Business Continuity Plan(ISOL-632-07)Week 2

Business Continuity Plan

Business organization always poses a risk or a threat which can be internal or external. To prevent or minimize the risk of these threat organizations now a days have a set of a plan or procedure. In a simple word they have a business continuity plan(BCP) which involved in creating system of prevention and recovery from potential threats to an organization. As I mentioned threat can be internal and external. For an example, there is a fire in sixth floor of a company or there is huge hurricane coming in few days or it could be server attack by hacker. In these cases, company might incur disruption and potential shutdown situation which could lead loss of revenue and higher cost. With proper BCP these loses can be minimized and help in smooth operations of company.

I work for a Savi Technology, Inc. which is a software company. So here I am going to discuss the BCP plan we have.  BCP should take following account in consideration before any plan to ensure minimum loss.

1)      Crucial function

2)      Key personnel responsibilities

3)      Delegation of expert

4)      Vital data, systems and equipment

5)      Alternate facilities

6)      Communication

7)      Training exercise and testing

And, the main purpose of these plan is to ensure the protection of all employees from possible threat, preservation of viability, protection of all important data and records and restoration of facility.

Business Impact Analysis

The very first step of BCP is Business Impact Analysis(BIA). Here, we develop to identify plan critical function and workflow. BIA analysis assess the operational and financial impact of loss.

Here, this Business Impact Analysis (BIA) is developed as part of the contingency planning process for the Supply Chain Information System of Savi, Inc. Savi has operation in 2 data centers and have around 300 data servers and 100 laptops and company provide mobile devices to is employees. The main infrastructure consists of SNET Exchange Server, SNET Database directory. The service is secure electronic medium of communication between customers and vendors. The SNET Exchange Server is major revenue generator for the company.

The following table shows the impact factor and its recovering time in case of some catastrophic events.

Business Function or Process	Business Impact Factor	Recovery Time Objective	IT Systems/Apps Infrastructure Impacts
Telephonic Customer Service	Level 3	24 Hrs.	System Application Domain
Email Customer Service	Level 1	5 Hrs.	System Application Domain
Domain Servers	Level 2	22 Hrs.	LAN to WAN Domain
Email and Messaging Service	Level 2	24 Hrs.	System Application Domain
Internet and Intranet	Level 2	24 Hrs.	Remote Access Domain
Website	Level 2	24 Hrs.	System Application Domain
HR resource and Accounts	Level 2	24 Hrs.	LAN Domain
Chat based Customer Service	Level 2	24 Hrs.	LAN Domain
Technical Support	Level 3	1-2 Days	LAN Domain
Accounting and Finance Support	Level 4	24 Hrs.	System Application Domain
Marketing and Events	Level 4	2-3 Days	System Application Domain
Sales	Level 1	24 Hrs.	System Application Domain
Communication with another department	Level 2	24 Hrs.	System Application Domain

  

 Data backup policy: Back up policy preserves most important corporate information on a timely basis for audit logs and files that are rare very important. Backup media should be stored in a secure, geographically separate location from the original and isolated from environmental hazards.

IT follows these standards for its data backup and archiving:

Tape preservation policy: Backup media is kept at locations that are secure, remote from environmental hazards, and geographically discrete from the location of the housing the system.

Billing tapes: Tapes less than three years old must be stored locally off-site and more than three years are destroyed

Very Informative Post, I agree with you 100% and I want to add few of my arguments to support your post.

While you may have relegated a Security Response Team and have prepared them, it is imperative to remind all required to be unwavering discernment and spotlight on the job that needs to be done, as it will be a high-pressure time for everyone. It is foremost that you and your group perform at its most noteworthy by having a successful and fast reaction. Consequently, having a well-reported IR plan that takes into consideration the group to tail it bit by bit will guarantee the achievement of the recuperation. It's basic that you guarantee your IR plan has the essential things required in an effective arrangement and recuperation. Regardless of whether you have an IR plan set up or not, you can begin by approving the episode reaction activities against the reaction stages characterized by NIST and the means are laid out in that capacity:

Why is it critical for an organization to have a DOS attack response plan well before it happens? Use the four steps of the nist computer security process to write a summary and analysis of each of the steps in a ddos attack scenario.

It is critical for an organization to have a plan for responding to a DDoS (Distributed Denial of Service) attack well before it occurs because:

1. Time is of the essence: In the event of a DDoS attack, rapid response and mitigation is key to minimize the impact on the organization's operations, reputation and potential financial losses.

2. Better preparedness: A pre-planned response strategy allows the organization to identify and allocate resources, assign roles and responsibilities, and understand the processes involved in responding to a DDoS attack.

3. Improved coordination: Having a plan in place helps all relevant stakeholders within the organization to understand their roles and responsibilities and coordinate effectively during an attack.

4. Mitigating risk: By preparing for a DDoS attack, an organization can minimize its risk of data breaches, loss of revenue, and reputational damage.

In short, having a response plan in place before a DDoS attack occurs allows an organization to respond quickly, effectively, and confidently, mitigating the impact of the attack.

 

The NIST (National Institute of Standards and Technology) computer security process includes four steps: identification, protection, detection, and response. Here is a summary and analysis of each step in the context of a DDoS attack scenario:

1. Identification: This step involves identifying the assets, systems, and data that are critical to the organization and need to be protected against DDoS attacks. This includes identifying the potential sources and types of DDoS attacks, the impact of a successful attack, and the criticality of systems and data to the organization.

2. Protection: This step involves implementing security measures and controls to prevent or mitigate the impact of DDoS attacks. This may include network segmentation, firewalls, intrusion detection systems, and traffic filtering and blocking.

3. Detection: This step involves detecting DDoS attacks as they occur and quickly responding to minimize the impact on the organization. This may include real-time monitoring of network traffic, automated alerts, and centralized log management systems.

4. Response: This step involves taking action to respond to a DDoS attack and minimize its impact. This may include activating the incident response plan, isolating impacted systems, implementing traffic filtering and blocking measures, and working with service providers to mitigate the attack. The response should also include a post-incident analysis to identify areas for improvement and better prepare for future attacks.

In conclusion, the NIST computer security process provides a comprehensive framework for organizations to proactively prepare for and respond to DDoS attacks. By following these four steps, organizations can improve their overall security posture and better protect their critical assets and systems from DDoS attacks.