Upload
samiya-yesmin
View
17
Download
0
Tags:
Embed Size (px)
Citation preview
Page 1
Group Project by: Team Awesomeness
Sl. Name I.D. Signatures
1 Samiya Yesmin 11304043
2 Protiti Khan 11304018
3 Tanzeela Rahman 12304005
4 Upama Sarkar Borna 12104034
CSE371:
Management information System
Course Instructor:
Mr. Syed Mahmudur Rahman
Section 03
15/03/2015
Page 2
Acknowledgements
Group 1: Awesomeness
Sl. Name I.D. Individual Contribution
1 Samiya Yesmin 11304043
Team Leader, Report organizer and editor.
VI. IT Contingency Plan for CloudClass
VII. Budgeting
X. Conclusion
2 Protiti Khan 11304018
Executive Summary
II. IT Contingency Plan and its importance
VIII. Contingency Staff Training and Plan Testing
3 Tanzeela Rahman 12304005
Logo Design and Presentation Slide.
III. Functions of CloudClass
IV. IT Environment of Cloud Class
VI. IT Contingency Plan for CloudClass (Hardware)
4 Upama Sarkar Borna
12104034
I. Introduction
V. Integral Aspects of the Contingency Plan
IX. Contingency Plan Review Process
The video presentation was a joint effort of the entire team.
Disclaimer
www.CloudClass.org.bd is a business idea of its co-authors and is not-yet a factual business.
The co-authors acknowledge the trademarked status and trademark owners of the following word
marks mentioned in this paper:
Khan Academy, Coursera.org, Google, Facebook, OpenDrive, Adobe Premium Pro, liteCam HD,
Cannon, Dell, Camtasia Studio, Dhaka Web Host.com, Alpha.net.bd/, Avast Antivirus, Kaspersky
Security, Skype, Facetime and Viber.
Page 3
Executive Summary
Natural disasters, terrorist acts, large-scale accidents, and cyber-attacks all have the potential to
cause a catastrophic loss of information technology systems and infrastructure. In the event of such
an outage, it is vital for organizations to ensure their business processes which are vital to the
mission and survival of the organization, continue. CloudClass.org.bd is a business that works with
the top universities of Bangladesh, to provide online course lectures as an alternative method to
registered students. The purpose of this report is to develop an Information technology contingency
plan for CloudClass.org.bd, in order to prepare the organization to react lucidly to an unplanned
situation. The report contains the business that is CloudClass.org.bd, the importance of IT
contingency plan. the crucial components of CloudClass that can be under threat, our contingency
plan, containing the business process continuity, disaster recovery and incident management plans.
In the review process of the contingency plan we will have a quality controller who will weekly
review the whole process. Also, we will be having a precautionary measure to determine any
possible foreseen disaster. We have also figured a budget that could be required for the said
contingency plan as well as our planned staffing and training process for our emplo yees, with
regards to the contingency plan.
