Case Study #2: Integrating Disaster Recovery / IT Service Continuity with Information Technology Governance Frameworks
You have been assigned to the IT Services Continuity working group at your company. As a member of this cross-functional team, you will contribute your cybersecurity knowledge and skills to help with planning, implementation, and execution for IT Services Continuity under the company’s overall Disaster Recovery (DR) and Business Continuity Planning (BCP) efforts. Your first task as a member of this group is to prepare a 3 page white paper which will provide an orientation for team members from other areas of the company who are not familiar with the functions and responsibilities of the Chief Information Security Officer and the cybersecurity team which the CISO oversees.
Your audience will be familiar with the general requirements for business continuity planning (BCP), business impact analysis (BIA), and continuity/recovery strategies for business operations (e.g. restore in place, alternate worksite, etc.). Your readers will NOT have in-depth knowledge of the requirements / implementation strategies which are specific to restoring IT services which support the critical functions of the business (as identified in a BIA).
Note: in your white paper, you must integrate examples from at least one IT governance framework, e.g. COBIT®, ITIL®, or ISO/IEC 27002, and use them to discuss specific aspects of planning, implementation, and execution for disaster recovery / IT Service Continuity as defined in your selected IT governance framework.
1.Cross-functional team: a team whose members have differing areas of functional knowledge and expertise. May also be referred to as an “inter-disciplinary” team. Cross-functional teams are able to investigate issues or problems using multiple area of expertise and differing perspectives. Team members contribute to the group’s analysis and problem solving endeavors from diverse education, skills, experiences, and knowledge.
2.White Paper: a white paper is an authoritative report used to present expert opinion and analysis about an issue or issues.
- Read / Review the Week 3 readings:
- Find three or more additional sources which provide information about best practices for IT Service Continuity / Disaster Recovery planning, implementation, and execution. (Hint: begin by exploring http://www.ready.gov/business ) For the purposes of this assignment, implementation means the advance work necessary to implement recovery plans by acquiring or contracting for products, services, infrastructures, and facilities. Execution means activating the DR/BCP plans and overseeing the recovery operations.
Use standard terminology including correctly used cybersecurity terms and definitions to write a two to three page summary of your research. At a minimum, your summary must include the following:
1.An introduction or overview of disaster recovery / IT Service Continuity which provides definitions and addresses the reasons why cybersecurity should be specifically addressed in the company’s DR/BCP strategies and plans. This introduction should be suitable for an executive audience.
- A separate section which addresses the CISO & CISO staff roles and responsibilities during the planning phase of DR/BCP and IT Service Continuity. This section should include identification and discussion of best practices for addressing cybersecurity objectives in the planning process.
- A separate section which addresses the CISO & CISO staff roles and responsibilities during the implementation phase of DR/BCP and IT Service Continuity. This section should include identification and discussion of best practices for ensuring that cybersecurity objectives are met during the implementation phase. The implementation phase includes such activities as acquisition and contracting.
- A separate section which addresses the CISO & CISO staff roles and responsibilities during the execution phase of DR/BCP and IT Service Continuity. This section should include identification and discussion of best practices for ensuring cybersecurity objectives are met during the execution phase. The execution phase includes such activities as activating the DR/BCP or IT Service Continuity plan(s) and overseeing recovery operations.
- A closing section that provides a summary of the issues and recommendations regarding inclusion of Cybersecurity considerations in the company’s DR/BCP strategies and plans.
Submit For Grading & Discussion
Submit your case study in MS Word format (.docx or .doc file) using the Case Study #2 Assignment in your assignment folder. (Attach the file.)
- Consult the grading rubric for specific content and formatting requirements for this assignment.
- Your 2-3 page white paper should be professional in appearance with consistent use of fonts, font sizes, margins, etc. You should use headings and page breaks to organize your paper.
- Your paper should use standard terms and definitions for cybersecurity. See Course Content > Cybersecurity Concepts for recommended resources.
- The CSIA program recommends that you follow standard APA formatting since this will give you a document that meets the “professional appearance” requirements. APA formatting guidelines and examples are found under Course Resources > APA Resources. An APA template file (MS Word format) has also been provided for your use CSIA_Basic_Paper_Template(APA_6ed,Nov2014).docx.
- You must include a cover page with the assignment title, your name, and the due date. Your reference list must be on a separate page at the end of your file. These pages do not count towards the assignment’s page count.
- You are expected to write grammatically correct English in every assignment that you submit for grading. Do not turn in any work without (a) using spell check, (b) using grammar check, (c) verifying that your punctuation is correct and (d) reviewing your work for correct word usage and correctly structured sentences and paragraphs.
- You are expected to credit your sources using in-text citations and reference list entries. Both your citations and your reference list entries must follow a consistent citation style (APA, MLA, etc.).