...(SRM), Business Continuity Management (BCM) and Emergency Planning (EP) assist in achieving this by putting in place effective risk identification and management measures. Effective management of risk can make the difference between success or failure of business operations during and after difficult events. Threats can include man made threats, such as terrorist attacks, or naturally occurring threats such as earthquakes. Effective risk identification and management is essential to any business, especially with the current uncertainty in the world’s economic climate. In order for businesses to survive, during times of increased strain on business operations, it is essential that an alignment between security and business operations can be achieved. This can be achieved by the security department not only widening the remit to cover more risks, but changing how the department works and relates to the rest of the business; including shared responsibility for things such as Corporate Governance, Information Assurance, Business Continuity, Reputation Management and Crisis Management. The problem is security departments now have more responsibilities in an increasingly complex and fast moving world. Security Risk management is no longer an activity just for companies who work in high-risk areas or with exposure to significant security threats. Therefore, security is no longer viewed as a stand-alone activity but as part of a number of disciplines; including Enterprise Risk Management...
Words: 5764 - Pages: 24
...of project initiation and mgmt 1) obtain senior mgmt support 2) define a project scope, the objectives, to be achieved and planning assumptions 3) estimate the project resources needed (human and financial) 4) Define a timeline and major deliverables Senior leadership's two major goals 1) Grow the business 2) Protect the brand What are the risk to a corporation for not having BC/DRP? 1) Financial 2) Reputational 3) Regulatory Formula for calculating financial risk P * M = C P: Probability of harm M: Magnitude of harm C: Cost of prevention Prudent man rule exercise the same care in managing the company affairs as in managing one's own affairs 1. Which of the following is considered the most important component of the enterprisewide continuity planning program? c. Executive management support 2. During the threat analysis phase of the continuity planning methodology, which of the following threats should be addressed? a. Physical security b. Environmental security c. Information security d. All of the above d. All of the above 3. The major objective of the business impact assessment process is to: a. Prioritize time-critical business processes b. Determine the most appropriate recovery time objective for business processes c. Assist in prioritization of IT applications and networks d. All of the above d. All of the above 4. Continuity of IT technologies or IT...
Words: 2067 - Pages: 9
...Strategic component answers the question "why do security enterprise problems exist?" This question of security leads to developing security policies that deal with people issues, and evaluates internal/external risks. Organizations are urging top executives to make information security a priority. Therefore, quality and trustworthiness of information are becoming key business issues (Ezingeard et al, 2005). To better accomplish information security in an organization, a management level infrastructure approach is needed. Just as information and data characteristics are different at the different levels of management, information security has different characteristics at the different levels of management. These levels of management are strategic, tactical, and operational. At the operations level, transaction data is produced and serves as input to create information. Maintaining and monitoring of integrity, confidentiality, and availability of the transaction data are primary objectives which are supported by organizational procedures and guidelines. At the tactical level, information is interpreted and utilized in decision making. Implementations of preventative, detective, and responsive controls are a primary objective which is supported by organizational standards. Further analysis/aggregation of the information creates knowledge to help make strategic level decisions Information security policy provides a framework to ensure that systems are developed and operated in...
Words: 1173 - Pages: 5
...Enterprise Continuity Planning Integrated Principles of Disaster Recovery and Enterprise Continuity 19 Dec 2011 By Thomas A. Groshong Sr. Summary 1. DRP/ECP Roles 2. Resilience Layers 3. Resilience Layers Examples 4. Disaster Recovery Training 5. Outside Expertise 6. Awareness Campaign 7. Awareness Campaign Implementation 1.1 Disaster Recovery Plan / Enterprise Continuity Plan (DRP/ECP) Roles Maintaining DRP & ECP documents Personnel responsibilities Backup data scheduling Maintaining equipment status reports Security systems and emergency lighting Operational procedures Environmental controls (Cunningham et al., 2007) 2. Resilience Layers Six Resilience Layers 1. Strategy & Vision 2. Organization 3. Processes 4. Applications & Data 5. Technology 6. Facilities (Goble, G., Fields, H., & Cocchiara, R., 2002) 2.1 Strategy & Vision Business goals & objectives Resilience assessment Assess Risks Assess Vulnerabilities Strategic plan for success Baseline objectives (Goble et al., 2002; A comprehensive, 2007) 2.2 Organization Document roles Responsibilities Accountability Communications protocols Business links Skills critical to organization (Goble et al., 2002; A comprehensive, 2007) 2.3 Processes Process creation Process sustainment Process alternatives Contingency planning (Goble et al., 2002; A comprehensive, 2007) 2.4 Applications & Data Provide reliable data Align disparate data and applications Determine tolerance...
