SlideShare a Scribd company logo

1. Sean WroteThe first and most critical success factor is effe.docx

Download as DOCX, PDF
J
jackiewalcutt

1. Sean Wrote: The first and most critical success factor is effective commitment and support from top management. The cybersecurity portion of a business continuity plan cannot hope to be successful without leadership buy-in. Because C-Suite members shoulder the ultimate responsibility for the business, the planning and strategy must involve concurrence from company leadership. They must be made to understand the threats to the business, how the threats manifest into risk, and how those risks impact the business process (Hour, 2012). Another reason for top level buy-in is that management will be releasing company resources, to include funding and time, to the creation of the BCP. As strategic planning occurs, stakeholders and other critical designees should participate in relevant policy creation. If a BCP that includes cybersecurity is not relevant or in line with company/management goals, it will not succeed. A Business Impact Analysis (BIA) will assist in providing that focus by identifying key business processes and how their diminished performance affects the bottom line. Additionally, legal and regulatory concerns should be considered during the BIA process (UMUC, 2014). There’s a great quote attributed to Mike Tyson- “Everyone has a plan until they’re punched in the face”- and it describes crisis management. If all of the safety measures put in place to prevent an intrusion have failed, crisis management will drive you to focus on the recovery and resilience of critical business functions (NIST.gov, 2014). In December of 2013, Target and other retailers received a punch in the face when it was reported over 70 million customers had their debit and credit card data stolen by hackers (). Effective strategic communication in Target’s crisis management approach played a critical role in the overall recovery effort. Although the media outlets picked up and ran with this story, the only thing that seems to matter to the American consumer is that it doesn’t happen again. Judging by their stock price and continuing sales numbers, this was nothing more than a bump in the road for Target. Larry wrote: 2. It is first important to understand that the Business Continuity Plan (BCP) is different from the Disaster Recovery Plan (DRP) as the reason for the BCP is to know how to handle a temporary outage of the company’s network and/or business resources. These temporary outages can be the result of power outage, network outage due to a fiber cut or other incident or a major equipment failure resulting in loss of data. (SANS Institute, 2002) The DRP is in preparation of a major disaster in where the facilities are rendered inoperable or completely destroyed. This can occur from hurricanes, tornados or fires resulting in total loss of company assets. It will be part of the BCP being developed to decide when the BCP should be conducted versus when the DRP will be required. There are several important steps that should be included when creating a Busines ...

