HOW TO ENSURE INFORMATION CONTINUITY AND RECOVERY IN BUSINESS CONTINUITY PLANNING AND DISASTER RECOVERY

MODULE 3 CASE "Business continuity management deals with dual objectives of counteracting interruptions to business activities and protecting critical business processes from the effects of major failures or disasters. It involves implementing business continuity management process. Such a process would involve impact analysis, development, and maintenance of continuity planning framework. These business continuity plans should be tested and reviewed regularly to ensure their effectiveness." (Dhillon, 2007, p.246) The following article provides a simple overview of business continuity planning. Having a Business Continuity Plan is a necessity in the eyes of many insurers, bankers, stakeholders and regulators. Understanding the components of it will be useful. Craig, S. Section 3-2 -- Business Continuity Planning. Handbook of Information Security Management. "Disaster Recovery Planning (DRP) is the process of assessing risks that an organization faces, then developing, documenting, implementing, testing, and maintaining procedures that help the organization quickly return to normal operations and minimize losses after a disaster". We have certainly seen in recent years, even in recent months, that while particular disasters are more or less by definition unpredictable, the fact of disaster in general is entirely predictable; and both the likelihood of the disaster and the lack of preparation for it tend to increase precisely in proportion to the amount of time that has elapsed since the last one. This Module is about how a modicum of foresight can help protect organizational systems against what can sometimes be catastrophic failures. In a world of real time transactions, just-in-time inventory, and supply chain dynamics, losing a phone system may wreak more havoc than a fire in the building. With regards to information systems specifically, disaster recovery planning is the process of preparing for an unexpected, yet potentially anticipated, emergency or breakdown in a part or parts of an information system. We've all heard the same advice since we got our own first computer: "Backup, backup, and backup again!!!" But then, how often have we gone on to ignore this advice, and what prices have we paid? If you're like most of the faculty, you've paid rather dearly at times for your (or others') failure to take elementary backup precautions. So -- why don't we? Personally, it's a lot of trouble, things probably won't happen right away, and we've got lots of time to do it...right? Sound familiar? What did you lose lately? Your financial records? Your wedding albums? Aunt Myra's chocolate chip cookie recipe that she got from Niemann Marcus? National Institute of Standards and Technology provides a special report on how to handle computer security incident. Even though it is still a draft, it offers many insights. NIST (2012), Computer Security Incident Handling Guide(Draft), National Institute of Standards and Technology Special Report 800-61. Believe it or not, firefighters have been the experienced, if not the most experieced, professionals handling disasters. Technology has to be positioned in a system for it to be properly used or handled. Please note the managerial advices offered in the following article: NFPA1600 (2010). Standard on Disaster/Emergency Management and Business Continuity Programs. National Fire Protection Association. AT&T, a long-term vendor for disaster recovery of information systems and telecommunication, has learned from the firefighters. I remembered visiting one of its trucks mentioned in the following video in a telecommunication expo and learning about how AT&T has incorporated management structures from firefighters (more specifically, firefighters from southern california battling brush fires :)). AT&T (2010), AT&T network disaster recovery, Video. After reviewing the above materials, please write a 2-5 page paper titled: "How to Assure Information Continuity and Recovery in Business Continuity Planning and Disaster Recovery?" Assignment Expectations: Please address the following issues in your paper: 1. The importance of having business continuity plan and disaster recovery for information systems 2. The relation between information continuity/recovery and business continuity/recovery 3. The technical and managerial challenges of information continuity and recovery 4. The technical and managerial solutions to information continuity and recovery You will alsp be particularly assessed on: - Precision: Your draw on a range of sources, and to establish your understanding of the historical context of the question. You carried out the exercise as assigned, or carefully explained the limitations that might have prevented your completing some parts (running out of time isn't generally considered an adequate limitation). - Support for assertions: You use examples, citations (especially to the required readings), and elaboration to support assertions. You provide evidence that you have read the required background materials. - Clarity: Your answers are clear and show your good understanding of the topic. You see what the module is all about and to structure your paper accordingly. - Breadth and Depth: The scope covered in your paper is directly related to the questions of the assignment and the learning objectives of the module. - Critical thinking: The paper incorporates YOUR reactions, examples, and applications of the material to business that illustrate your reflective judgment and good understanding of the concepts. It is important to read the "required readings" posted in the background material plus others you find relevant. Your informed commentary and analysis is vital -- simply repeating what your sources say does not constitute an adequate paper. - Overall quality: Your paper is well written and the references, where needed, are properly cited and listed.