Time
44 minutes
Difficulty
Intermediate
CEU/CPE
1

Video Transcription

00:00
Hello, everyone. This is instructor Gerry Roberts, and this is risk policies and security controls.
00:06
In this video, we're gonna talk about what the BCP or business continuity plan is.
00:11
Who are the actors that are involved with the plan?
00:14
The planning process,
00:16
some standards
00:18
it will wrap up.
00:20
So what exactly is the business continuity?
00:23
The BCP, or Business continuity plan, is a document that has put together by various individuals in an organization.
00:30
The idea is that they're going to be able to plan for longer term outages and disasters.
00:36
A good example of a long term Alger disaster
00:39
might be Hurricane Marie. In Puerto Rico,
00:42
they sustained 92 million US and damage
00:46
and in some places, the island. They're still no utilities,
00:50
even though this happened in 2017 which is almost two years ago.
00:56
This is different from a D. R P or disaster recovery response plan,
01:00
which is meant to cover short term disaster so the company can get back to work as soon as possible.
01:07
So who is involved with your BCP?
01:11
First of all, you're management has to start the process.
01:15
A business continuity coordinator is identified by management and that person's gonna be responsible for making sure all the different things that need to be done are done.
01:25
You also have a business Continuity committee
01:27
who management and the coordinator put together,
01:32
and this is comprised of members from management I t Security, communications and Legal.
01:38
And you want a good mix of different people from different departments and different levels of management. So you have visual and the different areas of your company, so you can better plan
01:48
now. In some cases, the entire company might be involved
01:52
if there's a training that used to be done
01:55
or, in some cases, during testing and drills the entire company night be involved.
02:01
So the BCP planning process.
02:06
So when you start to plan, the first thing you're gonna do is what's called a continuity policy.
02:10
This is a policy that's put together by management's, the committee and the coordinator. That pretty much says what we want to get out of our policy and what things we need to look at for continuity.
02:23
This will help guide the BCP document
02:28
next a B I A or business impact analysis system.
02:31
This helps us identify important functions, and resource is as Bella's identify threats.
02:38
Remember earlier when we were talking about risk management? We can't do anything unless we know what the threat is. So identifying threats along with important functions and resource is is very important.
02:52
Once those items are identified, then you can identify preventative controls.
02:58
In this stage, you're gonna identify. Implement those controls. They could help lower the overall risk to the organization.
03:06
Next, you want to develop some recovery strategies.
03:09
So that way, if an event happens, even though there are controls in place,
03:15
you'll be able to recover faster.
03:16
Now you'll create methods for bringing critical infrastructure back online quickly. First
03:23
business won't be able to run without critical infrastructure.
03:28
Next, you developed the contingency plan,
03:31
thes air procedures and guidelines for how the business can stay afloat even in a critical failure.
03:38
This is very important because businesses can't actually disappear and go out of business if they're not able to stay afloat
03:46
during a major disaster
03:51
exercise Test syndrome
03:53
test your plans
03:54
improved the players. If you find there's an issue with them,
03:59
train your employees. This is very important.
04:01
If you don't train your employees and something happens, they may not know what to do, or they may not be comfortable with what they have to do.
04:12
Also, if you can't do drills if possible
04:15
and these could be simple drills,
04:16
just help employees get ready
04:19
and last but not least maintain.
04:24
There's no reason to do all of this if you're not gonna maintain it.
04:29
Situations change equipment changes. Location changes, people change.
04:34
Threats change. Everything changes.
04:36
So have a plan
04:40
for maintenance.
04:42
And make sure you go through with that plan and maintain
04:46
your disaster recovery
04:47
and your BCP planet
04:53
standards.
04:54
Yeah, there's some standards out there available for your BCP.
04:58
Some of these air standards some of these air frameworks,
05:01
but the important part is they help you put together your BCP with some best practices.
05:09
You may use these to help guide your organization in the process.
05:13
Some standards that are available that you might be able to use
05:17
Ernest has several
05:19
they 834 and there are multiple others available.
05:24
There's the B s 2599 which is a British Standards Institute standard.
05:30
I So I'II see 27 0 31
05:33
and I saw 22031
05:38
You also have the business continuity institutes good practice guidelines, which is just pretty much a document of best practices.
05:46
You also have the D. R i international institutes professional practices for business continuity planners, which is also another document with a bunch of best practices that might help you out.
05:58
You know, if you're part of the United States government, they're probably gonna have to comply with some of the standards, not just look at them,
06:04
most likely n'est and I. So
06:06
if you're in other countries
06:10
such as England,
06:12
you may have to do things for the British Standards Institute shut just the B s 2599
06:17
And I know quite a few other countries that do business with the U. S. Government also have to comply with some of these standards.
06:26
So that's it for our lecture time for a question. So our post assessment questions
06:31
which stage of the BCP planning process will you identify an implement controls
06:38
is that during the developed the contingency plan stage
06:42
the maintain stage,
06:44
the continuity policy stage
06:46
or the identified preventative control stage.
06:50
I'll give you a moment to see if he could figure that out.
06:54
As always, you can pause and we'll come back to the answer in a moment.
07:01
The answer's de identified preventative controls.
07:06
During that particular stage, you're gonna identify preventative controls that can help you address the issues that you found in the previous stage where you were going through an identifying threats.
07:18
And you will also implement these controls during this stage if he can do so.

Up Next

Fundamentals of Risk Policies and Security Controls

In this course, you'll learn various controls that need to be put in place to ensure that CIA triad of security is maintained while running a business. With threat expanding with time and more advanced attacks and data breaches being discovered, it is important for organizations to have proper security controls in place to ensure data safety.

Instructed By

Instructor Profile Image
Gerrianne Roberts
Professor, Network Engineering Technology
Instructor