Professional Documents
Culture Documents
(Project)
Outline of Problem Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP) are an
organization's last corrective control when all other controls have failed! ... An eventual
potentially crippling disaster may have no impact due to prudent risk management steps
taken as a result of thorough BCP/DRP plans.
You are required to research and report on this topic according to the Detail of the
Question below.
Detail of Questions Part One:
Purpose and Scope, which focuses to present requirement of the BCP which contains
from the following points:
Introduction املقدمة
Objectives and constraints اخلطة من والقيود األهداف
Identify the Risk Assessments
والنوعية الكمية املخاطر تق يم وسائل حتديد
(Quan - Qual)
Contingencies ة يف هبا يعتد اليت الطوارئ حاالت ماهيRاملنظم
Physical safeguards if applicable موجودة كانت إذا املستخدمة املعدات أمن وسائل
Types of computer service issues الكمبيوتر خدمة تعطل اليت املشكالت أنواع
considerations هل يوجد اعتبارات أتمينية على املنتجات اإللكرتونية لدى املنظمة
Insurance
Part Two:
Recovery Team who, this part is focus to identify the directed and related team to DRP &
BCP.
Part Three:
3.1 Preparing for Disaster. This part will identify 5 risks as a maximum and which
group they are related to it. The suggested groups are as follows:
Physical/security risks ) األمنية (التقنية/ املخاطر املادية
1
3.2 After identify the five main risks the group will carried out the level of
assessment according to the quantitative or qualitative method. The quantitative
method should calculate the following formula: (use a realistic number no need to use
a real data if you can’t)
SLE
ARO
ALE
3.3 The qualitative method should use the experience gained of the main leader
team in the company as following example: (you can choose your own threats)
The
Attacking The
severity Expected The degree of possible entities
confidential possibility of
of the loss efficacy
information the threat
threat
Firewall IDS Honeypot
IT Manger
DB Manger
Programmer
OS Engineer
Quality Manger
Average
Part Four:
Preparing for a planning (identifies the 5 risks from previous part) In this part, it should
be answer:
4.1 what should happen when a disaster occurs?
Restoration Procedures After the initial response that allow the organization to continue
working to normal business operations. This part includes the following:
What you should A report following the structure outlined in ‘Detail of Questions’ above. All sources of
hand in information MUST be referenced. You have to answer: all parts. Therefore, by handing
this project, Five parts in total with their answers would be submitted.
Rules - While solving all parts, you have to:
o The risks mentioned in the project should be realistic and not have to be
related to a real work environment
o It is preferring that the mentioned risks should be related to the
information security filed.