Information Security
Business continuity planning (BCP) is used by businesses especially those operating through the help of computer network to prepare on how to continue surviving during any disaster, disruptions or changes. It thus gives a surety that there will be continuity of critical business processes in the most unfavorable situations with allowable constraints. BCP is therefore away of enhancing security to the business. The implementation OF BCP is normally done according to laws and regulations provided by BS25999 standard. The standard emphasizes that a business organization needs to have business continuity program set up in place in order to execute its operations within the environment of uncertainty.The chief objective of implementing BCP in a business organization is to be able to sustain and maintain regulatory compliances. It is also supposed to deliver its products and services with fewer losses to employees, customers, vendors and other relevant stakeholders (Dey, 2011, Romney, 2000).The cloud service provider will ensure that the business proceeds with its operations as usual in case the internal network fails due to disasters or any other calamities. The cloud service providers will in addition help the company to recover for the lost files due to calamity through the disaster recovery plan (DRP) that is in built within the network system.
An example is the Cisco Company that sells computer related products and services and has the biggest market share in the world as compared to its competitors. Cisco advertises and sells most of its products through online. The company has its internal computer network that it uses for all business operations including management. To ensure that business continuity planis built within the company, Cisco has decided to incorporate part of its network within the external cloud computing service providers that provides an external back up data center. Since the company has busy business schedule with various operations.The cloud service provider will ensure that the business proceeds with its operations as usual in case the internal network fails due to disasters or any other calamities. The cloud service providers will in addition help the company to recover for the lost files due to calamity through the disaster recovery plan (DRP) that is in built within the network system.
Solution to Question 2
It is true that many companies experience the pain of disaster in order to understand how it could have avoided or alleviated the events that caused the loss. For a start, we can start by saying that disasters especially the natural ones are very uncertain and therefore their effects can also only be understood better when they have occurred. However, problems cannot be solved better by waiting for them to take place first and then act later. As an example, XYZ Company that isa small information technology company can solve such problems in advance by building disaster recovery plan(DRP) within it. A disaster recovery plan is important in ensuring that the XYZ Company can recover from the effect of disaster and hence minimizing losses. The DRP thus addresses issues that surround the functions of the business units should a disaster occur (Snedaker, 2013, Gregory, 2011).The cloud service provider will ensure that the business proceeds with its operations as usual in case the internal network fails due to disasters or any other calamities. The cloud service providers will in addition help the company to recover for the lost files due to calamity through the disaster recovery plan (DRP) that is in built within the network system.
In order to build an effective disaster recovery plan, the XYZ Company uses the following list of procedures to have complete preparation of disaster recovery plan.First is planning the scope and objectives. It defines the extent to which DRP can identify and solve the disaster problem.
The aims of the plan are also included in this procedure. Second is the business recovery organization (BRO) and responsibilities. It is also called, recovery team concep. It involves how to use the available relevant IT team in the XYZ Company in terms of each person’s responsibility in order to have a good plan for DRP. Third is the major plan component: - This defines the structure as well as the format of the DRP plan. Firth procedure is the scenario to execute theplan:-Defines the situations or circumstances under which the DRP plan can be carried out. Sixth element is the Escalation, Notification and Plan Activation. It is followed by Vital records and Off-site storage program:- These define the records and programs that can be used to back up the continuity of critical processes in case of down time. Next is the personnel Control program:- specifies the staff that will be in charge of DR planning and execution. Another procedure is data loss limitations:- Specifies the extent at which the lost data can be regained or the extent to which data loss during down time can affect the business even after disaster recovery. Finally is the plan administration which covers the general management participation (Wold, 2006).The implementation OF BCP is normally done according to laws and regulations provided by BS25999 standard. The standard emphasizes that a business organization needs to have business continuity program set up in place in order to execute its operations within the environment of uncertainty.
Solution to Question 3
The process of developing and carrying out business continuity effectively takes plenty of thoughts, plan and timing including effort that has to go into different stages of the entire activity. Apart from identifying and understanding the actual threats, the counter measures must also be put in place along with comprehensive plans consisting of the outline for the unfortunate event.
An XYZ IT company uses the followinglist of procedures to complete a successful DR plan. It includes the following: (1) reason for planning:- This gives a well stated reason explaining why disaster recovery plan is set up in place. (2) Recognition:- This procedure is used to explain how specific kind of disasters can be noticed when they take place. (3) Reaction: - Explains how to go about the recognized disaster for asolution. (4) Recovery:- This step of the procedure explains how to revive the lost or destroyed files or resources. It is done after the occurrence of a disaster. (5) Restoration. (6) Return to normal – it details the way of ensuring that the business returns to its usual operation for continuity. (7) Rest and relax - this step simply involves settling down again once all operations have picked up to normal. There is also (8) Re-evaluation and re-documentation:- This is the last step which involves re-examining or analyzing again the whole process of disaster recovery and documenting the final outcome from it for future reference(Wold, 2006, Gregory, 2011).
References
Dey, M. (2011, February). Business Continuity Planning (BCP) methodology—Essential for every business. In GCC Conference and Exhibition (GCC), 2011 IEEE (pp. 229-232). IEEE.
Snedaker, S. (2013). Business continuity and disaster recovery planning for IT professionals.Newnes.
Wold, G. H. (2006). Disaster recovery planning process. Disaster Recovery Journal, 5(1).
Gregory, P. H. (2011). IT disaster recovery planning for dummies. John Wiley & Sons.
Romney, M. B., Steinbart, P. J., Zhang, R., & Xu, G. (2000). Accounting information systems. Upper Saddle River, NJ: Prentice Hall.
