Complete the Final project template and fill the blanks using other 4task documents attached.

I have sent the all files and in that task 1 to task 4 is reference documents and after review those documents you can fill the” Final Project Part 2 – BIA-BCP-DRP-CIRT template” and also you can see the attached screenshot “Project” for your understanding.
final_project_part_2___bia_bcp_drp_cirt_template.docx

final_project_part_ii_task_1___business_impact_analysis_boiler_plate.pdf

Don't use plagiarized sources. Get Your Custom Essay on
Complete the Final project template and fill the blanks using other 4task documents attached.
Just from $13/Page
Order Essay

final_project_part_ii_task_2___business_continuity_plan_boiler_plate.pdf

final_project_part_ii_task_3___it_disaster_recovery_boiler_plate.pdf

final_project_part_ii_task_4___computer_incident_response_team_plan_boilerplate.pdf

Unformatted Attachment Preview

ISOL 533 – Information Security and Risk Management
University of the Cumberlands
Task 1. Complete the BIA table below and use it for the remainder of the assignment. You may want
to review your Lab #07 assignment where you developed a BIA table. Information needed to create the
Business Functions and Processes below are in the “Project Management Plan” scenario and the
“Project Health Network Visual”. Hint: look at the processes that go from the customers and into the
systems/applications in the “Project Health Network Visual”.
Business Function or Process
Business
Impact
Factor
Recovery
Time
Objective
IT Systems/Apps
Infrastructure Impacts
ISOL 533 – Information Security and Risk Management
University of the Cumberlands
Task 1: Business Impact Analysis – extracts from the Boiler Plate
1.
Overview
This Business Impact Analysis (BIA) is developed as part of the contingency planning process for the
HNetExchange Message system, HNetConnect Directory system and HNetPay Payment system. It was
prepared for Health Network, Inc (Health Network).
2.
System Description

3.1.1
Identify Outage Impacts and Estimated Downtime
Estimated Downtime
The table below identifies the MTD, RTO, and RPO for the organizational business processes that rely on
the HNetExchange Message system, HNetConnect Directory system and HNetPay Payment system.

Mission/Business Process
For HNetExchange
MTD
RTO
RPO
Mission/Business Process
For HNetConnect
MTD
RTO
RPO
Mission/Business Process
For HNetPay
MTD
RTO
RPO
ISOL 533 – Information Security and Risk Management
University of the Cumberlands
Task 2: Business Continuity Plan – extracts from the Boiler Plate

EMERGENCY MANAGEMENT STANDARDS
Data backup policy
Full and incremental backups preserve corporate information assets and should be performed on a
regular basis for audit logs and files that are irreplaceable, have a high replacement cost, or are
considered critical. Backup media should be stored in a secure, geographically separate location from
the original and isolated from environmental hazards.
Department-specific data and document retention policies specify what records must be retained and
for how long. All organizations are accountable for carrying out the provisions of the instruction for
records in their organization.
IT follows these standards for its data backup and archiving:
Tape retention policy
Backup media is stored at locations that are secure, isolated from environmental hazards, and
geographically separate from the location housing the system.
Billing tapes
•
•
•
Tapes greater than three years old are destroyed every six months.
Tapes less than three years old must be stored locally off-site.
The system supervisor is responsible for the transition cycle of tapes.
System image tapes
•
•
•
A copy of the most current image files must be made at least once per week.
This backup must be stored offsite.
The system supervisor is responsible for this activity.
Off-site storage procedures
• Tapes and disks, and other suitable media are stored in environmentally secure facilities.
• Tape or disk rotation occurs on a regular schedule coordinated with the storage vendor.
Access to backup databases and other data is tested annually
ISOL 533 – Information Security and Risk Management
University of the Cumberlands
ISOL 533 – Information Security and Risk Management
University of the Cumberlands
Task 3: Disaster Recovery Plan – extracts from the Boiler Plate

DISASTER RECOVERY PLAN FOR
OVERVIEW
PRODUCTION SERVER
IT INFRASTRUCTURE
Location: Enter location
Provide details on what systems, applications, databases and
equipment are involved.
BACKUP STRATEGY FOR
SYSTEM ONE
DAILY / MONTHLY /
QUARTERLY
Choose which strategy on the left is use.

