Premium Essay

Business Continuity Planning

In: Business and Management

Submitted By Anirudh77
Words 882
Pages 4
BCP INTERNAL ASSIGNMENT
Anirudh

1. Asset – People, property, and information. People may include employees and customers along with other invited persons such as contractors or guests. Property assets consist of both tangible and intangible items that can be assigned a value. Intangible assets include reputation and proprietary information. Information may include databases, software code, critical company records, and many other intangible items.
An asset is what we’re trying to protect.
Threat – Anything that can exploit a vulnerability, intentionally or accidentally, and obtain, damage, or destroy an asset.
A threat is what we’re trying to protect against.
Vulnerability – Weaknesses or gaps in a security program that can be exploited by threats to gain unauthorized access to an asset.
A vulnerability is a weakness or gap in our protection efforts.
Risk – The potential for loss, damage or destruction of an asset as a result of a threat exploiting a vulnerability.
Risk is the intersection of assets, threats, and vulnerabilities.
A + T + V = R
That is, Asset + Threat + Vulnerability = Risk.
Risk is a function of threats exploiting vulnerabilities to obtain, damage or destroy assets. Thus, threats (actual, conceptual, or inherent) may exist, but if there are no vulnerabilities then there is little/no risk. Similarly, you can have a vulnerability, but if you have no threat, then you have little/no risk.
Impact is the total profit/loss which is obtained through the above activities. Impact is like an output. In the context of Risk assessment, the relation between Assets, Threats, Vulnerabilities, Impact and Risk can be clearly understood with the aid of this picture.

2. Risk Assessment versus Business Impact Analysis

In today’s world, the difference between Risk assessment (RA) and Business impact analysis (BIA) are becoming...

Similar Documents

Premium Essay

Business Continuity Planning

...Business Continuity Planning – Proactive and Reactive Business Continuity is managing and establishing plans that will help the organization to stand up again on its feet to continue its business. As we had learned in the class Business Continuity is the process of ensuring continuance of a business if a disruption occurs. This planning is like an immunological fort and a preventive shield which means a focus on the prevention of unplanned events, rather than just the cure. This has meant that disaster recovery has now become a subset of the whole process that covers the whole lifecycle of disaster prevention and recovery. Nowadays we need business continuity planning more than before. Within few years most news headlines capture many kind of catastrophes suck as bombs, fires, floods, and tornadoes. Most of time these catastrophes are not predictable such as the events of 9/11 that had affect many organizations not just the World Trade Center. So when I have a good complete preventive plan I can make sure of the continuity of the business after a disaster recovery.  In a recent research it has mentioned on average 20 % of all organizations will experience some form of unplanned event once every five years but there is still the need to think about how to cope with the more mundane events, such as power cuts or transport problems. When a crisis or a disaster occur the first thing that often will be affected is the effective communication and the internet. Therefore it...

Words: 786 - Pages: 4

Premium Essay

Business Continuity Planning

...Business continuity planning Business continuity impact analysis identifies the effects resulting from disruption of business functions and processes. It also uses information to make decisions about recovery priorities and strategies. The Operational & Financial Impacts worksheet can be used to capture this information as discussed in Business Impact Analysis. The worksheet should be completed by business function and process managers with sufficient knowledge of the business. Once all worksheets are completed, the worksheets can be tabulated to summarize: • the operational and financial impacts resulting from the loss of individual business functions and process • the point in time when loss of a function or process would result in the identified business impacts Those functions or processes with the highest potential operational and financial impacts become priorities for restoration. The point in time when a function or process must be recovered, before unacceptable consequences could occur, is often referred to as the “Recovery Time Objective.” Resource Required to Support Recovery Strategies Recovery of a critical or time-sensitive process requires resources. The Business Continuity Resource Requirements worksheet should be completed by business function and process managers. Completed worksheets are used to determine the resource requirements for recovery strategies. Following an incident that disrupts business operations, resources will be needed to carry......

