Essay: Business Continuity and Disaster Recovery BCDR

Pages: 7 (2036 words)  ·  Bibliography Sources: 1+  ·  Level: Master's  ·  Topic: Business  ·  Buy This Paper

Business Continuity and Disaster Recovery Plan

Disaster recovery plan focuses on the approaches to follow after a business faces a disaster. Most organizations adopt plans that are technology-oriented that aim at reshaping the network and systems. Business continuity deals with sustaining the organization after experiencing a disaster and involves more than technology. Numerous companies and businesses are embracing business continuity into their environment because of increased awareness of disastrous circumstances, as well as new legal requirements that assume top management obligations for financial responsibility.

Enterprise Business Continuity and Disaster Recovery Plan (BCDR) for ABBA Agency with 10 employees

Business Continuity and Disaster Recovery Plan (BCDR) are procedures that assist organizations prepared for unexpected events. While preparing for BCDR, the company must incorporate the following requirements.

a) Practices, standards and guidelines, for business security, risk assessment and mitigation

b) Planned for disaster recovery and business recovery to include computer and network security

c) Effective security policy, risk factors, security-related organizations, and general security threat types and access controls.

d) Using universal guidelines and principles with respect to network security, it risk assessment, risk analysis, and risk management

e) Guidelines for Cyber law, copyright, patent, and privacy laws, within the bounds of the legal systems for digital media in the U.S. Court

It is crucial that organizations value the extent of probable damage and revenues losses that business disruptions can cause. The interruptions can range from fabricated, natural calamities, technology misgivings and others. Almost any type of business disruption experienced can cause either some direct or some indirect impacts on the efficiency of a business. Businesses should discover the large and small issues that can have a negative effect on the company and discover alternatives to counteract the disasters (Alexander, 2002).

The most significant part in Business Continuity and Disaster Recovery Plan is implementing practices, standards and guidelines that endorse management support. Management must accept the significance for executing such a plan. It is necessary for any business case to obtain the management support. Some of the issues included in the disaster recovery plan entails; current vulnerabilities, regulatory and legal requirements, status of recovery plans and proposals (Alexander, 2002).

It is also necessary to incorporate cost/benefit issues as this helps in gathering preliminary numbers and estimate potential losses. In addition, the disaster recovery plan should include a computer and network security. While the implemented practices, standards and guiding principles ascertains business security, the computer and internet security ensures data maintenance. The policies implemented by ABBA agency must ensure that private and discrete data remains within the right people (Davis, 2007).

To carry on with significant business functions in the event of business disruptions, it is essential to continue with a functional risk assessment. This helps address the significant functions and make the suitable investments, in terms of time and money. The risk assessment adopted by the company helps identify the various functions, procedures, resources and suppliers. This has tremendous effect on the ability of the company to fulfill the agency's ability to realize its mission objectives. It also involves the discovery and assessment of the viable threats, the existing vulnerabilities and the possibility that a disruption will exploit the discovered disruptions. Furthermore, it assists in the discovery of the relative risk exposure to diverse components of the business, so that there is the occurrence of fact-based decision making on mitigation plans (Alexander, 2002).

In addition to employing functional risk assessment, the company should consider adding physical securities for the offices, various rooms and facilities against foreseen business disruptions. The company should ascertain that it concentrates on safeguarding all the essential equipments, facilities and documents in order to avoid jeopardizing the network security. In administering the security policy, the company may require allotting additional human resources (Alexander, 2002).

The it security employees should have new obligations that ease control and authentication. It is necessary to manage user accounts, passwords, group membership and other authentication devices. In addition, the company will require installing and employing network security tools that observe any suspicious activity. These tools assist the company to proactively assess and authenticate servers, firewalls and routers to discover security holes or breaches.

The company will probably need to choose, set up and apply watchdog software that examines network traffic and/or OS commands and activates an alarm. This happens when an event occurs that is contrary to company's security policy. Furthermore, the security employees will require expending time examining log files from Web and application servers, and examining audit trails, when suspicious events arise. This is in addition to assigning more routine responsibilities, for instance having backup files and recovery and installation of new software. Another guideline to security policy is helping staffs with computer related problems. The company should occasionally test the enforcement mechanisms to authenticate that they offer the projected levels of safety. When there is a violation of security policy, it will be significant for the company to assume suitable and appropriate disciplinary action (Frank, 2006).

