Case Study #2: Integrating Disaster Recovery / IT Service Continuity with IT Governance Frameworks CSIA 350 Professor: Mario Camilien Charles Kim
Introduction of Disaster Recovery / Business Continuity Plan
Disaster recovery (DR) plans are a necessity in today’s digital world. The reliance on digital content and IT services are critical for daily operations. Disaster recovery plans provide systematic approaches for reinstating a system from a natural or cybersecurity disruption. These plans are intended to reduce the negative impact to a business operations. Disaster recovery plans identify critical components and prioritizes the systems that need a shorter mean time to repair.
Disaster
What can Happen to that Data? (Margetis, L., & Ushman, D. (2014, March 10). Sandhill.com, from http://sandhill.com/article/implementing-a-disaster-recovery-plan/)
Cybersecurity attacks can damage a business just like natural disasters can. A disaster recovery plan needs to take into account for natural disasters and cybersecurity attacks. Cybersecurity can disrupt operations and even cause credibility concerns, which can be detrimental to a business. When cybersecurity attacks happen, information security teams need to focus on the organization 's network perimeter and interior infrastructure (Kirvan, 2015).
Human errors has been correlated to a very high percentage in data loss (Sandhill,
(n.d.). A strategic framework for it disaster recovery assessments. Retrieved from http://www.isaca.org/Journal/archives/2012/Volume-6/Documents/jol12v6-A-Strategic.pdf
Kirvan, P. (2009, October 1). IT disaster recovery (DR) plan template: A free download and guide. Retrieved from http://searchdisasterrecovery.techtarget.com/feature/IT-disaster-recovery-DR-plan-template-A-free-download-and-guide
Kirvan, P. (n.d.). Integrate cybersecurity practices into a business continuity program. TechTarget . Retrieved from http://searchdisasterrecovery.techtarget.com/tip/ Integrate-cybersecurity-practices-into-a-business-continuity-program
Margetis, L., & Ushman, D. (2014, March 10). Sandhill.com, from http://sandhill.com/article/implementing-a-disaster-recovery-plan/
Rouse, M., & McLaughlin, E. (n.d.). What is CISO (chief information security officer)? WhatIs.com. from http://searchsecurity.techtarget.com/definition/CISO-chief-information-security-officer
Top 7 Best Practices for Business Continuity. (n.d.). Retrieved from
Both man-made and natural disasters are often devastating, resource draining and disruptive. Having a basic plan ready for these types of disaster events is key to the success of executing and implementing, as well as assessing the aftermath. There are many different ways to create an emergency operations plan (EOP) to encompass a natural and/or man-made disaster, including following the six stage planning process, collection of information, and identification of threats and hazards. The most important aspect of the US emergency management system in preparing for, mitigating, and responding to man-made and natural disasters is the creation, implementation and assessment of a community’s EOP.
According the the Federal Emergency Management Agency (FEMA), an emergency operations plan (EOP) dictates “who will do what, as well as when, with what resources, and by what authority--before, during, and immediately after an emergency” (FEMA, 1996). An effective EOP should contain a plan for all the potential disasters for a given region. These disasters would include natural disasters, man-man disasters including terrorist attacks, chemical weapon attacks and even nuclear war. The intent of the EOP is to publish a document intended to minimize the impact of the disaster, save lives while offering a path to recovery. In simple terms, an EOP “is the playbook by...
"FAQ: Disaster Recovery Planning for Health Care Data." SearchHealthIT. Ed. Anne Steciw. TechTarget, May 2012. Web. 12 Feb. 2014. .
disaster and who is to preform those steps. With a clear, documented disaster recovery plan in place the risk from a disaster can be minimized. While there is no way to plan for every disaster that could happen, the likely disaster can be planned for and the risk minimize as much as possible. The disaster recovery plan is the documented efforts that IT will perform to minimize the risk of catastrophic failure. This document is a requirement for any IT audit that is performed on the Clinica Tepeyac information systems department.
