No organization, despite its size, is exempt from experiencing the effects of a disaster or an attack. Often these disasters or attacks can cause tremendous harm to the business, its customers, resources, environment, community, and its people. Therefore, it is crucial that an organization take proactive steps to develop its business continuity and disaster recovery policies and procedures for their incident response, disaster recovery, and business continuity plans. These plans are indispensable for supporting the organization’s preparedness for an event, minimizes the impact of damage, and outlines methods for it to continue its core business operations.
However, success in these endeavors is highly dependent on senior-level organizational and business continuity and disaster recovery decision-makers ability to critically think through business problems, understand the effects that the disaster or attack has on core business processes, brainstorm recommendations to address these incidents and to write executable solutions effectively. This is the purpose of the scenario papers, which is allow you to engage the critical thinking process and to propose viable business solutions to address the disaster or attack.
Research the 2014 JPMorgan Chase cyber-attack. Very briefly introduce the company and the incident that occurred. Based on the nature of the event or disaster, did the organization have an environmental or social responsibility to its community? If not, explain. If so, did the organization do enough to address any impact or damage inflicted on either? Consider the organization’s corporate culture and its general business practices, did either contribute or had a role in the incident occurring? If not, what other internal or external failure transpired which contributed to the event or disaster? Elaborate on all of your responses.
Now reflect on the organization’s before, during, and after the incident preparedness. Which aspect of the organization’s contingency plans were underdeveloped or not developed – its incident response, disaster recovery, business continuity, or a combination of these plans? Connect what you have learned about the incident to the learning objectives in the course. The plan or plans you have identified as being either underdeveloped or not developed, what element(s) or component(s) would you have included in the document(s) to anticipate, respond, or recover from the event? Why do you believe these actions, procedures, or policies would have worked? Elaborate on all of your responses. In addition to academic and reputable industry resources, suggestions and recommendations to include in the identified plan(s) must incorporate insight from Whitman, Mattord, and Green (2014).
Whitman, M. E., Mattord, H. J., & Green, A. (2014). Principles of Incident Response and Disaster Recovery (2nd ed.). Boston, MA: Cengage Learning. ISBN: 13 978-1-111-13805-9.
After reading the grading rubrics, your scenario papers must:
Adhere to all assignment requirements outlined in the course syllabus;
Address the questions in the order presented;
Questions are prepared to help guide critical thinking through the scenario’s problem and to build a case to propose viable recommendations for a solution.
Not include the questions in the submission;
Not contain contractual phrases, as an example “shouldn’t” “couldn’t” or “didn’t,” or similar
Not contain vague words such as “proper,” “appropriate,” “adequate,” or similar to describe a process, function, or a procedure.
As an example, “proper incident response plan,” “appropriate IT professional,” “adequate security,” or similar. These words are subjective because they have a different meaning to different individuals.