Business Continuity PlanTerm Paper

Pages: 8 (2322 words)  |  Style: n/a  |  Sources: 10

Custom Writing

Large businesses, enterprises require a lot of development and planning. Therefore a business contingency/continuity of operations strategy will ultimately prove to be one of the most cost-worthy resource in constructing protected networks and keeping individual information safe and protected. In order to do this, one must develop a wide-ranging plan that documents compulsory steps to take when a business/enterprise/organization is in jeopardy of being hacked without discontinuing the necessary operations of business/enterprise/organization. Adopting such measures allows for a business to have additional control in disaster situations and integrate tactical theories, demonstrations, and imperative decisions plan with collective benefits within the procedures of employing a contingency plan. The society of today necessitates security to be of high precedence, contingency planning/testing will successfully measure the requirement for preparation and examination of a company's vigilance.

Table Of Contents

Abstract 2

Table Of Contents 3

Introduction 4

Planning Steps 5-7

Potential Recovery Plan Alternatives 7-9

Development of Contingency Plan 9-10

Recommended Testing Requirements 10-13

Conclusions 13

Reference Page 14-15


Safeguarding network systems, networks, over-all support systems, as well as any kind of data that is privately applicable to the success of a business, in recent times, has become progressively hard to do. In previous times, IT resource contingency planning was not a major worry, at best kept as a minimal concern. However, today's IT environment is not only driven by the latest technological innovations, but also the internet, support systems, and major applications, all involved within cyber realms that need the highest level of security planning and security to safeguard a business' assets (Amoroso, 2007). The definitive process framework to develop such a contingency strategy will typically comprise of clear objectives, designating resources and goals (these include short-term and long-term), a predicted planning and procedure budget, in adding to expected concerns, and probable difficulties. Most significantly contingency planning will necessitate an in-depth conversation of the indispensable purpose and mission of the business or enterprise's retrieval options, suggested testing and preparation requirements, data retrieval, and eventually emergency anticipation.

Usually, continuity of operations plans/IT contingency plans are interconnected and reliable with one another. Continuity of operations procedures move to reestablish essential purposes at an alternative site than the initial site of the setup for an explicit time period until such setup is repaired. More precisely it frequently used to maintain networks headquarter components if the headquarter is not completely serviceable and can function detached of the contingency plan (Soltero, 1985). The purpose of an IT contingency plan is to serve as a teaching guidebook that outlines techniques and proficiencies when requiring to recuperate a network system from interferences. This can vary considering the situation, for example, an explicit application or program to the entirety of the system (Amoroso, 2007). Together play a substantial role in IT disaster observance for universal support systems, main, and trivial applications.

Planning Steps

Purposefully assigning the preparation steps for a continuity of operations plan/IT contingency plan will allow for the reclamation of operations, information after a disturbance, as well as IT systems. Some organizations like hospitals used surveys to begin their planning steps and allow for proper evaluation. "We developed a survey to assess institutional practices to handle situations when EHRs were unavailable for use (downtime preparedness). We used literature reviews and expert opinion to develop items that assessed the implementation of potentially useful practices" (Sittig, Gonzalez & Singh, 2014, p. 797). Although surveys allow for successful information retrieval for evaluation, this would be considered pre-planning. The initial step encompasses conscripting and application of a network security guideline that should comprise the growth, upkeep, and capability to address possible service outages, these may include expected or routine. The guideline must contain documented measures for implementing the likelihood of service interruptions, and incorporation of these strategies into the real systems security undertakings. Evaluation, analysis, and training of these strategies yearly will assure all employees are adequately trained.

When developing network security guidelines for the IT system owner, an important step to take is conducting a business impact analysis or BIA. "The model takes into account the network of dependencies between processes and services, probabilistic change-related downtime, uncertainty in business process demand, and various infrastructural characteristics" (Setzer, Bhattacharya & Ludwig, 2010, p. 58). BIA's are exceedingly essential as a functioning identifier of all the conceivable concerns to the business' mission processes when network/IT systems are inadequately functioning. In a typical BIA process, apposite recovery phases and arrangement and prioritization of system interruptions get addressed, including the classification of systems responsibilities and requirements, along with what structures of the network are reciprocally supporting as well as inter-reliant. In this assessment, indispensable services will be explicitly coordinated with supplementary system mechanisms. Aforementioned, and prevailing security risk must be assessed, classified, and identified along with the supervision of these activities. Sometimes an MIP planning tool may be useful as it relates to random disruptions. "We propose a mixed integer programming (MIP)-based capacity planning tool which generates the contingency plan of the supply chain subject to random disruptions. In order to make an accurate decision, the impact of critical operational characteristics such as response time and congestion are considered in a disruption scenario" (Ebrahim Nejad, Niroomand & Kuzgunkaya, 2014, p. 19).