Page 4
Table of Contents Acknowledgements ........................................................................................................................ 2
Disclaimer ...................................................................................................................................... 2
Executive Summary ....................................................................................................................... 3
I. Introduction ........................................................................................................................... 5
II. IT Contingency Plan and Its Importance............................................................................... 6
III. Functions of CloudClass .................................................................................................... 7
a. Services of CloudClass:......................................................................................... 7
IV. IT Environment of CloudClass: ......................................................................................... 8
a. Recording Equipment: ........................................................................................... 8
b. Office Equipment: ................................................................................................. 9
V. Integral Aspects of the Contingency Plan ........................................................................... 11
a. Critical Component Items: .................................................................................. 11
b. Non Critical Component Item ............................................................................. 13
VI. IT Contingency Plan for CloudClass ............................................................................... 14
VII. IT Contingency Plan Budgeting ...................................................................................... 17
VIII. Contingency Plan Staff Training & Plan Testing ........................................................... 18
IX. Contingency Plan Review Process .................................................................................. 20
X. Conclusion........................................................................................................................... 22
Works Cited ................................................................................................................................. 23
List of Tables ............................................................................................................................... 24
List of Figures .............................................................................................................................. 24
Appendix A .................................................................................................................................. 25
Page 5
I. Introduction
CloudClass is an online educational platform, much like Khan Academy and Coursera. Our
business works in collaboration the top universities of Bangladesh, to provide course lectures to
registered students only. We provide an alternative, online, method for university lectures,
which is especially required now due to the unavoidable political circumstances of Bangladesh,
which has completely disrupted the normal way of life. Although born of need, we do predict a
regular demand for online courses in future. Our domain is www.CloudClass.org.bd. A late
report by the U.S. Division of Education found that "classes with web learning (whether taught
totally online or mixed) by and large create stronger understudy learning results than do classes
with singularly eye to eye direction." Internet learning assumes a huge part in a deep rooted
training. Beside the traditional class lectures, a significant number of our collaborator
organizations are also utilizing our online stage to give their on-grounds understudies with an
enhanced learning knowledge. This mixed model of learning has demonstrated in studies to
build understudy engagement, participation and execution.
The purpose of this report is to develop an Information technology contingency plan for
CloudClass, in order to prepare the organization to react lucidly to an unplanned situation. The
report contains the business that is CloudClass, the importance of IT contingency plan. The
crucial components of CloudClass that can be under threat, our contingency plan, containing the
business process continuity, disaster recovery and incident management plans. In the review
process of the contingency plan we will have a quality controller who will weekly review the
whole process. Also, we will be having a precautionary measure to determine any possible
foreseen disaster. We have also figured a budget that could be required for the said contingency
plan as well as our planned staffing and training process for our employees, with regards to the
contingency plan.
Online Link for both report and video (Google Drive):
https://drive.google.com/open?id=0B_pM3ISxJIxkfmlrd0tIT0VvSHFKZ1FVaDZTV0w0MVV
4eGp0LUdFaWV3SFdXMEdON0I4Nk0&authuser=0
Page 6
II. IT Contingency Plan and Its Importance In today’s world of terrorism, climate change, and an ever- increasing reliance upon Information
technology (IT), it is a vital requirement for any organization to have an IT contingency plan. The
time and money invested in developing and writing an IT contingency plan can pay enormous
dividends in the event of a major disaster. While a plan is good, it must be tested, revised as
necessary, and the people who use it must be trained. Perhaps one of the most important assets a
company has during a contingency is dedicated personnel who can solve problems not covered by
the IT contingency plan.
The National Institute of Standards and Technology states that, “IT contingency planning refers
to a coordinated strategy involving plans, procedures, and technical measures that enable the
recovery of IT systems, operations, and data after a disruption” (Swanson et al., 2002). In addition,
IT contingency planning should be part of a larger organization-wide contingency plan. The
definition of organizational contingency planning is: “A contingency plan is a comprehensive
statement of actions to be taken before, during, and after a disaster. A successful planning process
must achieve three goals: (1) create awareness of potential disasters, (2) define actions and activities
that will minimize disruptions of critical functions, and (3) develop the capability to reestablish
business operations.” (Sauter&Carafano, 2005)
IT Contingency Plan is important in order to ensure business continuity and availability of
critical resources during disasters; the plan should be documented and also tested in advance. This
will help expedite the process when the actual disaster or emergency strikes. The key to IT or
network disaster recovery is preparedness. Business vulnerabilities are ever increasing and every
organization is compelled to make appropriate disaster recovery plans and use advanced technology
to keep its network secure and stable. Network-reliant companies find it an absolute necessity to
frame disaster recovery policies and procedures to respond to the varied circumstances and
problems. Therefore the value of an IT contingency plan may seem obvious. And organizations are
more aware nowadays; for example, rapid actions taken by management of a major U.S. West
Coast bank whose headquarters was destroyed by a fire. Within a day they were able to resume
basic operations, and within a week resume all regular activities. This was made possible because
management had prepared a solid business continuity management program.
