Module- Case: BUSINESS CONTINUITY AND DISASTER RECOVERY
Assignment Overview
"Business continuity management deals with dual objectives of counteracting interruptions to business activities and protecting critical business processes from the effects of major failures or disasters. It involves implementing business continuity management process. Such a process would involve impact analysis, development, and maintenance of continuity planning framework. These business continuity plans should be tested and reviewed regularly to ensure their effectiveness." (Dhillon, 2007, p.246) The following article provides a simple overview of business continuity planning. Having a Business Continuity Plan is a necessity in the eyes of many insurers, bankers, stakeholders and regulators. Understanding the components of it will be useful.
Craig, S. Section 3-2-Business Continuity Planning. Handbook of Information Security Management.
"Disaster Recovery Planning (DRP) is the process of assessing risks that an organization faces, then developing, documenting, implementing, testing, and maintaining procedures that help the organization quickly return to normal operations and minimize losses after a disaster". We have certainly seen in recent years, even in recent months, that while particular disasters are more or less by definition unpredictable, the fact of disaster in general is entirely predictable; and both the likelihood of the disaster and the lack of preparation for it tend to increase precisely in proportion to the amount of time that has elapsed since the last one.
This Module is about how a modicum of foresight can help protect organizational systems against what can sometimes be catastrophic failures. In a world of real time transactions, just-in-time inventory, and supply chain dynamics, losing a phone system may wreak more havoc than a fire in the building. With regards to information systems specifically, disaster recovery planning is the process of preparing for an unexpected, yet potentially anticipated, emergency or breakdown in a part or parts of an information system. We've all heard the same advice since we got our own first computer: "Backup, backup, and backup again!!!" But then, how often have we gone on to ignore this advice, and what prices have we paid? If you're like most of the faculty, you've paid rather dearly at times for your (or others') failure to take elementary backup precautions. So-why don't we? Personally, it's a lot of trouble, things probably won't happen right away, and we've got lots of time to do it...right? Sound familiar? What did you lose lately? Your financial records? Your wedding albums? Aunt Myra's chocolate chip cookie recipe that she got from Nieman Marcus?
National Institute of Standards and Technology provides a special report on how to handle computer security incident. Even though it is still a draft, it offers many insights.
NIST (2012), Computer Security Incident Handling Guide(Draft), National Institute of Standards and Technology Special Report 800-61.
Believe it or not, firefighters have been the experienced, if not the most experienced, professionals handling disasters. Technology has to be positioned in a system for it to be properly used or handled. Please note the managerial advices offered in the following article:
NFPA1600 (2010). Standard on Disaster/Emergency Management and Business Continuity Programs. National Fire Protection Association.
AT&T, a long-term vendor for disaster recovery of information systems and telecommunication, has learned from the firefighters. I remembered visiting one of its trucks mentioned in the following video in a telecommunication expo and learning about how AT&T has incorporated management structures from firefighters (more specifically, firefighters from Southern California battling brush fires).
AT&T (2010), AT&T network disaster recovery, Video.
Assignment Expectations
After reviewing the above materials, please write a 3- to 5-page paper titled:
"How to Assure Information Continuity and Recovery in Business Continuity Planning and Disaster Recovery?"
Please address the following issues in your paper:
1. The importance of having business continuity plan and disaster recovery for information systems
2. The relation between information continuity/recovery and business continuity/recovery
3. The technical and managerial challenges of information continuity and recovery
4. The technical and managerial solutions to information continuity and recovery.