In order to catalogue the system individually, security objectives must be evaluated and centered on likelihood of the impact. Low potential would be classified as being minimally important, while a moderate potential would receive serious attention, and lastly a great potential classified as disastrous/severe. Centered on the opposing consequence that the said potential could possess on a singular or administrative operation; privacy, reliability, and accessibility of access should be classified. The classification of confidentially allows for access of unsanctioned admission and presently access is restricted and confidentiality secure. Classification of reliability of the system will measure the possible impact of the preclusion of modification and obliteration of system data including validity. Lastly, the classification of system accessibility will measure how the system presently guarantees timely and dependable network access.

The next step in implementation of a BIA, is system danger and vulnerability identification. These two things must be evaluated and addressed. Comprehending the degree of dangers and vulnerabilities that may impact a system increases the contribution to the system administrator's sorting of threats. Constructed on expected, human, or environmental error a hazard should receive ranking ranging from low to high. This is based on or should be based on effect on privacy, accessibility, and reliability of the system.

For instance, hackers would be considered high risk because of their ability to exploit the weaknesses, confidential information, and accessibility of the system, along with potential reliability disruptions. If a natural disaster happened, a system administrator would be worried less about weakness exploitation of the system, but rather systems reliability being affected. Critical resources should be identified within the BIA model. It is imperative to recognize IT resources like software and hardware, system boundaries and key linking, and system information operators/managers. Furthermore, identification of human error and other risk scenario can be augmented through specific technique and modeling like the HHM and THERP.

Hierarchical holographic modeling (HHM), a technique for identifying risk scenarios in wide-scope analyses, was applied subsequently and identified additional potential failure modes. The technique for human error rate prediction (THERP) has previously been used for the quantitative analysis of human error risk and the event tree from this technique was adapted and identified further human error scenarios (Gervais & D'Arcy, 2014, p.46).

In conclusion, the final planning step entails identification of preventive controls that can assist in sustaining service if an electrical disruption occurs. The tools may include investment of generators for supplementary power, air conditioners, extra smoke detectors and water sensors for possible flood and fire emergencies, tarps can also be included, heat, and water impervious media holders. When the system has efficaciously been broken up, preventative controls might comprise of an alternative master system blackout, robust encryption software, setting up recurrent system back-ups, and off cite storing of network data.

Potential Recovery Plan Alternatives

Development of recovery policies are compulsory when attempting to reestablish system network services like important backup information that might get deleted or erased, alternate site service, and backup system functionality. Several strategies should be conceived and implemented in order to handle the wide variety of potential incidents that can happen at any time. To limit a business or a company to a solitary method would only be useful as it pertains to time-sensitive business resources. Growth of teams in order to carry out these strategies includes a database and server recovery, application and network operations recovery, alternate site and hardware recovery as well as salvage teams. Restoration of IT operations promptly and effectively with gain added consideration of safety, incorporation with the structural network, permissible outage time, and expense. Harmonizing the expense of recovery with the quantity of time prearranged for recovery is imperative in determining the methodology to use.

Data backup, a well-known recovery option must be performed not only regularly, but frequently as it is most… [END OF PREVIEW]

Download Full Paper (8 pages; perfectly formatted; Microsoft Word file) Microsoft Word File

Business Continuity and Disaster Recovery BCDR

Business Plan for Organic Fertilizer

Business Continuity Plan Bcp Decision Memorandum

Business: Internet's Increasing Impact

United Airlines

View 401 other related papers  >>

Cite This Paper:

APA Format

Business Continuity Plan.  (2014, November 18).  Retrieved September 24, 2017, from

MLA Format

"Business Continuity Plan."  18 November 2014.  Web.  24 September 2017. <>.

Chicago Format

"Business Continuity Plan."  November 18, 2014.  Accessed September 24, 2017.