Page 7
III. Functions of CloudClass
CloudClass is a user-friendly interface which facilitates learning in the university level. The
domain of our website is www.CloudClass.org.bd. Our work is not to trade the classroom
experience for a virtual one; rather we aim to enhance the education system in Bangladesh.
a. Services of CloudClass:
We provide faculties the platform for making video lectures and its supplements (PDFs,
Slides and subtitles), which our website uploads and maintains.
Access to contents has filtered authorization as per the faculty’s opinion. Each lecturer
provides us their list of students, whom they want to show their video content to, and we
create authorized usernames and password for each of them, through Windows
Communication Foundation (WCF).
Authorized students are able to stream and download the contents provided by their lecturer.
Discussion boards are provided for each course, for students to interact with their
lecturer/TA and clear out their problems
CloudClass is available as a website and as a Smartphone application, allowing students to
access and download items on the go.
CloudClass provides Google calendar urls, which when added to one’s Google calendar
provides date and time notifications for assignment submissions/tests etc.
Page 8
IV. IT Environment of CloudClass:
CloudClass has an office in Niketon, with 10 soundproof recording rooms, working space for
the employees, a huge server room and a break lounge. Our website is made using the programming
language node.js, that fetches data fast and allows real- time streaming, and the compressing
software called grunt.js, for image and code compression, thus consuming very less space.
CloudClass would use OAuth2 protocol for user authentication and LTI. 1.1 protocols for
interaction with courses.
a. Recording Equipment:
Input Equipment: Each of the soundproof rooms has a
glass board with a white background for lecturers to
write on. We use touch-screen monitors and graphics
tablets for digital input. If a faculty does not want to
show their face, they can use graphics tablet which
would have their writing digitalized on the computer
screen will be recorded along with the voice audio.
Figure 1: Glass Board Notes
Video Equipment: Lectures are recorded with
standard digital single lens reflex video camera,
Canon 5D Mark II, one in each recording room.
Lighting equipment: We have day- light colour balanced lighting system that diffuses the
light and avoids strong shadow. An example of our output is given in the picture to the right.
All lighting ideas were adapted from (Wiastia, 2006)--a learning platform.
Sound Equipment: Each room has one microphone, a field mixer and an external capture
device for crystal clear audio recording. A mike in flexible boom will be attached for better
Page 9
sound recording. Two sound equipment sets are kept as a back- up, at all times. Professional
consultancy of sounding equipments was received from Julie Babcock and Dan Bruns of
Videomaker.
b. Office Equipment:
Display: Dell LED monitors are used for exclusive clarity.
Computers: Each employee is equipped with an Intel i5 2.5GHz, 4GB RAM, 320GB Hard
Drive, Windows 8 computer system for their work. We have 25 computer systems,
including back-ups.
Data storage devices: For the storage of software programs, video contents, course database
along with students’ scores, assignments and discussion details and for rendering the page of
the website, we use solid state drive instead of hard-disk for our server. This provides better
reliability, fragmentation and access to change the form. Also all our data is stored on our
private company Google drive, our official cloud data storage and back-up system. Google
drive lets the employees work on different projects simultaneously.
Web Server: we use server computers to control and run our website server. Disk mirroring
will be done with data will be duplicated in separate volumes on two drives to make the
storage more fault-tolerant. However, separate disks rely upon common controller; access to
both copies of data is threatened if the controller fails. Hence we would have 3 back-up
controllers as well. Coolers are kept to keep the server cold.
Data Management System: To ensure better synchronization of the data, all the employees
will have to use the certain active directories, procedures and policies. Starting from writing
the name of each file correctly, right use of CC and BC, mailing students using mail merge
of Gmail, be able to use the admin console of Gmail properly ensuring utmost security and
the use of digital signature.