Tasked by the ACF, our team of disaster case managers and responders are on the scene within 72 hours of its start. From there, ACF Immediate Disaster Case Management (ACF IDCM) starts meeting with those suffering from the disaster to fully access what is needed for a proper recovery. While tasked by the ACF, the IDCM program is completely self-sufficient while receiving support from BCFS EMD’s Incident Management Team. Through BCFS’ support, the program is provided complete operations, logistics and planning support to meet its
The Security staff of the Executive Office is responsible for the day to day activities that ensure that the President of the United States is informed with all of the information that will ensure that he can make a sound decision on important issues that are facing the United State. “The Executive Office of the President (EOP) was created in 1939 by President Franklin D. Roosevelt. ("Executive Office of the President | whitehouse.gov," n.d.)” The Chief of Staff is the closes of advisors to the president throughout his term in the Oval office. In this Business Continuity Plan (BCP) we be covering the purpose of having BCP, the objectives to resuming normal operations. We will talk
Security helps the organization meet its business objectives or mission by protecting its physical and financial resources, reputation, legal position, employees, and other tangible and intangible assets through the selection and application of appropriate safeguards. Businesses should establish roles and responsibilities of all personnel and staff members. However, a Chief Information Officer should be appointed to direct an organization’s day to day management of information assets. Supporting roles are performed by the service providers and include systems operations, whose personnel design and operate the computer systems. Each team member must be held accountable in ensuring all of the rules and policies are being followed, as well as, understanding their roles, responsibilities and functions. Organizations information processing systems are vulnerable to many threats that can inflict various types of damage that can result in significant losses (Harris, 2014). Losses can come from actions from trusted employees that defraud the system, outside hackers, or from careless data entry. The major threat to information protection is error and omissions that data entry personnel, users, system operators and programmers make. To better protect business information resources, organizations should conduct a risk analysis to see what
Protecting Critical Infrastructure According to the Department of Homeland Security, Critical Infrastructure are the assets, systems and networks, whether physical or virtual, so vital to the United States that their incapacitation or destruction would have debilitating effect on security, national economic security, national public health or safety, or any combination thereof. In other words, protecting critical infrastructure is one of the six major missions of the Department of Homeland Security. And especially since the 9/11 attacks, numerous changes have been applied to infrastructure protection. In this research, I will review the relationship between federal agencies and the private sector in critical infrastructure. As an example of this research, I will use both World Trade Center attacks as a response to security issues associated with critical infrastructure.
Alexander, Goldman and Warner (2013) the DHS is the lead agency responsible for protecting the nation from domestic cyber attacks(p. 21). DHS and more specifically the Federal Emergency Management Agency (FEMA) has the major responsibility of disaster management and relief. FEMA plays a significant role because they are the only major organization that acts in this capacity. While there are numerous agencies that investigate and attempt to prevent terrorism in both the traditional sense and in the cyber capacity, there are not many other agencies at the federal level that provide assistance after a
The Chief Security Officer (CSO) position requires the capability to understand complex business issues and articulate the context of projects and processes to senior executives, the Board, customers, and industry leaders and as such will possess strong skill sets in security, technology and business management. Primarily responsible for ensuring the effective protection of the company and its customers the CSO is responsible for managing security risks to ensure compliance with regulatory requirements while affirming business trust with its customers. To accomplish this task the CSO will oversee security operations, information and assets. Qualified candidates must be a US Citizen and have the ability to obtain a US Security Clearance. RESPONSIBILITIES
Pennsylvania Small Business Development Center. (n.d.). Emergency Response Planning: Disaster Preparedness for Small Businesses | pasbdc.org . Retrieved June 3, 2010,
SQL Server provides a wizard for setting up database maintenance plans such as scheduling database and log backups. Both log and data files are created by SQL Server. Three main recovery models are covered in SQL Server. In a simple recovery, neither logging is done nor log recorded applied to the process. This method is mostly used for databases that never change. A full recovery includes the database changes into...
Conclusion Overall, the consequences of not having a Disaster Recovery and Business Continuity Plan can become costly in the event of a disaster. Most companies will find themselves in financial disarray when having to rebuild and/or replace any portions of the IT infrastructure that were destroyed during a disaster event. Hence, companies invest in insurance to cover such costs; however, there must be a balance because even with insurance an organization may still incur high expenses. Having a good disaster recovery and business continuity plan will keep your company up and running through any kind of interruptions such as power failures, IT system crashes, natural or man-made disasters, supply chain/vendor problems and more.
Steciw, Anne. "FAQ: Disaster Recovery Planning for Health Care Data." FAQ: Disaster Recovery Planning for Health Care Data. TechTarget, n.d. Web. 23 Mar. 2014. .
Unequivocally speaking, the threat of a cyber-attack has become one of the most critical domestic and national security challenges we face as a nation today. Infrastructures supporting government operations are ...