Answered step by step
Verified Expert Solution
Link Copied!

Question

1 Approved Answer

According to the Assignment 2 instructions, page 2, provided to you under the Assessment Hub in FLO, in this assignment, you as CISO, need to

According to the Assignment 2 instructions, page 2, provided to you under the Assessment Hub in FLO, in this assignment, you as CISO, need to create a preliminary report for all personnel in your organisation for given Energy Industry. You are not writing the contingency plan in Assessment 2. However, you are creating a document that explains what needs to be in the contingency plan, what should be in it, how it should be structured and who should be responsible or be involved in the creation of the actual contingency plan. This includes a timeline and how long it might take to gather the information needed and who from, and any consultation that may be needed. The point is that it is not an IT or security document and should not be devised just by the IT department. It must reflect that it is responding to incidents and maintaining business as usual - which is vital in the organisation you are working in as a CISO. Think of it as an Action Plan - something that must be practical and will require significant research and data to be useful to the organisation. In general, to create a contingency plan, organisations need to: 1. Identify and prioritise resources - what are the crucial resources needed - people, teams, tools, facilities etc - prioritise these from the most important to the least important. Your Assessment 1 should help you identify the critical resources. 2. What are the most important risks? What events or types of events would compromise or bring critical operations to a halt? What could stop the organisation from providing its essential services? (What are its essential services for your organisation in the given energy industry? What are its specific systems operational functionalities?). This would require consulting with all stakeholders (end-users, third-party contractors, critical systems operators, owners and so on). 3. A risk register is an important part of the plan development. - How will this be created if not already in existence? Again, this relates to all the functions and services that an organisation provides - not just a technology risk register. 4. A draft of the contingency plan is then usually created - that starts with the most critical aspects that would need addressing if anything happened. 5. The final step is to share and circulate and test the plan. 6. Continual review and revision of the plan. The contingency plan must be updated to accommodate changes in staff, situation, risks, and resources - like enhancing requirements for new information systems.

Assessment 2 - is a plan for how to achieve these above steps.

Timeline and also who reports whom .

Step by Step Solution

There are 3 Steps involved in it

Step: 1

blur-text-image

Get Instant Access to Expert-Tailored Solutions

See step-by-step solutions with expert insights and AI powered tools for academic success

Step: 2

blur-text-image

Step: 3

blur-text-image

Ace Your Homework with AI

Get the answers you need in no time with our AI-driven, step-by-step assistance

Get Started

Recommended Textbook for

Management

Authors: Stephen P Robbins, Mary Coulter

11th Edition

9780273752776, 132163845, 273752774, 978-0132163842

More Books

Students also viewed these General Management questions

Question

How many bytes a char data type occupies?

Answered: 1 week ago

Question

The intermediate code is referred to as?

Answered: 1 week ago

Question

A loop with in another loop is called a ?

Answered: 1 week ago

Question

Java interpreter is also known as ?

Answered: 1 week ago

Question

Which purpose a construction is used?

Answered: 1 week ago