Laboratory #8

Lab #8: Develop an Outline for a Business Continuity Plan for an IT Infrastructure

Learning Objectives and Outcomes

Upon completing this lab, students will be able to:

 Define the goals and purpose of a Business Continuity Plan (BCP) for an IT infrastructure

 Align the Business Impact Analysis to define the scope of their BCP for an IT infrastructure

 Identify the major parts of a BCP unique to their scenario and IT infrastructure

 Develop a BCP outline for a given scenario and vertical industry

Required Setup and Tools

This is a paper-based lab and does not require the use of a “mock” IT infrastructure or virtualized server
farm.

The standard Instructor and Student VM workstation with Microsoft Office 2007 or higher is required for
this lab. Students will need access to their completed, Lab #8 –Assessment Worksheet, Part A – Business
Continuity Plan Outline.

In addition, Microsoft Word is a required tool for the student to craft a BCP plan outline. Your outline
must identify the major parts of a BCP unique to your given scenario and vertical industry. Incorporate
the results of your BIA to identify what business functions and operations require continuity and recovery
processes and procedures.

Recommended Procedures
Lab #8 – Student Steps:

Student steps needed to perform Lab #8 – Develop an Outline for a Business Continuity Plan for an IT
Infrastructure:
1. Connect your removable hard drive or USB hard drive to a classroom workstation.
2. Boot up your classroom workstation and DHCP for an IP host address.
3. Login to your classroom workstation and enable Microsoft Word.
4. Review Figure 4 – “Mock” IT Infrastructure.
 5. Use the same scenario/vertical industry you were provided in Lab #7 – Perform a Business
Impact Analysis for an IT Infrastructure assigned by your Instructor:
a. Healthcare provider under HIPPA compliance law
b. Regional bank under GLBA compliance law
c. Nationwide retailer under PCI DSS standard requirements
d. Higher-education institution under FERPA compliance law
6. Incorporate the following BCP sections and essential sub-topics in your outline:
 Initiation of the BCP – Introduction, Definitions, BCP Organizational Structure, BCP
Declaration, BCP Communications and Information Sharing, etc.
 Business Impact Analysis – risk assessment and analysis prioritizing business functions and
operations aligned to IT systems, applications, and resources
 Business Continuity / Disaster Readiness / Recovery – RTO, RPO, business continuity
benchmarks, disaster recovery planning (DRP as a sub-set of a BCP plan), recovery steps and
procedures for mission critical IT systems, applications, and data
 Develop & Implement the Plan – the plan is a living and breathing document that requires
annual updates and change control revisions. Implementation and the instructions for how to
engage the BCP are part of this section
 Test & Update the Plan – the most important part of a BCP or DRP is to test the plan with a
“mock” business continuity disruption or disaster scenario. Table-top reviews of the
processes and procedures can be conducted to inform all BCP and DRP team members of
their roles, responsibilities, and accountabilities
7. Work in groups of two or three as assigned by your Instructor. Develop your BCP outline for
your given scenario using the results of Lab #7 – Perform a business Impact Analysis on an IT
Infrastructure and the “mock” IT infrastructure as shown in Figure 4.
8. Complete Lab #8 – Assessment Worksheets, Part A – BCP Outline and Part B – Assessment
Questions.

Deliverables
Upon completion of the Lab #8 – Develop an Outline for a Business Continuity Plan for an IT
Infrastructure, students are required to provide the following deliverables as part of this lab:
1. Lab #8 – Assessment Worksheet, Part A – BCP Outline
2. Lab #8 - Assessment Worksheet, Part B – Assessment Questions and Answers
Evaluation Criteria and Rubrics
The following are the evaluation criteria and rubrics for Lab #8 that the students must perform:
1. Was the student able to define the goals and purpose of a Business Continuity Plan (BCP) for an
IT infrastructure? – [25%]
2. Was the student able to align the Business Impact Analysis to define the scope of their BCP for
an IT infrastructure? – [25%]
3. Was the student able to identify the major parts of a BCP unique to their scenario and IT
infrastructure? – [25%]
4. Was the student able to develop a BCP outline for a given scenario and vertical industry? –
[25%]
 Lab #8: Assessment Worksheet

Part A – Develop an Outline for a Business Continuity Plan for an IT Infrastructure

Course Name: IAA202

Student Name: N g u y e n Vi e t Q u a n

Instructor Name: N g u y e n A n h N h a t

Lab Due Date: 12h 09/07/2024

Overview

Using the results of Lab #7 – Perform a BIA on an IT Infrastructure, incorporate your BIA into your BCP
plan scenario and vertical industry focus. Work in teams of two or three students as assigned by your
Instructor. Craft a more detailed BCP outline only (not an entire BCP plan, etc.) based on the following:

Use the same scenario/vertical industry you were provided in Lab #7 – Perform a Business Impact
Analysis for an IT Infrastructure assigned by your Instructor:
a. Healthcare provider under HIPPA compliance law
b. Regional bank under GLBA compliance law
c. Nationwide retailer under PCI DSS standard requirements
d. Higher-education institution under FERPA compliance law