Education
1 of 5
1. Sean Wrote: The first and most critical success factor is effective commitment and support from top management. The cybersecurity portion of a business continuity plan cannot hope to be successful without leadership buy-in. Because C-Suite members shoulder the ultimate responsibility for the business, the planning and strategy must involve concurrence from company leadership. They must be made to understand the threats to the business, how the threats manifest into risk, and how those risks impact the business process (Hour, 2012). Another reason for top level buy-in is that management will be releasing company resources, to include funding and time, to the creation of the BCP. As strategic planning occurs, stakeholders and other critical designees should participate in relevant policy creation. If a BCP that includes cybersecurity is not relevant or in line with company/management goals, it will not succeed. A Business Impact Analysis (BIA) will assist in providing that focus by identifying key business processes and how their diminished performance affects the bottom line. Additionally, legal and regulatory concerns should be considered during the BIA process (UMUC, 2014). There’s a great quote attributed to Mike Tyson- “Everyone has a plan until they’re punched in the face”- and it describes crisis management. If all of the safety measures put in place to prevent an intrusion have failed, crisis management will drive you to focus on the recovery and resilience of critical business functions (NIST.gov, 2014). In December of 2013, Target and other retailers received a punch in the face when it was reported over 70 million customers had their debit and credit card data stolen by hackers (). Effective strategic communication in Target’s crisis management approach played a critical role in the overall recovery effort. Although the media outlets picked up and ran with this story, the only thing that seems to matter to the American consumer is that it doesn’t happen again. Judging
by their stock price and continuing sales numbers, this was nothing more than a bump in the road for Target. Larry wrote: 2. It is first important to understand that the Business Continuity Plan (BCP) is different from the Disaster Recovery Plan (DRP) as the reason for the BCP is to know how to handle a temporary outage of the company’s network and/or business resources. These temporary outages can be the result of power outage, network outage due to a fiber cut or other incident or a major equipment failure resulting in loss of data. (SANS Institute, 2002) The DRP is in preparation of a major disaster in where the facilities are rendered inoperable or completely destroyed. This can occur from hurricanes, tornados or fires resulting in total loss of company assets. It will be part of the BCP being developed to decide when the BCP should be conducted versus when the DRP will be required. There are several important steps that should be included when creating a Business Continuity Plan (BCP). First and foremost is that upper management needs to be involved from there very beginning and fully support the plan. No plan can be successful without management support. Once this has been established, there needs to be a Business Impact Analysis (BIA) conducted. The purpose of a BIA is to identify all of the assets of the company and assign a value to it. This value will take into consideration the type and dollar of the equipment, the dollar value of the data and information that is stored within those systems, what it would take to restore those systems and the resources that will be needed. The BIA process will be an essential part of the overall BCP. Developing an overall strategy on how to develop the BCP should be outlined in the following phases; Project Initiation, Business Analysis (including the BIA), BCP Design, Creating the BCP, testing of the BCP and then keeping the BCP updated for any changes. (Tipton, 2010) These phases will help the BCP team analyze their environment and determine what the areas are that needs the most attention. This BCP will also better
prepare the company to deal with whatever incident arises and the steps to bring their company back online. The BCP is a living document that has to be tested and maintained regularly. It will be up to the BCP team to determine frequency for the review of the BCP and how to make sure that all employees are aware of the plan trained to respond to the BCP 3. Larry Wrote: A flooding attack can be a very damaging and relatively easy type of attack as it can render a network, business or even a government infrastructure unavailable. It has been mentioned several times in this class regarding the cyber-attacks initiated at the start of the Russian-Georgian War in 2008. Before the traditional war began, a massive denial-of-service (DoS) attack was launched towards the internal servers of the Georgian government. This DoS attack specifically targeted the web, financial and government operated servers making them unavailable to everyone including the government. The web servers were then remotely accessed where the official government websites were defaced depicting the Georgian leader in an unflattering way. As the result of the cyber-attack, the overall war itself was not as big of a fight as a traditional war. What made this war so much different and historical is the fact that cyber technologies were utilized before any ground, air or sea attack was launched. (Hollis, 2011) This type of attack shows the devastation that can be done with a small group of computers and actors to conduct this type of attack. Attacks towards control systems are another type of attack that can produce a great amount of damage depending on the targets. Critical Infrastructures (CI) have been under constant attacks from outside entities trying to shut down or control these systems. This type of attack can be extremely detrimental and damaging to these control systems. There was another well- known documented incident that involved this type of internal attack. The incident was launched against a control system within the Iranian Nuclear Program. As a result, this attack ended up shutting down their entire nuclear facility setting them
back years in nuclear development. It was called the Stuxnet worm and was designed to infiltrate and seek out a particular type of hardware that was using a vulnerable piece of software. As a result of the worm’s action, it ended up causing the Iranian nuclear engineers to shut down their centrifuges within the nuclear facility. (Kerr, Rollins, & Theohary, 2010) Using this type of attack can easily affect many other types of critical infrastructure systems that may be in the same older state operation. Utilizing the key-logger attack can also be a great way to gather vital information to either future attacks or some sort ransom. Key-loggers will be installed usually using a Trojan malware as its deploying method. These key-loggers are designed to record every key stroke of the end user’s computer and send it back to the attackers’ collection point. The information that can be gathered is information like credit card numbers, social security numbers, driver’s license info along with username and passwords. Key-loggers can also be useful gathering information from within a company’s network. Usernames and passwords can be recorded and used to gain internal access using escalated privileges. This would give the attack the “keys to the kingdom” so to speak. 4. Sean Wrote: There are a few initiatives on the books that appear to be working towards a comprehensive strategy. The Comprehensive National Cybersecurity Initiative (CNCI), established by President Bush in 2008, has been reinforced by President Obama and suggests twelve ideas that aim to build the coordination and cooperation required to address cyber-attacks. The CNCI involves the selection of an Executive Branch Cybersecurity Coordinator (CSC) who will have immediate access to the president. The CSC is also charged to work closely with key players in cybersecurity including all levels of government and the private sector, ensuring an organized response to incidents along with finding relevant cybersecurity
technology (Whitehouse.gov, 2009). Initiatives details include a single, managed Federal Enterprise network protected by trusted internet connections, intrusion detection sensors and intrusion prevention sensors. The document goes on to announce initiatives in cybersecurity research and development efforts, the connecting of cyber ops centers, expanding cyber education, securing supply chains, and expanding the Federal role of securing critical infrastructure domains (Whitehouse.gov, 2009). In the political realm, no proposal is without its detractors and the CNCI is no different. The federally chartered Information Security and Privacy Advisory Board (ISPAB) is concerned with a lack of transparency and would like to see a release of key documentation regarding personal cyber privacy (Sentor, 2010). There are also questions regarding the legality of responding to cyber-attacks and the appropriate roles of executive and legislative branches in addressing cybersecurity. And finally, there are grumblings about the sharing of intelligence between the government and the private sector especially since the majority of threat information collected is classified

Recommended

A1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for CybersecurityA1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for CybersecuritySpark Security
 
The global digital divide portrays the global disparities basicall.docx
The global digital divide portrays the global disparities basicall.docxThe global digital divide portrays the global disparities basicall.docx
The global digital divide portrays the global disparities basicall.docxarnoldmeredith47041
 
B susser researchpaper (3)
B susser researchpaper (3)B susser researchpaper (3)
B susser researchpaper (3)Bradley Susser
 
Running head FEASIBILITY REPORT1FEASIBILITY REPORT6.docx
Running head FEASIBILITY REPORT1FEASIBILITY REPORT6.docxRunning head FEASIBILITY REPORT1FEASIBILITY REPORT6.docx
Running head FEASIBILITY REPORT1FEASIBILITY REPORT6.docxjeanettehully
 
Running head FEASIBILITY REPORT1FEASIBILITY REPORT6.docx
Running head FEASIBILITY REPORT1FEASIBILITY REPORT6.docxRunning head FEASIBILITY REPORT1FEASIBILITY REPORT6.docx
Running head FEASIBILITY REPORT1FEASIBILITY REPORT6.docxwlynn1
 