Words: 522 - Pages: 3
...DRP / ECP Disaster Recovery Plan Enterprise Continuity Plan This presentation will explore the different parts and pieces necessary for a successful Disaster Recovery Plan / Enterprise Continuity Plan. More specifically, this presentation will provide information needed to garner and bolster support for such a plan from the university’s executive team. A well prepared, maintained and rehearsed recovery and/or continuity plan should have the ability to keep the university up and running throughout any type of disruptive event. DRP/ECP Team Members & Roles ● ● ● ● ● ● ● ● ● ● Crisis Management Team Administrative Support Team Damage Assessment Team Recovery Coordination Team Corporate Communications Team Human Resources Support Team Site Restoration Team Transportation Support Team System Restoration Team Voice Recovery Team and End-User Tech Support Team The Crisis Management Team should be a cohort of upper level management that will be responsible for all significant decision making in response to the current event. Only specific members of the Crisis Management team should be authorized to declare an emergency and decide on the appropriate action. Key responsibilities of this group include: analyzation of preliminary reports, disaster declaration, determination of appropriate response, activation of contingency plans and notification of team leaders (Hiles, 2010). The Administrative Support Team includes representatives from all major departments who can provide...
Words: 2423 - Pages: 10
...Business Continuity Planning: is the way an organization can prepare for and aid in disaster recovery. It is an arrangement agreed upon in advance by management and key personnel of the steps that will be taken to help the organizations recover should any type of disaster occur. These programs prepare for multiple problems. Detailed plans are created that clearly outline the actions that an organization or particular members of an organization will take to help recover/restore any of its critical operations that may have been either completely or partially interrupted during or after (occurring within a specified period of time) a disaster or other extended disruption in accessibility to operational functions. In order to be fully effective at disaster recovery, these plans are recommended to be regularly practiced as well as outlined. Disaster Recovery: is the process an organization uses to recover access to their software, data, and/or hardware that are needed to resume the performance of normal, critical business functions after the event of either a natural disaster or a disaster caused by humans. While Disaster Recovery plans, or DRPs, often focus on bridging the gap where data, software, or hardware have been damaged or lost, one cannot forget the vital element of manpower that composes much of any organization. A building fire might predominantly affect vital data storage; whereas an epidemic illness is more likely to have an effect...
Words: 1196 - Pages: 5
...recovery and business continuity planning and provides support for the resources and procedures identified. Roles in Disaster Recovery Identifies appropriate roles and responsibilities that will be involved in disaster recovery and business continuity planning and provides support for their selection. Risks to Ignoring Developing a Disaster Recovery Plan Describes risks to organizational security of failure to develop disaster recovery and business continuity plans and provides support for chosen position. Steps to Creating an Effective Contingency Plan Identifies the steps to create an effective contingency plan and provides support for chosen position. http://www.itl.nist.gov/lab/bulletns/bltnjun02.htm http://www.govinfosecurity.com/nists-7-step-contingency-planning-process-a-2615 http://csrc.nist.gov/publications/nistpubs/800-34-rev1/sp800-34-rev1_errata-Nov11-2010.pdf National Institute of Standards and Technology (NIST) developed an effective information system contingency plan. Responsibility for the planning process will fall under one of the senior managers. Although the senior manager is responsible for the information system contingency plan they do not work on the plan alone. The strategy and development of the contingency plan is in cooperation with other employees working in all functional information systems, such as networking and enterprise applications. Develop the contingency planning policy Develop the contingency planning policy statement...
