MSIS 4253/5253/ACCT 5603

Spring 2022

Homework #4

CDK

CKD is a virtual reality application maker that specializes in the advanced VR technologies that are often used by government agencies as training simulators and by gamers who seek cutting edge gaming technology. When it comes to advances in application technology, no one beats CKD.

CKD‘s business strategy focuses on forward thinking research and development (R&D) and very high end VR systems. They have built a niche market catering to those in want of advanced VR capabilities. As such, their rivals (both foreign and domestic) would love to get their hand on CKD‘s research data and design specifications. That threat is only second to CKD having its production line shut down. CKD is a small start-up company with about 100 employees selling high end products. They have no inventory and must keep up with government contracts not to mention gaming customer demand. If their production line goes down for any length of time, they are out of business.

Because CKD relies heavily on its information and information systems, having a solid information security program is imperative. Loss of R&D data would wipe them out. However, because CKD is a start-up funds for information security are limited and the accounting officer keeps a tight hold on spending, and because production cannot be interrupted the operations officer doesn’t want anything fowling up product output even if it is essential to information security.

Major decisions at CKD are made by the executive council (EC) which consist of the Chief Executive Officer (CEO), Chief Operations Officer (COO), Chief Financial Officer (CFO), Chief Legal Officer (CLO) and Chief Information Officer (CIO). You have been hired to file the role of Chief Information Security Officer (CISO). In that capacity you and your staff of six are responsible for developing cyber security policies, securing the CDKs information infrastructure and performing IT audits for security and compliance.

Homework #4 – Disaster!!!

CDK is located in St. Augustine, Florida on the Atlantic coast. As the CISO, the greatest natural disaster you face is that of a hurricane, but don’t discount other types of disaster as well. After all it is your responsibility to lead the IT recovery efforts in the event of a disaster. During one of your internal risk assessments, you discovered that CDK does not have a Disaster Recovery Plan (DRP). As the CISO, it is all your responsibility to develop a DRP. The first thing you need to do is develop a list of priorities for CDK’s disaster recovery efforts.

Your task now is to derive a prioritized list (i.e. the first one is most important, then the second, etc.) of things you need to do or include in your DRP. Minimum of 5 items on your list. Be sure to explain your rationale for selecting your priorities and why you prioritized them in the way that you did. Remember, a DRP is focused on reconstituting information and information systems as soon as possible after a disaster.