Words: 1185 - Pages: 5

Premium Essay

Business Continuity Implementation Planning

...Ford 10/26/2013 Business Continuity Implementation Planning A Business Continuity Plan is “a plan for how to handle outages to IT systems, applications and data access in order to maintain business operation. A Business Impact Analysis is a prerequisite analysis for a Business continuity plan that prioritizes mission critical systems, applications and data and the impact of an outage or downtime.” (Kim. 2012. Pg.478) Every organization faces risk. Sometimes risk is measurable and predictable, and other times it is not. For example, a lawn care company knows that it has a seasonal business. There is some unpredictability in the seasons in that you do not know for sure if it is going to be a “wet” spring or a “dry” spring, or a hot summer or a cooler summer and so on. However, at least in the Midwest, a lawn care company can pretty well determine that we will have winter, spring, summer and fall. Additionally, it is predictable that the grass will need mowing from about mid to late March all the way through November. So, there is a small risk that it may start a little later and/or end a little sooner, but on the average it is fairly predictable. Other organizations have much greater risk inherent in their organizations. For example, a small stock brokerage firm may lose its entire business if stocks take the type of tumble that they did in 1998. (I personally know of some small firms that did just that – many family firms that had been in business for over 60......

Words: 1104 - Pages: 5

Premium Essay

Business Continuity and Disaster Recovery Planning for It Professionals

...436_XSS_FM.qxd 4/20/07 1:18 PM Page ii 443_Disaster_Rec_FM.qxd 5/25/07 3:07 PM Page i Visit us at w w w. s y n g r e s s . c o m Syngress is committed to publishing high-quality books for IT Professionals and delivering those books in media and formats that fit the demands of our customers. We are also committed to extending the utility of the book you purchase via additional materials available from our Web site. SOLUTIONS WEB SITE To register your book, visit www.syngress.com/solutions. Once registered, you can access our solutions@syngress.com Web pages. There you may find an assortment of valueadded features such as free e-books related to the topic of this book, URLs of related Web sites, FAQs from the book, corrections, and any updates from the author(s). ULTIMATE CDs Our Ultimate CD product line offers our readers budget-conscious compilations of some of our best-selling backlist titles in Adobe PDF form. These CDs are the perfect way to extend your reference library on key topics pertaining to your area of expertise, including Cisco Engineering, Microsoft Windows System Administration, CyberCrime Investigation, Open Source Security, and Firewall Configuration, to name a few. DOWNLOADABLE E-BOOKS For readers who can’t wait for hard copy, we offer most of our titles in downloadable Adobe PDF form. These e-books are often available weeks before hard copies, and are priced affordably. SYNGRESS OUTLET Our outlet store at......

Words: 189146 - Pages: 757

Premium Essay

The Cost of Business Continuity Planning Versus the Potential of Risk

...The Cost of Business Continuity Planning Versus the Potential of Risk Though the cost of mitigating risk can be high, the lack of proper business continuity planning and disaster recovery planning will leave a company is at risk of a catastrophic loss of revenue due to the loss of the Information Systems. Any company that relies on its Information Systems for their operations should invest the time and revenue in developing an efficient and effective Business Continuity Plan (BCP) and a Disaster Recovery Plan (DRP). This study will compare the differences in what a Business Continuity Plan is used for and what a Disaster Recovery Plan is used for. Additionally, it will evaluate the risk having a Business Continuity Plan and Disaster Recovery Plan versus accepting the potential loss of revenue and business in the event of a disaster. It is important to any company that uses it Information Systems to generate revenue. If a company is effected by a disaster, the longer a company takes to respond to the emergency and recover its resources, the more time it will take the company to get back to normal operations (Harris, 2013, p. 887). As history has shown, our world has and will continue to experience many destructive events such as, floods, earthquakes, terrorism, hurricanes, and many other catastrophic events that could cripple a company that is not prepared. Disasters are uncontrollable and over time, every organization will have to deal with the fallout of a disaster. Three...

