Contingency Plan Document for Apple (Essay Sample)

Student’s Name Instructor’s Name Course Name Date of Submission Contingency Plan Document for Apple Introduction The main aim of this contingency is to provide maximum security to the systems of Apple. It also aims at providing secure and safe working environment for each and every employee through utilizing efficient security controls. These strategies will protect the confidentiality of clients and employees while at the same time employ efficient protocols in order to thwart and counteract any potential security threats. Technical and physical security is strategically placed in the company through technical support and employee policy so as to protect clients and workers from foreign agents and unauthorized personnel. Apple will create awareness programs, training, and security education to minimize the loss that may result from security intrusions. Contingency Planning Management Team The strategic cooperate officers will consist of the Chief Executive Officer, Chief Information Officer, and Chief Information Security Officer. The Chief Executive Officer main job is to oversee cooperate security policy. The CEO is supposed to brief the board, public and customers on corporate policies and activities. The Chief Information Officer and Chief Information Security Officer main functions are to set security policy, programs, training and procedures for the organization. They also respond to any security breaches while at the same time coordinating independent audits. They will also enforce, access and implement company’s security officers. The management team will also consist of site managers whose work is to implement security training and communicate policies to employees. They also enforce, access and implement security protocols. The IT technician main job is to support, protect and maintain all company’s networks, hardware and software systems. The technician will identify and report to the relevant authority any threats to the network. The site security officer observe and protect all company’s assets and human resources. 3543305053330CEOCISOIT technicianSite managerCIO00CEOCISOIT technicianSite managerCIO Preventive Controls Network and Data Security Security controls are given more weight in the network and data security. The following measures have been put in place and responsibility given to relevant groups. Dual control: Network control and security control have been assigned two groups. The security group determines who has access to what information while the network control groups regulate the configuration actions. There is a screened subnet firewall integrated with DMZ host servers and proxy. Antivirus software packages, as well as internet security software packages, are utilized. When using wireless network, employees should use Apple security approved passwords. Other authentication and identification security protocols should be followed to the latter. Physical security precautions should be enforced on all personnel, site visitors and vendor employees. Systems logs should be monitored using IT security administrator profile. Log consolidation and management, as well as log review processes, should be monitored. Environmental and physical security that utilizes identification and restricted access profiling. There should be closed circuit monitoring in every site entry level and all restricted levels. Personnel should be trained in handling computer security. This training involves the detection, reaction and recovery processes. Fire extinguishers should be placed strategically especially in fire-sensitive areas like security rooms and server rooms. System level programs, as well as central security programs, should be developed. The company should employ security personnel and guards. Operational Security Controls It involves the issuing of network user ID and personnel identity card to all those who work for the company. This job is the responsibility of the department manager. The identity cards must be legible, free of defacement and up to date. ID clearance is issued by the human resource office basing it on information access zones. The work of the security department is to audit access logs every day and monitoring misuse of ID cards. All visitors should pass through the security check up at the gate, their intentions verified and then issued with visitors pass. Response Teams Organization Response teams’ contacts should be in the risk management office. Every member of this team should submit contact information through which they can be reached easily. There should be frequent meetings where all these teams should discuss challenges and issues facing them, as well as new ways of countering emergencies. The functions of each and every response team should be well stipulated to avoid conflicts and delays during an emergency. Contingency Strategies Apple has developed several contingency strategies to ensure maximum security to its staff and all assets. The following strategies has been put in place. Environmental and Physical Security and Protection Protocol Fencing is one of the physical security employed in Apple. All Apple facilities have 7-foot fencing. Gates are electronically opened through the use of authorized card credential or using the remote gate fob. All entrance sites and the perimeter fence are monitored by CCTV and security guards. There are more than 300 CCTV cameras installed in every room in the facility. Data collected by the camera is sent to the central location, and the security personnel can access it through Remote Achiever, PDA, and remote access. The cameras are fitted with night vision enabled Ethernet to ensure they can take data even in the darkness. Law enforcement agencies that have been contracted by Apple can access the data, as well systems operators and engineering staff. Electronic Access Control A comprehensive EAC system is installed in all Apple facilities. This system keeps doors and other access points secure while at the same time control access and track fragile information. Every employee is required to wear the access badge at all time. Areas housing Critical Cyber Asset are protected by CIP- specific EAC system. Intrusion Alarms These alarms are installed in areas that are not monitored by security staff. They include window and door contact, body heat detection, Passive Infrared Sensor and glass break detection. Apple has a good relationship with law enforcement agencies in the local area. They support Apple security concerns through security personnel training, proactive initiatives, observation patrols and incident response. Plan Testing, Training and Exercises All the security systems and devices should be tested every week to make sure that they are functional. The contingency planning team should choose a day to conduct the test. On that day, every employee should be alerted about the test. The response teams should be present so as to test if their plan is working. All employees should undergo a training on how to respond to emergency situations. In addition to this, they should be trained how to use different emergency equipment for them to be in a position to save lives in emergency situations. On the day of testing, the alarm should sound for a duration of one minute. An emergency situation can occur on the day of testing. To avoid confusion, employees should be told that if the alarm sound for more than one minute, it is a real disaster and not a testing session. This will help prevent great damage that can occur as many of the workers will think that it is just a test. From the tests, the contingency planning management team should come up with improved techniques of responding to an emergency. They should eliminate all the weaknesses in the plan to ensure that it is efficient and effective. Plan Maintenance All the security systems should be maintained regularly so that they can be effective in implementing the objectives of the plan. In apple, the following maintenance is done: Software and Hardware Maintenance Controls Hardware Control: The Company has a three-year hardware replacement program. All rooms have air conditioners and controlled thermometers that ensure that temperatures are regulated. The company has hired another firm to repair and service all hardware. Software Control: Software in this company is replaced after every two years of use. The system is scanned for viruses every three hours or after a suspected incident. Compromised and infected operating systems are disposed of immediately. Budget Planning Funds should be put aside to cater for all the contingency plan activities and systems. The plan requires a good budget due to the frequent improvement and maintenance of security systems. Training workers is also expensive. Installation of modern equipment on the facility to boost security is not cheap. It requires to be kept aside to keep the contingency plan functions going. Contingency plan funds should be included in the annual budget of the company. Business Impact Analysis Effects of Various Incidents on the Organization A fire accident can cause huge losses especially if there is no good plan of containing it. The fire can destroy equipment and machinery in an organization if it goes out of control. The worst case is human casualties. If a company does not have proper evacuation procedures, some of the employees can be trapped in the facility. As a result, all the company’s functions will be disabled and it will not be able to offer its services. It can also result to closedown of the company (Phillips 80). If the security system is not good, thieves can break in and take off with valuable items. The company can suffer huge losses due to such incidents. Hackers can als...