Introduction to Computer Security
Professor Mark Ford
Business Continuity Implementation Planning
A Business Continuity Plan is “a plan for how to handle outages to IT systems, applications and data access in order to maintain business operation. A Business Impact Analysis is a prerequisite analysis for a Business continuity plan that prioritizes mission critical systems, applications and data and the impact of an outage or downtime.” (Kim. 2012. Pg.478)
Every organization faces risk. Sometimes risk is measurable and predictable, and other times it is not. For example, a lawn care company knows that it has a seasonal business. There is ...view middle of the document...
This assessment will determine what threats exist, what assets need to be protected, and what available tools and the cost/benefit of using these tools is. There is no such thing as mitigation of all risk. Risk Management brings the organization’s vulnerabilities down to a manageable level.
Another very important issue to consider is that vulnerabilities will change over time. A Security Professional must be alert at all times to new threats and must implement new strategies to mitigate these new threats.
Once a Risk Assessment has been performed, potential threats and company assets that need to be protected have been identified, a security plan needs to be put into place. This plan will include everything from firewalls, antivirus and antimalware software, Acceptable Use Policies, employee training, and security protocols such as how and how often backups will be done, what happens when an intrusion is detected and many other things. Once the plan is put into place, audits need to be scheduled and implemented to make sure that the plan is working as it should.
One final piece of the Business Continuity Implementation Plan, and probably the most important piece from an overall Company standpoint is, “What happens if a real disaster hits”. Certainly nobody in the World Trade Center buildings planned for 9/11. The airlines were not prepared. Entire companies went out of business overnight. I am quite sure that small companies headquartered in one of those towers lost all of their employees, and if you think about it, the relatives were the ones left to grieve and pick up the pieces and the fact that the entire business was gone was left up to insurance carriers and attorneys to figure out. This is an extreme example of course. But what about companies that had branch offices in the World Trade Center? The Security Professionals responsible for the Business Continuity Implementation Plan would have had to jump into action to implement their plans for just such an occasion.
Obviously this is an extreme example. But what might be a fairly common occurrence is for a national company with branches all over the United States to have a branch struck by a power outage for several days. The Security Professionals...