Brian Wrote There is a wide range of cybersecurity initiatives .docx
Brian Wrote There is a wide range of cybersecurity initiatives .docxBrian Wrote There is a wide range of cybersecurity initiatives .docx
Brian Wrote There is a wide range of cybersecurity initiatives .docxhartrobert670
 
Identity Theft ResponseYou have successfully presented an expa
Identity Theft ResponseYou have successfully presented an expaIdentity Theft ResponseYou have successfully presented an expa
Identity Theft ResponseYou have successfully presented an expaLizbethQuinonez813
 
B susser researchpaper (2)
B susser researchpaper (2)B susser researchpaper (2)
B susser researchpaper (2)Bradley Susser
 

Recommended

A1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for CybersecurityA1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for CybersecuritySpark Security
 
The global digital divide portrays the global disparities basicall.docx
The global digital divide portrays the global disparities basicall.docxThe global digital divide portrays the global disparities basicall.docx
The global digital divide portrays the global disparities basicall.docxarnoldmeredith47041
 
B susser researchpaper (3)
B susser researchpaper (3)B susser researchpaper (3)
B susser researchpaper (3)Bradley Susser
 
Running head FEASIBILITY REPORT1FEASIBILITY REPORT6.docx
Running head FEASIBILITY REPORT1FEASIBILITY REPORT6.docxRunning head FEASIBILITY REPORT1FEASIBILITY REPORT6.docx
Running head FEASIBILITY REPORT1FEASIBILITY REPORT6.docxjeanettehully
 
Running head FEASIBILITY REPORT1FEASIBILITY REPORT6.docx
Running head FEASIBILITY REPORT1FEASIBILITY REPORT6.docxRunning head FEASIBILITY REPORT1FEASIBILITY REPORT6.docx
Running head FEASIBILITY REPORT1FEASIBILITY REPORT6.docxwlynn1
 
Brian Wrote There is a wide range of cybersecurity initiatives .docx
Brian Wrote There is a wide range of cybersecurity initiatives .docxBrian Wrote There is a wide range of cybersecurity initiatives .docx
Brian Wrote There is a wide range of cybersecurity initiatives .docxhartrobert670
 
Identity Theft ResponseYou have successfully presented an expa
Identity Theft ResponseYou have successfully presented an expaIdentity Theft ResponseYou have successfully presented an expa
Identity Theft ResponseYou have successfully presented an expaLizbethQuinonez813
 
B susser researchpaper (2)
B susser researchpaper (2)B susser researchpaper (2)
B susser researchpaper (2)Bradley Susser
 
B susser researchpaper (2)
B susser researchpaper (2)B susser researchpaper (2)
B susser researchpaper (2)Bradley Susser
 
12Cyber Research ProposalCyb
12Cyber Research ProposalCyb12Cyber Research ProposalCyb
12Cyber Research ProposalCybAnastaciaShadelb
 
12Cyber Research ProposalCyb
12Cyber Research ProposalCyb12Cyber Research ProposalCyb
12Cyber Research ProposalCybChantellPantoja184
 
Global Partnership Key to Cyber Security
Global Partnership Key to Cyber SecurityGlobal Partnership Key to Cyber Security
Global Partnership Key to Cyber SecurityDominic Karunesudas
 
IntroductionCompanies are increasingly aware of the crucial role.docx
IntroductionCompanies are increasingly aware of the crucial role.docxIntroductionCompanies are increasingly aware of the crucial role.docx
IntroductionCompanies are increasingly aware of the crucial role.docxmariuse18nolet
 
Epebinu 2CyberSecurity On Microsoft BreachingFirst Draft Of
Epebinu 2CyberSecurity On Microsoft BreachingFirst Draft Of Epebinu 2CyberSecurity On Microsoft BreachingFirst Draft Of
Epebinu 2CyberSecurity On Microsoft BreachingFirst Draft Of TanaMaeskm
 
OverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateOverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateKashif Ali
 
Improved-Cybersecurity-cooperation
Improved-Cybersecurity-cooperationImproved-Cybersecurity-cooperation
Improved-Cybersecurity-cooperationrrepko
 
Key elements of security threat
Key elements of security threatKey elements of security threat
Key elements of security threatAraf Karsh Hamid
 
Information AssuranceChaston Carter041717 Target Corpora.docx
Information AssuranceChaston Carter041717 Target Corpora.docxInformation AssuranceChaston Carter041717 Target Corpora.docx
Information AssuranceChaston Carter041717 Target Corpora.docxjaggernaoma
 
Provide a MEMO.docx
Provide a MEMO.docxProvide a MEMO.docx
Provide a MEMO.docxwrite30
 
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...Shifting Risks and IT Complexities Create Demands for New Enterprise Security...
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...Booz Allen Hamilton
 
IBM Security Services
IBM Security ServicesIBM Security Services
IBM Security ServicesRainer Mueller
 
A Comprehensive Review of Cyber Security, Threats and Cyber Attacks
A Comprehensive Review of Cyber Security, Threats and Cyber AttacksA Comprehensive Review of Cyber Security, Threats and Cyber Attacks
A Comprehensive Review of Cyber Security, Threats and Cyber AttacksIRJET Journal
 
Cybersecurity Business Risk, Literature Review
Cybersecurity Business Risk, Literature ReviewCybersecurity Business Risk, Literature Review
Cybersecurity Business Risk, Literature ReviewEnow Eyong
 
