2

BC/DR Draft Plan for AT&T Wireless Communications

University of Advancing Technology
Joshua Lee Moatz
NTW 440

BC/DR AT&T WIRELESS COMMUNICATIONS

JOSHUA LEE MOATZ

Introduction
Here, at AT&T Wireless Communications, we strive to keep the assets of our company,
our customers, associates, and staff safe from impending harm. This can include and is not
limited to: security breaches, sabotage, natural disasters, and even terroristic threats. Our current
Business Continuity and Recovery Plan strives for excellence in all areas, securing every fabric
or crack of a potential threat that could harm our company. Just like we value our customers
service and do the best we can to secure their accounts we must, in turn, do the same to make
sure our company receives the same treatment. Please read the following addressed plan below
and ensure you do your part when conducting future tests as we continue to grow and improve
upon our policies.

BC/DR AT&T WIRELESS COMMUNICATIONS

JOSHUA LEE MOATZ

Overview
AT&T is bringing it all together for our customers, from revolutionary smartphones to
next-generation TV services and sophisticated solutions for multi-national businesses. For more
than a century, we have consistently provided innovative, reliable, high-quality products and
services and excellent customer care. Today, our mission is to connect people with their world,
everywhere they live and work, and do it better than anyone else. We're fulfilling this vision by
creating new solutions for consumers and businesses and by driving innovation in the
communications and entertainment industry.
In addition to our companys vision, we have the leverage to back it up. Our company has
been recognized with 2013s J.D. Power Award for: Top Wireless Purchase Experience. Our
company, being as interested in international and social communication, has a lot customers
relying on our powerful network. IT disaster, either corporate or from a sinister outsider, can put
the accounts of this prestigious company in jeopardy. This is why, it would be the companys
current mission to present to the consumer with a safe proof plan. We call it the AT&T Secured
Vault Seclusion or S.V.S for short. To be considered the top wireless purchase experience, the
company guarantees to follow up on that promise by expanding the heights of security and safety
in order to keep the consumer comfortable with such service. A company that takes action for the
consumer as a whole, also benefits from the movement. However, in order to put S.V.S into
effect, a budget must be presented accordingly in order to accommodate such a tall order. As a
one hundred and twenty million dollar company, the order can easily be fulfilled.

BC/DR AT&T WIRELESS COMMUNICATIONS

JOSHUA LEE MOATZ

Scopes and Objectives

S.V.S has been designed to be tested on the level of being close to flawless. Our
objectives are to be the following:

Prevention of staff injury in all disasters, whether they be natural or caused from an

outside threat.
Designed with an affordable budget in mind but with a strong infrastructure in place to

have us running back online within a matter of hours or a few days max.
The company intends to have specific teams in place when such disasters occurs. This is
to ensure the BC/DR (S.V.S) is executed professionally, effectively, and in a timely

manner.
Our company intends to contain the problem as soon as humanly possible. This so not
further damage can occur later or continue to spread. The more damage that occurs, the

more our company will be offline.

Our company will issue a public statement through a professionally elected company
spokesman. This is to ensure our companys image remains highly valued and that our
customers along with our partners understand the reasons why we are currently down at

this time.
To ensure all employees understand their responsibilities as associates of our company
and that the policies are upheld at all times. Safety of our staff is the most important asset
of our company.

Emergency Team Organizations (Basic Overview)

BC/DR AT&T WIRELESS COMMUNICATIONS

JOSHUA LEE MOATZ

1. Mission Statement and Basic Overview

a. Each team will be assigned a task to perform during a disaster taking place, being
either natural or committed by an outside threat.
b. The teams will be led by individual management leaders within each team. The
specific instructions given by those leaders must be followed at all times.
c. The objective for each team is to perform their assigned task during a disaster
event in a safe or professional manager. If the team cannot perform the task they
are assigned then immediate evacuation must take place.
d. The most important task is to make sure all associates, personal, customers, and
other executives evacuate the facility in a safe and professional fashion.
e. Once evacuation has taken place, each team may be asked to perform their
individual task if applicable. (If a team cannot perform their tasks in a safe and
professional manner then they must wait to perform such a task.)
f. Refrain from partaking in tasks that your team or you are not familiar with
handling unless you are asked to participate in them by another member of
management. (Do not attempt to do a task you are not assigned to without
permission.)

