VIDYA SAGAR REDDY CHALLA, Course Number
: ISOL632/Lecture/24 – Bus Cont Plan
& Disaste Recovery Plan, Date
Name : Assume that you have been tasked by your employer
to develop an incident response plan. Create a list of stakeholders for the IR
planning committee. For each type of stakeholder, provide the reasons for
inclusion and the unique aspects or vision that you believe each of these
stakeholders will bring to the committee.
response plan (IRP) is a set of written instructions for detecting,
responding to and limiting the effects of an information security event.
Companies can have incident response plans for different
types of crises. For example, it may be necessary to implement a response plan
if a serious weather event threatens a network or operations center. This would be considered
as a part of continuity planning it is to restore and maintain
stable services under various circumstances. Another type of incident response
plan manages the loss of data this is called succession planning.
When it comes to information security, an incident
response plan refers specifically to how a business protects its
assets, limits the scope of damage, and determines its root causes, and applies
lessons learned in the immediate effects of a data breach. Whether the threat
actor is a hacker or a piece of malicious software, it’s crucial that security
experts be prepared to act quickly. The faster a response plan is activated,
the more limited the business impact may be. Building a successful IRP includes
the following steps
Here are tips to help an organization and to develop and
implement an incident response plan:
1. FORM AN INCIDENT RESPONSE TEAM : This teams analyze reports of
security breaches and threats in order to develop the organization’s incident
response strategy. There are various types of incident response teams that can
be composed internally, externally, or a mixture of both.
2. CONDUCT AN INCIDENT THREAT ANALYSIS: Conduct an incident threat
analysis by discovering and documenting the threats, risks, and potential
failures that impacts your organization’s current security measures.
QUICK-RESPONSE GUIDELINES FOR DIFFERENT SCENARIOS:
Using your incident threat analysis, create
quick-response guides for the situations you found to most likely to occur and
make them readily available to IR stakeholders. This will allow you to act
immediately on the common incidents that threaten your organization. In
addition, create clear processes for making critical incident response
decisions and outline who will be responsible for these decisions on a case by
4. OUTLINE A
PLAN FOR EXTERNAL NOTIFICATION: Communication with
external parties is very important in any incident response plan, so be sure make
a document procedures for alerting third parties. When an incident occurs, law
enforcement and other key stakeholders should be notified. It is also
beneficial to keep in touch with providers and other experts in the field to
receive further guidance for handling the incident.
YOUR PLAN TO EMPLOYEES: Employees are an important
factor of incident response planning. All employees should be aware of your
organization’s incident response plan and have access to it at all times.
Moreover, employees should understand their role if an incident were to occur
and receive training in order to properly carry out their responsibilities.
PRACTICE, AND REPEAT: Just like any other process,
incident response plans require practice and training in order to be effective.
Running simulated breaches and responses for various scenarios will allow your
organization to fine tune its incident response plan, improving to be ready
whenever the real breach occurs.
7. LEARN FROM PAST MISTAKES: This is the most important driver of successful incident
response. Meet with all parties that handled a previous incident to discuss
what went well and what needs to be improved. Using collected incident data,
analyze factors such as the cost of the incident, incident timeline, and
overall effectiveness of your plan. Creating an incident response checklist is
helpful for seeing where your plan falls short.
are those who have an interest in or may be affected by actions recommended in
the resource management plan. Stakeholders who serve on the Planning Committee
are the primary decision-makers during the planning process. They work with
technical advisors and interact with the public to develop a resource plan
which can be supported and implemented in the planning area.
In order to develop a plan that addresses all
resource concerns and integrates ecological, economic, and social factors,
multiple stakeholders interested in developing a management plan need to be
identified. Work with initial stakeholders who are interested in resource
planning for their area. Select stakeholders who
• Are able to represent the group as well as
their individual interests;
• Can serve as
decision makers in the planning area;
represent all of the social, economic, and cultural communities in the planning
represent all the different views, opinions, and interests in the area.
Committee must periodically seek input from and provide information to the
entire community of people in the planning area to ensure that the final plan
is acceptable to all.
Made up of
The Committee may
Leadership ( Project Sponsor)
• Steering or
Operations and Maintenance
• Design Team
. Planning Consultants
Government & Faculty Senate
• Student & Faculty Users
The Next Step Once
the Planning Committee is organized, they want to establish operating
procedures for how their group will function during the planning process. They
should also agree on the planning area for which they will develop a resource
Stake Holder Roles
This gives an
overview of the groups involved, their goals, and their role(s) in the process.
Initiate, manage, and deliver the project, as well as staff and operate the
project after completion.
Leadership (project sponsor)
project outcomes align with the university mission, plans, and operations.
oversight; key directions; and input on programming and design. Approve
overall schedule and budget, and staffing and resources to operate project
after completion. May address issues and changes throughout construction.
Building Committee (includes leadership from university administration)
and management, enable project stakeholders to carry out their roles and
stakeholders, and act as project representative to other groups on campus and
externally. Guide staffing and resourcing decisions.
Operations & Maintenance
Contribute to an
optimally operating learning space.
campus services and maintain building systems and conditions.
Design / Programming Team
Deliver an integrated space, technology, and service design plan that best
aligns with project goals, schedule, budget, and design requirements.
solutions that meet project goals and vision, and space, technology, and
and research into programming, design concepts, and plans. Detail building
systems (structural, mechanical, electrical, plumbing, fire protection),
floorplans, and interiors.
Engage and guide
stakeholders through a valuable planning process.
and strategy information and expert guidance to facilitate planning,
including space programming, budgeting / cost estimating, operational
planning, service design, branding, engagement / facilitating, and communications.
in technical areas such as ambient conditions, sustainability, and usability.
information and expert guidance in specific areas such as acoustics,
lighting, audiovisual issues, energy efficiency, sustainability, storage, and
Provide user perspectives when setting project goals, requirements, and
priorities. Establish a community around the project to gain support. Help
evaluate the project in future assessment activities.
Government & Faculty Senate
supports the diversity of user needs.
from the point of view of building users and enable alignment of project with
larger campus needs and goals.
development of a learning space that supports their needs.
from personal perspectives.