Essay on "Business Continuity and Disaster Recovery BCDR"
Essay 7 pages (2036 words) Sources: 1+
[EXCERPT] . . . .
Business Continuity and Disaster Recovery PlanDisaster recovery plan focuses on the approaches to follow after a business faces a disaster. Most organizations adopt plans that are technology-oriented that aim at reshaping the network and systems. Business continuity deals with sustaining the organization after experiencing a disaster and involves more than technology. Numerous companies and businesses are embracing business continuity into their environment because of increased awareness of disastrous circumstances, as well as new legal requirements that assume top management obligations for financial responsibility.
Enterprise Business Continuity and Disaster Recovery Plan (BCDR) for ABBA Agency with 10 employees
Business Continuity and Disaster Recovery Plan (BCDR) are procedures that assist organizations prepared for unexpected events. While preparing for BCDR, the company must incorporate the following requirements.
a) Practices, standards and guidelines, for business security, risk assessment and mitigation
b) Planned for disaster recovery and business recovery to include computer and network security
c) Effective security policy, risk factors, security-related organizations, and general security threat types and access controls.
d) Using universal guidelines and principles with respect to network security, it risk assessment, risk analysis, and risk management
e) Guidelines for Cyber law, copyright, patent, and privacy laws, within the bounds of the legal systems for digital media in the U.S. Court
It is crucia
download full paper ⤓
The most significant part in Business Continuity and Disaster Recovery Plan is implementing practices, standards and guidelines that endorse management support. Management must accept the significance for executing such a plan. It is necessary for any business case to obtain the management support. Some of the issues included in the disaster recovery plan entails; current vulnerabilities, regulatory and legal requirements, status of recovery plans and proposals (Alexander, 2002).
It is also necessary to incorporate cost/benefit issues as this helps in gathering preliminary numbers and estimate potential losses. In addition, the disaster recovery plan should include a computer and network security. While the implemented practices, standards and guiding principles ascertains business security, the computer and internet security ensures data maintenance. The policies implemented by ABBA agency must ensure that private and discrete data remains within the right people (Davis, 2007).
To carry on with significant business functions in the event of business disruptions, it is essential to continue with a functional risk assessment. This helps address the significant functions and make the suitable investments, in terms of time and money. The risk assessment adopted by the company helps identify the various functions, procedures, resources and suppliers. This has tremendous effect on the ability of the company to fulfill the agency's ability to realize its mission objectives. It also involves the discovery and assessment of the viable threats, the existing vulnerabilities and the possibility that a disruption will exploit the discovered disruptions. Furthermore, it assists in the discovery of the relative risk exposure to diverse components of the business, so that there is the occurrence of fact-based decision making on mitigation plans (Alexander, 2002).
In addition to employing functional risk assessment, the company should consider adding physical securities for the offices, various rooms and facilities against foreseen business disruptions. The company should ascertain that it concentrates on safeguarding all the essential equipments, facilities and documents in order to avoid jeopardizing the network security. In administering the security policy, the company may require allotting additional human resources (Alexander, 2002).
The it security employees should have new obligations that ease control and authentication. It is necessary to manage user accounts, passwords, group membership and other authentication devices. In addition, the company will require installing and employing network security tools that observe any suspicious activity. These tools assist the company to proactively assess and authenticate servers, firewalls and routers to discover security holes or breaches.
The company will probably need to choose, set up and apply watchdog software that examines network traffic and/or OS commands and activates an alarm. This happens when an event occurs that is contrary to company's security policy. Furthermore, the security employees will require expending time examining log files from Web and application servers, and examining audit trails, when suspicious events arise. This is in addition to assigning more routine responsibilities, for instance having backup files and recovery and installation of new software. Another guideline to security policy is helping staffs with computer related problems. The company should occasionally test the enforcement mechanisms to authenticate that they offer the projected levels of safety. When there is a violation of security policy, it will be significant for the company to assume suitable and appropriate disciplinary action (Frank, 2006).
Based on the severity of the violation caused, the penalties to the employees may range from loss of remuneration or loss of jobs. Suitable authorities for probable criminal prosecution should handle increased violation, for instance, malicious access of network by outsiders. In ascertaining appropriate handling of security threats, the company should implement effective security policy. The security policies that organizations should implement include;
Physical Access Security Policy
In ensuring there is complete access control policy, the company should develop a strong physical access policy and educate all employees on the policy. The security level of the company determines the type of physical security required. Most organizations prefer employing either guarded or non-guarded entrances. It is essential for the company to issue security access cards on guarded premises. This ascertains that only recognized and authorized personnel enters the organization (Alexander, 2002).
This policy controls the number of people accessing various places within the company as identified by their particular job descriptions. For instance, only the network and systems personnel can access servers and networks communications department. This is with personalized access cards. As a policy of ensuring effective business continuity, employees must learn how to lock doors behind them and shut out people that may follow them through the doorway. The company should encourage employees to report any suspicious persons in the premises with unknown identification. In addition, the company should publish the security policies because physical access guarantees that employees have appropriate knowledge on security policies.
