Abstract:
|
This document provides guidelines for the development of an IT Contingency Plan. An IT Contingency Plan is an increasingly important factor to consider when defining the strategies of IT departments of any organization because of the many threats to which information faces. Cyber-attacks, viruses, power failure, human error, fire, wilful attacks ... and a lot of threats that can cause a serious impact on the normal operation of an organization. The purpose of this project is to give a theoretical overview of the issues involved in the development of an IT Contingency Plan and to provide examples of a real project. Along the project, it has been conducted interviews with the key personnel from the different Business Units of the Organization in order to obtain the necessary information about critical business processes as part of the BIA. In addition, with the IT department it has been identified the key assets and their dependency trees, as a part of the Risk Analysis. The methodology employed in this part has been MAGERIT and the EAR / PILAR tool to perform the risk analysis, as it comes configured according to MAGERIT. Finally, security projects have been developed in order to reduce the risk level of the Organization. The results obtained from the IT Contingency Plan are mainly to identify the critical processes and the threats that can impact seriously in the organization in order to protect assets and have an adequate level of protection. As part of this project, it has been included examples of an IT Contingency Plan performed for a real company. |