Page 10
Network Components: For wireless internet, we would have a strong router to serve all of
our 23 employees and a broadband connection with high internet speed. Moreover, switches
and guards will be there as well. A router hub will be there to connect the computers to the
server so that each data stored in it can be accessed with any employee. As we have a server,
streaming devices can make the transfer of storage on cloud for our website users to watch
and download. Huge amount of cables will be needed. Various types as cable as such
coaxial, twisted-pair, sata, fibre will be used to satisfy different purposes.
Software programs: For editing audio and video, we use Adobe Premium Pro, liteCam HD
and Camtasia Studio for screen recording in case the faculty does not want to be present in
the video. Firewalls are used to keep the website safe from virus, unauthorized access, pop-
ups and unwanted advertisements.
Employees: We have 4 programmers, 3 web designers, 2 computer technicians, 5 video and
audio editors, 2 electrical and electronic engineers, 1 translator, 2 staff for cleaning and
serving coffee, 2 network engineers, for the maintenance and set up of the server and the
network components, and 4 co-founders, who make up the management team and
department heads of the company.
Page 11
V. Integral Aspects of the Contingency Plan
Disasters are unavoidable but mostly volatile, and they vary in type and extent. Every business
encounters disruption. The Table, below, depicts the threats most likely to impact the
CloudClass.org.bd and components of IT system. The specific threats that are represented by (XX)
are considered the most likely to occur within that environment.
Table 1: Risk Analysis Matrix
PROBABILITY OF THREATS
Probability of Occurrence: High Medium Low
Air Conditioning Failure X
Communications Loss X
Data Destruction X
Earthquakes X
Fire X
Flooding / Water Damage X
Power Loss / Outage XX
Vandalism / Rioting XX
Below are the key components of our business that would be affected by the above mentioned
threats, and thus require an IT contingency plan:
a. Critical Component Items:
1. Hardware- In our company, hardware includes the office itself, furniture, computer, large
screen display, video, lighting and sound equipment, etc. We are considering hardware as a
critical component of our organization because these resources can be inevitably affected by
natural disaster like earthquake and fire etc. Physical damage by natural disaster will destroy all
our office equipment. This also affects the power supply and severe data loss through physical
damage of the drives (IT Disaster Recovery, 2010). As a result, we will not be able to upload
our video contents or perform any other functions. Fire which is another natural disaster can
result in hardware meltdown, as well as with slag and smoke particles winding up between the
Page 12
read/compose leaders of the circle and the plate platter itself, will result in destruction.
Therefore, a contingency plan is absolutely required in case of catastrophe.
2. Data storage devices- Data constitute valuable organizational resources and it should be
managed effectively to benefit the organization. CloudClass is solely a confidential database
business. Without proper and secure database, our business will fail. Data storage is subject to
several threats that might result in total disruption of our work. For instance, data may get lost
during a system crash as a result of faulty drives or power failures or accidentally deleting or
overwriting files. Data might also be corrupted by computer viruses or stolen by hackers,
unauthorized users. Hence, in order to minimize the above mentioned risk and protect the
database, a back-up plan should be developed.
3. Network Components- Network plays an important role in interconnecting all the computers
and other communication devices. The most common problem that our network system might
experience is “server overload”. When data enters into the server at a greater rate than it can
load it causes a number of connection build up rapidly. Gradually, the server crosses the limit it
can handle and consequently get overloaded. So, if our server gets overloaded the clients will
not be able to access into the server and experience system crash, which would be just bad
business. The resulting disruption in the ease of website usage which will ruin the popularity of
our site and lessen the user rating.
4. Software- Software is a set of machine intelligible direction that coordinates a PCs processor to
perform particular operations. CloudClass.org.bd is a based-IT company. We rely on audio and
video editing software, network and database maintenance and cloud computing software
programs, heavily. So, the basic threat that we can encounter is the viral attack affecting our
software. The two most potential destructive viruses that can disrupt our software system are
listed below:
Page 13
Code Red- Once infected, it will
continue to make a hundred duplicates of itself
yet because of a bug in the programming. As a
result, it will copy much more and winds up
consuming a ton of our system resource
(Jamaluddin, 2009)
Figure 2: Code-Red Virus Message
Zeus- Zeus is a Trojan horse prepared to
infect Windows computers so that it can
execute various criminal tasks.
