University Business Continuity Plan for Regional Gardens

Verified

Added on 2022/08/16

AI Summary

This report presents a Business Continuity Plan (BCP) tailored for Regional Gardens. It begins with an executive overview, defining the scope and objectives of the BCP, which includes protecting assets and personnel, and ensuring rapid operational resumption following disasters. The report then delves into a detailed business impact analysis, identifying vulnerabilities across infrastructure, services, administration, security, and disaster recovery. Following this, the report outlines an incident response plan, detailing actions taken and personnel involved in addressing various incidents, such as data loss and security breaches. A comprehensive backup plan is presented, specifying backup policies for sensitive data, transaction logs, software licenses, and encryption keys. Finally, the report concludes with a disaster recovery plan, outlining immediate actions to be taken in response to specific disasters like data loss and network security breaches. The report emphasizes the importance of proactive measures to ensure business continuity and operational resilience.

Running head: BUSINESS CONTINUITY PLAN
Business Continuity Plan
Name of the Student
Name of the University
Author Note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1
BUSINESS CONTINUITY PLAN
Executive Overview
Business continuity plan indicates towards the process which is followed by the
companies for the creation of recovery and prevention system from several kinds of threats like
that of cyber-attacks or natural disasters. BCP or business continuity plan is basically designed
for the protecting assets as well as personnel and for ensuring that they could function in a quick
manner when severe disasters takes place. The scope of BCP comprises of protecting each and
every asset of Regional Gardens along with its respective customers along with providing of the
capability for resuming of the operations in an effective manner. This also focuses on the
inclusion of a specific period of time which permits it for meeting all the regulatory along with
the legal requirements. BCP mainly focuses on measuring, arranging and planning for ensuring
the constant delivery of products and services which are naturally critical which in turn permits
Regional Gardens for recovering its data, assets along with facilities.

2
BUSINESS CONTINUITY PLAN
Table of Contents
Business Impact...............................................................................................................................3
Incident Response............................................................................................................................5
Backup Plan.....................................................................................................................................8
Disaster Recovery............................................................................................................................9
References......................................................................................................................................11

3
BUSINESS CONTINUITY PLAN
Business Impact
Serial no. Department Business impact
1. Infrastructure The servers are not are not being ran with the
utilization of the current operating system. In
addition to this, they have not been patched for
the longest time [1]. No maintenance of the
contracts on any software which has been
installed along with the hardware. Majority of
the desktops and servers are more than five
years old.
2. Services and data Absence of backup as if any disk becomes bad,
then the entire data which is related with that
particular disk would be lost along with the
services which are linked with it would fail.
3. Administration The server of the administration tends to be
naturally haphazard. Occurrences of several
storage issues takes place due to regular filling
up of the disks. Absence of the monitoring
systems in Regional Gardening [2]. Majority
of comprises get identified very late after the
information has already been hacked.
4. Security A firewall along with any kind of security
system is not possessed by this particular
organization. In addition to this, this particular
organization does not possess an entire
protection for the email viruses and the privacy
of the important information gets exploited.
5. Disaster and backup This particular organization does not associate

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4
BUSINESS CONTINUITY PLAN
recovery any sort of procedures or systems along with it
which could be helpful in the context of the
recovery of the disaster or backup of the
confidential and sensitive data of this
particular organization [3].
6. Physical and network
location
The network of this particular organization is
not secure where the concept of hacking along
with the involvement of the third parties comes
into the picture.
7. Individual passwords and
workstations.
Majority of the computers which are being
utilized by this particular organization has not
been patched up since the time it has been
installed for the aim of utilization in this
organization. On the other hand, data is stored
in these kinds of computers in the home
directories which are not even backed up
resulting towards data loss. Users could have
accounts on the computer of the other
employees utilizing different or same
passwords. In addition to this, absence of
severe rules for setting of passwords leads
towards having very simple passwords like
that of the name of the respective passwords.
Incident Response
Serial
No.
Incident Actions taken Personnel involved

5
BUSINESS CONTINUITY PLAN
1. Absence of off-
boarding and
onboarding processes.
Focusing on the existence
of both on both off-
boarding and onboarding
procedures [4].
Management personnel.
2. Absence of the
framework of policies
within the
organization
Development of the policy
framework for the
betterment of the
organization.
Management personnel
3. Utilization of
backdated operating
systems.
Installation of new and
advanced operating
systems.
System administration
personnel.
4. Absence of the
maintenance contracts
Development of the
management contracts.
Management personnel.
5. Utilization of
desktops of servers
which are more than
five years old.
Utilization of advanced
desktops and servers.
System administration
personnel
6. Loss of sensitive data Arrangement for backing
up of the confidential data
of the organization [5].
System administration
personnel.
7. Loss of finance data Preserving the integrity of
data related with the
finance of this
organization.
Finance personnel.
8. Occurrence of several
kinds of issues related
with the capacity of
the storage of the
Utilization of disks
possessing higher
capacities of storage.
System administration
personnel.

