Answered step by step
Verified Expert Solution
Link Copied!

Question

1 Approved Answer

Name: Pied Piper Locations: Office based in California All clients are physically located in the United States Staffing 2 0 total employees Management ( 4

Name: Pied Piper
Locations: Office based in California
All clients are physically located in the United States
Staffing
20 total employees Management (4):
CEO
CFO
COO
Compliance Officer Cybersecurity (7):
Assessors / Analysts (3)
Pen Testers (2)
Incident Responders (2)
Sales & Marketing (5):
Sales Director
Sales Reps (2)
Marketing Mgr.
Marketing Intern Support Staff (4):
HR Manager
IT Support (2)
Admin Asst.
Annual Profits: $200,000 per year
5% to be spent on Cybersecurity: $10,000 annually.
Product
Offerings: Cybersecurity Consulting: Provides cybersecurity-consulting analyses for companies by
Cybersecurity Assessments and Audits
Pen Testing
Incident Response and Forensics
Key Functions Cybersecurity Assessments and Audits:
Vulnerability Assessments: Identifying security weaknesses in systems, networks, and software.
Security Audits: Reviewing and verifying compliance with security policies and standards.
Threat Modeling: Analyzing potential threats and creating models to predict and mitigate risks.
Pen Testing:
External Testing: Testing the security of externally visible servers or devices like web servers and firewalls.
Internal Testing: Assessing the risks from an internal threat by testing what an insider could do.
Social Engineering: Testing the human element of security through phishing and other methods to assess employee awareness and response.
Incident Response and Forensics:
Incident Detection: Identifying and analyzing indicators of compromise.
Incident Handling: Managing the response to a cybersecurity event to minimize impact.
Digital Forensics: Collecting and analyzing digital evidence to understand the incident's origin, impact, and perpetrators.
Task: write a business continuity plan/disaster recover plan for the company pied piper.
Your document should include the following points:
1.0 Introduction
The introduction needs to briefly describe the organization you are focusing on, including its size, industry, and key operations. This part of the document needs to set the scene for the business continuity plan. Keep in mind that a cybersecurity program for a restaurant will differ from that of an accounting firm.
1.1 Objective
The objective, or scope, is where you would explain what the purpose of the document is.
2.0 Business Impact Analysis
The business impact analysis details the important functions that the business needs to exist and make money. This is where the maximum downtime, or the longest that these functions cannot happen before the business suffers serious consequences. The consequences could be a loss of trust by customers, regulatory repercussions, or loss of money.
2.2 Threat Identification
This section should focus on what could go wrong for this business. Many things can be grouped. For example, if ransomware hit the company servers, or if the data was unavailable, the company might still react the same way with minor changes. If the building is unavailable, the why doesnt matter, the results are the same. Think of what affects your business. What could you group?
2.3 Maximum Tolerable Downtime
This section should list all of the items that you identified as important functions, and then think about how long the company can survive without this specific function. For example, if you had payroll, and payroll is biweekly, then it would not need to be up and running within 24 hours. If you need to collect payment from customers, there is more of an urgency. If the inventory management system is down, then how do you track your inventory? Advertising can wait a bit longer than product orders.
2.4 Assets and Resources
This section provides some alternatives to whatever resources may be down. If its the cash register, maybe there is another one. If its the internet, maybe the owner has a hot spot for credit cards. If its a credit card reader, maybe switch to cash until the vendor of the credit card replaces the machine.
3.0 Strategy Development
This section should leave nothing up to the interpretation of the reader. This should include very specific actions. This is where you would describe what IT should do, what employees should do, etc. Who owns the task, when should the task be done, and how. In addition, the following scenarios can also be visualized or presented as a flowchart or table.
4.0 Training and Awareness
Describe programs to teach employees how to act and what to do in case of an emergency. This should include how to communicate and who to communicate with during such times.
4.1 Communication
This should outline who can speak to law enforcement, the media, the public, clients, etc. This should also include how the information will be disseminated to employees, the public, clients, etc. before, during, and after an incident.
4.1.2 Emergency Declaration and Resolution
This should outline how an emergency is declared.
4.2 BCP Testing and Maintenance Schedule

Step by Step Solution

There are 3 Steps involved in it

Step: 1

blur-text-image

Get Instant Access to Expert-Tailored Solutions

See step-by-step solutions with expert insights and AI powered tools for academic success

Step: 2

blur-text-image

Step: 3

blur-text-image

Ace Your Homework with AI

Get the answers you need in no time with our AI-driven, step-by-step assistance

Get Started

Recommended Textbook for

AutoCAD Database Connectivity

Authors: Scott McFarlane

1st Edition

0766816400, 978-0766816404

More Books

Students also viewed these Databases questions

Question

=+created using the same application framework.

Answered: 1 week ago