Sunday, September 23, 2012

Planning For Contingencies

This week we studied the importance of contingency planning and preparing our organization or home network for as many incidents or disasters that can be planned for. The different tools we talked about for this objective were: the Incident Response Plan, the Disaster Recovery Plan, and the Business Continuity Plan.
The Incident Response Plan is a document and list of procedures to help prevent a disaster and realign the organization’s operations as quickly as possible to not lose production. It is extensive and consists of many step by step procedures that should be able to guide anyone with no training through these processes. Its main objectives include: Incident Planning, Incident Detection, Incident Reaction, and Incident Recovery.
  • Incident Planning involves a great deal of brainstorming to single out the many possible incidents that may occur throughout normal operations.
  • Incident Detection is the ability to notice an incident occurring before it becomes too late.
  • Incident Reaction focuses on the speed at which a member of the organization will react to the incident and begin their list of actions required to contain an incident.
  • Incident Recovery is the organization’s ability to bounce back to normal operations after an incident occurs.
The Disaster Recovery Plan is a list of actions to accomplish after a disaster has occurred. This could be from an incident evolving into a disaster or one that had no warning before it happened. The Disaster Recovery Plan includes: Plan for Disaster Recovery, Crisis Management, and Recovery Operations.
  • The Plan for Recovery resembles the Incident Plan closely, just on a larger scale.
  • The Crisis Management will focus more on the actual damage done to the systems, operations, or personnel of the organization.
  • The Recovery Operations, like the Recovery Plan, resembles the Incident Recovery closely, and is just more extensive due to the difference in impact.
The Business Continuity Plan re-aligns operations to another site or system that will either keep up the prime or all the function performed within that organization. It consists of Establishing Continuity Strategies, Plans for Continuity of Operations, and Continuity Management.
  • The Continuity Strategies is the point at which the organization formulates their plan to continue on with the mission or production while the disaster recovery is underway.
  • The Plan for Continuity Operations is built from the strategies designed in the first planning phase.
  • Continuity Management is the follow through of the plans put in place to maintain the daily operations and not lose production time within the company.
If these are all carefully planned and carried out, an organization or company would be able to experience an incident or disaster without and of their customers knowing about it. In some cases a gap of service availability may occur, but the idea here is to minimize the period in which it occurs.

The essential text used in the research of this topic was the:
Whiteman, Mattord. Management of Information Security. 3rd ed. (2010). Boston, MA: Course Technology, Cengage Learning

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)