BC/DR AT&T WIRELESS COMMUNICATIONS

JOSHUA LEE MOATZ

Emergency Team Organizations and Responsibilities

1. Emergency Management Team
Department Lead: (Jamie High)
O

This team is responsible for notify all other teams that a disaster is
currently occurring. They will use all forms of communication to notify
associates, customers, or visitors at the facility of its current dire situation.
This team will oversee the evacuation of the facility or facility(s), in a safe
and professional manner.

2. Damage Assessment Team

Department Lead: (Jason Phelps)
o This team is responsible for the containment of the damage being spread
by the disaster. However, it is vital that they do it a safe and professional
manner. This team will have access to all the necessary tools to contain the
situation of damage. Such tools could include fire extinguishers, technical
knowledge, building layouts, etc.

3. Senior Management Team

Department Lead: (CEO Sophia Jacobs)
o
Senior Management works alongside the Emergency Management
team to ensure all policies, responsibilities and evacuations are conducted
in safe and professional manner.

4. Salvage and Recovery Team

Department Lead: (Sarah Ottel)
o
This team is responsible for salvaging or recovering vital company
products, information, or assets that remain valuable in order for the
BC/DR AT&T WIRELESS COMMUNICATIONS

JOSHUA LEE MOATZ

company to continue functioning. If salvage cannot be conducted safely

during disaster, the team will be assigned to return later after the disaster
ceases to conduct a recovery sweep of the area.

5. Communications and Media Team

Department Lead: (Lisa Tran)
o This team is responsible for allowing the company disaster to be public
knowledge. They must relay our message in a formal professional fashion,
sticking to the facts of the event and protection our companys image.

6. Finance, Property, and Insurance Team

Department Lead: (George Parker)
o
This team monitors all of the companys assets on a financial level.
This team address the need for funding future projects, the projection of
damage from disaster, and how much funding will be needed in order to
conduct a proper restoration of company property. It will handle all
insurance claims sent in from the event as well.

7. Marketing and Customer Support Team

Department Lead: (Luis Garcia)
o
This team works alongside the Finance, Property, and Insurance
Team to ensure all company assets are met with essential damage estimate
numbers. This team is responsible for explaining our customers why their
service may be delayed and convey our sincerest apologies.

8. Fire and Police Team

Department Lead: (Jasmine Thomas)
BC/DR AT&T WIRELESS COMMUNICATIONS

JOSHUA LEE MOATZ

This team is conducts their positions based on the asset of the

emergency. If a fire occurs, this team works on containing that said fire.
Policing is involved when evacuation takes place.

9. Personal and Life Safety Team

Department Lead: (Lina Grant)
o
This team is responsible for maintaining role and keeping track of
any lost associates. If an associate is missing, it is important that this team
relay that information to the Fire and Police Team. In return, an hurt or
injured associates should be hospitalized. The burden of this weight falls
upon the shoulders of this team.

Risk Analysis Documentation

External Risks

Hurricanes
Tornados
Equipment Failure or Malfunction
Terrorist Threat

Internal Risks
Tampering or dismantling
Fires
Floods
BC/DR AT&T WIRELESS COMMUNICATIONS

JOSHUA LEE MOATZ

Security Breach

Risks to Staff
Harmful debris or threats due to natural disaster
Personal attack on character or company
Financial discomfort

Risks to Security, Confidentially, and Disclosure

Security breach affects staff accounts and affects company reputation

Security breach affects customer accounts and affects company reputation
Compromises business integrity

Risk Assessment Worksheet

Program
Process or
Business
Practice
App Store

Customer
Accounts

Wireless
Support

Information
Type/Sensitivit
y Level
Customer
purchases, level of
sensitivity: 5,
information
usually stored
within terminal
servers
Personal
Information,
Account
Balance/Info, level
of sensitivity: 5,
terminal servers
Connection
Broadband, level
of sensitivity: 3,
Wireless Towers

Associate
d Risks
It could
devastate
corporate
business and
affect
customer
purchases
Hacked
accounts
lead to less
business and
tainted
name
Natural
Disasters
can destroy
towers or
block
connection

