The business is accountable to ensure data is protected and to define handling requirements.

The business is accountable to ensure data is protected and to define handling requirements.

Part 1

Chapter 11 Assignment:

Assignment Requirements

The business is accountable to ensure data is protected and to define handling requirements. IT is the custodian of data. The position of the data owner should be senior enough to be accountable. The data owner has a vested interest in making sure the data is accurate and properly secure.

Answer the following question(s):

If an organization’s data is stored in the cloud rather than on-premises, is the data owner still accountable if the cloud provider suffers a breach and data is stolen? Why or why not?100-150 WORDS

Would an organization’s data classification scheme affect how well protected data is in the cloud?100-150 WORDS

 

Part 2

These are the articles

https://www.ready.gov/business-impact-analysis

https://www.ready.gov/business-continuity-plan

Write a brief summary of the information you found in the articles and websites. In your summary, describe what a BCP is and list the steps for developing a BCP. Also, describe what a BIA is, how you conduct a BIA, and how the BIA is related to the BCP.

For each business function or process described above, assign a business impact factor of Critical, Major, Minor, or None.

For each business function or process described above, identify the IT systems and applications impacted by the business function (for example, determine what would be affected if the function or process failed).

For each Business Function or Process, use the table above to assign an RTO/RPO according to the corresponding business impact factor.

Policy Statement: Insert policy verbiage here.

Purpose/Objectives: Define the policy’s purpose and objectives. They should mirror the purpose/objectives of a business impact analysis (BIA).

Scope: Define this policy’s scope and whom it covers.

Standards: Does this policy point to any hardware, software, or configuration standards? In this case, you need to reference the recovery time objectives (RTOs) and recovery point objectives (RPOs) as standards and metrics. List them here and explain the relationship of this policy to these standards.

Procedures: Explain how you intend to implement this policy across the entire organization.

Guidelines: Explain any roadblocks or implementation issues that you must address in this section and how you will overcome them per defined policy guidelines.

Use the internet to find further information on the differences between policies and plans in information security in general. Use this information to create a high-level explanation for C-level executives. Provide examples of real business continuity policies and how they could be useful in your organization.

 

 

Answer preview The business is accountable to ensure data is protected and to define handling requirements.

The business is accountable to ensure data is protected and to define handling requirements.

APA

1393 words