Words: 579 - Pages: 3
...1. Go online and conduct research on business continuity planning (BCP). 2. In 600 words, write a APAv6 formatted paper which discusses the following: ◦ What does this term mean? ◦ What practices or procedures does it include? ◦ Why should IT personnel be concerned with business continuity planning? Business Continuity Plan Before businesses were involved in contingency management, disaster recovery and contingency planning were predominantly IT driven responses to the increased attacks of Mother nature and terrorist events in the late 80s and early 90s (Tangen & Austin, 2012). It became apparent to business owners the link between events and profit loss which led to the establishment of business led processes. These processes were developed and planned to address the types of threats that could occur and affect business operations. The discipline became known as business continuity management (BCM). Business continuity management is about identifying and understanding the risks to the everyday running of a business and planning how business will be maintained if an incident actually happens (Business Bolton, n.d.). When a business is disrupted, it suffers financially. A business continuity plan (BCP) is a collection of procedures and information which is developed, compiled and maintained in prep for use in the event of an emergency or disaster. of any kind. Types of incidents identified addresses IT system crashes along with , natural...
Words: 947 - Pages: 4
...1.The creation of a strategy through the recognition of threats and risks facing a company, with an eye to ensure that personnel and assets are protected and able to function in the event of a disaster. Business continuity planning (BCP) involves defining potential risks, determining how those risks will affect operations, implementing safeguards and procedures designed to mitigate those risks, testing those procedures to ensure that they work, and periodically reviewing the process to make sure that it is up to date. 2.When a business continuity plan is correctly used it can help reduce operational risks. Operational risk is the risk of loss experienced from internal processes as a result of external events. These internal processes could have failed completely or simply been inadequate. This does include calculating the legal risk as well but does not take into account business risk that is based in strategy or reputation. Some examples of operational risk are losses arising because of internal or external frauds, natural disaster, failed transaction processing or inability to meet the commitment of service, and the disruption of business or system failures. 3.There are many different approaches to BCP and DRP. Some companies address these processes separately, whereas others focus on a continuous process that interweaves the plans. The National Institute of Standards and Technology 4.The degree of spread of Ebola in the months ahead is uncertain. In the unlikely...
Words: 1432 - Pages: 6
...Running head: PROJECT PORTFOLIO Project Portfolio Project Portfolio ExxonMobil is one of the largest publicly traded petroleum and petrochemical enterprises in the world. It started out as a regional marketer of Kerosene. They have three familiar brand names which are: Exxon, Esso and Mobil. The first oil well was built in 1859 (exxonmobil.com). ExxonMobil uses different types of technology every day like surveillance, network computers, communication devices, etc. Being a big corporation like this requires an IT Department. We’ve learned these past eight weeks about the use of technology tools, Porter’s Five Forces Model, Agent based technologies, business planning, and technology in present and future. Throughout this paper I will relate the information that I have learned and talk about how these areas can help it remain a competitive business. People, Information and Information Technology play an important role when it comes to helping the company remain competitive in the industry. ExxonMobil tries to teach their employees to have the best technical and leadership capabilities. They provide their employees with formal training and a broad range of global experiences to prepare them to be the next generation of ExxonMobil leaders. Not only do they want to hire exceptional employees at the corporate headquarters, but also at all their branch locations as well. The employees throughout the organization set goals, carry out tasks, make decisions, and serve customers...
Words: 2101 - Pages: 9
...Task 1(C) Implementation Plan • Formally assign ownership of field level IT Business Continuity initiatives to IT division CIO’s with an indirect ownership to IT Business Continuity to assure comprehensiveness of division level Business Continuity program requirements. • Provide the necessary resources and subject matter experts in the field of business continuity for each of the organization’s operational groups. • Mandate, define, develop, and implement the processes necessary to conduct a comprehensive risk assessment necessary to identify and define the potential risks and vulnerabilities to the decentralized information system infrastructure components, as similarly conducted for the Regional Data Centers, with the further requirements as mandated by HIPAA. • Perform risk management processes for the field level entities and their information system infrastructure, in order to prioritize and rank risks for mitigation purposes. • Conduct Application Impact Assessment (AIA) at field level facilities to identify and measure the effect of information system infrastructure resource loss and escalating losses over time in order to provide the business with reliable data upon which to base decisions concerning risk, hazard and vulnerability mitigation, recovery strategies, and continuity planning, as well as to provide application and data criticality analysis as addressed by the HIPAA Security Rule. • Implement mitigation...