Business Continuity And Disaster Recovery Are Top IT Priorities For 2010 And ...
Business Continuity And Disaster Recovery Are Top IT Priorities For 2010 And ...Business Continuity And Disaster Recovery Are Top IT Priorities For 2010 And ...
Business Continuity And Disaster Recovery Are Top IT Priorities For 2010 And ...Citrix Online
 
The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020
The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020
The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020Jessica Graf
 
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docxSECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docxbagotjesusa
 
Need for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure ProtectionNeed for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure ProtectionWilliam McBorrough
 
2010 6 Things u need 2 know in 2010 Whitepaper Final
2010 6 Things u need 2 know in 2010 Whitepaper Final2010 6 Things u need 2 know in 2010 Whitepaper Final
2010 6 Things u need 2 know in 2010 Whitepaper FinalLarry Taylor Ph.D.
 
briefly summarize how the Electoral College works. Explain some of t.docx
briefly summarize how the Electoral College works. Explain some of t.docxbriefly summarize how the Electoral College works. Explain some of t.docx
briefly summarize how the Electoral College works. Explain some of t.docxjackiewalcutt
 
Briefly summarize and analyze two primary sources, identifying their.docx
Briefly summarize and analyze two primary sources, identifying their.docxBriefly summarize and analyze two primary sources, identifying their.docx
Briefly summarize and analyze two primary sources, identifying their.docxjackiewalcutt
 

More Related Content

Similar to 1. Sean WroteThe first and most critical success factor is effe.docx

B susser researchpaper (2)
B susser researchpaper (2)B susser researchpaper (2)
B susser researchpaper (2)Bradley Susser
 
12Cyber Research ProposalCyb
12Cyber Research ProposalCyb12Cyber Research ProposalCyb
12Cyber Research ProposalCybAnastaciaShadelb
 
Global Partnership Key to Cyber Security
Global Partnership Key to Cyber SecurityGlobal Partnership Key to Cyber Security
Global Partnership Key to Cyber SecurityDominic Karunesudas
 
IntroductionCompanies are increasingly aware of the crucial role.docx
IntroductionCompanies are increasingly aware of the crucial role.docxIntroductionCompanies are increasingly aware of the crucial role.docx
IntroductionCompanies are increasingly aware of the crucial role.docxmariuse18nolet
 
Epebinu 2CyberSecurity On Microsoft BreachingFirst Draft Of
Epebinu 2CyberSecurity On Microsoft BreachingFirst Draft Of Epebinu 2CyberSecurity On Microsoft BreachingFirst Draft Of
Epebinu 2CyberSecurity On Microsoft BreachingFirst Draft Of TanaMaeskm
 
OverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateOverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateKashif Ali
 
Improved-Cybersecurity-cooperation
Improved-Cybersecurity-cooperationImproved-Cybersecurity-cooperation
Improved-Cybersecurity-cooperationrrepko
 
Key elements of security threat
Key elements of security threatKey elements of security threat
Key elements of security threatAraf Karsh Hamid
 
Information AssuranceChaston Carter041717 Target Corpora.docx
Information AssuranceChaston Carter041717 Target Corpora.docxInformation AssuranceChaston Carter041717 Target Corpora.docx
Information AssuranceChaston Carter041717 Target Corpora.docxjaggernaoma
 
Provide a MEMO.docx
Provide a MEMO.docxProvide a MEMO.docx
Provide a MEMO.docxwrite30
 
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...Shifting Risks and IT Complexities Create Demands for New Enterprise Security...
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...Booz Allen Hamilton
 
A Comprehensive Review of Cyber Security, Threats and Cyber Attacks
A Comprehensive Review of Cyber Security, Threats and Cyber AttacksA Comprehensive Review of Cyber Security, Threats and Cyber Attacks
A Comprehensive Review of Cyber Security, Threats and Cyber AttacksIRJET Journal
 
Cybersecurity Business Risk, Literature Review
Cybersecurity Business Risk, Literature ReviewCybersecurity Business Risk, Literature Review
Cybersecurity Business Risk, Literature ReviewEnow Eyong
 
Business Continuity And Disaster Recovery Are Top IT Priorities For 2010 And ...
Business Continuity And Disaster Recovery Are Top IT Priorities For 2010 And ...Business Continuity And Disaster Recovery Are Top IT Priorities For 2010 And ...
Business Continuity And Disaster Recovery Are Top IT Priorities For 2010 And ...Citrix Online
 
The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020
The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020
The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020Jessica Graf
 
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docxSECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docxbagotjesusa
 
Need for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure ProtectionNeed for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure ProtectionWilliam McBorrough
 
2010 6 Things u need 2 know in 2010 Whitepaper Final
2010 6 Things u need 2 know in 2010 Whitepaper Final2010 6 Things u need 2 know in 2010 Whitepaper Final
2010 6 Things u need 2 know in 2010 Whitepaper FinalLarry Taylor Ph.D.
 