DISASTER RECOVERY
PROCEDURE
RISK #1: LOSS OF
COMPANY DATA DUE TO
HNETPAY HARDWARE
REMOVED FROM
PRODUCTION SYSTEMS.
Provide details
RISK #2: LOSS OF
CUSTOMERS DUE TO
PRODUCTION OUTAGES.
Provide details
ISOL 533 – Information Security and Risk Management
University of the Cumberlands
DISASTER RECOVERY PLAN FOR
OVERVIEW
PRODUCTION SERVER
IT INFRASTRUCTURE
Location: Enter location
Provide details on what systems, applications, databases and
equipment are involved.
BACKUP STRATEGY FOR
SYSTEM ONE
DAILY / MONTHLY /
QUARTERLY
Choose which strategy on the left is use.

DISASTER RECOVERY
PROCEDURE
RISK #1: LOSS OF
COMPANY DATA DUE TO
HNETCONNECT
HARDWARE REMOVED
FROM PRODUCTION
SYSTEMS.
Provide details
RISK #2: LOSS OF
CUSTOMERS DUE TO
PRODUCTION OUTAGES.
Provide details
ISOL 533 – Information Security and Risk Management
University of the Cumberlands
DISASTER RECOVERY PLAN FOR
OVERVIEW
PRODUCTION SERVER
IT INFRASTRUCTURE
Location: Enter location
Provide details on what systems, applications, databases and
equipment are involved.
BACKUP STRATEGY FOR
SYSTEM ONE
DAILY / MONTHLY /
QUARTERLY
Choose which strategy on the left is use.

SYSTEM DISASTER
RECOVERY PROCEDURE
RISK #1: LOSS OF
COMPANY DATA DUE TO
HNETEXCHANGE
HARDWARE REMOVED
FROM PRODUCTION
SYSTEMS.
Provide details
RISK #2: LOSS OF
CUSTOMERS DUE TO
PRODUCTION OUTAGES.
Provide details
ISOL 533 – Information Security and Risk Management
University of the Cumberlands
Task 4: Computer Incident Response Team Plan – extracts from the Boiler Plate