6
BUSINESS CONTINUITY PLAN
disks which are
utilized by this
organization.
9. Dependency of the
organization on its
respective servers
Utilization of more
effective technologies such
that the organization no
longer have to be based on
their respective servers.
Management and system
administration personnel.
10. Absence of
monitoring systems
Inclusion of monitoring
systems within the
organization.
Management personnel.
11. Absence of security of
networks and firewall
along with protection
from several email
viruses.
Inclusion of network
security, virus protection
along with firewall.
Management and system
administration personnel.
12. Hacking of
confidential data
Increment of protection
sensitive and confidential
data with the utilization of
cryptography.
System administration
personnel.
13. Absence of
procedures for
disaster or backup
recovery.
Development of several
kinds of systems which
could be helpful in disaster
or backup recovery.
Management and system
administration personnel.
Backup Plan
Serial No. Category Backup Policy

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7
BUSINESS CONTINUITY PLAN
1. Backup of confidential and
sensitive data both finance
as well as data of all the
customers.
The backup of the confidential as well
as sensitive data should be taken on a
regular basis which could be on
weekly basis or a monthly basis in
case it has been hacked or has been
lost due to issues linked with the
storage disk [6].
2. Backup of the transaction
log
All kinds of transactions among the
organization and their respective
customers should be backed up for
keeping a track of the records.
3. Software Licenses The software licenses must be backed
up in case of their expiry.
4. Encryption keys The encryption keys utilized must be
backed up for the safety of the
information regularly.
Disaster Recovery
Serial No. Disaster Immediate Action
1. Loss or hacking of financial and
corporate data.
Utilization of several kinds of
keys of encryption for stopping
the hacking of the financial as
well as the corporate data of
each of the customers of this
particular organization [7].
2. Exploitation of the security of
network.
The security of the network
needs to be increased.
3. Loss of the details of each and every Backing up of the transactions

8
BUSINESS CONTINUITY PLAN
transaction which occurred among
this particular organization as well
as their respective customers.
along with utilization of
various encryption keys.
4. Loss of important data of this
particular organization because of
several kinds of issues linked with
the storage capacities of the disk.
The capacities of the storage of
the disks needs to be
incremented [8].
5. Data gets saved in the home
directories and the home directories
are not backed up at the same time.
Data should never be saved in
the home directories. Data
should be stored in the disks
with higher levels of memory.

9
BUSINESS CONTINUITY PLAN
References
[1] B. Horne, On computer security incident response teams, IEEE Security & Privacy, 12(5),
pp.13-15, 2014.
[2] M. Bada, S. Creese, M. Goldsmith, C. Mitchell and E. Phillips, Computer security incident
response teams (CSIRTs) an overview, Global Cyber Security Capacity Centre, pp.1-23, 2014.
[3] B.D. Phillips, Disaster recovery, CRC press, 2015
[4] C.M. Napolitano and A.M. Freund, On the use and usefulness of backup plans, Perspectives
on Psychological Science, 11(1), pp.56-73, 2016.
[5] N. Sahebjamnia, S.A. Torabi, and S.A. Mansouri, Integrated business continuity and disaster
recovery planning: Towards organizational resilience, European Journal of Operational
Research, 242(1), pp.261-273, 2015.
[6] A. Quaadgras, P. Weill, and J.W. Ross, Management commitments that maximize business
impact from IT, Journal of Information Technology, 29(2), pp.114-127, 2014.
[7] S.W. van Rooij and J. Merkebu, Measuring the business impact of employee learning: A
view from the professional services sector, Human Resource Development Quarterly, 26(3),
pp.275-297, 2015.
[8] S.A. Torabi, H.R. Soufi, and N. Sahebjamnia, A new framework for business impact
analysis in business continuity management (with a case study), Safety Science, 68, pp.309-323,
2014.