Similar to 1. Sean WroteThe first and most critical success factor is effe.docx (20)

B susser researchpaper (2)
B susser researchpaper (2)B susser researchpaper (2)
B susser researchpaper (2)
 
12Cyber Research ProposalCyb
12Cyber Research ProposalCyb12Cyber Research ProposalCyb
12Cyber Research ProposalCyb
 
12Cyber Research ProposalCyb
12Cyber Research ProposalCyb12Cyber Research ProposalCyb
12Cyber Research ProposalCyb
 
Global Partnership Key to Cyber Security
Global Partnership Key to Cyber SecurityGlobal Partnership Key to Cyber Security
Global Partnership Key to Cyber Security
 
IntroductionCompanies are increasingly aware of the crucial role.docx
IntroductionCompanies are increasingly aware of the crucial role.docxIntroductionCompanies are increasingly aware of the crucial role.docx
IntroductionCompanies are increasingly aware of the crucial role.docx
 
Epebinu 2CyberSecurity On Microsoft BreachingFirst Draft Of
Epebinu 2CyberSecurity On Microsoft BreachingFirst Draft Of Epebinu 2CyberSecurity On Microsoft BreachingFirst Draft Of
Epebinu 2CyberSecurity On Microsoft BreachingFirst Draft Of
 
OverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateOverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrate
 
Improved-Cybersecurity-cooperation
Improved-Cybersecurity-cooperationImproved-Cybersecurity-cooperation
Improved-Cybersecurity-cooperation
 
Key elements of security threat
Key elements of security threatKey elements of security threat
Key elements of security threat
 
Information AssuranceChaston Carter041717 Target Corpora.docx
Information AssuranceChaston Carter041717 Target Corpora.docxInformation AssuranceChaston Carter041717 Target Corpora.docx
Information AssuranceChaston Carter041717 Target Corpora.docx
 
Provide a MEMO.docx
Provide a MEMO.docxProvide a MEMO.docx
Provide a MEMO.docx
 
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...Shifting Risks and IT Complexities Create Demands for New Enterprise Security...
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...
 
IBM Security Services
IBM Security ServicesIBM Security Services
IBM Security Services
 
A Comprehensive Review of Cyber Security, Threats and Cyber Attacks
A Comprehensive Review of Cyber Security, Threats and Cyber AttacksA Comprehensive Review of Cyber Security, Threats and Cyber Attacks
A Comprehensive Review of Cyber Security, Threats and Cyber Attacks
 
Cybersecurity Business Risk, Literature Review
Cybersecurity Business Risk, Literature ReviewCybersecurity Business Risk, Literature Review
Cybersecurity Business Risk, Literature Review
 
Business Continuity And Disaster Recovery Are Top IT Priorities For 2010 And ...
Business Continuity And Disaster Recovery Are Top IT Priorities For 2010 And ...Business Continuity And Disaster Recovery Are Top IT Priorities For 2010 And ...
Business Continuity And Disaster Recovery Are Top IT Priorities For 2010 And ...
 
The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020
The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020
The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020
 
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docxSECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
 
Need for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure ProtectionNeed for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure Protection
 
2010 6 Things u need 2 know in 2010 Whitepaper Final
2010 6 Things u need 2 know in 2010 Whitepaper Final2010 6 Things u need 2 know in 2010 Whitepaper Final
2010 6 Things u need 2 know in 2010 Whitepaper Final
 

More from jackiewalcutt

briefly summarize how the Electoral College works. Explain some of t.docx
briefly summarize how the Electoral College works. Explain some of t.docxbriefly summarize how the Electoral College works. Explain some of t.docx
briefly summarize how the Electoral College works. Explain some of t.docxjackiewalcutt
 
Briefly summarize and analyze two primary sources, identifying their.docx
Briefly summarize and analyze two primary sources, identifying their.docxBriefly summarize and analyze two primary sources, identifying their.docx
Briefly summarize and analyze two primary sources, identifying their.docxjackiewalcutt
 
Briefly respond to the following questions. Use facts and examples t.docx
Briefly respond to the following questions. Use facts and examples t.docxBriefly respond to the following questions. Use facts and examples t.docx
Briefly respond to the following questions. Use facts and examples t.docxjackiewalcutt
 
Briefly in your own words describe the distinction between explicit .docx
Briefly in your own words describe the distinction between explicit .docxBriefly in your own words describe the distinction between explicit .docx
Briefly in your own words describe the distinction between explicit .docxjackiewalcutt
 
Briefly explain   Victoria Australia Covid19 update and impact.docx
Briefly explain   Victoria Australia Covid19 update and impact.docxBriefly explain   Victoria Australia Covid19 update and impact.docx
Briefly explain   Victoria Australia Covid19 update and impact.docxjackiewalcutt
 
Briefly introduce the détente policies of the early 1970s, and des.docx
Briefly introduce the détente policies of the early 1970s, and des.docxBriefly introduce the détente policies of the early 1970s, and des.docx
Briefly introduce the détente policies of the early 1970s, and des.docxjackiewalcutt
 
Briefly explain the role of information systems in an organization.docx
Briefly explain the role of information systems in an organization.docxBriefly explain the role of information systems in an organization.docx
Briefly explain the role of information systems in an organization.docxjackiewalcutt
 
briefly describe, in 2-3 pages, the problemissue and the proble.docx
briefly describe, in 2-3 pages, the problemissue and the proble.docxbriefly describe, in 2-3 pages, the problemissue and the proble.docx
briefly describe, in 2-3 pages, the problemissue and the proble.docxjackiewalcutt
 
Briefly explain the mission of the OSH Act. What is the rationale be.docx
Briefly explain the mission of the OSH Act. What is the rationale be.docxBriefly explain the mission of the OSH Act. What is the rationale be.docx
Briefly explain the mission of the OSH Act. What is the rationale be.docxjackiewalcutt
 
