The National Institute of Standards and Technology (NIST) defines business continuity plan (BCP) as follows (https://csrc.nist.gov/glossary/term/business_continuity_plan):

The documentation of a predetermined set of instructions or procedures that describe how an organization’s mission/business processes will be sustained during and after a significant disruption.

NIST defines disaster recovery plan (DRP) as follows (https://csrc.nist.gov/glossary/term/disaster_recovery_plan):

A written plan for processing critical applications in the event of a major hardware or software failure or destruction of facilities.

A written plan for recovering one or more information systems at an alternate facility in response to a major hardware or software failure or destruction of facilities.

Management policy and procedures used to guide an enterprise response to a major loss of enterprise capability or damage to its facilities. The DRP is the second plan needed by the enterprise risk managers and is used when the enterprise must recover (at its original facilities) from a loss of capability over a period of hours or days. See continuity of operations plan (COOP) and contingency plan.

Change management includes processes, tools, and techniques that help employees accept and implement changes to help an organization succeed and achieve milestones, outcomes, and goals. Change management defines how changes are made as well as how they are reported, documented, reviewed, and approved.

2.5 HOURS

Lab Exercise 21.01: Business Continuity

Imagine an organization without a BCP, or even an organization with a BCP that hasn’t been recently reviewed. When a significant disruption strikes, what will happen to such organizations? How might they react? How will mission-critical operations and essential business functions continue if they haven’t been even identified? If they have been identified, but not addressed with a plan of action, is that any different?

Traditionally, BCPs have been used for threats such as hurricanes, tornadoes, floods, fires, and earthquakes that could cause significant physical damage to specific geographical areas during certain timeframes. The COVID-19 pandemic presents new, unique, and unforeseen twists to BCPs. With a pandemic, business can be affected at varying levels, in multiple locations, and at different timeframes.

A black swan event refers to an extremely rare situation that can have severe impacts, which seem obvious in hindsight. COVID-19 certainly fits the bill. Organizations that don’t have a BCP to guide them during an event like the COVID-19 pandemic or organizations that have a BCP without anything dealing with pandemic scenarios are ill-equipped to keep the business going, and they must act immediately to develop a BCP.

Learning Objectives

In this lab exercise, you’ll explore business continuity. At the end of this lab exercise, you’ll be able to

•   Understand how business continuity relates to the COVID-19 pandemic

•   Understand how a lack of a BCP could be harmful, especially during the COVID-19 pandemic

•   Understand what should go into a BCP, especially for pandemic situations

Lab Materials and Setup

The materials you need for this lab are

•   The Principles of Computer Security: CompTIA Security+ and Beyond textbook

•   A web browser with an Internet connection

Let’s Do This!

You’re going to watch a couple of very interesting webinars relating the COVID-19 pandemic to business continuity. Watch carefully, and take notes. After watching, you will write a summary of what you learned from each webinar.

1b

Step 1 The first webinar comes from PECB Group, Inc., which, per https://pecb.com/en/about, “is a certification body which provides education and certification under ISO/IEC 17024 for individuals on a wide range of disciplines.”

This video shows how business continuity planning can help manage business operational disruptions related to COVID-19.

a.   Watch the webinar, titled “Business Continuity Planning During and After the Coronavirus (COVID-19) Pandemic” (given on May 13, 2020), at https://youtu.be/4_0vHEbSlHg.

b.   Write a page summarizing the most important lessons and relating what was said to what you experienced during the same time.

2b

Step 2 The second webinar comes from IT Governance, described at www.itgovernance.co.uk/about as follows:

IT Governance is a leading global provider of cyber risk and privacy management solutions, with a special focus on cyber resilience, data protection, PCI DSS, ISO 27001 and cyber security.

This video shows how much more important business resilience has become during the COVID-19 lockdown.

a.   Watch the webinar, titled “Business Continuity and the COVID-19 Pandemic Threat” (given on May 21, 2020), at https://youtu.be/6SVoez--zq4.

b.   Write a page summarizing the most important lessons and relating what was said to what you experienced during the same time.

60 MINUTES

Lab Exercise 21.02: Disaster Recovery

DRPs, like BCPs, have a new set of nuances related to the COVID-19 pandemic. In the past, cold sites, warm sites, and hot sites were often part of the initial discussion of DRPs. As the COVID-19 pandemic played out, companies turned the actual homes of their employees into their cold sites, warm sites, and hot sites. Unlike the traditional alternate locations, employees don’t have the security mechanisms, software updates, and technology found at the traditional alternate sites.

Furthermore, should employees be required to come into the office on certain days or for certain events? What safety protocols need to be in place if employees come in? Should meetings be virtual? What do the employees working from home wear during video meetings to uphold the professional appearance of the company? What if privacy issues require the camera to be off? If employees are working from home, how should they handle potential distractions like family members and pets? What if employees have children whose school is now virtual? Should these employees always work from home?

These questions, and more, should be covered by a DRP, which should outline the priority and order of restoration. In a disaster, knowing what to work on first should be defined in the DRP, which should be based on the priorities and needs of the organization.