Based on the severity of the violation caused, the penalties to the employees may range from loss of remuneration or loss of jobs. Suitable authorities for probable criminal prosecution should handle increased violation, for instance, malicious access of network by outsiders. In ascertaining appropriate handling of security threats, the company should implement effective security policy. The security policies that organizations should implement include;

Physical Access Security Policy

In ensuring there is complete access control policy, the company should develop a strong physical access policy and educate all employees on the policy. The security level of the company determines the type of physical security required. Most organizations prefer employing either guarded or non-guarded entrances. It is essential for the company to issue security access cards on guarded premises. This ascertains that only recognized and authorized personnel enters the organization (Alexander, 2002).

This policy controls the number of people accessing various places within the company as identified by their particular job descriptions. For instance, only the network and systems personnel can access servers and networks communications department. This is with personalized access cards. As a policy of ensuring effective business continuity, employees must learn how to lock doors behind them and shut out people that may follow them through the doorway. The company should encourage employees to report any suspicious persons in the premises with unknown identification. In addition, the company should publish the security policies because physical access guarantees that employees have appropriate knowledge on security policies.

Access Control Policies

The following are some of the access control policies that provide a steady business structure and procedures to control internal fraud and dishonesty in the company.

Least privilege

This principle gives users only access rights they require for effective performance of their assigned tasks. Users get limited access that prevents them from misusing their access rights.

Separation of duties

Delegation of duties ensures that every individual performs a task that is within their power. Competent personnel effectively handle the high security and risky tasks. Furthermore, several people mutually share the significant responsibilities in order to ascertain accuracy, honesty and accountability. This recovery plan ensures that those risky tasks initially entrusted to single individuals are handled by several people that are aware of the responsibilities required (Frank, 2006).

Job rotation

It is an effective disaster recovery plan policy because the employee retains an access control for a given responsibility for a period. This controls internal dishonesty from staffs that may take advantage of their loyalty to the organization and their long time service and security access.

Mandatory vacations

These policies require staffs to utilize their vacations at given times of the year or even use the entire vacation period. The policy helps identify the security issues held by employees, for instance, fraud because irregularities may occur when employees are absent from the company.

Network Security Policies

Numerous policies provide standard guiding principles for network security within the organization. They cover areas such as the internet and internet network use, data confidentiality, security incident response, human resource principles and security of documents. It is vital to develop acceptable policy that enhances performance of computer network. The policy should also regulate legal liability in the incident of security issues (Frank, 2006). Acceptable policies should encompass the following incidences;

Legality

The legal department in the company should approve the implemented policy before it is handed over for signing. This policy acts as a legal document that prevents the company from any legal liability in cases of internet related issues and other threats. Some of the threats controlled include; cracking, security interruptions among others.

Distinctiveness to company environment

This policy aims at covering the company's specific network and the data contained in it. Every company has unique security issues.

Completeness

Far from the rules of behavior, the policy entails a statement that explains the position of the company on internet use.

Adaptability

The internet is evolving on an everyday basis, and the policy implemented should be updated as new issues crop up. It is impossible to anticipate every event, and for… [END OF PREVIEW]

Business Continuity Disaster Recovery or Emergency Management Article Review


Disaster Recovery Planning Term Paper


Business Plan for Organic Fertilizer Business Plan


United Airlines Term Paper


Disaster Recovery Centers Hurricane Ready With Generator Power Decals ICS 300 and ICS 400 Term Paper


View 93 other related papers  >>

Cite This Essay:

APA Format

Business Continuity and Disaster Recovery BCDR.  (2013, June 2).  Retrieved September 17, 2019, from https://www.essaytown.com/subjects/paper/business-continuity-disaster-recovery/3675263

MLA Format

"Business Continuity and Disaster Recovery BCDR."  2 June 2013.  Web.  17 September 2019. <https://www.essaytown.com/subjects/paper/business-continuity-disaster-recovery/3675263>.

Chicago Format

"Business Continuity and Disaster Recovery BCDR."  Essaytown.com.  June 2, 2013.  Accessed September 17, 2019.
https://www.essaytown.com/subjects/paper/business-continuity-disaster-recovery/3675263.