Figure 3: Virus Zeus Message
For all these above mentioned reasons we
need a pre-planned recovery process to cope up
with any sort of disaster that might affect our
business.
b. Non Critical Component Item
1. Employees: We are considering our employees as the non-critical item for our company. The
reason behind the fact is the close supervision and commitment of the employees. Human
resources are not critical because we can easily hire employees, since candidate number is
greater in comparison with job vacancy. In addition, if any employee leaves our organization we
have a thorough replacement process to fill that position. Still, a contingency plan is required
for training the newly recruited employees to produce an uninterrupted service.
Page 14
VI. IT Contingency Plan for CloudClass After reviewing the components of our business that could be under a threat, we did a business
impact analysis, and a disaster recovery plan for these components, based on which we have built a
viable and strong contingency plan to prevail over any form of disruptions that might come our
way. Our contingency plan for each of the components at risk is detailed below:
1. Hardware: CloudClass has all its hardware equipment insured.
a. A preventive control is to store the server in a clean and cold room, as shown in figure 1.
One of the main job responsibilities of the staff is to maintain these two factors. Coolers
are installed in a server room to where the temperatures kept within 20-21 degree
Celsius, at all times.
Figure 4: Temperature Controlled Room
b. To avoid short-term power outage, we use generators to support our system and have
uninterrupted power supply to lessen system failures.
c. We have a standing order understanding with our video, lighting and sound equipment
suppliers, in case of calamity. And just in case required, we keep at least two back-up of
the entire recording system sets, at one of the founder’s house.
Page 15
2. Data storage devices: We already have our server class computer in place, with SSD for vast
data storage.
a. For our data back-up, we use http://www.opendrive.com cloud store. Opendrive is not
only one of the best cloud service available to business but also the most secure and
affordable cloud service present in the market (Dunn, 2014). Using cloud storage
provides our business not only with high remote and secure storage capacity but also
with additional features, such as deduplication which is a specialized data compression
technique that eliminates duplicate copies of redundant data, hence enables high data
efficiency (EMC Glossary). Cloud storage also helps enable remote access to data. And
also to ensure an additional level of data security and privacy, we use virtual private
network (VPN) for our collaborations and data backup processes (Diallo, 2014).
b. In case of natural calamities or vandalism or system failure we have the business
continuity plan in place. For the back-up of storage in case the entire office gets
destroyed all the content will be stored in large portable hard-disks which will be kept in
different locations. Disk mirroring will be done to make it feasible for the company to
sustain up-to-date copies of data in geographically dispersed locations, so that data
access can continue uninterrupted if one location is disabled.
3. Network Components: We have implemented the most logical and fail-safe solution to our
everyday networking system:
a. Cloud Hosting (Thoke). This means that we divide the resources required to run our
website over a cluster of web servers, CloudClass uses two web servers namely,
https://dhakawebhost.com/, and http://alpha.net.bd/. This allows us to easily manage
peak loads without losing any bandwidth. Thus making us impervious to server crash
and server overload disruptions.
b. Content delivery network (CDN) which will increase efficiency as it distributes the
static content of the website such as pictures and videos and puts them in location closer
to the people we are serving to. We would be using the Amazon CDN. Amazon servers
will cash our content to its servers and thus taking the load o ff our server and providing
faster usage for our website.
Page 16
4. Intellectual Property and Software Security:
a. Data theft is a major concern for CloudClass. Thus we have registered all our
intellectual property under the Main IP Laws: enacted by the Legislature, Copyright Act,
2000 (Act No. 28 of 2000, as amended up to 2005).
b. Also by implementing Kaspersky Total Security for Business, one of the world’s best
internet and antivirus security system (Rubenking, 2014), on our 25 computers our
company is virtually the safest it can be against all viruses and hackers. And in-case if
additional computers were introduced, we have Avast ProAntiVirus System as back-up.
