Case Study: Integrating Disaster Recovery / IT Service Continuity with Information Technology Governance Frameworks
Case Scenario:
You have been assigned to a large, cross-functional team which is investigating adopting a new governance framework for your company's Information Technology governance program. Your first assignment as a member of this team is to research and write a 2 to 3 page white paper which discussesone of the Chief Information Security Officer (CISO) functional areas. The purpose of this white paper is to "fill in the gaps" for team members from other areas of the company who are not familiar with the functions and responsibilities of the Office of the Chief Information Security Officer.
Your assigned CISO functional area is: Disaster Recovery/ IT Service Continuity (IT Service Continuity is a subset of Business Continuity). Your white paper must address the planning, implementation, and execution aspects of this CISO functional area. Your audience will be familiar with the general requirements forbusiness continuity planning (BCP), business impact analysis (BIA), and continuity/recovery strategies for business operations (e.g. restore in place, alternate worksite, etc.). Your readers will NOT have in-depth knowledge of the requirements / implementation strategies which are specific to restoring IT services which support the critical functions of the business (as identified in a BIA).
Note: in your Critical Analyses and Discussion for this case study you will address specific aspects of a governance framework, e.g. COBIT®, ITIL®, or ISO/IEC 27002, which apply to planning and implementation of disaster recovery / IT Service Continuity.
Research:
1. Read / Review the Week 3 readings:
2. Find three or more additional sources which provide information about best practices for IT Service Continuity / Disaster Recovery planning, implementation, and execution.(Hint: begin by exploringhttps://www.ready.gov/business) For the purposes of this assignment, implementation means the advance work necessary to implement recovery plans by acquiring or contracting for products, services, infrastructures, and facilities. Execution means activating the DR/BCP plans and overseeing the recovery operations.
Write:
Using standard terminology (see case study #1), write a three page summary of your research. At a minimum, your summary must include the following:
1. An introduction or overview of disaster recovery / IT Service Continuity which provides definitions and addresses the reasons why cybersecurity should be specifically addressedin the company's DR/BCP strategies and plans. This introduction should be suitable for an executive audience.
2. A separate section which addresses disaster recovery / IT Service Continuity planning functions performed by staff members in the Office of the CISO.
3. A separate section which addresses best practices forimplementing disaster recovery / IT Service Continuity.
Readings-
https://www.csoonline.com/article/2838371/security-leadership/the-evolution-of-the-ciso-role-and-organizational-readiness.html
https://www.mckinsey.com/business-functions/business-technology/our-insights/how-good-is-your-cyberincident-response-plan.