Reference no: EM133163331 , Length: word count:2750

Essay Assignment

Assignment - Submit the Business Continuity Plan for Review

Instructions

To help ease the concerns of the CISO and other executive officials tied into cyber operations, the chief technology officer (CTO) is asking for processes and procedures regarding exposed systems. You created a security baseline of your nation team's systems in Project 1, and that is a necessary part of determining mission priorities and identifying critical systems in the event of a cyber incident. You've also completed several steps that will provide an assessment of the software life cycle and development, including a development matrix. Now, as a team, and in accordance with your team agreement, you will create an eight- to 10-page Business Continuity Plan (BCP) that addresses the mission needs and systems for recovery of the whole enterprise after a cyberattack event. This BCP will be used to help the CISO identify current systems and timelines that will be used to bring systems back online and the sequence of events that occur during deployment of the plan. Make sure that all citations are in proper APA format.

Refer to the following documents to assist you in creating the final portion of the BCP:

Your team's security baseline from Project 1

Contingency Planning Guide for Federal Information Systems for examples of what to include in your BCP

Best Practices for Creating a BCP

Consider and include the following as you develop your BCP:

The BCP should include the software development life cycle assessment and the software development matrix you completed in prior steps.
The BCP should describe the normal operation standards, practices, and procedures for operating systems, including critical systems. Develop standard operating procedures based on what the team identifies as the most critical to least critical to continue business operations. Included in the standard operating procedures and best security engineering practices should be operating system fundamentals, operating system security, management of patches, and operating system protections.

All partner nations at the summit have maintained that there will possibly be the use of an ad hoc wireless network. The nations' CISOs will have to determine differences between rogue and authorized access points with consideration to authorized service set identifiers (SSID). These considerations will have to be included in the BCP.

Limit the scope to communications systems.
The BCP should be tailored to recover from a ransomware attack. Include leadership decision-making options for payouts in such currencies as Bitcoin, which uses blockchain technology. Based on the recent outbreaks of ransomware attacks, identify key components of the given topology and describe how a ransomware incident would be contained or identified if an event occurred inside the given topology. What are the network security threats for a ransomware attack? Include these vectors as scenarios in the BCP and address remediation paths.

The BCP should also include an incident response plan, IR response flow for DDoS, malware, insider threats-in case of a need to execute the plan, documentation will be used for identified parties to follow to ensure proper communication channels and flow of information/triggers are understood so breakdown does not occur.

Sources: 5 sources required; Citation Style: APA 7th edition

10 pages / 2750 words (Double spacing)