5. Online Collaboration: CloudClass is a small business, consisting of 25 employees, of which
two are office boys. Our work is purely IT based and staff collaboration is of utmost
importance. Our 23 employees do not live in the same city, much less come to the office
regularly. Thus online collaboration is an integral part of running our business. We use Social
networks, such as Google hangouts, Facebook, Skype, Viber and Facetime, for staff interactions
and meetings (From example, see Appendix A). Our cloud service remote distance access
comes to work here as it enables us to share and work on business data, e.g. Course contents,
user information etc., in a secured platform.
6. Staffing: Having a set plan for staff hiring and training is essential for any business, be it for a
short-term inconvenience or a long term requirement. Thus it is explained in detail under “VIII.
Contingency Plan Testing & Staff Training” (page- 17)
Page 17
VII. IT Contingency Plan Budgeting
When it comes to setting up a contingency plan, it is essential to make a budget plan. This helps
to figure out from where to source the financing for a contingency plan. Even an estimated budget
is better than none. Our IT contingency plan budget consists of estimated numbers, which are
subjective to economical and market price changes. With that being said, the table below depicts
our contingency plan budget requirements.
Table 2: IT Contingency Plan Budget
Sl.
No. Component Budgeted Requirement
1. Hardware Tk. 80,000
2. Cloud Server Tk. 20,000 per TB for a year
3. Network Server Tk. 10,000 per year
4. Antivirus and Internet Security Tk. 60,000 per year
5. Staffing and Training Process Tk. 25,000 per year
Our business is a website, which we cannot run without cloud and network server and security
already in place. Thus half the sums quoted here would be required for components 2, 3 and 4.
CloudClass is a profitable business with good financial record; thus we have a standing
understanding with our bank partner for instant credit loan in case of catastrophe.
Page 18
VIII. Contingency Plan Staff Training &
Plan Testing
A common theme throughout this is the importance of the people who execute a contingency
plan. Staffing contingency plans involve researching each project team members' experience and
how that affects the project. By knowing who has specific educational and work experience, you
can make better decisions about the contingency plans and suitable staff replacements. If there's
enough time, potential replacements can be trained so that they have the same or similar knowledge
as the person who is no longer on the project. All staff should be thoroughly trained in their roles,
duties and responsibilities; more intense training will need to be given to those who will be in key
positions.
Training for personnel with contingency plan responsibilities should complement
testing. Therefore training will be provided at least annually; new hires with plan responsibilities
should receive training shortly after they are hired. Ultimately, all personnel involved will be
trained to the extent that they are able to execute their respective recovery procedures without aid of
the actual guide. Therefore, personnel would be trained on the following plan elements:
Cross-team coordination and communication
Reporting procedures
Security requirements
Team-specific processes
Individual responsibilities
Contingency Plan Testing Process:
The IT contingency plan must work when needed; finding out that it does not work during an
emergency is much too late. Plan testing, training, and exercises will help to establish the viability
of the organizations IT contingency plan. Plan testing will discover holes in the plan that must be
fixed, or identify procedures that seem simple on paper, but are complex in execution.
There are several methods for testing and/or exercising contingency plans to identify potential
weaknesses. Contingency plan testing and/or exercises include a determination of the effects on
Page 19
organizational operations and assets (e.g., reduction in mission capability) and individuals arising
due to contingency operations in accordance with the plan.
Since there are many aspects of an IT environment to be tested, there are different kinds of tests
to be initiated. There are four basic tests to do that:
1. Walk – Through: Basic disaster recovery testing begins with a desktop walk-through activity, in
which team members review plans step by step to see if they make sense and to fully understand
their roles and responsibilities. Walkthroughs, workshops and orientation seminars are basic
training for team members. They are designed to familiarize team members with emergency
response, business continuity and crisis communications plans and their roles and
responsibilities as defined in the plans.