Briefly discuss the various organizational approaches to managing .docx
Briefly discuss the various organizational approaches to managing .docxBriefly discuss the various organizational approaches to managing .docx
Briefly discuss the various organizational approaches to managing .docxjackiewalcutt
 
Briefly explain the identified security issues during Risk Assessmen.docx
Briefly explain the identified security issues during Risk Assessmen.docxBriefly explain the identified security issues during Risk Assessmen.docx
Briefly explain the identified security issues during Risk Assessmen.docxjackiewalcutt
 
Briefly discuss some KSAs for Fighting Cybercrime and submit in a wo.docx
Briefly discuss some KSAs for Fighting Cybercrime and submit in a wo.docxBriefly discuss some KSAs for Fighting Cybercrime and submit in a wo.docx
Briefly discuss some KSAs for Fighting Cybercrime and submit in a wo.docxjackiewalcutt
 
Briefly describe what a monopoly is and give an example using the ch.docx
Briefly describe what a monopoly is and give an example using the ch.docxBriefly describe what a monopoly is and give an example using the ch.docx
Briefly describe what a monopoly is and give an example using the ch.docxjackiewalcutt
 
Briefly describe the spread of industry throughout Europe and into.docx
Briefly describe the spread of industry throughout Europe and into.docxBriefly describe the spread of industry throughout Europe and into.docx
Briefly describe the spread of industry throughout Europe and into.docxjackiewalcutt
 
Briefly describe the path of food through the digestive system and e.docx
Briefly describe the path of food through the digestive system and e.docxBriefly describe the path of food through the digestive system and e.docx
Briefly describe the path of food through the digestive system and e.docxjackiewalcutt
 
Briefly describe the different parenting styles discussed in this we.docx
Briefly describe the different parenting styles discussed in this we.docxBriefly describe the different parenting styles discussed in this we.docx
Briefly describe the different parenting styles discussed in this we.docxjackiewalcutt
 
Briefly describe how the BIOS boots or starts the computer and.docx
Briefly describe how the BIOS boots or starts the computer and.docxBriefly describe how the BIOS boots or starts the computer and.docx
Briefly describe how the BIOS boots or starts the computer and.docxjackiewalcutt
 
Briefly describe how to deploy a Continuous Improvement effort.W.docx
Briefly describe how to deploy a Continuous Improvement effort.W.docxBriefly describe how to deploy a Continuous Improvement effort.W.docx
Briefly describe how to deploy a Continuous Improvement effort.W.docxjackiewalcutt
 
briefly define democracy and evaluate in detail THREE of.docx
briefly define democracy and evaluate in detail THREE of.docxbriefly define democracy and evaluate in detail THREE of.docx
briefly define democracy and evaluate in detail THREE of.docxjackiewalcutt
 
Briefly define, listcontrast, identify the significance of, or .docx
Briefly define, listcontrast, identify the significance of, or .docxBriefly define, listcontrast, identify the significance of, or .docx
Briefly define, listcontrast, identify the significance of, or .docxjackiewalcutt
 

More from jackiewalcutt (20)

briefly summarize how the Electoral College works. Explain some of t.docx
briefly summarize how the Electoral College works. Explain some of t.docxbriefly summarize how the Electoral College works. Explain some of t.docx
briefly summarize how the Electoral College works. Explain some of t.docx
 
Briefly summarize and analyze two primary sources, identifying their.docx
Briefly summarize and analyze two primary sources, identifying their.docxBriefly summarize and analyze two primary sources, identifying their.docx
Briefly summarize and analyze two primary sources, identifying their.docx
 
Briefly respond to the following questions. Use facts and examples t.docx
Briefly respond to the following questions. Use facts and examples t.docxBriefly respond to the following questions. Use facts and examples t.docx
Briefly respond to the following questions. Use facts and examples t.docx
 
Briefly in your own words describe the distinction between explicit .docx
Briefly in your own words describe the distinction between explicit .docxBriefly in your own words describe the distinction between explicit .docx
Briefly in your own words describe the distinction between explicit .docx
 
Briefly explain   Victoria Australia Covid19 update and impact.docx
Briefly explain   Victoria Australia Covid19 update and impact.docxBriefly explain   Victoria Australia Covid19 update and impact.docx
Briefly explain   Victoria Australia Covid19 update and impact.docx
 
Briefly introduce the détente policies of the early 1970s, and des.docx
Briefly introduce the détente policies of the early 1970s, and des.docxBriefly introduce the détente policies of the early 1970s, and des.docx
Briefly introduce the détente policies of the early 1970s, and des.docx
 
Briefly explain the role of information systems in an organization.docx
Briefly explain the role of information systems in an organization.docxBriefly explain the role of information systems in an organization.docx
Briefly explain the role of information systems in an organization.docx
 
briefly describe, in 2-3 pages, the problemissue and the proble.docx
briefly describe, in 2-3 pages, the problemissue and the proble.docxbriefly describe, in 2-3 pages, the problemissue and the proble.docx
briefly describe, in 2-3 pages, the problemissue and the proble.docx
 
Briefly explain the mission of the OSH Act. What is the rationale be.docx
Briefly explain the mission of the OSH Act. What is the rationale be.docxBriefly explain the mission of the OSH Act. What is the rationale be.docx
Briefly explain the mission of the OSH Act. What is the rationale be.docx
 