Words: 639 - Pages: 3
...Business Contingency Plan Disaster assessment and recovery plan is a continuity strategy that is outlined in a detailed process that is designed to assist a company in recovering from an event(s) that disrupts the daily functionality of an enterprise. It should include guidelines and procedures initiated to respond successfully to and recover from disaster scenario(s) that can adversely impact business operations. Plans for this type of situation(s) should be well-constructed and implemented in a step by step process that will enable a company to minimize the effects of a disaster and help the resume essential business functions swiftly and efficiently. This process is called “Business Continuity Planning” and should be in force before a disaster occurs. These steps include the following. 1. Identifying the Risk(s) a. “Business Continuity Planning” is a constant process of identifying risks and the impact they have on the significance of business operations. Creating strategies and procedures for extenuating risks and restoring functions as quickly as possible when a disruptive event occurs are critical deliverables of a BCP. 2. Analyzing the impact of the risk on the business b. Perform a “business impact analysis (BIA)” to evaluate the impact of a potential risk. This analysis will help to ascertain the severity and what effects it will have on how long the business could be sustained without its functionality in place. Additionally, it will determine...
Words: 723 - Pages: 3
...[pic] ביה"ס לניהול וכלכלה – התוכנית לניהול מערכות מידע 1 . פרטי הקורס |שם הקורס בעברית |היערכות לחירום והמשכיות עסקית BCLE1500 | |שם הקורס באנגלית |BCLE1500 | |שנה |סמסטר |תואר ראשון/שני |שם מקוצר באנגלית | | | | |עד 8 אותיות | |תשע"ג |א' | |BCLE1500 | 2 . סגל הקורס מרצה |שם פרטי בעברית |שם משפחה בעברית |שם פרטי באנגלית |שם משפחה באנגלית | |שלום |דוד |SHALOM |DAVID | |טלפון לפרסום (לא חובה) |דוא"ל |שעת קבלה | | |0504916155 |Shalom.david.cyber@gmail.com |בהמשך לשיעור שיקבע | | מתרגל – זהה למרצה |שם פרטי בעברית ...
Words: 1822 - Pages: 8
...minimize the resulting risks to an acceptable level. b. Business Impact Analysis (BIA) is the key to a successful BCP implementation. Understanding and standardizing Enterprise business process names is critical to the success of the BIA. The intent of the BIA process is to help the organization’s management appreciate the magnitude of the operational and financial impacts associated with a disaster or serious disruption. When they understand, management can use this knowledge to calculate the recovery time objective (RTO) for time-critical support services and resources. For most Organizations, these support resources include: Facilities - IT infrastructure (including voice and data communications networks) - Hardware and software - Vital records Data - Business partners The connection is made when each of the time-critical business processes is mapped to the above supporting resources. 2. What is the difference between a disaster recovery plan (DRP) and a business continuity plan (BCP)? a. Disaster Recovery Plan (DRP) is plan for the intervention taken by an organization to minimize further losses brought on by a disaster and to begin the process of recovery, including activities and programs designed to restore critical business functions and return the organization to an acceptable condition. b. Business Continuity Plan (BCP) is an ongoing process...
Words: 966 - Pages: 4
...Chapter 3 Planning for Contingencies Chapter Overview The third chapter of the book will articulate the need for contingency planning and explore the major components of contingency planning. In this chapter, the reader will learn how to create a simple set of contingency plans using business impact analysis and prepare and execute a test of contingency plans. Chapter Objectives When you complete this chapter, you will be able to: • Understand the need for contingency planning • Know the major components of contingency planning • Create a simple set of contingency plans, using business impact analysis • Prepare and execute a test of contingency plans • Understand the unified contingency plan approach Introduction This chapter focuses on planning for the unexpected event, when the use of technology is disrupted and business operations come close to a standstill. “Procedures are required that will permit the organization to continue essential functions if information technology support is interrupted.” On average, over 40% of businesses that don't have a disaster plan go out of business after a major loss. What Is Contingency Planning? The overall planning for unexpected events is called contingency planning (CP). CP is the process by which organizational planners position their organizations to prepare for, detect, react to, and recover from events that threaten the security of information resources and assets, both human and...
Words: 3573 - Pages: 15