Strayer CIS 359 Disaster Recovery Management Assignment 1: Continuity Planning Overview, Due Week 2 and worth 75 points, Graded A, 5 pages, 945 words.
Suppose you were recently hired for a new initiative as a business continuity lead / manager at a medium-sized healthcare company. You have been asked to prepare a presentation to the Board of Directors on your main duties for the company and how your position could help protect the business in case of a large-scale incident or disaster. You have been alerted that since this is a new initiative and could come with a potentially large price tag, there is skepticism from some of the Board members.
Write a three to four (3-4) page paper in which you:
1. Explain the basic primary tasks, ongoing evaluations, and major policy and procedural changes that would be needed to perform as the BC lead / manager.
2. Provide insight on how to plan the presentation to garner management and Board buy-in for those who are skeptical.
3. Discuss the first four (4) high-level activities that would be necessary in starting this initiative in the right direction and describe the potential pitfalls of each.
4. Speculate on the most comprehensive and / or critical challenge(s) in the infancy of this initiative and explain how to overcome that challenge(s).
5. Use at least three (3) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources.
Download Now(sent via email)
Explain in your own words the difference between disaster recovery and 1 business continuity planning efforts and whether or not you believe these planning efforts overlap. Disaster recovery deals with the technical aspects of returning a business to normal operations after an event occurs, while business continuity deals with the business aspects (personnel, etc.). I like to think of DR as getting the foundation (location, infrastructure, systems) back up so the building (personnel, processes, etc.) can be placed upon it. BCP could involve relocating staff to a new location to work when the actual main facility and information systems are undamaged and still operational and accessible, but the facility itself is inaccessible. But, DR could involve standing up new systems and infrastructure at a facility that could be hundreds of miles away in order to support the BCP in the event of a larger disaster like an earthquake. The planning efforts do, and should, overlap. The efforts of the DR plan will always need to be adjusted to accommodate the BCP, and the BCP will need to take into consideration any limitations of the DR plan. Detennine whether or not cloud and SaaS services can assist and benefit an organization in its business resumption panning (BRP) efforts, and whether or not this option is available and feasible to all sizes of organizations at this point in time. Provide a rationale to support your answer. Cloud and SaaS absolutely can assist and benefit an organization’s BRP, especially if all of their information resources are cloud-based or outsourced to an SaaS company, and are easily accessible from anywhere there employees are or can be. The options are available at this time, but may not necessarily be feasible because the costs of cloud and SaaS can quickly climb to unbelievable values when significant storage, processing and access bandwidth resources are required. Smaller companies with lower requirements for such resources would benefit the most. Larger companies, like financial and insurance giants, may not see a benefit when weighing the costs.
From the a-Activity, explain in your own words the benefits of the DHS’s efforts with Cyber Storm and whether or not you believe this is a necessary and useful activity in terms of incident response preparedness. It helps organizations prepare for different cyberattack scenarios by assessing the preparedness and responsiveness to an event, and step through a simulated scenario to test their response, recovery, and decision processes and communications paths with other agencies and/or organizations. I would say it is necessary for government entities, but private organizations can probably follow other testing processes and recommendations. I do see its usefulness overall, though … many companies never consider such exercises until they have actually been affected by an attack. Determine whether or not the efforts of Cyber Storm can help all types of organizations, regardless of size and independent of industry, for incident response and preparedness planning. Provide a rationale to support your answer. I think it could help most organizations, in just about any industry, as just about every company, no matter the size or industry, has data that cyber criminals want, and are connected to the Internet or use some form of susceptible technology that could put them, or the data they use, at risk. But, I do see it probably being too resource intensive for smaller companies to consider. Local restaurants, accounting groups and other smaller companies with few employees, though they may handle at-risk data (credit card numbers, financial info, etc.), would probably have zero interest in the efforts needed.