Briefly discuss the various organizational approaches to managing .docx
Briefly discuss the various organizational approaches to managing .docxBriefly discuss the various organizational approaches to managing .docx
Briefly discuss the various organizational approaches to managing .docx
 
Briefly explain the identified security issues during Risk Assessmen.docx
Briefly explain the identified security issues during Risk Assessmen.docxBriefly explain the identified security issues during Risk Assessmen.docx
Briefly explain the identified security issues during Risk Assessmen.docx
 
Briefly discuss some KSAs for Fighting Cybercrime and submit in a wo.docx
Briefly discuss some KSAs for Fighting Cybercrime and submit in a wo.docxBriefly discuss some KSAs for Fighting Cybercrime and submit in a wo.docx
Briefly discuss some KSAs for Fighting Cybercrime and submit in a wo.docx
 
Briefly describe what a monopoly is and give an example using the ch.docx
Briefly describe what a monopoly is and give an example using the ch.docxBriefly describe what a monopoly is and give an example using the ch.docx
Briefly describe what a monopoly is and give an example using the ch.docx
 
Briefly describe the spread of industry throughout Europe and into.docx
Briefly describe the spread of industry throughout Europe and into.docxBriefly describe the spread of industry throughout Europe and into.docx
Briefly describe the spread of industry throughout Europe and into.docx
 
Briefly describe the path of food through the digestive system and e.docx
Briefly describe the path of food through the digestive system and e.docxBriefly describe the path of food through the digestive system and e.docx
Briefly describe the path of food through the digestive system and e.docx
 
Briefly describe the different parenting styles discussed in this we.docx
Briefly describe the different parenting styles discussed in this we.docxBriefly describe the different parenting styles discussed in this we.docx
Briefly describe the different parenting styles discussed in this we.docx
 
Briefly describe how the BIOS boots or starts the computer and.docx
Briefly describe how the BIOS boots or starts the computer and.docxBriefly describe how the BIOS boots or starts the computer and.docx
Briefly describe how the BIOS boots or starts the computer and.docx
 
Briefly describe how to deploy a Continuous Improvement effort.W.docx
Briefly describe how to deploy a Continuous Improvement effort.W.docxBriefly describe how to deploy a Continuous Improvement effort.W.docx
Briefly describe how to deploy a Continuous Improvement effort.W.docx
 
briefly define democracy and evaluate in detail THREE of.docx
briefly define democracy and evaluate in detail THREE of.docxbriefly define democracy and evaluate in detail THREE of.docx
briefly define democracy and evaluate in detail THREE of.docx
 
Briefly define, listcontrast, identify the significance of, or .docx
Briefly define, listcontrast, identify the significance of, or .docxBriefly define, listcontrast, identify the significance of, or .docx
Briefly define, listcontrast, identify the significance of, or .docx
 

Recently uploaded

How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17Celine George
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxiammrhaywood
 
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfUjwalaBharambe
 
CELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptxCELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptxJiesonDelaCerna
 
Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfPharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfMahmoud M. Sallam
 
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...M56BOOKSTORE PRODUCT/SERVICE
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfSumit Tiwari
 
Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...jaredbarbolino94
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxthorishapillay1
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,Virag Sontakke
 
Biting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdfBiting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdfadityarao40181
 
Meghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentMeghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentInMediaRes1
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 

Recently uploaded (20)

How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
 
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
 
CELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptxCELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptx
 
Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfPharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdf
 
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
 
OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...
 
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
 
Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptx
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
 
Biting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdfBiting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdf
 
Meghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentMeghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media Component
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 