BC/DR AT&T WIRELESS COMMUNICATIONS

Exampl
e of
Current
Control
Constant
security
checks
and
troublesho
oting
Confidenti
ality of
accounts
and
password
support

Delay of
Service

Determinati
on of the
Effectiveness

Regulatio
n or
Standard
s

Next
Action;
Require
by whom

Yes

Customer
Support and
Service

Backup
server in
case of
crash

No

Network
Security
Consult

Stronger
account
protection

Support
Electricians

Elevate
Towers to
safer
locations

Yes

JOSHUA LEE MOATZ

Mobile
Internet

Business
Sites

Connection
Broadband, level
of sensitivity: 3,
Wireless Towers

Property of
Business, level of
sensitivity: 4,
Associates

Natural
Disasters
can destroy
towers or
block
connection
Natural
Disasters
can damage
property or
employees

BC/DR AT&T WIRELESS COMMUNICATIONS

Delay of
Service

Corporate
Emergenc
y

Yes

Yes

Support
Electricians

Elevate
Towers to
safer
locations

Evacuation

Build
business in
safer
locations

JOSHUA LEE MOATZ

Business Impact Analysis

Unit
EXAMP
LE:
Professi
onal
Service
s

Custom
er
Service
s

Degre
Activity
e of
Proces (Type of Activity Impac
s ID
Data)
Owner t
EXAMP
LE:

Sales
(Personal
Customer
Informatio

John Doe

CRD77-9111

Sales
(Customer
Account
Informatio
n)

Jacob
Young

Corporate
Managem
ent
(Stock/Sh
ares

Anthony
Zimmerm
an

Sales
(Store
locations/
Areas)

Mathew
Chang

Sales
(Internal
Affairs
Informatio
n)

Jessica
Little

Corporate
Managem
ent
(Corporat
e Affairs

Liam
Palmer

Sales
(Client
Informatio
n)

Patrick
Claim

FRD-789111

Store
Division
s

SRD79-9111

Corpora
te
Division

Sponsor
Service
s

IRD-809111

CCRD81-9111

SRD99-0111

Financia Probabilit
l Costs
y of Loss

1.75

3.25

4.25

1.75

3.5

Overal
l
Weight

EXAMPL
E:

PRD99-0111

Financia
l
Service
s

Internati
onal
Service
s

EXAMPL
E:

Political
or
Sensitivit
y

BC/DR AT&T WIRELESS COMMUNICATIONS

JOSHUA LEE MOATZ

Activity
Owner

Acceptable
Down Time

Data
Owner

Confidentialit
y

Integrity

Availability

Other
Regulatory
Requirement
s

2 hours

Jason
Druid

High

High

Medium

HIPPA

2 hours

Felicia
Auburn

Medium

High

Low

Privacy
of 1974

Act

5 hours

Zack
Groan

Low

High

Medium

Privacy
of 1974

Act

7 hours

Lilly
Mitchell

High

High

High

HIPPA and
Privacy Act
of 1974

1 hour

Hannah
Joel

High

High

High

Privacy
of 1974

3 hours

Keith
Cotton

Low

High

Low

N/A

Jacob
Young
(Customer
Services)
Anthony
Zimmerman
(Financial
Services)
Matthew
Chang
(Store
Divisions)
Jessica
Little
(Internationa
l Affairs)
Liam Palmer
(Corporate
Division)
Patrick
Claim
(Sponsor
Services)

BC/DR AT&T WIRELESS COMMUNICATIONS

Act

JOSHUA LEE MOATZ

APPLICATION PROFILE
Develop Application Profiles only for applications that support critical business functions (as identified in Step 1) or
contain confidential or sensitive information (as identified in Step 2).

Process ID:

ERD-7003-89076

System
Name:

Howie Mock Interface

Inventory
Information
:

6789-09870-4567LP-09KOL7-000567

(Fixed Asset Tag

#, Serial
Number, etc.)

System
Owner:
(include contact
information such
as campus,
telephone, etc.)

Justin Lin, 1344 Park Road, Fort Meade, Maryland - (717-789-0090)

Data
Owner:
(include contact
information such
as campus,
telephone, etc.)

System
Administrat
or:
(include contact
information such
as campus,
telephone, etc.)