Learning Objectives

In this lab exercise, you’ll explore disaster recovery. At the end of this lab exercise, you’ll be able to

•   Understand how disaster recovery relates to the COVID-19 pandemic

•   Understand how a lack of a DRP could be harmful, especially during the COVID-19 pandemic

•   Understand what should go into a DRP, especially for pandemic situations

Lab Materials and Setup

The materials you need for this lab are

•   The Principles of Computer Security: CompTIA Security+ and Beyond textbook

•   A web browser with an Internet connection

Let’s Do This!

You’re going to watch a very interesting webcast relating the COVID-19 pandemic to disaster recovery. Watch carefully, and take notes. After watching, you will write a summary of what you learned from the webcast.

1b

Step 1 This webcast comes from IDG TECHtalk, which is described at www.cio.com/article/3542608/introducing-the-idg-tech-talk-community.html as follows:

At IDG, we work hard to bring you a range of premier content and websites and strive to stay in touch with the changing needs of our audience. As we’ve learned over the past several months, staying connected seems more important than ever.

This video shows how IT teams can apply lessons learned from working from home during the COVID-19 pandemic to a disaster recovery plan.

a.   Watch the webcast, titled “How to create a pandemic disaster recovery plan” (posted on April 15, 2020), at https://youtu.be/Yf6xdPLO_bo.

b.   Write a page summarizing the most important lessons and relating what was said to what you experienced during the same time.

2.5 HOURS

Lab Exercise 21.03: Change Management

Change management has been a moving target since the COVID-19 pandemic began. Unlike traditional change management of the past, it seems that due to the COVID-19 pandemic, continuous change is something that will be with us for a very long time—maybe forever. Furthermore, certain change management implementations due to the pandemic were done for adjusting to the new normal, and not meant to be carried over once the pandemic subsided. However, organizations are seeing benefits with many of the changes that were made, and they are likely to keep these changes in effect even after the pandemic ends.

Learning Objectives

In this lab exercise, you’ll explore change management. At the end of this lab exercise, you’ll be able to

•   Understand how change management relates to the COVID-19 pandemic

•   Understand how a lack of a change management plan could be harmful, especially during the COVID-19 pandemic

•   Understand what should go into a change management plan, especially for pandemic situations

Lab Materials and Setup

The materials you need for this lab are

•   The Principles of Computer Security: CompTIA Security+ and Beyond textbook

•   A web browser with an Internet connection

Let’s Do This!

You’re going to watch a couple of very interesting webinars relating the COVID-19 pandemic to change management. Watch carefully, and take notes. After watching, you will write a summary of what you learned from each webinar.

1b

Step 1 The first webinar comes from Panorama Consulting Group, which is described at www.panorama-consulting.com as follows:

100% independent of enterprise resource planning [ERP] software vendor affiliation, Panorama offers a phased and integrated approach to strategy alignment and execution, enabling each client to achieve their unique vision. We offer the flexibility of either a top-down strategic approach, or a bottom-up tactical approach to our clients’ projects, depending on each client’s unique business transformation objectives.

This video shows change management tips to keep employees positive and productive in spite of significant organizational and global changes during COVID-19.

a.   Watch the webinar, titled “The Role of Organizational Change Management During COVID-19” (posted on June 3, 2020), at https://youtu.be/2BVu6sp0LqM.

b.   Write a page summarizing the most important lessons and relating what was said to what you experienced during the same time.

2b

Step 2 The second webinar comes from the Halifax Chamber of Commerce, described at https://halifaxchamber.com/about-the-chamber as follows:

The Halifax Chamber of Commerce is a business advocacy organization committed to creating value and prosperity for its members. The Chamber provides the services its members need while advocating for the conditions to enhance private sector growth.

Together, the 1,700+ member businesses and their over 65,000 employees act as a single, powerful voice through the Chamber to promote local business interests. The volunteer board of directors and Chamber staff undertake initiatives by request of, and on behalf of our diverse membership.

To do this, we’ve tailored programs, expanded our Member to Member Marketplace and created connections. We also help our members grow through programs, new strategies and help expand their influence with policymakers.

This video shows how change management now looks in the new world due to COVID-19.

a.   Watch the webinar, titled “Navigating COVID-19: Change Management for the New World” (posted on May 29, 2020), at https://youtu.be/WBolxSy7rBQ.

b.   Write a page summarizing the most important lessons and relating what was said to what you experienced during the same time.

Lab Analysis

1.   How is business continuity different in a COVID-19 world?

2.   How is disaster recovery different in a COVID-19 world?

3.   How is change management different in a COVID-19 world?

Key Term Quiz

Use the terms from the list to complete the sentences that follow.

business continuity

change management

disaster recovery

1.   Proper usage of ____________ helps an organization succeed and achieve milestones, outcomes, and goals when things deviate.

2.   To ensure that mission/business processes will be sustained during and after a significant disruption, organizations must have a plan for _________________.

3.   To guide an enterprise response to a major loss of enterprise capability or damage to its facilities, organizations turn to a plan for _________________.