1. Sean WroteThe first and most critical success factor is effe.docx

  • 1. 1. Sean Wrote: The first and most critical success factor is effective commitment and support from top management. The cybersecurity portion of a business continuity plan cannot hope to be successful without leadership buy-in. Because C-Suite members shoulder the ultimate responsibility for the business, the planning and strategy must involve concurrence from company leadership. They must be made to understand the threats to the business, how the threats manifest into risk, and how those risks impact the business process (Hour, 2012). Another reason for top level buy-in is that management will be releasing company resources, to include funding and time, to the creation of the BCP. As strategic planning occurs, stakeholders and other critical designees should participate in relevant policy creation. If a BCP that includes cybersecurity is not relevant or in line with company/management goals, it will not succeed. A Business Impact Analysis (BIA) will assist in providing that focus by identifying key business processes and how their diminished performance affects the bottom line. Additionally, legal and regulatory concerns should be considered during the BIA process (UMUC, 2014). There’s a great quote attributed to Mike Tyson- “Everyone has a plan until they’re punched in the face”- and it describes crisis management. If all of the safety measures put in place to prevent an intrusion have failed, crisis management will drive you to focus on the recovery and resilience of critical business functions (NIST.gov, 2014). In December of 2013, Target and other retailers received a punch in the face when it was reported over 70 million customers had their debit and credit card data stolen by hackers (). Effective strategic communication in Target’s crisis management approach played a critical role in the overall recovery effort. Although the media outlets picked up and ran with this story, the only thing that seems to matter to the American consumer is that it doesn’t happen again. Judging
  • 2. by their stock price and continuing sales numbers, this was nothing more than a bump in the road for Target. Larry wrote: 2. It is first important to understand that the Business Continuity Plan (BCP) is different from the Disaster Recovery Plan (DRP) as the reason for the BCP is to know how to handle a temporary outage of the company’s network and/or business resources. These temporary outages can be the result of power outage, network outage due to a fiber cut or other incident or a major equipment failure resulting in loss of data. (SANS Institute, 2002) The DRP is in preparation of a major disaster in where the facilities are rendered inoperable or completely destroyed. This can occur from hurricanes, tornados or fires resulting in total loss of company assets. It will be part of the BCP being developed to decide when the BCP should be conducted versus when the DRP will be required. There are several important steps that should be included when creating a Business Continuity Plan (BCP). First and foremost is that upper management needs to be involved from there very beginning and fully support the plan. No plan can be successful without management support. Once this has been established, there needs to be a Business Impact Analysis (BIA) conducted. The purpose of a BIA is to identify all of the assets of the company and assign a value to it. This value will take into consideration the type and dollar of the equipment, the dollar value of the data and information that is stored within those systems, what it would take to restore those systems and the resources that will be needed. The BIA process will be an essential part of the overall BCP. Developing an overall strategy on how to develop the BCP should be outlined in the following phases; Project Initiation, Business Analysis (including the BIA), BCP Design, Creating the BCP, testing of the BCP and then keeping the BCP updated for any changes. (Tipton, 2010) These phases will help the BCP team analyze their environment and determine what the areas are that needs the most attention. This BCP will also better
  • 3. prepare the company to deal with whatever incident arises and the steps to bring their company back online. The BCP is a living document that has to be tested and maintained regularly. It will be up to the BCP team to determine frequency for the review of the BCP and how to make sure that all employees are aware of the plan trained to respond to the BCP 3. Larry Wrote: A flooding attack can be a very damaging and relatively easy type of attack as it can render a network, business or even a government infrastructure unavailable. It has been mentioned several times in this class regarding the cyber-attacks initiated at the start of the Russian-Georgian War in 2008. Before the traditional war began, a massive denial-of-service (DoS) attack was launched towards the internal servers of the Georgian government. This DoS attack specifically targeted the web, financial and government operated servers making them unavailable to everyone including the government. The web servers were then remotely accessed where the official government websites were defaced depicting the Georgian leader in an unflattering way. As the result of the cyber-attack, the overall war itself was not as big of a fight as a traditional war. What made this war so much different and historical is the fact that cyber technologies were utilized before any ground, air or sea attack was launched. (Hollis, 2011) This type of attack shows the devastation that can be done with a small group of computers and actors to conduct this type of attack. Attacks towards control systems are another type of attack that can produce a great amount of damage depending on the targets. Critical Infrastructures (CI) have been under constant attacks from outside entities trying to shut down or control these systems. This type of attack can be extremely detrimental and damaging to these control systems. There was another well- known documented incident that involved this type of internal attack. The incident was launched against a control system within the Iranian Nuclear Program. As a result, this attack ended up shutting down their entire nuclear facility setting them
  • 4. back years in nuclear development. It was called the Stuxnet worm and was designed to infiltrate and seek out a particular type of hardware that was using a vulnerable piece of software. As a result of the worm’s action, it ended up causing the Iranian nuclear engineers to shut down their centrifuges within the nuclear facility. (Kerr, Rollins, & Theohary, 2010) Using this type of attack can easily affect many other types of critical infrastructure systems that may be in the same older state operation. Utilizing the key-logger attack can also be a great way to gather vital information to either future attacks or some sort ransom. Key-loggers will be installed usually using a Trojan malware as its deploying method. These key-loggers are designed to record every key stroke of the end user’s computer and send it back to the attackers’ collection point. The information that can be gathered is information like credit card numbers, social security numbers, driver’s license info along with username and passwords. Key-loggers can also be useful gathering information from within a company’s network. Usernames and passwords can be recorded and used to gain internal access using escalated privileges. This would give the attack the “keys to the kingdom” so to speak. 4. Sean Wrote: There are a few initiatives on the books that appear to be working towards a comprehensive strategy. The Comprehensive National Cybersecurity Initiative (CNCI), established by President Bush in 2008, has been reinforced by President Obama and suggests twelve ideas that aim to build the coordination and cooperation required to address cyber-attacks. The CNCI involves the selection of an Executive Branch Cybersecurity Coordinator (CSC) who will have immediate access to the president. The CSC is also charged to work closely with key players in cybersecurity including all levels of government and the private sector, ensuring an organized response to incidents along with finding relevant cybersecurity
  • 5. technology (Whitehouse.gov, 2009). Initiatives details include a single, managed Federal Enterprise network protected by trusted internet connections, intrusion detection sensors and intrusion prevention sensors. The document goes on to announce initiatives in cybersecurity research and development efforts, the connecting of cyber ops centers, expanding cyber education, securing supply chains, and expanding the Federal role of securing critical infrastructure domains (Whitehouse.gov, 2009). In the political realm, no proposal is without its detractors and the CNCI is no different. The federally chartered Information Security and Privacy Advisory Board (ISPAB) is concerned with a lack of transparency and would like to see a release of key documentation regarding personal cyber privacy (Sentor, 2010). There are also questions regarding the legality of responding to cyber-attacks and the appropriate roles of executive and legislative branches in addressing cybersecurity. And finally, there are grumblings about the sharing of intelligence between the government and the private sector especially since the majority of threat information collected is classified