Ashley White, 1356 Park Road, Fort Meade, Maryland - (717-967-0879)

Joshua Lee, 1756 Washington Street, Fort Meade, Maryland - (717-001-0908)

Data
Custodian:
(include contact
information such
as campus,
telephone, etc.)

External
Contact
Information
:

Bart Baker, 2367 James Road, Fort Meade, Maryland - (717-895-8889)

Sponsor Corporation, Winter Road, Baltimore, Maryland - (717-727-7377)

(State Agencies,
Vendors, etc.)
BC/DR AT&T WIRELESS COMMUNICATIONS

JOSHUA LEE MOATZ

Primary
Users:
Required
Recovery
Time:
(Based on the
Acceptable
Down Time and
mission critical
overall rating)

System
Description
:
(Datebase,
language,
hardware,
components,
and release
level, etc.)

Joshua Lee, Bart Baker, Justin Lin, and Ashley White

The general consensus is to have less than a 24 hour window of down time. The
overall critical rating of the mission is a dire contraint. The focus would be to get all
systems up and running again within the 24 hour window.

Off shore cold servers will serve as back up for when all systems are down. The
system will run on a Wi-fi, typical bus, and equipped with both English and Spanish
dialect. The release level will be based on the threat level of the problem.

Network
Access:
If "other" is
selected
provide
description:

Wireless, typical bus/star component

System
Interface
and
Boundary:
If the IT
system
connects to
other IT
systems, is
Yes
an
Interoperabi
lity Security
Agreement
(ISA) in
place?
Authenticati
Passcode: AU-70040-9876
on
Mechanism:
BC/DR AT&T WIRELESS COMMUNICATIONS

JOSHUA LEE MOATZ

Change
Managemen
Authorization is always through management
t
Description
:

BC/DR AT&T WIRELESS COMMUNICATIONS

JOSHUA LEE MOATZ

Role Definitions
Data
Custodian

Data Custodians are individuals or organizations in physical or logical

possession of data for Data Owners. Data Custodians are responsible for the
following:
1.
Protect the data in their possession from unauthorized access, alteration,
destruction, or usage.
2.
Establish, monitoring, and operating IT systems in a manner consistent
with VCCS and COV IT security policies and standards.
3.
Provide Data Owners with reports, when necessary and applicable.

Data Owner

The Data Owner is the manager responsible for the policy and practice
decisions regarding data, and is responsible for the following:
1.
Evaluate and classify sensitivity of the data.
2.
Define protection requirements for the data based on the sensitivity of the
data, any legal or regulatory requirements, and business needs.
3.
Communicate data protection requirements to the System Owner.
4.
Define requirements for access to the data.

IT System All users of COV IT systems including employees and contractors are
Users
responsible for the following:
1.
Read and comply with VCCS Contingency Planning and Business
Recovery program requirements as well as VCCS and college IT polices,
standards, and guidelines.
2.
Report breaches of IT security, actual or suspected, to their college
management and/or the ISO.
3.
Take reasonable and prudent steps to protect the security of IT systems
and data to which they have access.
System
Administrat
or

System

The System Administrator is an analyst, engineer, or technician who

implements, manages, and/or operates a system or systems. The System
Administrator assists College and System Office management in the day-today administration of the IT systems, and implements security controls and
other requirements of the local IT security program on IT systems for which
the System Administrator have been assigned responsibility. Typically in the
VCCS these are SIS Security Officers, LAN Administrators, Network Security
Engineers, etc.

The System Owner is the manager responsible for operation and maintenance
of an IT system. With respect to IT security, the System Owners

BC/DR AT&T WIRELESS COMMUNICATIONS

JOSHUA LEE MOATZ

Owner

responsibilities include the following:

1. Require that all IT system users complete required IT security awareness

and training activities prior to, or as soon as practicable after, receiving
access to the system, and no less than annually, thereafter.
2. Manage system risk and developing any additional IT security policies and
procedures required to protect the system in a manner commensurate with risk.
3. Maintain compliance with VCCS and COV IT security policies and
standards in all IT system activities.
4. Maintain compliance with requirements specified by Data Owners for the
handling of data processed by the system.
5. Designate a System Administrator for the system.

BC/DR AT&T WIRELESS COMMUNICATIONS

JOSHUA LEE MOATZ