Words: 2924 - Pages: 12

Premium Essay

Compare and Contrast Various Business Continuity & Disaster Recovery Planning Models.

...and Contrast various Business Continuity & Disaster Recovery Planning models. Information is a vital resource to modern companies. The loss of that information can throw a company into chaos and even be the end of it. For these reasons, businesses go to great lengths to ensure that the information they store and rely on will always be safe and available. Unfortunately despite these best efforts, disaster can still strike and the few hours of days after such an event may be crucial to the long term survival of the company. This is why businesses must be able to recover quickly from natural and man-made disasters. Business Continuity & Disaster Recovery covers how companies should act in the hours and days after a disruptive event. “What is Business Continuity and Disaster Recovery” describes disaster recovery as “...specific steps taken to resume operations in the aftermath of a catastrophic natural disaster or national emergency.” They go to give examples of such steps to include restoring servers and data connections, egress, employee muster, etc. Business Continuity is described as a the steps a company takes to ensure its information systems don't go down during a disaster (What is Business Continuity and Disaster Recovery). This may include the location of hot or cold sites as well as procedures for relocating to them. Disaster Recovery plans may also focus on preventive measures such as smoke alarms and fire drills (Smith, C., n.d.). Business recovery plans may......

Words: 399 - Pages: 2

Premium Essay

Emergency Planning and Business Continuity Management and How It May Be Integrated with Security Risk Management.

...Abstract Businesses, both large multinational and small to medium, should take the threats and risks they could face seriously. Security Risk Management (SRM), Business Continuity Management (BCM) and Emergency Planning (EP) assist in achieving this by putting in place effective risk identification and management measures. Effective management of risk can make the difference between success or failure of business operations during and after difficult events. Threats can include man made threats, such as terrorist attacks, or naturally occurring threats such as earthquakes. Effective risk identification and management is essential to any business, especially with the current uncertainty in the world’s economic climate. In order for businesses to survive, during times of increased strain on business operations, it is essential that an alignment between security and business operations can be achieved. This can be achieved by the security department not only widening the remit to cover more risks, but changing how the department works and relates to the rest of the business; including shared responsibility for things such as Corporate Governance, Information Assurance, Business Continuity, Reputation Management and Crisis Management. The problem is security departments now have more responsibilities in an increasingly complex and fast moving world. Security Risk management is no longer an activity just for companies who work in high-risk areas or with exposure to significant...

Words: 5764 - Pages: 24

Premium Essay

Business Continuity and Disaster Planning

...business Continuity Module 4, Discussion 1 Disaster preparedness for business continuity as a contribution to community recovery Heidi Generaux Walden University Disaster preparedness for business continuity as a contribution to community recovery. A disaster is an event that overwhelms available resources. Businesses within a community are necessary resources available to the community. According to the Federal Emergency Management agency 4% of businesses never reopen following a natural disaster (GetReady website, no date). This statistic does not bode well for the economic well-being of the community (Arend, 2005). The better prepared a business is for a crisis that is also experienced by the larger community (such as a large scale fire, chemical spills, pandemic, power outage or extreme weather or geological event) the greater its ability to ensure business continuity throughout the event or reduce delay in recovery (Prewitt, 2005). When business are up and operating during or immediately following a disaster, I believe the community is better able to move into and through the recovery period more quickly than when the businesses have been chronically or mortally wounded. When businesses remain functional employment (and thus individual incomes) remain intact, as well, access to necessary day to day and special disaster recovery items and services are available. Historically, businesses concerned themselves with planning for crisis in service demand.......