2. Simulated Recovery: The next kind of test, a simulated recovery, impacts specific systems and
infrastructure elements. Specifically, tests such as failover and failback of critical servers are
among the most frequently conducted. These tests not only verify the recoverability of primary
and backup servers but also the network infrastructure that supports the failover/failback and the
specialized applications that effect failover and failback.
3. Operational exercises: These extend the simulated recovery test to a wider scale, typically
testing end-to-end recovery of multiple systems, both internal and external, the associated
network infrastructures that support connectivity of those assets, and the facilities that house
primary and backup systems. These tests are highly complex, and provide a higher level of risk
compared to other tests, as multiple systems will be affected. Loss of one or more critical
systems from this kind of test could result in a serious disruption to the organization.
4. Table – Top Exercises: Tabletop exercises are discussion-based sessions where team members
meet in an informal, classroom setting to discuss their roles during an emergency and their
responses to a particular emergency situation. A facilitator guides participants through a
discussion of one or more scenarios. The duration of a tabletop exercise depends on the
audience, the topic being exercised and the exercise objectives. Many tabletop exercises can be
conducted in a few hours, so they are cost-effective tools to validate plans and capabilities.
Page 20
IX. Contingency Plan Review Process
A Contingency plan review process is defined as an action that recognizes, investigates and
enhances existing techniques inside an association in order to meet the goals and objectives of an
organization.
In the review process we will check the standard of our contingency planning. The contingency
plan should be practical and flexible. We will make the plan modest and easy therefore all the staff
and communal members will be able to participate and exploit the benefit for our company. We will
ensure the effective and efficient use of our resources. The review process consists of two factors:
1. Standard Operating Procedures (SOPs): We developed a Standard Operating Procedure
(SOP) in order to assist the individual with information required to carry out their particular
task. It also assists our company to maintain in the quality control process within the
organization. It also provides comprehensive description of the work instruction which will
decrease miscommunication (Goolaup, 2011).
2. Core Contingency Planning Team (CT): In order to maintain proper monitoring of our IT
contingency plan we developed a Core Contingency Planning Team (CT). The CT consists
of three to five individuals who are responsible for the entire process. This obligation is
reflected in sets of responsibilities also internal working strategies, so that sufficient time is
allotted to empower the CT to work frequently on possibility arranging, readiness and limit
building (Choularton, 2007).
Our contingency plan review process feasibility test has to follow these four steps (as shown in
figure):
Step-1: Determining our contingency plan and objectives
Step-2: Evaluating options, vendors and planning design
Step-3: Reviewing plan investment options and providing fee benchmarking
Step-4: Completing due diligence review and document results
In order to maintain proper monitoring of our IT contingency plan, our CT will monitor and
control the review process steps. We will monitor and test the plan on a regular basis using table-
top exercises.
Page 21
Figure 5: Review Process
Table-top exercise is a simple table-top exercise is a facilitated analysis of an emergency
situation in an informal, stress- free environment. It is intended to evoke valuable examination as
members look at and resolve issues taking into account existing operational plans and distinguish
where those arrangements need to be refined. There is insignificant attempt at recreation in a
tabletop exercise. Since, supplies are not utilized, assets are not conveyed, and time weights are not
presented it will help us to test the capability of our company to respond to a virtual event (Select
Your Exercise)
The contingency planning process does not end with the creation of an arrangement. It is
especially vital that the arrangement be altogether assessed when there is a change in the
circumstance or a change in the institutional environment, for example, a noteworthy change in
participation or administration of the group/division. Therefore, the process should be persistent and
we must review and modernize the plan on a regular basis.
Page 22
X. Conclusion
An automobile is made up of many pieces. Every piece plays a function to keep it running; one
little disjointed piece can bring about a total shutdown of the vehicle. A business is like a well oiled
automobile, every component counts. Thus to ensure long, effective and successful business it is a
smart decision to have contingency plans in place.
