CYB 715 Module 8 Assignment: RIsk Mitigation with Business Impact Analysis (BIA) and Business
Continuity Plan (BCP)
INSTRUCTIONS
SCENARIO
You are an IT security intern working for Health Network, Inc. (Health Network), a fictitious health
services organization headquartered in Minneapolis, Minnesota. Health Network has over 600
employees throughout the organization and generates $500 million USD in annual revenue. The
company has two additional locations in Portland, Oregon and Arlington, Virginia, which support a mix
of corporate operations. Each corporate facility is located near a co-location data center, where
production systems are located and managed by third-party data center hosting vendors.
COMPANY PRODUCTS AND ITS INFRASTRUCTURE OVERVIEW
Health Network has three main products: HNetExchange, HNetPay, and HNetConnect.
HNetExchange is the primary source of revenue for the company. This service handles secure
electronic medical messages that originate from its customers, such as large hospitals, which are
then routed to receiving customers such as clinics.
HNetPay is a web portal used by many of the companyàHNetExchange customers to support
the management of secure payments and billing. The HNetPay web portal, hosted at Health
Network production sites, accepts various forms of payments and interacts with credit-card
processing organizations.
HNetConnect is an online directory that lists doctors, clinics, and other medical facilities to allow
Health Network customers to find the right type of care at the right locations. It contains
doctors0ersonal information, work addresses, medical certifications, and types of services that
the doctors and clinics offer. Doctors are given credentials and can update the information in
their profile
Health Network customers, which are the hospitals and clinics, connect to all three of the companyÊproducts using HTTPS connections. Doctors and potential patients can make payments and update their
profiles using Internet-accessible HTTPS websites.
Health Network operates in three production data centers that provide high availability across the
companyàproducts. The data centers host about 1,000 production servers, and Health Network
maintains 650 corporate laptops and company-issued mobile devices for its employees.
MAIN TASKS OF THE ASSIGNMENT
Senior management at Health Network has decided they want a business impact analysis (BIA) that
examines the companyàdata center and a business continuity plan (BCP). Because of the importance of
risk management to the organization, management has allocated all funds for both efforts. Your team
has their full support, as well as permission to contact any of them directly for participation or inclusion
in the BIA or BCP.
Winter storms on the East Coast have affected the ability of Health Network employees to reach the
Arlington offices in a safe and timely manner. However, no BCP plan currently exists to address
corporate operations. The Arlington office is the primary location for business units, such as Finance,
Legal, and Customer Support. Some of the corporate systems, such as the payroll and accounting
applications, are located only in the corporate offices. Each corporate location is able to access the other
two, and remote virtual private network (VPN) exist between each production data center and the
corporate locations.
The corporate systems are not currently being backed up and should be addressed in the new plan. The
BCP should also include some details regarding how the BCP will be tested.
DETAILS
1. Research BIAs and BCPs.
2. Develop a draft BIA plan for the Health Network that focuses on the data centers. The BIA
should identify:
a. Critical business functions
b. Critical resources
c. Maximum acceptable outage (MAO) and impact
d. Recovery point objective (RPO) and recovery time objective (RTO)
3. Develop a draft BCP that could recover business operations while efforts are ongoing to restart
previous operations. You may use or repurpose the BCP template at
https://csrc.nist.gov/CSRC/media/Publications/sp/800-34/rev-1/final/documents/sp800-34rev1_bia_template.docx.
4. Provide a description of how you would test the plan.
SELF-ASSESSMENT CHECKLIST
Use the following checklist to determine if you¥ completed the essential elements of this assignment:
created a basic BIA that focuses on the data center.
identified critical business functions, critical resources, and the MAO, RPO, and RTO for the BIA.
created a basic BCP for the given scenario that includes a description of how to test the plan.
created a professional, well-developed draft report with proper documentation, grammar,
spelling, and punctuation.
included APA citations for all sources used in the report.
followed the submission guidelines in Canvas.

Purchase answer to see full
attachment