis by documenting, testing and
reviewing recovery procedures.
Identifies alternate sources for supplies, resources and locations.
Documents storage, safeguarding and retrieval procedures for vital records.
Assumptions
Key people (team leaders or alternates) will be available following a disaster.
A national disaster such as nuclear war is beyond the scope of this plan.
This document and all vital records are stored in a secure off-site location and not only
survive the disaster but are accessible immediately following the disaster.
Each support organization will have its own plan consisting of unique recovery procedures,
critical resource information and procedures.
Disaster definition
Any loss of utility service (power, water), connectivity (system sites), or catastrophic event
(weather, natural disaster, vandalism) that causes an interruption in the service provided by
Health Network, Inc. (Health Network) operations. The plan identifies vulnerabilities and
recommends measures to prevent extended service outages.
1
RESTRICTED
ISOL 533 – Information Security and Risk Management
BUSINESS CONTINUITY PLAN
University of The Cumberlands
Recovery teams
Emergency management team (EMT)
Disaster recovery team (DRT)
IT technical services (IT)
Team member responsibilities
Each team m …
Purchase answer to see full
attachment
How it works
- Paste your instructions in the instructions box. You can also attach an instructions file
- Select the writer category, deadline, education level and review the instructions
- Make a payment for the order to be assignment to a writer
- Download the paper after the writer uploads it
Will the writer plagiarize my essay?
You will get a plagiarism-free paper and you can get an originality report upon request.
Is this service safe?
All the personal information is confidential and we have 100% safe payment methods. We also guarantee good grades