Professional Documents
Culture Documents
IAA202 - Group1 - Lab 8
IAA202 - Group1 - Lab 8
Lab #8: Develop an Outline for a Business Continuity Plan for an IT Infrastructure
• Define the goals and purpose of a Business Continuity Plan (BCP) for an IT infrastructure
• Align the Business Impact Analysis to define the scope of their BCP for an IT infrastructure
• Identify the major parts of a BCP unique to their scenario and IT infrastructure
This is a paper-based lab and does not require the use of a “mock” IT infrastructure or virtualized
server farm.
The standard Instructor and Student VM workstation with Microsoft Office 2007 or higher is
required for this lab. Students will need access to their completed, Lab #8 –Assessment Worksheet,
Part A – Business Continuity Plan Outline.
In addition, Microsoft Word is a required tool for the student to craft a BCP plan outline. Your
outline must identify the major parts of a BCP unique to your given scenario and vertical industry.
Incorporate the results of your BIA to identify what business functions and operations require
continuity and recovery processes and procedures.
Recommended Procedures
Student steps needed to perform Lab #8 – Develop an Outline for a Business Continuity Plan for
an IT Infrastructure:
1. Connect your removable hard drive or USB hard drive to a classroom workstation.
5. Use the same scenario/vertical industry you were provided in Lab #7 – Perform a Business
Impact Analysis for an IT Infrastructure assigned by your Instructor:
6. Incorporate the following BCP sections and essential sub-topics in your outline:
• Business Impact Analysis – risk assessment and analysis prioritizing business functions
benchmarks, disaster recovery planning (DRP as a sub-set of a BCP plan), recovery steps
and procedures for mission critical IT systems, applications, and data
• Develop & Implement the Plan – the plan is a living and breathing document that
requires annual updates and change control revisions. Implementation and the
instructions for how to engage the BCP are part of this section
• Test & Update the Plan – the most important part of a BCP or DRP is to test the plan
Upon completion of the Lab #8 – Develop an Outline for a Business Continuity Plan for an IT
Infrastructure, students are required to provide the following deliverables as part of this lab:
The following are the evaluation criteria and rubrics for Lab #8 that the students must perform:
1. Was the student able to define the goals and purpose of a Business Continuity Plan (BCP)
for an IT infrastructure? – [25%]
2. Was the student able to align the Business Impact Analysis to define the scope of their
BCP for an IT infrastructure? – [25%]
3. Was the student able to identify the major parts of a BCP unique to their scenario
and IT infrastructure? – [25%]
4. Was the student able to develop a BCP outline for a given scenario and vertical
industry? – [25%]
Lab #8: Assessment Worksheet
Using the results of Lab #7 – Perform a BIA on an IT Infrastructure, incorporate your BIA into your BCP
plan scenario and vertical industry focus. Work in teams of two or three students as assigned by your
Instructor. Craft a more detailed BCP outline only (not an entire BCP plan, etc.) based on the following:
Use the same scenario/vertical industry you were provided in Lab #7 – Perform a Business
Impact Analysis for an IT Infrastructure assigned by your Instructor:
a. Healthcare provider under HIPPA compliance law
Incorporate the following BCP sections and essential sub-topics in your outline:
• Business Impact Analysis – risk assessment and analysis prioritizing business functions
benchmarks, disaster recovery planning (DRP as a sub-set of a BCP plan), recovery steps
and procedures for mission critical IT systems, applications, and data.
• Develop & Implement the Plan – the plan is a living and breathing document that
requires annual updates and change control revisions. Implementation and the
instructions for how to engage the BCP are part of this section.
• Test & Update the Plan – the most important part of a BCP or DRP is to test the plan
The purpose of a business continuity plan (BCP) is to identify andassess the risks, threats and
vulnerabilities that threaten a company sothat you can minimize both internal and external exposure to
them andSo you can minimize them.The goal of the BCP plan is to document the procedures for
prevention and recovery. There are several effective ways I think it canhelp:Create a BCP team to
implement a number of policies and workout solutions for emergencies.Invest a lot of money to
improve each employee's knowledge ofthreats, vulnerabilities, etc. Because we only understand the
exactdanger level when we know it correctly.
II. Business Impact Analysis
Some data-driven attacks - one of the company's most important. Soif we lose control of the
system - the administrator, we will lose all dataand the company will stop working.
We need to consider the severity of the policies, which will keepemployees away from
clicking on unknown links or using strangeapplications that can remove malware. If we have
unexpected malwareon our corporate network, it is equally serious when we lose control
ofthe system - the administrator.A Dos or DDos attack can reduce a company's income by
denying allcommunications between the company and its users.
RTO: 80% of the time to backup and restoreeverything lost (network data, user data, hardware
data,etc.), the remaining 20% will be for reporting anddocument recovery.RPO: commodity data,
exchange: 30 minutes;Employee data (reports, salaries, etc.): 1 day.DRP:
Before disaster:
- Back up all important information.
- Protect all physical things such as equipment,computers, etc. by moving or using
areplacement.
In disaster:
- Keep valuables safe.
- Check all the change information and try tocontrol all of them.
After disaster:
- Clean things up and make sure they work again assoon as possible.Recover lost or corrupted
data
IV. Develop & Implement the Plan
As I said before, the plan will be implemented as policy.Set up a defense system for a surprise attack
or disaster.
IT team needs to back up data regularly in case of unexpected data loss.Adhere to the policy before
doing something.System maintenance periodically.
V. Test & Update the Plan
Hacking your system multiple times, in many ways, if in any case,your BCP plan is more
than 80% against it, that would be okay.Try to add a new attack or disaster definition to fully
prepare for the nextattack
Lab #8: Assessment Worksheet
Overview
After completing your BCP outline for your scenario and IT infrastructure, answer the following Lab
#8 – Assessment Worksheet questions. These questions are specific to the BCP you performed for
your scenario and IT infrastructure. Justify your answers where needed.
- The Business Continuity Plan (BCP) identifies actions thatorganizations should take
to minimize the adverse effects of potentialdisasters.
4. From your scenario and BIA from Lab #7, what were the mission critical
business functions and operations you identified? Is this the focus of your
BCP?
- Internal and external voice communication with customers in realtime; Domain name
servers (DNS) for internal and external InternetProtocol (IP) communications,
Network management and technicalsupport, Financial and accounting support;
Accounts payable,accounts receivable, etc.
11. Within your BCP outline, where will you find a list of prioritized business
operations, functions, and processes?
- The BIA.
12. Within your BCP outline, where will you find detailed back-up and system
recovery information?
- This will be found in the Business Continuity / Disaster preparedness / Recovery
section.
13. Within your BCP outline, where will you find a policy definition defining how
to engage your BCP due to a major outage or disaster?
- This will be found in the Development and Implementation plansection.
14. Within your BCP outline, where will you find a policy definition defining
the resources that are needed to perform the tasks associated with BC or DR?
- This will be found in the Getting Started section of the BCP.
15. What is the purpose of testing your BCP and DRP procedures, back-ups, and
recovery steps?
- The goal is to ensure all employees understand their roles andresponsibilities,
allow training to assess the recovery team's ability toimplement the plan
effectively, and ensure the operational plan ifnecessary, identify weaknesses
and short times, to verify goals andrecovery processes, verify alternative sites
and to help achieve thenumber of RTOs and RPOs.