This part of the project is a continuation of the Project 1, Part 1 where you prepared RA plan and a risk mitigation plan for the Health Network. Senior management at Health Network decided that the risk manager and his/her team should continue and develop a RA plan based on inputs provided by the team in earlier project deliverables. Management has also allocated funds for a risk mitigation plan and a BIA plan. Because of the importance of risk management to the organization, senior management is committed to and supportive of the project to develop a new plan. You have been assigned to develop this new plan.

1. Task 1: Introduction and Business Impact Analysis Plan: You have been assigned the task of making a final Risk Assessment plan, a final Risk Mitigation Plan, and a Business Impact Analysis Plan. In order to create your BIA plan, you will need to do the following:
   1. Research BIAs
   2. Develop a BIA plan for Health Network that focuses on the data center. The BIA should identify:
      • Critical business functions
      • Critical resources
      • Maximum acceptable outage (MAO) and impact
      • Recovery point objective (RPO) and recovery time objective (RTO).
   3. Create a professional report detailing the information in your final Risk Assessment plan, your final Risk Mitigation Plan, and your Business Impact Analysis Plan.
2. Task 2: Business Continuity Plan
   1. As mentioned above, Senior Management has allocated funds to pay for a Business Continuity Plan to be created. You have been assigned to develop this new plan, and you need to take the following information into consideration:
      1. Winter storms on the East Coast have affected the ability of Health Network employees to reach the Arlington offices in a safe and timely manner. However, no BCP plan currently exists to address corporate operations. The Arlington office is the primary location for business units, such as Finance, Legal, and Customer Support. Some of the corporate systems, such as the payroll and accounting applications, are located only in the corporate offices. Each corporate location is able to access the other two, and remote virtual private networks (VPNs) exist between each production data center and the corporate locations.
      2. The corporate systems are not currently being backed up and should be addressed in the new plan.
      3. You need to create a BCP that could recover business operations while efforts are ongoing to restart previous operations.
      4. The BCP should also include some details regarding how the BCP will be tested.
      5. Do not forget to develop a testing plan for your team's Business Continuity Plan.
      6. Make a professional report detailing the information in Business Continuity Plan. You may use or repurpose a BCP template you find online, but make sure to include a description of how you would test the plan.
3. Task 3: Disaster Recovery Plan:Your project on risk management up to this point has been reviewed and appreciated by the senior management.
   1. They now want you to develop a Disaster Recovery Plan in order to overcome any mishaps that might occur in the future.
   2. Use your research on NIST templates to develop your DRP plan for Health Network.
   3. Make sure you develop a Disaster Recovery Plan that could recover business operations while efforts are ongoing to restart pervious operations?
   4. Make sure to completely fill out the template found in your NIST research.
4. Task 4: Computer Incident Response Team Plan: By now you should have developed a Risk Assessment Plan, a Risk Mitigation Plan, a Business Impact Analysis, a Business Continuity Plan, and a Disaster Recovery Plan.
   1. In this final Task, you will create a Computer Incident Response Team Plan for Health Network after having learned the concepts of CIRT. Remember that the Health Network headquarters (HQ) handles all incidents, so the plan will have its roots at HQ.
   2. After creating the CIRT plan you will need to compile the completed set of your risk management plans together for final submission of the project.
   3. Make sure to incorporate your instructor's feedback in your final set of risk management plans.