ICT RISK MANAGEMENT-DISASTER RECOVERY PLAN (DRP)

DISASTER RECOVERY PLAN (DRP)
DRP involves a set of policies and procedures to enable the recovery or continuation of vital technology infrastructure and systems following natural or human induced disasters.
There are more technical plans that are developed for specific groups within an organization to allow them to recover a particular business Application.
It is specific unlike BCP which concentrate on ensuring continuity of all processes amidst disaster.
6.4.0 DISASTER RECOVERY PLANNING PROCESS.
I. Obtaining Top Management commitment
For disaster recovery plan to be successful, the central responsibility for the plan must reside on top management. Management is responsible for coordinating the disaster recovery plan and ensuring its effectiveness within the organization. It is also responsible for allocating adequate time and resources required in the development of an effective plan.
II. Establishing a planning committee
A planning committee prepares a risk analysis and a business Impact Analysis (BIA) that includes a range of possible disasters, including natural, technical and human threats. Each functional area of the organization is analyzed to determine the potential consequence and impact associated with several disaster scenarios. The planning committee also analyzes the costs related to minimizing the potential exposures.
III. Establishing priorities for processing and operations
At this point, the critical needs of each department within the organization are evaluated in order to prioritize them. Establishing Priorities is important because no organization possesses infinite resources and criteria must be set as to where to allocate resources first. Processing and operations are analyzed to determine the maximum amount of time that the department and organization can operate without each critical system. Once the primary functions have been identified, the operations are then ranked in order of priority; essential, important and non-essential.
IV. Determining recovery strategies
During this phase, the most practical alternatives for processing incase of a disaster are researched and evaluated. All aspects of the organization are considered, including physical facilities, computer hardware and software, communication links, data file and database, customer services provided, user operations, the overall management information system (MIS) structure, end-user systems, and any other processing operations.
V. Organizing and documenting a written plan
Next, an outline of the plan’s contents is prepared to guide the development of the detailed procedures. Top management reviews and approves the proposed plan.
6.5 INFORMATION SYSTEM SECURITY MANAGEMENT
Managing the transfer of data and access to it requires reliability, privacy and security. In our digital world, an attack on one computer may affect multiple systems. Unauthorized access may result in financial loss, the release of confidential information, damages to computer systems, costly staff time to restore operations and diminished reputation. With this comes a growing need for privacy and security in systems.
What is security?
It refers to the protection of information and information systems from unauthorized access, use disclosure disruption or destruction in order to provide integrity, confidentiality and privacy.
It can also be defined as policies, procedures and technical measures used to prevent unauthorized access, alteration, theft, or physical damage to information systems.
6.6 CHARACTERISTICS OF SECURITY.
Security is a process. An information system security is a well-defined and documented set of guidelines that describe how an organization manages, protects its information assets and make future decisions about its security.
Security is a shared responsibility. It’s not only the people with word security in their job title who are responsible for the security of the organization. Security is everyone’s responsibility because any employee can become the loophole.
VI. Security is dynamic. Technology Changes with time so should security policies. Those security policies that worked for an organization today may not work tomorrow as technology would have changed. Hackers are also using latest and sophisticated software.
VII. Security is expensive i.e. it come at a cost.

 

(adsbygoogle = window.adsbygoogle || []).push({});

(Visited 182 times, 1 visits today)
Share this:

Written by