Question

You have been employed by Challenger Constructions as their first Chief Information Security Officer (CISO). You have been tasked by the Board to conduct a review of the company’s risks and start to deploy security policies to protect their data and resources.

You are concerned that the company has no existing contingency plans in case of a disaster.

The Board indicated that some of their basic requirements for contingency planning include:

• A Recovery Time Objective (RTO) of 4 hours
• A Recovery Point Objective (RPO) of 6 hours

Based on these, you now need to determine:

• The Maximum Tolerable Downtime (MTD),
• The Work Recovery Time (WRT) and
• The system and data recovery priority

The Board expects that you will propose a Business Continuity Plan (BCP) for Challenger Constructions. The Board expects you to use as much of their existing resources as possible for the BCP, but understands that some additional resources may be required. Your BCP proposal must clearly state what additional resources, in terms of hardware, software and locations, are required.

Tasks:

You are to develop a proposal for a Business Continuity Plan (BCP) for Challenger Constructions in accordance with the Board's instructions above. Your proposed BCP must include:

1. An overview of the entire BCP,
2. A Business Impact Analysis
3. An Incident Response Plan
4. A Backup plan,
5. A Disaster Recovery plan,

Answer 1

Answer -: first of all their must be a disaster management and backup plans to any construction company to face the accidently disasters occurs to the company beyond this if we are said to develope a BCP then there are so many point that we have to remember while preparing such a BCP.

Recovery plans -:

Although the disasters are unpredictable so we can't know the actual time of the disaster so we can't stop it but by having a pre pllaned way we can tackle the upcoming problem to 80%.

There are so many steps that we should follow to develope a recovery plan.

1) conduct an asset inventory.

A plan to recover our construction industry from a disaster is starts from the construction asset inventory .first of all start listing all the construction assets like cement storage material storage and then start mapping which asset is physically where located .

2) Perform a risk assessment.

Once we have mapped all the equipment , assets then we must go through the internal and external threats that are going to be thorough.

After that we must creat a risk management that predict the risk by imagine the worst scenario .

3) Define critically of works .

We must know that which work is critical and which is ordinary work by taking a review of money expended on them . Now after knowing that work we must pay a special attention to those works .

4) define recovery objective.

After knowing the criticallity of the works we must know the best way of recovery of our equipment by analysing the previous disasters that may occur .

5) Finding the right tools and techanics .

6) document and communicate your plan.

Now after completing the whole plan we must know the feasibility of the plan means we should know that does our plan is physically possible or not and then execution of the plan take place .

Maximum work recovery time .

The recovery time is the portion of the total recovery time frame . Calculated together by adding the WRT and RTO. This time is important for accounting because it has significant impact on the equipment which are going to be scrap and which are going to be obsolete .

Maximum Tolerable downtime.

The MTD is the total time that an organization sustain from when the outrage occurs untill normal business condition comes.

Recovery time objective of 4 hours .

Here the recovery time objective can be break up into it's components that consumes time according to their importance and uses. Now this must be enough to recover the disaster to a small level.