You have been hired as a consultant to design BCP for SanGrafix, a video and PC game design company. SanGrafix's newest game has become a hot seller, and the company anticipates rapid growth. It's moving into a new facility and will be installing a new network. Because competition is fierce in the game industry, SanGrafix wants to be fully secured, documented, and maintained while providing high availability, scalability, and performance.
Based on your current technology and information security knowledge, for this project you will design a BCP based off of the company profile below:
A. Primary location in San Francisco, CA
B. Secondary location/hot site in Sunnyvale, CA
C. Capable of supporting 220 users in these departments: Accounting and Payroll, 16; Research and Development, 48; Sales and Marketing, 40; Order Processing, Shipping, and Receiving, 36; secretarial and office management staff, 20; upper management (including the president, vice president, and general manager), 10; Customer Relations and Support, 30; Technology Support, 20.
D. Full OC3 Internet connection
First step is to issue a clear policy statement on the Business Continuity Plan. At a minimum, this statement should contain the following instructions:
The organization should develop a comprehensive Business Continuity Plan.
A formal risk assessment should be undertaken in order to determine the requirements for the Business Continuity Plan.
The Business Continuity Plan should cover all essential and critical business activities.
The Business Continuity Plan should be periodically tested in a simulated environment to ensure that it can be implemented in emergency situations and that the management and staff understand how it is to be executed.
All staff must be made aware of the Business Continuity Plan and their own respective roles.
The Business Continuity Plan is to be kept up to date to take into account changing circumstances.
BELOW IS THE EXAMPLE
Policy Statement
1. Agencies are required to develop, implement, test and maintain a Business Continuity Plan (BCP) for all Information Technology Resources (ITR) that deliver or support core systems and services on behalf of the Commonwealth of Massachusetts. For purposes of this policy, the BCP is the overall plan that facilitates sustaining critical operations while recovering from a disruption. BCP’s are required to include, at a minimum:
Standard Incident Response Procedures: An information system-focused set of procedures to be used when an event occurs that is not part of the standard operation of a service and may or does cause disruption to or a reduction in the quality of services and Customer productivity.
Disaster Recovery Plan (DRP): An information system-focused plan designed to restore operability of the target system, application, or computer facility infrastructure in the event of large scale disaster and/or other cataclysmic event.
Continuity of Operations Plans (COOP): An information system-focused pla.
ICT Role in 21st Century Education & its Challenges.pptx
You have been hired as a consultant to design BCP for SanGrafix, a v.docx
1. You have been hired as a consultant to design BCP for
SanGrafix, a video and PC game design company. SanGrafix's
newest game has become a hot seller, and the company
anticipates rapid growth. It's moving into a new facility and will
be installing a new network. Because competition is fierce in
the game industry, SanGrafix wants to be fully secured,
documented, and maintained while providing high availability,
scalability, and performance.
Based on your current technology and information security
knowledge, for this project you will design a BCP based off of
the company profile below:
A. Primary location in San Francisco, CA
B. Secondary location/hot site in Sunnyvale, CA
C. Capable of supporting 220 users in these departments:
Accounting and Payroll, 16; Research and Development, 48;
Sales and Marketing, 40; Order Processing, Shipping, and
Receiving, 36; secretarial and office management staff, 20;
upper management (including the president, vice president, and
general manager), 10; Customer Relations and Support, 30;
Technology Support, 20.
D. Full OC3 Internet connection
First step is to issue a clear policy statement on the Business
Continuity Plan. At a minimum, this statement should contain
the following instructions:
The organization should develop a comprehensive Business
Continuity Plan.
A formal risk assessment should be undertaken in order to
determine the requirements for the Business Continuity Plan.
The Business Continuity Plan should cover all essential and
critical business activities.
The Business Continuity Plan should be periodically tested in a
simulated environment to ensure that it can be implemented in
emergency situations and that the management and staff
understand how it is to be executed.
All staff must be made aware of the Business Continuity Plan
2. and their own respective roles.
The Business Continuity Plan is to be kept up to date to take
into account changing circumstances.
BELOW IS THE EXAMPLE
Policy Statement
1. Agencies are required to develop, implement, test and
maintain a Business Continuity Plan (BCP) for all Information
Technology Resources (ITR) that deliver or support core
systems and services on behalf of the Commonwealth of
Massachusetts. For purposes of this policy, the BCP is the
overall plan that facilitates sustaining critical operations while
recovering from a disruption. BCP’s are required to include, at
a minimum:
Standard Incident Response Procedures: An information system-
focused set of procedures to be used when an event occurs that
is not part of the standard operation of a service and may or
does cause disruption to or a reduction in the quality of services
and Customer productivity.
Disaster Recovery Plan (DRP): An information system-focused
plan designed to restore operability of the target system,
application, or computer facility infrastructure in the event of
large scale disaster and/or other cataclysmic event.
Continuity of Operations Plans (COOP): An information
system-focused plan invoked under a DRP when access to the
primary facility infrastructure is prevented for an extended
period, requiring operations to be restored from an alternate site
after an emergency. The COOP may be supported by multiple
information system contingency plans to address recovery of
impacted individual systems once the alternate facility has been
established. The COOP only addresses information system
disruptions that require relocation. (From NIST SP 800-34).
2. Agencies are required to conduct risk assessments to identify,
estimate, and prioritize risks to organizational operations and
conduct business impact analyses to identify all critical
functions of the agency, entity or business unit and their
supporting information systems. ITD’s Compliance Assurance
3. Office is available to assist and/or conduct such assessments.3.
Agencies are required to articulate specific information,
including the details necessary to effectively respond, manage,
and recover from either an incident or a catastrophic event.
Further, protecting data and confidential information should be
integrated into the above referenced details.4. Agencies are
required to ensure that all BCPs and supporting DRPs and
COOPs are in alignment with and in support of any and all legal
and regulatory requirements that the agency ITR’s are subject
to.5. Agencies are required, at a minimum, to include the
following documentation and procedures in their BCP and its
supporting components:
Scope / Objectives
Risk Evaluation and Required Security Controls
Business Impact Analysis
Communications Procedures
BCP Organization Structure
Activation of plans
Succession of Authority Procedures
BCP Team Roles and Responsibilities
Incident/Event Response Teams
Emergency/DR Response Teams
Primary and Alternate Contact Lists
Damage Assessment
Recovery Plans
Critical System Recovery
Prioritization of Recovery
Interdependencies
Resource requirements
Security Controls
COOP
Mobilizing Alternate Locations / Resources
Managing Alternate Locations / Resources
Critical System Support
Short term
Long term
4. Local
Regional
Pandemic
6. Agencies are required to verify that critical third party
vendors meet agency business continuity requirements during
the contract negotiating process and prior to contract agreement
and signature. Alternate third party vendors are required to be
identified where appropriate. 7. Agencies are required to
securely store copies of plans and supporting materials in a
remote location; at a sufficient distance to escape any damage
from a disaster at the agency’s main information processing
facilities and be available (via remote connection, external e-
mail location, etc.).8. Agencies are required to document,
implement and annually test plans including the testing of all
appropriate security provisions to minimize impact to systems
or processes from the effects of major failures of IT Resources
or disasters.9. Agencies are required to identify appropriate
mechanisms to ensure that plans remain current and updated
between annual tests and reviews accounting for:
Change management implications
New/Major upgrades of system implementations
New policy adoption
New contract implementations
New threat/risk identification
Staff/resource/responsibility changes
1. Agencies are required to publish plans and sufficiently train
any and all individuals that are required or responsible for
supporting the BCP
NO PLAGIARISM
APA FORMAT