Lab #8: DEVELOP AN OUTLINE FOR A

BUSINESS CONTINUITY PLAN FOR AN IT

INFRASTRUCTURE

Course Name: IAA202

Student Name: TRAN THANH HUNG
Instructor Name: MAI HOANG DINH
Lab Due Date: 03/21/2020

Part A – Develop an Outline for a Business Continuity Plan for an IT

Infrastructure

1. Initiation of the BCP’s plan for Tiki company about IT

infrastructure:
The purpose of a business continuity plan (BCP) is to identify and
assess the risks, threats and vulnerabilities that threaten a company so
that you can minimize both internal and external exposure to them and
So you can minimize them.
The goal of the BCP plan is to document the procedures for
prevention and recovery. There are several effective ways I think it can
help:
Create a BCP team to implement a number of policies and work
out solutions for emergencies.
Invest a lot of money to improve each employee's knowledge of
threats, vulnerabilities, etc. Because we only understand the exact
danger level when we know it correctly.
2. Business Impact Analysis
Some data-driven attacks - one of the company's most important. So
if we lose control of the system - the administrator, we will lose all data
and the company will stop working.
  We need to consider the severity of the policies, which will keep
employees away from clicking on unknown links or using strange
applications that can remove malware. If we have unexpected malware
on our corporate network, it is equally serious when we lose control of
the system - the administrator.
A Dos or DDos attack can reduce a company's income by denying all
communications between the company and its users.
3. Business Continuity / Disaster Readiness / Recovery
RTO: 80% of the time to backup and restore
everything lost (network data, user data, hardware data,
etc.), the remaining 20% will be for reporting and
document recovery.
RPO: commodity data, exchange: 30 minutes;
Employee data (reports, salaries, etc.): 1 day.
DRP:
 Before disaster:
o Back up all important information.
o Protect all physical things such as equipment,
computers, etc. by moving or using a
replacement.
 In disaster:
o Keep valuables safe.
o Check all the change information and try to
control all of them.
 After disaster:
Clean things up and make sure they work again as
soon as [Link] lost or corrupted data

4. Develop & Implement the Plan

As I said before, the plan will be implemented as policy.
Set up a defense system for a surprise attack or disaster.
IT team needs to back up data regularly in case of unexpected data loss.
Adhere to the policy before doing something.
System maintenance periodically.
5. Test & Update the Plan
Hacking your system multiple times, in many ways, if in any case,
your BCP plan is more than 80% against it, that would be okay.
Try to add a new attack or disaster definition to fully prepare for the next
attack.

Overview:
After completing your BCP outline for your scenario and IT infrastructure, answer
the following .

Lab #8 – Assessment Worksheet questions.

These questions are specific to the BCP you
performed for your scenario and IT
infrastructure. Justify your answers where
needed.

Lab Assessment Questions:

1) How does a BCP help mitigate risk?

It helps minimize risks by providing a comprehensive BCP
framework, testing program and monitoring program and ensuring that
the plan is reviewed and updated regularly.
[Link] kind of risk does a BCP help mitigate?

The Business Continuity Plan (BCP) identifies actions that

organizations should take to minimize the adverse effects of potential
disasters.
[Link] you have business liability insurance, asset replacement
insurance, and natural disaster insurance, do you still need a BCP
or DRP? Why or why not?
Of course! BCP ensures that the organization is prepared for
disaster, while DRP is in the process of dealing with accomplices.

[Link] your scenario and BIA from Lab #7, what were the
mission critical business functions and operations you identified?
Is this the focus of your BCP?

Internal and external voice communication with customers in real

time; Domain name servers (DNS) for internal and external Internet
Protocol (IP) communications, Network management and technical
support, Financial and accounting support; Accounts payable,
accounts receivable, etc.
[Link] does a BIA help define for a BCP?

The BIA will identify the important and unimportant business

functions necessary to continue normal business operations in the
event of a disaster.

[Link] should develop and participate in the BCP within an

organization?
All executives, managers and employees should help develop and
participate in BCP.

[Link] does disaster planning and disaster recovery belong in a

BCP?
As part of ongoing business, you need a plan to recover in an
emergency.
[Link] is the purpose of having documented IT system,
application, and data recovery procedures and steps?
Information stored and processed on IT systems is prone to
degradation due to corruption or accidental or deliberate deletion,
hardware / software failures and natural or man-made disasters.
Backup and recovery processes and plants are essential to ensure
information recovery and the ability to continue IT support for critical
business functions.

[Link] must you include testing of the plan in your BCP?

Checking your ongoing plan is the best way to ensure that your
business will remain operational no matter what, or can be quickly
restored in any case.

[Link] often should you update your BCP document?

However, depending on the privacy policy, however, it will be

updated monthly or quarterly and whenever there is a major power
outage.
[Link] your BCP outline, where will you find a list of
prioritized business operations, functions, and processes?
The BIA.
[Link] your BCP outline, where will you find detailed back-up
and system recovery information?
This will be found in the Business Continuity / Disaster
preparedness / Recovery section.

[Link] your BCP outline, where will you find a policy

definition defining how to engage your BCP due to a major
outage or disaster?

This will be found in the Development and Implementation plan

section.
[Link] your BCP outline, where will you find a policy
definition defining the resources that are needed to perform the
tasks associated with BC or DR?
This will be found in the Getting Started section of the BCP.

[Link] is the purpose of testing your BCP and DRP procedures,

back-ups, and recovery steps?
The goal is to ensure all employees understand their roles and
responsibilities, allow training to assess the recovery team's ability to
implement the plan effectively, and ensure the operational plan if
necessary, identify weaknesses and short times, to verify goals and
recovery processes, verify alternative sites and to help achieve the
number of RTOs and RPOs.