Continuing the Business with Information Security and Risk Management

 FORUM DESCRIPTION
NIST: Continuing the Business with Information Security and Risk Management

As a member of the security professional team, your organization is depending on you to help develop and maintain a contingency planning program for the information systems to support business continuity in case of an adverse event.
Input from security professionals should be considered each of the seven progressive stages of the information system development life cycle. 

1. Develop the contingency planning policy statement. A formal policy provides the authority and guidance necessary to develop an effective contingency plan.
2. Conduct the business impact analysis (BIA). The BIA helps identify and prioritize information systems and components critical to supporting the organization’s mission/business processes. A template for developing the BIA is provided to assist the user.
3 . Identify preventive controls. Measures taken to reduce the effects of system disruptions can increase system availability and reduce contingency life cycle costs.
4. Create contingency strategies. Thorough recovery strategies ensure that the system may be recovered quickly and effectively following a disruption.
5.  Develop an information system contingency plan. The contingency plan should contain detailed guidance and procedures for restoring a damaged system unique to the system’s security impact level and recovery requirements.
6. Ensure plan testing, training, and exercises. Testing validates recovery capabilities, whereas training prepares recovery personnel for plan activation and exercising the plan identifies planning gaps; combined, the activities improve plan effectiveness and overall organization preparedness.
7. Ensure plan maintenance. The plan should be a living document that is updated regularly to remain current with system enhancements and organizational changes
Prepare
Review the Discussion Requirements above.

Research
Review the most recent (the last 10 days) news impacting the selected industry (identified by your team).  Identify one significant challenge for your team as you address one or more stage from above.
Tasks

Start your initial post with the name of your group
Identify the role you are now playing in your group
Base on your research, explain why (or why not) your findings will be a challenge to your team as you address one or more stages of the information system development life cycle identified above. 
You must provide examples of why you think this is a challenge or a benefit to the organization. 
Give your classmates a direct link to the article you read to support your stance

Remember your initial post should be purposeful and aim to accomplish one or more of the following goal:

Reflection of the topic
Analysis
Elaboration
Application
Synthesis
Evaluation

All responses should be substantive posts consist of the following three parts (ABC): 

acknowledge
build
continue