Words: 714 - Pages: 3

Premium Essay

Business Continuity and Disaster Recoery

...Audit of Business Continuity Planning (BCP) Final Audit Report Audit and Evaluation Branch June 2006 Tabled and approved by DAEC on January 9, 2007 Audit of Business Continuity Planning (BCP) Industry Canada (IC) TABLE OF CONTENTS 1.0 EXECUTIVE SUMMARY .............................................................................................. 2 1.1 INTRODUCTION ................................................................................................................ 2 1.2 OVERALL ASSESSMENT.................................................................................................... 2 1.3 MAIN FINDINGS, CONCLUSIONS AND RECOMMENDATIONS ............................................. 2 1.3.1 Business Continuity Plan Governance (See Section 3.1 of the BCP Standard) ......... 2 1.3.2 Business Impact Analysis (See Section 3.2 of the BCP Standard).............................. 3 1.3.3 Business Continuity Action Plans and Arrangements (See Section 3.3) .................... 4 1.3.4 BCP Program Readiness (See Section 3.4 of the BCP Standard) .............................. 5 1.3.5 BCP Training and Awareness (See Section 3.4 of the BCP Standard) ...................... 5 2.0 INTRODUCTION............................................................................................................. 7 2.1 BACKGROUND ........................................................................................................................

Words: 5659 - Pages: 23

Premium Essay

Mmmmmmmmmmmmme

...restoration of business ops if significant disruptions occur BCP and DRP BIA stands for Business Impact Analysis MTD stands for Maximum Tolerable Downtime first step in building BC program Project initiation and management activites of project initiation and mgmt 1) obtain senior mgmt support 2) define a project scope, the objectives, to be achieved and planning assumptions 3) estimate the project resources needed (human and financial) 4) Define a timeline and major deliverables Senior leadership's two major goals 1) Grow the business 2) Protect the brand What are the risk to a corporation for not having BC/DRP? 1) Financial 2) Reputational 3) Regulatory Formula for calculating financial risk P * M = C P: Probability of harm M: Magnitude of harm C: Cost of prevention Prudent man rule exercise the same care in managing the company affairs as in managing one's own affairs 1. Which of the following is considered the most important component of the enterprisewide continuity planning program? c. Executive management support 2. During the threat analysis phase of the continuity planning methodology, which of the following threats should be addressed? a. Physical security b. Environmental security c. Information security d. All of the above d. All of the above 3. The major objective of the business impact assessment process is to: a. Prioritize time-critical business processes b. Determine the most appropriate recovery time objective for business......

Words: 2067 - Pages: 9

Premium Essay

Business Ontinuitning

...Business Continuity Planning There are a few different definitions of Business Continuity Planning. Business Continuity refers to the activities required to keep your organization running during a period of displacement or interruption of normal operation. Business continuity plan is a collection of procedures and information which is developed, compiled and maintained in readiness for use in the event of an emergency or disaster. Whatever the definition, every business needs to have a continuity plan in case something happens to their data and information. A business continuity plan is different to a Disaster Recovery plan in that a disaster recovery plan is enacted after the disaster has happened. “A typical Business continuity plan includes: * Plans, measures and arrangements to ensure the continuous delivery of critical services and products, which permits the organization to recover its facility, data and assets. * Identification of necessary resources to support business continuity, including personnel, information, equipment, financial allocations, legal counsel, infrastructure protection and accommodations.”1 Business continuity planning needs to cover the company during a disruption in service from a disaster. The plan should cover all of the following such events: a. Equipment malfunction b. Disruption of power c. Application failure or corruption of the database d. Human error, sabotage or strike e. Malicious software f.......

Words: 678 - Pages: 3

Premium Essay

The Effects of a Business Continuity Plan on Information Systems

...Effects of a Business Continuity Plan on Information Systems Ronald E. Stamm Jr. ISYS 204 Professor Choi October 6th, 2011 Abstract Since the dawn of the new millennium, as more and more companies are becoming more technologically savvy, they have been coming to the realization that there is a need to protect that data somehow. These companies seek out IT professionals who help them create Business Continuity Plans. These Business Continuity Plans help companies better safeguard and effectively retain their essential data in the case of a catastrophic failure of their network infrastructure. In this essay, I will be discussing the different intricacies of a Business Continuity Plan and how to effectively build one to suit the needs of the individual company. The Effects of a Business Continuity Plan on Information System A frog if put in cold water will not bestir itself if that water is heated up slowly and gradually and will in the end let itself be boiled alive, too comfortable with continuity to realize that continuous change at some point may become intolerable and demand a change in behavior. (Handy, 1990) There have been so many companies over the years that have failed due to lack of a proper Business Continuity Plan. Taking the time and utilizing the correct resources to create a Business Continuity Plan can easily counteract this. In this essay, I will provide an example of a few companies who did not have proper Business Continuity Plans and......

