Week 5 Assignment: Business Continuity Plan (BCP) – Phase 3
Throughout this program, you will be creating a business continuity plan (BCP) based on an industry that is of interest to you. This assignment is a continuation of the project where you identify requirements and create plans for business continuity/disaster recovery. Using the business continuity plan (BCP) content developed in the previous courses, complete Phase 3. Note: Upon completion and submission, implement any feedback from your instructor. Then, make sure to retain a copy of this assignment for the Business Continuity Plan, which will be finalized and submitted in either CYB-690 or ITT-660, depending on your major.
Special Note: Due to the length of this assignment, it will be started in Topic 4 and completed in Topic 5. Make sure to refer to the appropriate topic Resources as specified.
Prior to beginning this assignment, view the video “5-1 Introduction to Topic 5,” located in the topic Resources (Video Playlist: Policy Management for Security Solutions).
Part 1: Issue-Specific Security Policies
NIST SP 800-12 Rev 1 recommends three types of information security policies to help organizations create, maintain, and develop an effective information security program, so as to reduce risks, comply with laws and regulations, assure operational continuity, and apply informational confidentiality, integrity, and availability.
One type is issue-specific security policies (ISSP). For each of the following issues, use “SP 800-61 Rev. 2,” located in the topic Resources, to create an ISSP document that includes the following:
- For each policy, include issue statement, statement of the organization’s position, applicability, roles and responsibilities, compliance, points of contact, and supplementary information.
- Establish reporting and communication channels for internal and external stakeholders.
- Use of personal equipment on your company’s network (BYOD)
- Internet access
- Personal use of company equipment
- Removal of organizational equipment from your company’s property
- Use of unofficial software
- Design and development of an information security awareness and training program for an organization
Part 2: Legal Standard Operating Policies and Procedures
A thorough legal standard operating policies and procedures (SOP) document is the foundation of a good business continuity plan. Standard operating procedures and policies provide the roadmap for management and staff to follow. These steps become the backbone of the business continuity plan, and they must govern every aspect of your chosen company.
Using the Business Continuity Plan (BCP) – Phase 1 content developed in CYB-515, design a 4- to 6-page manual presenting the legal standard operating policies and procedures, to describe incidents including, but not limited to, fire evacuation, ransomware attack, power outage, and pandemic situations.
Each policy or procedure must include information related to:
- Industry Compliance
- Business Operations
- Training and Awareness
- Disaster Recovery
- Incident Response
Part 3: Incident Response
Once an adverse event targeting a business is confirmed, it is labeled as an incident. That is the time to activate the incident response plan. After the plan is activated, procedures are followed for incident reaction. Most of the time, the incident is contained. Then, cleanup of all the problems begins and the organization makes a full recovery, with everything back to normal. This is incident recovery.
Use the guidelines provided by “SP 800-61 Rev. 2: The Computer Security Incident Handling Guide,” located in the topic Resources, to design an incident response plan (IRP) for your company. Include actions to be taken if each of the following adverse events occurs:
- Ransomware attack on one PC/user
- Power failure
- ISP failure
If a disaster renders the current business location unusable for a long time, and there is no alternate site to reestablish critical business functions, what would you suggest in a situation like this? Hint: Use the 7-step model recommended by NIST in SP 800-34r1 to develop and maintain a viable BC program for your company.
Support the BCP with a minimum of three scholarly resources.
While APA style is not required for the body of this assignment, solid academic writing is expected, and documentation of sources should be presented using APA formatting guidelines, which can be found in the APA Style Guide, located in the Student Success Center.
Tutorial for Business Continuity Plan (BCP) – Phase 3
