To help ease the concerns of the CISO and other executive officials tied into cyber operations, the chief technology officer (CTO) is asking for processes and procedures regarding exposed systems. Use the attached security baseline as a reference, as it is a necessary part of determining mission priorities and identifying critical systems in the event of a cyber incident.
Create an 8-page Business Continuity Plan (BCP) that addresses the mission needs and systems for recovery of the whole enterprise after a cyberattack event.
This BCP will be used to help the CISO identify current systems and timelines that will be used to bring systems back online and the sequence of events that occur during deployment of the plan. Make sure that all citations are in proper APA format.
Refer to the following documents to assist you in creating the final portion of the BCP:
• The attached security baseline report
• Contingency Planning Guide for Federal Information Systems for examples of what to include in your BCP “Attached”
• Best Practices for Creating a BCP “Attached”
Consider and include the following as you develop the BCP:
• The BCP should describe the normal operation standards, practices, and procedures for operating systems, including critical systems.
Develop standard operating procedures based on what the team identifies as the most critical to least critical to continue business operations.
Included in the standard operating procedures and best security engineering practices should be operating system fundamentals, operating system security, management of patches, and operating system protections.
• All partner nations at the summit have maintained that there will possibly be the use of an ad hoc wireless network. The nations’ CISOs will have to determine differences between rogue and authorized access points with consideration to authorized service set identifiers (SSID). These considerations will have to be included in the BCP.
• Limit the scope to communications systems.
• The BCP should be tailored to recover from a ransomware attack. Include leadership decision-making options for payouts in such currencies as Bitcoin, which uses blockchain technology. Based on the recent outbreaks of ransomware attacks, identify key components of the given topology and describe how a ransomware incident would be contained or identified if an event occurred inside the given topology. What are the network security threats for a ransomware attack? Include these vectors as scenarios in the BCP and address remediation paths.
• The BCP should also include an incident response plan, IR response flow for DDoS, malware, insider threats—in case of a need to execute the plan, documentation will be used for identified parties to follow to ensure proper communication channels and flow of information/triggers are understood so breakdown does not occur.