Words: 3859 - Pages: 16

Premium Essay

Crisis Management

...with 7 high-level principles on business continuity and was issued to various financial industry participants as guidelines. The 7 principles provide a comprehensive overview of the necessary steps for business continuity planning. Financial industry participants are required to develop respective business continuity planning in accordance to the 7 high-level principles. There are various incidents within the last decade that has resulted in major operational disruption to financial industry. However, with the guidance of the 7 high-level principles, most of the participants were able to cope with crisis well and survive through the crisis. In this report, several case studies were researched and commented on their business continuity planning. Subprime crisis which caused the collapse of Lehman Brothers has caused a significant stir in the financial industry. Many counterparties ended up with huge exposure and default due to the fall of Lehman Brothers. However, Euroclear was able to manage the crisis well after it activated its crisis management plan which has been developed before the crisis. Similarly, terrorist’s attack on New York World Trade Center has not only caused major security issues but has also significantly affecting the financial industry. Bank of America and Deutsche Bank were the direct victims of the terrorist attack. Both banks remained sound operation and survived through the crisis due to well business continuity planning. Besides, Hurricane......

Words: 2887 - Pages: 12

Premium Essay

Controls

...2 CONTINGENCY PLAN Control: The organization: a. Develops a contingency plan for the information system that: - Identifies essential missions and business functions and associated contingency requirements; - Provides recovery objectives, restoration priorities, and metrics; - Addresses contingency roles, responsibilities, assigned individuals with contact information; - Addresses maintaining essential missions and business functions despite an information system disruption, compromise, or failure; - Addresses eventual, full information system restoration without deterioration of the security measures originally planned and implemented; and - Is reviewed and approved by designated officials within the organization; b. Distributes copies of the contingency plan to [Assignment: organization-defined list of key contingency personnel (identified by name and/or by role) and organizational elements]; c. Coordinates contingency planning activities with incident handling activities; d. Reviews the contingency plan for the information system [Assignment: organization-defined frequency]; APPENDIX F-CP PAGE F-47 ________________________________________________________________________________________________ cial Publication 800-53 Recommended Security Controls for Federal Information Systems and Organizations e. Revises the contingency plan to address changes to the organization, information system, or environment of......

Words: 914 - Pages: 4

Premium Essay

Disaster Recovery Plan / Enterprise Continuity Plan

...DRP / ECP Disaster Recovery Plan Enterprise Continuity Plan This presentation will explore the different parts and pieces necessary for a successful Disaster Recovery Plan / Enterprise Continuity Plan. More specifically, this presentation will provide information needed to garner and bolster support for such a plan from the university’s executive team. A well prepared, maintained and rehearsed recovery and/or continuity plan should have the ability to keep the university up and running throughout any type of disruptive event. DRP/ECP Team Members & Roles ● ● ● ● ● ● ● ● ● ● Crisis Management Team Administrative Support Team Damage Assessment Team Recovery Coordination Team Corporate Communications Team Human Resources Support Team Site Restoration Team Transportation Support Team System Restoration Team Voice Recovery Team and End-User Tech Support Team The Crisis Management Team should be a cohort of upper level management that will be responsible for all significant decision making in response to the current event. Only specific members of the Crisis Management team should be authorized to declare an emergency and decide on the appropriate action. Key responsibilities of this group include: analyzation of preliminary reports, disaster declaration, determination of appropriate response, activation of contingency plans and notification of team leaders (Hiles, 2010). The Administrative Support Team includes representatives from all major departments who can provide...

Words: 2423 - Pages: 10