+1 (208) 254-6996 essayswallet@gmail.com
  

Contingency Planning

Contingency planning is a risk mitigation process for developing back-up plans in anticipation of events (scenarios) that might disrupt ‘business as usual’. Business continuity planning is an expanded version of contingency planning that typically encompasses a more comprehensive and extended response plan for getting back to ‘business as usual’. In a well-formatted, highly-detailed research paper, address the need to contingency planning, ensuring to address the following items:
(1) Benefits of scenario events/planning.
(2) Questions to consider when implementing scenario planning.
(3) The common types of scenario planning.
Your paper should meet these requirements:

  • Be approximately four to six pages in length, not including the required cover page and reference page.
  • Follow APA 7 guidelines. Your paper should include an introduction, a body with fully developed content, and a conclusion.
  • Support your answers with the readings from the course and at least two scholarly journal articles to support your positions, claims, and observations, in addition to your textbook. The UC Library is a great place to find resources.
  • Be clearly and well-written, concise, and logical, using excellent grammar and style techniques. You are being graded in part on the quality of your writing.

Chapter 3 Business Continuity Planning

Planning for Business Continuity

Assessing risks to business processes

Minimize impact from disruptions

Maintain continuity of being able to perform mission critical business tasks

Main steps:

Project scope and planning

Business impact assessment

Continuity planning

Approval and implementation

Project Scope and Planning

Business Organization Analysis

BCP Team Selection

Resource Requirements

Legal and Regulatory Requirements

overview

Business Organization Analysis

Identify all departments

Identify critical services

Identify corporate security teams

Identify senior executives and key individuals

BCP Team Selection

Needs members from every department/division

Include members from:

IT

Cybersecurity

Senior management

Legal

Physical security and facilities

Legal and PR

Resource Requirements

BCP Development

BCP Testing, Training, and Maintenance

BCP Implementation

Mostly personnel, but may include IT and physical resource allocation

Legal and Regulatory Requirements

Federal, state, and local laws or regulations

Emergency services

Industry regulations

Country-specific laws

Service level agreements

Business Impact Assessment

Quantitative Decision Making vs. Qualitative Decision Making

Identify Priorities

Risk Identification

Likelihood Assessment

Impact Assessment

Resource Prioritization

overview

Identify Priorities

Critical prioritization of business processes

Assess by department, then organization

Assign an AV (asset value) to each process

Determine:

MTD (maximum tolerable downtime)

MTO (maximum tolerable outage)

Choose a RTO (recovery time objective)

Risk Identification

Inventory-specific risks

Natural and man-made

Logical and physical and social

Don’t overlook the cloud

Get input from all departments

Likelihood Assessment

Determine frequency of occurrence

Establish an ARO (annualized rate of occurrence)

Based on history, experience, and experts

Impact Assessment

Evaluate consequences of a breach

EF (exposure factor)

SLE (single loss expectancy)

SLE = AV x EF

ALE (annualized loss expectancy)

ALE = SLE x ARO

Consider non-monetary impacts

Resource Prioritization

Biggest ALE is biggest risk concern

Combine qualitative priorities with quantitative priorities

Work at addressing each item from largest ALE value first

Continuity Planning

Strategy Development

Provisions and Processes

Plan Approval

Plan Implementation

Training and Education

overview

Strategy Development

Bridge between BIA and BCP crafting

Determine which risks to address in this BCP crafting time frame

Determine acceptable risks vs. those that require mitigation

Commit sufficient resources to resolve priorities

Provisions and Processes

People

Building and facilities

Hardening provisions

Alternate sites

Infrastructure

Physically hardening systems

Alternative systems

Plan Approval

Top-level management endorsement

Educate top executives about plan concepts and details

Senior executive approval establishes plan credibility throughout organization

Plan Implementation

Define an implementation schedule

Use allocated implementation resources

Achieve process and provisioning goals

Implement BCP maintenance program

Training and Education

Assign responsibilities

Plan overview briefing

Dedicated training for those with assigned responsibilities

A backup or replacement person for each position

BCP Documentation

Continuity Planning Goals

Statement of Importance

Statement of Priorities

Statement of Organizational Responsibility

Statement of Urgency and Timing

Risk Assessment

Risk Acceptance/Mitigation

Vital Records Program

Emergency-Response Guidelines

Maintenance

Testing and Exercises

overview

Continuity Planning Goals

Set goals

Ensure the continuous operation of the business in the face of an emergency situation

Meet organizational needs

Statement of Importance

Reflects criticality of BCP

Disclosed in a memo to all employees

Should be signed by CEO to avoid compliance resistance

Statement of Priorities

Directly reflects designed BCP priorities

Include evaluation of priorities

Focus on importance to the continued operation of business functions in the event of an emergency

Statement of Organizational Responsibility

Business continuity is everyone’s responsibility

Reinforces organization’s commitment to BCP

Informs individuals of the expectation to assist and support

Statement of Urgency and Timing

Stresses priority of implementation

Defines the roll-out timetable

Risk Assessment

A recap of the BCP decision-making process

Summary of BIA

Discloses quantitative and qualitative analysis results

Risk Acceptance/Mitigation

Identifies those risks deemed acceptable

Identifies those risks deemed unacceptable

List risk management provisions

Define processes and responses

Define how the risk is reduced or managed

Vital Records Program

Determine where critical records will be stored

Set procedures for backing up critical records

Identity critical records

Digital and paper should be considered

Vital records are those needed to reconstruct the organization in the event of a disaster

Emergency-Response Guidelines

Define responsibilities in an emergency

Details activation of BCP elements

Immediate response procedures

Individuals to notify of the incident

Secondary response procedures

Goal is to minimize response time

Maintenance

BCP is a living document

BCP should be periodically updated

Drastic changes may require a complete re-design and re-crafting

Practice good version control

Include BCP in job descriptions/responsibilities

Testing and Exercises

Establish a formalized testing program

Train personnel on their tasks and responsibilities

See disaster recovery testing in Chapter 18

Conclusion

Read the Exam Essentials

Review the Chapter

Perform the Written Labs

Answer the Review Questions