Appendix A – Incident Response Worksheet
Preparation:
What tools, applications, laptops, and communication devices were needed to address the Computer
Incident Response for this specific breach?
Identification: When an incident is reported, it must be identified, classified, and documented. During
this step, the following information is needed:
•
Identify the nature of the incident
o What Business Process was impacted
o What threat was identified
o What weakness was identified
o What risk was identified
o What was the Risk Factor/Impact of the incident
o What was the RTO, MTD and RPO assigned to the business process
o What hardware, software, database and other resource were impacted
Containment: The immediate objective is to limit the scope and magnitude of the computer/securityrelated incident as quickly as possible, rather than allow the incident to continue to gain evidence for
identifying and/or prosecuting the perpetrator.
•
What needs to be done to limit the scope of the incident
Eradication: The next priority is to remove the computer/security-related incident or breach’s effects.
•
What needs to be done to mitigate the risk of the incident
Recovery: Recovery is specific to bringing back into production those IT systems, applications, and
assets that were affected by the security-related incident.
•
What needs to be done to recover the IT systems
o What procedures need to be used and are they covered in the Disaster Recovery Plan
o Would the Business Continuity Plan be executed in response to this incident
o Would any issues be identified that would lead to updates to the BIA, BCP or DR plans.
ISOL 533 – Information Security and Risk Management
University of the Cumberlands
1.
BUSINESS IMPACT ANALYSIS
Overview
This Business Impact Analysis (BIA) is developed as part of the contingency planning process for the
HNetExchange Message system, HNetConnect Directory system and HNetPay Payment system. It was
prepared on Health Network, Inc (Health Network).
1.1
Purpose
The purpose of the BIA is to identify and prioritize system components by correlating them to the
mission/business process(es) the system supports, and using this information to characterize the impact
on the process(es) if the system were unavailable.
The BIA is composed of the following three steps:
1. Determine mission/business processes and recovery criticality. Mission/business processes
supported by the system are identified and the impact of a system disruption to those processes
is determined along with outage impacts and estimated downtime. The downtime should
reflect the maximum that an organization can tolerate while still maintaining the mission.
2. Identify resource requirements. Realistic recovery efforts require a thorough evaluation of the
resources required to resume mission/business processes and related interdependencies as
quickly as possible. Examples of resources that should be identified include facilities, personnel,
equipment, software, data files, system components, and vital records.
3. Identify recovery priorities for system resources. Based upon the results from the previous
activities, system resources can more clearly be linked to critical mission/business processes.
Priority levels can be established for sequencing recovery activities and resources.
This document is used to build the HNetExchange Message system, HNetConnect Directory system and
HNetPay Payment system Business Contingency Plan (BCP) and is included as a key component of the
BCP. It also may be used to support the development of other contingency plans associated with the
system, including, but not limited to, the Disaster Recovery Plan (DRP).
2.
System Description
{Provide a general description of system architecture and functionality as provided in the scenario
instructions. Indicate the operating environment, physical location, general location of users, and
partnerships with external organizations/systems. Include information regarding any other technical
considerations that are important for recovery purposes, such as backup procedures. Provide a diagram,
as an appendix, of the architecture, including inputs and outputs and telecommunications connections.}
BUSINESS IMPACT ANALYSIS
ISOL 533 – Information Security and Risk Management
University of the Cumberlands
3.
BIA Data Collection
{Normally data collection can be accomplished through individual/group interviews, workshops, email,
questionnaires, or any combination of these. For this assignment, review the scenario and include
information you would expect to obtain during the normal data collection process}
3.1
Determine Process and System Criticality
Step one of the BIA process – Working with input from users, managers, mission/business process
owners, and other internal or external points of contact (POC), identify the specific mission/business
processes that depend on or support the information system.
Mission/Business Process
3.1.1
Description
Identify Outage Impacts and Estimated Downtime
Outage Impacts
The following impact categories represent important areas for consideration in the event of a disruption
or impact.
Values for assessing category Risk Factors/Impact:
?
?
?
Critical = “1”
Major = “2”
Minor = “3”
Values for assessing category Recovery Time Objectives (RTO):
? Critical-1 = 4 hours
? Critical-2 = 8 hours
? Critical-3 = 24 hours
? Major-1 = 36 hours
? Major-2 = 48 hours
? Minor = 1 week
The table(s) below summarizes the impact on each mission/business process if the HNetExchange
Message system, HNetConnect Directory system and HNetPay Payment system were unavailable.
ISOL 533 – Information Security and Risk Management
University of the Cumberlands
Mission/Business Process
for HNetExchange
Mission/Business Process
for HNetConnect
Mission/Business Process
for HNetPay
BUSINESS IMPACT ANALYSIS
Impact Category
Risk Factor
RTO
Describe the Impact if unavailable
Impact Category
Risk Factor
RTO
Describe the Impact if unavailable
Impact Category
Risk Factor
RTO
Describe the Impact if unavailable
Estimated Downtime
Working directly with mission/business process owners, departmental staff, managers, and other
stakeholders, estimate the downtime factors for consideration as a result of a disruptive event.
?
Maximum Tolerable Downtime (MTD). The MTD represents the total amount of time
leaders/managers are willing to accept for a mission/business process outage or disruption and
includes all impact considerations. Determining MTD is important because it could leave
continuity planners with imprecise direction on (1) selection of an appropriate recovery method,
and (2) the depth of detail which will be required when developing recovery procedures,
including their scope and content.
?
