Creating Business Continuity Planning

Posted on by
Reply

Creating a Business Continuity Planning can take long time and money which may never payback. It’s also important to understand that once Business Continuity Planning was developed, there may be no specific end; it is a continuous process that includes testing, maintaining, and updating as needed. There are many paradigms for developing the Business Continuity Planning that focus on the client/server and enterprise environments, the traditional phase’s remains essential in all paradigms.

The traditional phase’s involved in Business Continuity Planning:

I. Project Management and Initiation: Upper level management like Chief Executive Officer (CEO), the Chief Operating Officer (CFO), and the Chief Information Officer (CIO), and the Chief Financial officer (CFO) should involve in creating Business Continuity Planning. “Business Continuity Planning is worthless without upper-level management team” (Eric, Seth, & Joshua, 2010). The upper-level management should establish a project team and support project management approach to develop the plan. Upper-level management should involve in developing plan as they have enough power and authority to speak for the entire organization when dealing with media during a disruption events.

II. Business Impact Analysis (BIA): This phase is very important as all the critical business processes are identified, and determines their maximum tolerable downtime. Business Impact Analysis doesn’t worry about what can cause the disruption, “it is concerned only with identifying consequences in terms of financial loss, additional expenses, and embarrassment due to expected duration of the interruption” (Harold, 2009).

III. Recovering Strategies: This is another important stage in Business Continuity Planning. Based on Business Impact Analysis, various alternatives are identified and selected for appropriate situation that meet the recovery time requirements as per Business Impact Analysis.

IV. Plan Design and Development: In this phase all the findings of Business Impact Analysis and results of Recovery Strategies are well documented, in a way such that a capable person can understand them easily to implement.

V. Testing, Maintenance, Awareness, and Training: This is a continuous phase though out the organization. There should be a timely manner testing on Business Continuity Planning which will help in updating and maintain it properly. There should be some kind of program to bring awareness among employees about Business Continuity Planning and which should also involve training in recovery strategies.

References: Harold F. Tipton (2009). OFFICIAL (ISC)2 GUIDE TO THE CISSP CBK. 2e, CRC Press.

Business Continuity Planning: Introduction & Definition

Posted on by
Reply

Today’s businesses are not willing to take any risk of losing their business. But businesses are facing risk in the form of natural disaster, human error, terrorist attacks, and in many forms. Natural catastrophes like flooding, hurricanes or earthquakes can occur at any time; an anger employee may break into information system and steel some significant information, which may cause loss to business. In this type of situations companies must resume their business to normal operations as quickly as possible to continue their business. To do so many businesses started developing Business Continuity Planning. According to the Business Continuity Institute a business continuity plan is

“A document containing the recovery timeline methodology, tested- validated documentation, procedures, and action instructions developed specifically for use in restoring organization operations in the event of a declared disaster. To be effective, most Business Continuity Plans also require testing, skilled personnel, access to vital records, and alternate recovery resources including facilities”.

In other words Business Continuity Planning is a properly written document with procedures and information, which will help a business to continue after unexpected events of an emergency or disaster.

Objectives of Business Continuity Planning:

  • To minimize the amount of loss
  • Provide an immediate, accurate, and measured response to emergency situations
  • Facilitate to resume the critical business functions within a predetermined period of time
  • Procedures and resources to restore critical business functions and IT applications
  • Procedures must be documented in a clear way so that a knowledgeable person can execute them
  • Describe the alternatives to restore critical operations.

Open Source: History

Posted on by
Reply

The concept of open source was not new or latest. It was there since the beginning of human culture. For example, cooking recipes and farming tips are shared since the existence of human. They used different terms to share and re share them. Increased interest in software that is freely shared has made it increasingly necessity to define a term for sharing. In early term “free software” was used and later term “open source” was adopted (Open Source, Wikipedia). “Early instances of open source and free software include IBM’s source release of its operating system and other programs in the 1950’s and 1960’s, and the SHARE user group that formed to facilitate the exchange of software”(Fish Frankin M, Jams W. Mckie, Richard B. Mancke 1983).

Netscape has announced to release it source code of Navigator, which was proprietary web browser that was popular in 1990’s; lead some group of individuals in free software movement to held a conference at Pala Alto, California for discussion on how to use the free source code. Among them Christine Peterson suggested open source instead of free software, Tiemann suggested ‘sourceware’ a new term. The assembled developers took a vote, and the winner “open source” was announced at press conference. Eric S. Raymond made the first public call to free software community to adopt the new term “open source” (Eric S. Raymond, 1988). Later the Open Source Initiative was formed shortly.

Differences between policy and law

Posted on by
Reply

“Most organizations develop and formalize descriptions of acceptable and unacceptable employee behavior which are called policies”.

“The rules the members of society create to balance the individual’s right to self-determination with the needs of the whole are called laws”

“The key difference between policy and law is that ignorance of policy is a viable defense,” but ignorance of law is not a viable defense. Another main difference between policy and law is policies are continuously updated, changed according to needs of the origination whereas changes to the law is lengthy process and requires approval.

Policies must be written in a way such that it can be easily understood, readily available , distributed to all individuals who are expected to compile with and acknowledged by the employee. Whereas laws are not easily and understood, distributed and not acknowledged by any individuals. Properly defined and enforced policies functions in an organization the same way as law, only for organization employees and not applicable to other outside organization. But law is applicable to everyone. Organizations policy must comply with law.

Difference between a threat and an attack

Posted on by
Reply

“A threat is a category of objects, persons, or other entities that represents a constant danger to an asset”.
“An attack is an act or event that exploits vulnerability”.
Main difference between threat and attack is a threat can be either intentional or unintentional where as an attack is intentional. Threat is a circumstance that has potential to cause loss or damage whereas attack is attempted to cause damage. Threat to the information system doesn’t mean information was altered or damaged but attack on the information system means there might be chance to alter, damage, or obtain information when attack was successful.