Access Control Policies
The following are some of the access control policies that provide a steady business structure and procedures to control internal fraud and dishonesty in the company.
Least privilege
This principle gives users only access rights they require for effective performance of their assigned tasks. Users get limited access that prevents them from misusing their access rights.
Separation of duties
Delegation of duties ensures that every individual performs a task that is within their power. Competent personnel effectively handle the high security and risky tasks. Furthermore, several people mutually share the significant responsibilities in order to ascertain accuracy, honesty and accountability. This recovery plan ensures that those risky tasks initially entrusted to single individuals are handled by several people that are aware of the responsibilities required (Frank, 2006).
Job rotation
It is an effective disaster recovery plan policy because the employee retains an access control for a given responsibility for a period. This controls internal dishonesty from staffs that may take advantage of their loyalty to the organization and their long time service and security access.
Mandatory vacations
These policies require staffs to utilize their vacations at given times of the year or even use the entire vacation period. The policy helps identify the security issues held by employees, for instance, fraud because irregularities may occur when employees are absent from the company.
Network Security Policies
Numerous policies provide standard guiding principles for network security within the organization. They cover areas such as the internet and internet network use, data confidentiality, security incident response, human resource principles and security of documents. It is vital to develop acceptable policy that enhances performance of computer network. The policy should also regulate legal liability in the incident of security issues (Frank, 2006). Acceptable policies should encompass the following incidences;
Legality
The legal department in the company should approve the implemented policy before it is handed over for signing. This policy acts as a legal document that prevents the company from any legal liability in cases of internet related issues and other threats. Some of the threats controlled include; cracking, security interruptions among others.
Distinctiveness to company environment
This policy aims at covering the company's specific network and the data contained in it. Every company has unique security issues.
Completeness
Far from the rules of behavior, the policy entails a statement that explains the position of the company on internet use.
Adaptability
The internet is evolving on an everyday basis, and the policy implemented should be updated as new issues crop up. It is impossible to anticipate every event, and for… READ MORE
Quoted Instructions for "Business Continuity and Disaster Recovery BCDR" Assignment:
Prepare Business Continuity and Disaster Recovery (BCDR)
Prepare an Enterprise Business Continuity and Disaster Recovery Plan for a fictitious Agency. Please ensure the BCDR identifies the following requirements. It should include an abstract and reference page.
a. Practices, standards and guidelines, for business security, risk assessment and mitigation
b. Planned for disaster recovery and business recovery to include computer and network security
c. Effective security policy, risk factors, security-related organizations, and general security threat types and access controls
d. Using universal guidelines and principles with respect to network security, IT risk assessment, risk analysis, and risk management
e. Guidelines for Cyberlaw, copyright, patent, and privacy laws, within the bounds of the legal systems for digital media in the US Court
The fictitious Agency I am using is ABBA that has 10 Employees.
How to Reference "Business Continuity and Disaster Recovery BCDR" Essay in a Bibliography
“Business Continuity and Disaster Recovery BCDR.” A1-TermPaper.com, 2013, https://www.a1-termpaper.com/topics/essay/business-continuity-disaster-recovery/3675263. Accessed 5 Jul 2024.
Related Essays:
Disaster Recovery Planning Term Paper
Disaster Recovery Planning
Over the last several years corporations have been wrestling with a number of different disaster / security related issues. This is because of the increasing amounts of… read more
Term Paper 12 pages (4106 words) Sources: 4 Topic: Business / Corporations / E-commerce
Project Management Disaster Recovery Essay
Disaster Recovery Plan
XYZ Retail
Life Safety and Disaster Recovery Procedures
Location Name: Cobblestone, Store 456
Location Address: 1234 SW 18st, Miami, FL 12345
Location Phone [HIDDEN]
Call
Police, Fire,… read more
Essay 8 pages (2422 words) Sources: 8 Topic: Business / Corporations / E-commerce
Business Plan for Organic Fertilizer Business Plan
Business Plan for Organic Fertilizer
Business Plan for an Organic Fertilizer Company
A company in this day and age should be environmentally aware and take steps to protect the planet.… read more
Business Plan 8 pages (3068 words) Sources: 8 Topic: Business / Corporations / E-commerce
Disaster Recovery Centers Hurricane Ready With Generator Power Decals ICS 300 and ICS 400 Term Paper
Disaster Recovery Centers, Hurricane Ready with Generator Power decals, ICS 300 and ICS 400
Disaster Recovery, Hurricane, ICS
Disaster Recovery Center is utilized whenever there is a disaster. In the… read more
Term Paper 8 pages (2778 words) Sources: 5 Style: APA Topic: Weather / Climate / Meteorology
Disaster There Are a Number of Steps Application Essay
Disaster
There are a number of steps that small businesses can undertake that can help to minimize their vulnerabilities to disaster. In order to determine these steps, the vulnerabilities need… read more
Application Essay 2 pages (729 words) Sources: 2 Topic: Business / Corporations / E-commerce
Fri, Jul 5, 2024
If you don't see the paper you need, we will write it for you!
We can write a new, 100% unique paper!