Recovery Time Objective (RTO). RTO defines the maximum amount of time that a system
resource can remain unavailable before there is an unacceptable impact on other system
resources, supported mission/business processes, and the MTD. Determining the information
ISOL 533 – Information Security and Risk Management
University of the Cumberlands
BUSINESS IMPACT ANALYSIS
system resource RTO is important for selecting appropriate technologies that are best suited for
meeting the MTD.
?
Recovery Point Objective (RPO). The RPO represents the point in time, prior to a disruption or
system outage, to which mission/business process data must be recovered (given the most
recent backup copy of the data) after an outage.
The table below identifies the MTD, RTO, and RPO for the organizational mission/business processes
that rely on the HNetExchange Message system, HNetConnect Directory system and HNetPay Payment
system.
3.2
Mission/Business Process
For HNetExchange
MTD
RTO
RPO
Mission/Business Process
For HNetConnect
MTD
RTO
RPO
Mission/Business Process
For HNetPay
MTD
RTO
RPO
Identify Resource Requirements
The following table identifies the resources that compose the HNetExchange Message system,
HNetConnect Directory system and HNetPay Payment system including hardware, software, and other
resources such as data files.
System Resource/Component
Description
It is assumed that all identified resources support the mission/business processes identified in Section 3.1
unless otherwise stated.
ISOL 533 – Information Security and Risk Management
University of the Cumberlands
3.3
BUSINESS IMPACT ANALYSIS
Identify Recovery Priorities for System Resources
The table below lists the order of recovery for resources. The table also identifies the
expected time for recovering the resource following a “worst case” (complete rebuild/repair or
replacement) disruption.
?
Recovery Time Objective (RTO) – RTO defines the maximum amount of time that a system
resource can remain unavailable before there is an unacceptable impact on other system
resources, supported mission/business processes, and the MTD. Determining the information
system resource RTO is important for selecting appropriate technologies that are best suited for
meeting the MTD.
Priority #
System Resource/Component
Recovery Time
Objective
ISOL 533 – Information Security and Risk Management
University of the Cumberlands
BUSINESS IMPACT ANALYSIS
Table 1 – BIA worksheet
Business Function or Process
Business
Impact
Factor
Recovery
Time
Objective
IT Systems/Apps
Infrastructure Impacts
ISOL 533 – Information Security and Risk Management
BUSINESS CONTINUITY PLAN
University of The Cumberlands
Purpose
The purpose of this business continuity plan is to prepare Health Network, Inc. (Health Network)
in the event of extended service outages caused by factors beyond our control (e.g., natural
disasters, man-made events), and to restore services to the widest extent possible in a minimum
time frame. All Health Network, Inc. (Health Network) sites are expected to implement
preventive measures whenever possible to minimize operational disruptions and to recover as
rapidly as possible when an incident occurs.
The plan identifies vulnerabilities and recommends necessary measures to prevent extended
voice communications service outages. It is a plan that encompasses all Health Network, Inc.
(Health Network) system sites and operations facilities.
Scope
The scope of this plan is limited to the three major systems used by Health Network, Inc. (Health
Network); the HNetExchange Message system, HNetConnect Directory system and HNetPay
Payment system. This is a business continuity plan, not a daily problem resolution procedures
document.
Plan objectives
?
?
?
?
?
?
?
Serves as a guide for the Health Network, Inc. (Health Network) recovery teams.
References and points to the location of critical data.
Provides procedures and resources needed to assist in recovery.
Identifies vendors and customers that must be notified in the event of a disaster.
Assists in avoiding confusion experienced during a crisis by documenting, testing and
reviewing recovery procedures.
Identifies alternate sources for supplies, resources and locations.
Documents storage, safeguarding and retrieval procedures for vital records.
Assumptions
?
?
?
?
Key people (team leaders or alternates) will be available following a disaster.
A national disaster such as nuclear war is beyond the scope of this plan.
This document and all vital records are stored in a secure off-site location and not only
survive the disaster but are accessible immediately following the disaster.
Each support organization will have its own plan consisting of unique recovery procedures,
critical resource information and procedures.
Disaster definition
Any loss of utility service (power, water), connectivity (system sites), or catastrophic event
(weather, natural disaster, vandalism) that causes an interruption in the service provided by
Health Network, Inc. (Health Network) operations. The plan identifies vulnerabilities and
recommends measures to prevent extended service outages.
1
RESTRICTED
ISOL 533 – Information Security and Risk Management
BUSINESS CONTINUITY PLAN
University of The Cumberlands
Recovery teams
?
?
?
Emergency management team (EMT)
Disaster recovery team (DRT)
IT technical services (IT)
Team member responsibilities
?
?
?
Each team m …
Purchase answer to see full
attachment

Order a unique copy of this paper
(550 words)

Approximate price: $22

Basic features
  • Free title page and bibliography
  • Unlimited revisions
  • Plagiarism-free guarantee
  • Money-back guarantee
  • 24/7 support
On-demand options
  • Writer’s samples
  • Part-by-part delivery
  • Overnight delivery
  • Copies of used sources
  • Expert Proofreading
Paper format
  • 275 words per page
  • 12 pt Arial/Times New Roman
  • Double line spacing
  • Any citation style (APA, MLA, Chicago/Turabian, Harvard)

Our guarantees

Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.

Money-back guarantee

You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.

Read more

Zero-plagiarism guarantee

Each paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.

Read more

Free-revision policy

Thanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.

Read more

Privacy policy

Your email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.

Read more

Fair-cooperation guarantee

By sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.

Read more

Calculate the price of your order

550 words
We'll send you the first draft for approval by September 11, 2018 at 10:52 AM
Total price:
$26
The price is based on these factors:
Academic level
Number of pages
Urgency

Order your essay today and save 15% with the discount code ESSAYHELP