Incorporate the following BCP sections and essential sub-topics in your outline:
 Initiation of the BCP – Introduction, Definitions, BCP Organizational Structure, BCP
Declaration, BCP Communications and Information Sharing, etc.
 Business Impact Analysis – risk assessment and analysis prioritizing business functions and
operations aligned to IT systems, applications, and resources.
 Business Continuity / Disaster Readiness / Recovery – RTO, RPO, business continuity
benchmarks, disaster recovery planning (DRP as a sub-set of a BCP plan), recovery steps and
procedures for mission critical IT systems, applications, and data.
 Develop & Implement the Plan – the plan is a living and breathing document that requires
annual updates and change control revisions. Implementation and the instructions for how to
engage the BCP are part of this section.
 Test & Update the Plan – the most important part of a BCP or DRP is to test the plan with a
“mock” business continuity disruption or disaster scenario. Table-top reviews of the processes
and procedures can be conducted to inform all BCP and DRP team members of their roles,
responsibilities, and accountabilities.
 Lab #8: Assessment Worksheet
Part A – Develop an Outline for a Business Continuity Plan for an IT Infrastructure

{Insert Scenario and Vertical Industry Here}

I. Initiation of the BCP

The plan should prepare a plan to document the business continuity planning project's objectives, scope,
and boundaries. The manager or management committee responsible for the project should approve the
program, including a budget

II. Business Impact Analysis

Business impact analysis (BIA) is a systematic process to determine and evaluate an interruption's potential
effects on critical business operations due to a disaster, accident, or emergency. A BIA is an essential
component of an organization's business continuance plan.

III. Business Continuity / Disaster Readiness / Recovery

Businesses should develop an information technology disaster recovery plan (IT DRP) in conjunction with
a business continuity plan.

IV. Develop & Implement the Plan

An implementation plan, often known as a strategy plan, defines the measures your team should follow to
achieve a common aim or target. This plan integrates strategy, method, and action and will cover all aspects
of the project, from scope to budget and beyond.

V. Test & Update the Plan

Hacking your system multiple times, in many ways, if in any case,your BCP plan is more than 80% against
it, that would be okay.Try to add a new attack or disaster definition to fully prepare for the nextattack.
 Lab #8: Assessment Worksheet
Develop an Outline for a Business Continuity Plan for an IT Infrastructure

Course Name: IAA202

Student Name: N g u y e n Vi e t Q u a n

Instructor Name: N g u y e n A n h N h a t

Lab Due Date: 12h 09/07/2024

Overview

After completing your BCP outline for your scenario and IT infrastructure, answer the following Lab #8 –
Assessment Worksheet questions. These questions are specific to the BCP you performed for your
scenario and IT infrastructure. Justify your answers where needed.

Lab Assessment Questions

1. How does a BCP help mitigate risk?

A BCP helps to manage risk by ensuring that the company is prepared for any interruption to daily
operations.

2. What kind of risk does a BCP help mitigate?

Financial loss
Natural disasters
Cyber-attacks

3. If you have business liability insurance, asset replacement insurance, and natural disaster insurance,
do you still need a BCP or DRP? Why or why not?
Yes, Because the BCP involves a business impact study, risk assessment, and an overall business continuity
strategy, while the DR plan includes examining all backups and ensuring any redundant equipment crucial to
recovery is current and operational

4. From your scenario and BIA from Lab #7, what were the mission critical business functions and
operations you identified? Is this the focus of your BCP?
Accounting and finance support.
 Accounts payable and receivable.
Network management and technical assistance.
DNS for internal and external IP communication

5. What does a BIA help define for a BCP?

Critical business activities, Critical success factors, and Maximum acceptable outage
6. Who should develop and participate in the BCP within an organization?

BCP Program manager

BCP Coordinator
BCP Teams

7. Why does disaster planning and disaster recovery belong in a BCP?

If a crisis happens, the company may respond with foresight and preparedness, emphasizing the need of
having disaster planning and recovery in the BCP

8. What is the purpose of having documented IT system, application, and data recovery
procedures and steps?
In the case that a network must be rebuilt from start, the original settings and applications may be
reconstructed to minimize network conflicts

9. Why must you include testing of the plan in your BCP?

Testing a BCP evaluates the plan's effectiveness in real-world conditions. As a result, when you test the
strategy, you're searching for flaws or holes in the plan. Once the flaws have been discovered, your
teams may collaborate to improve them.

10. How often should you update your BCP document?

Once a year

11. Within your BCP outline, where will you find a list of prioritized business operations,
functions, and processes?

Evaluate your company's vision. The first step to setting your business priorities is to understand and
evaluate your company's vision.
Identify strengths and weaknesses.
Identify goals.
Collaborate with team members.
Organize by importance.
Organize by category.
Track the progress of results.

12. Within your BCP outline, where will you find detailed back-up and system recovery information?

This will be found in the Business Continuity / Disaster preparedness / Recovery section.

13. Within your BCP outline, where will you find a policy definition defining how to engage your
BCP due to a major outage or disaster?
 This will be found in the Development and Implementation plansection

14. Within your BCP outline, where will you find a policy definition defining the resources
that are needed to perform the tasks associated with BC or DR?
This will be found in the Getting Started section of the BCP

15. What is the purpose of testing your BCP and DRP procedures, back-ups, and recovery steps

The goal is to ensure all employees understand their roles andresponsibilities, allow training to assess
the recovery team's ability toimplement the plan effectively, and ensure the operational plan ifnecessary,
identify weaknesses and short times, to verify goals andrecovery processes, verify alternative sites and
to help achieve thenumber of RTOs and RPOs.