A disaster is any sudden, unplanned calamitous event that brings about great damage or loss. Entire communities have concerns following a disaster, however, the business faces special challenges because they have responsibilities to protect the lives and livelihoods of their employees and to guard company assets on behalf of shareholders.
In the business realm, a disaster can be seen as any event that prevents the continuance of critical business functions for a predetermined period of time
*A business continuity plan is a collection of procedures and information that is developed and maintained in readiness for use in the event of an emergency or disaster.
*Business continuity planning (BCP) are preparations made to keep a business running during and after a disaster, ensuring the availability of those resources required to maintain the ongoing viability of the organization.
*Business Impact Analysis (BIA) is a management level analysis which identifies the impact of losing company resources. The BIA measures the effect of resources loss and escalating losses over time in order to provide senior management with reliable data upon which to base decisions on risk mitigation and continuity planning
*Business Impact Assessment (BIA) includes the following questions:
-How bad things get?
-What are the most important resources, systems, outputs and dependencies by business function?
-What impact does unavailability have?
*Disaster Recovery Planning (DRP) is typically, the technology aspects of a business continuity plan, to recover information system resources to full or partial production processing levels in the event of an extended outage. Normally the information system resources will be restored according to a priority indicated by what is "mission critical to the organization.
*Disclosure of sensitive information is a serious information security incident, which can result in severe embarrassment, financial loss, and even litigation, where damage has been caused to someone's reputation or financial standing. Further types of serious disclosure involve secret patient information, plans and strategic directions, research, information disclosed to legal representatives etc. Deliberate unauthorized disclosure of sensitive information is called as espionage.
BCP/DRP process includes :
*Project Initiation
*Business impact assessment
*Recovery strategy
*Plan design and development
*Implementation
*Testing
*Monitoring and maintenance
An organizations core activities generally should not be outsourced because they are what the organization does best
Many countries have enacted regulations to protect the confidentiality of information maintained in their countries and or exchanged with other countries. When a service provider outsources part of its services to another service provider, there is a potential risk that the confidentiality of the information will be compromised.
It is critical that an independent security review of an outsourcing vendor be obtained because customer credit information will be kept there.
If in case the business case was not established, it is likely that the business rationale, risk and risk mitigation strategies for outsourcing the application development were not fully evaluated and the appropriate information was not provided to senior management for formal approval. The situation presents the biggest risk to the organization.
The risk management process is about making specific,security-related decisions such as the level of acceptable risk. Identification of the assets to be protected is the first step in the development of a risk management program.
To assess IT risk, threats and vulnerabilities need to be evaluated using qualitative or quantitative risk assessment approaches.
Identify research specifically for risk assessment, risk management and business continuity steps that support data security...
Identifying flaws in contingency plan Objectives: Research real world incidents, identify shortcoming (IR, BP or CP) and recommend possible solutions. Course Learning Outcomes: CL05, CL01: Student will be able to understand, implement and bring recommendations to contingency plan Tools or Equipment Needed: PC Internet explorer or chrome Internet Theoretical Background: A contingency plan is a course of action designed to help an organization respond effectively to a significant future event or situation that may or may not happen. A contingency...
Risk management in Information Security today Everyday information security professionals are bombarded with marketing messages around risk and threat management, fostering an environment in which objectives seem clear: manage risk, manage threat, stop attacks, identify attackers. These objectives aren't wrong, but they are fundamentally misleading.In this session we'll examine the state of the information security industry in order to understand how the current climate fails to address the true needs of the business. We'll use those lessons as a foundation...