MSIS 4253/5253/ACCT 5603
Spring 2022
Homework #5
|
CKD is a virtual reality application maker that specializes in the advanced VR technologies that are often used by government agencies as training simulators and by gamers who seek cutting edge gaming technology. When it comes to advances in application technology, no one beats CKD.
CKD‘s business strategy focuses on forward thinking research and development (R&D) and very high end VR systems. They have built a niche market catering to those in want of advanced VR capabilities. As such, their rivals (both foreign and domestic) would love to get their hand on CKD‘s research data and design specifications. That threat is only second to CKD having its production line shut down. CKD is a small start-up company with about 100 employees selling high end products. They have no inventory and must keep up with government contracts not to mention gaming customer demand. If their production line goes down for any length of time, they are out of business.
Because CKD relies heavily on its information and information systems, having a solid information security program is imperative. Loss of R&D data would wipe them out. However, because CKD is a start-up funds for information security are limited and the accounting officer keeps a tight hold on spending, and because production cannot be interrupted the operations officer doesn’t want anything fowling up product output even if it is essential to information security.
Major decisions at CKD are made by the executive council (EC) which consist of the Chief Executive Officer (CEO), Chief Operations Officer (COO), Chief Financial Officer (CFO), Chief Legal Officer (CLO) and Chief Information Officer (CIO). You have been hired to file the role of Chief Information Security Officer (CISO). In that capacity you and your staff of six are responsible for developing cyber security policies, securing the CDKs information infrastructure and performing IT audits for security and compliance.
Homework #5 – Business Continuity Planning
There is a gray area between Disaster Recovery Plans (DRPs) and Business Continuity Plans (BCPs). As we learned in class, many of the components of the plans are the same. Even though DRPs are for IT functions and operations and BCPs are to keep the business up and running, often times companies will combine them as one. Many companies, especially small ones, don’t have a DRP or BCP. They don’t know about them or they don’t know where to find information on them.
Following up on your disaster recovery planning prioritization, you note that CDK does not even have a DRP and/or BCP. In fact, CDK is so new as a company that no one ever thought to put one together. Your CIO was so impressed by your prioritization of the major issues the company must deal with in a disaster that he assigns you to build out the DRP/BCP.
You have never built a DRP/BCP before so you decided to look for resources on the subject. Fortunately, there a number of good resources out there. There are government agencies, non-for-profit groups, and universities that have information, apps, and other resources for business like CDK to help them build DRPs and BCPs.
Your task is to find five or more resources on-line that CDK might use to help develop its DRP/BCP. For each resource you must: 1) state the title of the resources, 2) write a short paragraph explaining what the resource does and how it can help CDK, and 3) provide the webpage (URL) for the resources. As always, before turning it in ask yourself, “Would I give this to my boss?”