In this report we have talked about the IT contingency plans of CloudClass in simple concise
details. We believe that with the steps we have taken, as described throughout the report, will
ensure a long, effective and successful business. We believe that the above mentioned IT
contingency plan, steps and procedures as described in the report, will enable our organization to
have faster response for any disruptions, to minimize risk exposure, to ensure proper business
functioning and to ensure the continuity of our business, even at the face of any disaster.
Page 23
Works Cited 1. Choularton, R. (2007, March). Retrieved March 04, 2015, from Humanitarian Practice Network
Website:
http://www.odihpn.org/index.php?option=com_k2&view=item&layout=item&id=2868
2. Diallo, A. (2014, August 06). Three Ways To Protect Yourself From Hackers. Retrieved from
Forbes: http://www.forbes.com/sites/amadoudiallo/2014/08/06/three-ways-to-protect-yourself-
from-hackers/
3. Dunn, K. (2014). 2015 Best Business Cloud Storage Services. Retrieved March 01, 2015, from
Top Ten Reviews: http://business-cloud-storage-services.toptenreviews.com/
4. EGOL. (2006, Oct. 20). A Contingency Plan for your Web-Based Business. Retrieved March
01, 2015, from The Moz Blog: http://moz.com/blog/a-contingency-plan-for-your-webbased-
business
5. EMC Glossary. (n.d.). Retrieved March 03, 2015, from EMC Website:
http://www.emc.com/corporate/glossary/data-deduplication.htm
6. Goolaup, P. (2011). Preparing For Severe Weather Emergencies . Retrieved March 04, 2015,
from Mauritius Mateorological Services:
http://www.liv.ac.uk/media/livacuk/schoolofmanagement/docs/ethnographypapers2014/Liberati
_Scaratti.pdf
7. IT Disaster Recovery. (2010, March 12). Retrieved 03 01, 2015, from Respond to Disaster
website: http://www.respondtodisaster.org/it-disaster-recovery.htm
8. Jamaluddin, A. (2009). 10 Most Destructive Computer Viruses. Retrieved Feb. 28, 2015, from
Hongkiat.com: http://www.hongkiat.com/blog/famous-malicious-computer-viruses/
9. Rubenking, N. J. (2014, November 26). The Best Antivirus for 2015. Retrieved March 02, 2015,
from PC Magaznie: http://www.pcmag.com/article2/0,2817,2372364,00.asp
10. Select Your Exercise. (n.d.). Retrieved March 04, 2015, from Emergency Response Tabletop
Exercises: http://www.epa.gov/watersecurity/tools/trainingcd/Pages/exercise-menu.html
11. Thoke, O. (n.d.). Understanding What Cloud Hosting Really Is! Retrieved March 02, 2015,
from About Tech Website: http://webhosting.about.com/od/Clouding-Hosting/a/What-Is-Cloud-
Hosting-And-Should-You-Consider-It.htm
12. Wiastia. (2006). Retrieved February 20, 2015, from Wistia.com: http://wistia.com/blog
Page 24
List of Tables Table 1: Risk Analysis Matrix .................................................................................................. 11
Table 2: IT Contingency Plan Budget ......................................................................................... 17
List of Figures Figure 1: Glass Board Notes .......................................................................................................... 8
Figure 2: Code-Red Virus Message ............................................................................................. 13
Figure 3: Virus Zeus Message ..................................................................................................... 13
Figure 4: Temperature Controlled Room..................................................................................... 14
Figure 5: Review Process............................................................................................................. 21
Page 25
Appendix A
Our group consists of four members. Due to political unrest, we did not have much of face-to-
face meet-ups. We mostly worked and interacted through online communication. Along with
talking over the phone, we used Skype for video conferences, we created a Facebook group for
regular idea and article discussion and finally we used Google drive to store all the data articles we
collected to help each other and to shared our term paper write up files and videos. Screen Shots of
our FB group and Google Drive Folder is shared below: