Proposal paper | Computer Science homework help

3. A

ue rb ac h P ub lis he rs , I nc or po ra te d. A ll rig ht s re se rv ed . Disaster Recovery and Business Continuity Planning ◾ 149 postevent recovery. In some postevent cases, we can even go as far as to say that “managerial errors are the root causes of the technological disasters” (Shaluf 2007, p. 387). Developing the Contingency Policy One of first items that information assurance/security professionals need to do to ensure that their organization is going to take the necessary precautions to make sure that if a disaster occurs they will be ready and prepared to recover is to develop a Business Continuity Contingency Policy. As is true with any policy, vetting and alignment with organizational senior management is the first thing that needs to take place. Once this approval of the policy takes place, it then needs to proceed through an organizational governance process to ensure that proper buy-in from the affected community members’ takes place. The activities during this time will be ongoing review, edit, review, and finally acceptance and alignment. The vetting of organizational policies should also make sure to include review by the organiza- tion’s general counsel. When finalizing the policy, keep in mind that 100% align- ment is not usually possible and the organizational governance process should take that into account. Business Impact Analysis A discussion on BIA and a sample procedure are included in Appendix B. Controls and Mitigation Bergland and Pedersen (1997), in a report on the effects of safety regulation on the safety and well-being of Norwegian fisherman, found that costly regulation induced “the individual rational fisherman to behave in a way which increases their risks” of injury (p. 291). This behavior is caused by a fundamental risk analysis being conducted on the part of the regulated entity. Will it cost me more to follow the regulation than it will to suffer the accident or loss caused by a negative event? Extrapolating that risk analysis to the area of business continuity and DR planning, it is feasible to believe that senior business managers in other industries will con- duct similar analyses. Will it cost me more to implement the required business con- tinuity and DR infrastructure than it would for me to recover from a catastrophic event that may or may not occur sometime in the future? This is an impactful ques- tion that needs to be fully considered in our current economy downtrend that is causing organizations to pull back from IT spending and is in line with the current Peltier, Thomas R.. Information Security Fundamentals, Auerbach Publishers, Incorporated, 2013. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/apus/detail.action?docID=1375200. Created from apus on 2025-04-18 03:10:32. C op yr ig ht © 2 01