AGENDA CAPTION:
Title
Consider approval of Resolution 2024-250R, approving a Client Memorandum of Understanding (“MOU”) with the University of Texas at Austin, Strauss Center for International Security and Law, providing for a no-cost clinic that will deploy a student team to complete a business impact analysis of the city’s IT systems; authorizing the City Manager, or her designee, to execute the MOU on behalf of the city; and declaring an effective date.
Body
Meeting date: January 7, 2024
Department: Information Technology
Amount & Source of Funding
Funds Required: None
Account Number: Click or tap here to enter text.
Funds Available: Click or tap here to enter text.
Account Name: Click or tap here to enter text.
Fiscal Note:
Prior Council Action: Click or tap here to enter text.
City Council Strategic Initiative: [Please select from the dropdown menu below]
Choose an item.
Choose an item.
Choose an item.
Comprehensive Plan Element (s): [Please select the Plan element(s) and Goal # from dropdown menu below]
☐ Economic Development - Choose an item.
☐ Environment & Resource Protection - Choose an item.
☐ Land Use - Choose an item.
☐ Neighborhoods & Housing - Choose an item.
☐ Parks, Public Spaces & Facilities - Choose an item.
☐ Transportation - Choose an item.
☒ Core Services
☐ Not Applicable
Master Plan: [Please select the corresponding Master Plan from the dropdown menu below (if applicable)]
Choose an item.
Background Information:
The City of San Marcos Information Technology (IT) Department would like to enter into a Client Memorandum of Understanding (MOU) with the University of Texas at Austin, Strauss Center for International Security and Law for a Texas Cybersecurity Clinic. The no-cost Clinic will deploy a student team advised by the Clinic instructor during the Spring 2025 academic semester to complete a Business Impact Analysis (BIA) for the City of San Marcos IT systems.
The Business Impact Analysis (BIA) will benefit the City of San Marcos by identifying critical systems, processes, and data. A BIA can help the city prioritize risk mitigation efforts, develop effective business continuity plans, and minimize the potential financial and reputational damage caused by a security breach. Additionally, a BIA can help the city allocate resources effectively, prioritize security investments, and demonstrate compliance with industry regulations.
The purpose of the BIA is to identify and prioritize system components by correlating them to the mission/business process(es) the system supports, and using this information to characterize the impact on the process(es) if the system were unavailable.
The BIA is composed of the following three steps:
1. Determine mission/business processes and recovery criticality. Mission/business processes supported by the system are identified and the impact of a system disruption to those processes is determined along with outage impacts and estimated downtime. The downtime should reflect the maximum that an organization can tolerate while still maintaining the mission.
2. Identify resource requirements. Realistic recovery efforts require a thorough evaluation of the resources required to resume mission/business processes and related interdependencies as quickly as possible. Examples of resources that should be identified include facilities, personnel, equipment, software, data files, system components, and vital records.
3. Identify recovery priorities for system resources. Based upon the results from the previous activities, system resources can more clearly be linked to critical mission/business processes. Priority levels can be established for sequencing recovery activities and resources.
Council Committee, Board/Commission Action:
Click or tap here to enter text.
Alternatives:
Click or tap here to enter text.
Recommendation:
Click or tap here to enter text.