2.7 Contingency Operations Policy

Video Activity

Join over 3 million cybersecurity professionals advancing their career

Required fields are marked with an *

View all SSO options

Already have an account? Sign In »

Introduction to IT Security Policy

Course

Time

2 hours 23 minutes

Difficulty

Beginner

CEU/CPE

Video Transcription

00:01

Hello and welcome to I t. Security Policy Training from Cyber Harry. This is part of module to contingency plan policy

00:08

and its story myself. Troy Lemaire

00:12

Learning objective for this training

00:14

will be to learn the emergency mode operation and the requirements of this policy.

00:23

But this policy is a template that we have from health i t dot gov

00:27

on the continues he's planned policy

00:29

purposes policy establishing implement policies, procedures for responding to an emergency or other currents

00:35

damages systems

00:37

scope of the policies directed to the I T management staff whose economy and ensure the plan is developed, tested and kept up to date

00:45

So far. Emergency mode operations here The officer Shall we response for Del Valle Ping and regularly updating emergency mode Operation plan for the purpose of

00:54

didn't know operations during such time frame that information systems are unavailable

01:00

and the plan should have a sufficient level of detail. An explanation that person unfamiliar with systems can implement the plan occasion of an emergency or disaster.

01:07

So in the first paragraph, security officer can be replaced with I t manager or whoever would be the person that is really responsible for keeping this operation plan up to date,

01:19

and then in the second part you can list out

01:23

certain details that you would want, such as if you have certain systems, other keys to the kingdom that basically or the most important systems within your organization. You can list those here if you want to have them specifically spelled out

01:38

Looking at the requirements. The emergency mode operation plan shall include the following, and this is something that you can change out as you need to to make sure that it's covering the things that you would want to cover in your organization. But

01:49

current copies of the information system inventory and network configuration developed and updated

01:53

copy of the written backup procedures

01:57

Identification of an emergency response team members of such team shall responsible for the following

02:02

that is determined the impact of a disaster or system unavailability.

02:07

Identifying and implementing appropriate workarounds during such time, information systems are unavailable

02:12

and taking such up necessary to restore operations

02:15

in regards to a

02:17

disaster recovery plan versus a contingency plan does. That's recovery is what you would do after the fact to restore your data, whereas a contingency plan is what you would do

02:27

while your systems are unavailable to make them become available

02:31

in the need of that emergency. So one is planning how you would restore things, and one is planning how you would actually keep things going so they are quite different and they have each individual purpose and shouldn't be confused to be the same thing for one time. Events

02:50

begin is always policy compliance. Info. SEC team will verify compliance through various methods.

02:54

Exceptions need to be approved in advance and not compliance. Is an employee found to have violated policy may be subject to disciplinary action up to and including termination of employment.

03:09

So in summary in today's lecture, we talked about the contingency plan policy, emergency mode operation

03:15

and the requirements.

03:19

Recap question Emergency mode Operation plan should include the following

03:23

identification of a

03:24

blank blank team

03:28

that would be an emergency response team.