African Investments Data Handlers - Contingency Planning in Action - Business Plan Example

? AFRICANINVESTMENTS DATA HANDLERS The evolution and the advent of information technology has seen great changes in the recent past especially in terms of handling, storing and sharing of information between one organization and another and between departments of the same organization. Among other trends, noted are the centralize storage of an organization’s data where the security of the data would be ascertained as well as the ease of access and retrieval can be guaranteed. This formed the basis on which the ‘Africaninvestments data handlers’ organization was established in 2008. The organization specializes with offering cloud-computing services where other individuals and organizations would rely on in matters of keeping sensitive information and easy access and retrieval of the same whenever required at a fee. The organization has its headquarters and the main office in Johannesburg in South Africa though plans are underway of establishing constituent operating sub ventures in the western countries where it supposes the business would thrive. It currently operates with an employee base of hardly forty technicians due to its small capacity in operation and for the reason that few experts are required to carry out the lump some work of handling the data technologically. It therefore provides solutions to small and medium business ventures in Africa in matters of data where the benefit to the clients would be through lowered costs of operations. In order to add capacity or improve capabilities of functionality of an organization having not to invest in personnel training, licensing news software as well as investing in new infrastructure, the emerging trend is in adopting the cloud computing services from such providers as the Africaninvestments data handlers. However, the emerging concern with the current trend is that how safe the environment is as more and more personal as well as organizations’ information are continuing to be placed in the cloud (Badger et al, 2012; “educause”, 2009). Data privacy as well as protection is the most concerning issue within the security concerns. If integrated system in the system would be designed, then the concerns that are risks to consumers and potential investors would be addressed and ascertain their security. Moreover, a new business niche would be created in offering security as a service, which would specialize in single, as well as multi-tier security provision and which would effective in being unpredictable to the hackers. The primary functions of the Africaninvestments data handlers organization is to offer data storage and handling facilities to the business fraternity as well as to individual persons who would like to have their data stored away from own systems in order to ensure secrecy and security. However, just as is the case with all other businesses, it is worth noting that the organization suffers specific challenges especially those associated with the secrecy and security of the data being handled. Kuyoro and team studied the security issues as well as challenges that are posed by cloud computing with attention on the types of cloud computing services and the types of service delivery. The study found that cloud computing often deal with social networks and online software applications for data storage as well as transfer. The fear of the ‘too much’ exposure of an organization’s data and information raises the concern of exactly how much the environment is within the era of cloud computing. Actually, this has been pointed out to be their major reason of the slow acceptance of the cloud. Cloud providers are definitely hesitant in disclosing their infrastructure to their clients, which confirms the fears of the clients to how much one is to trust the providers with their sensitive data and information. Through intensive review of literature from past studies, the research study established the following to be the main concerns in security of cloud computing. Compromise of data ownership, issues of compliance with regulatory authorities, issues of location of personal/organization data, segregation of information from other clients’, disaster recovery mechanisms, legal investigative support and the overall viability in long term contacts (Kuyoro et al, 2011). The studies showed high risks of system hacking through common pools that are created by the clouds. In planning, there are different types of plans where normal plans usually concern expectations rather than outcomes. However, in some instances, it is inevitable to plan for an outcome and this explains the contingency planning process. Some of the risks that a business organization faces are catastrophic and hence needs contingency planning with the sole purpose to avert much of the likely harm to befall the organization. Our analysis for the africaninvestments data handlers organization have revealed that the organization lacks contingency plans which are necessary to address the security issues that it faces in its operations. From the above discussion, security issues in handling client data in coverage against unauthorized access of sensitive data poses the major risk to the business. It would be therefore necessary that the organization invest in contingency planning in order to mitigate the crises effects in such an event that the risk occurs. Contingency plan Planning for the contingencies as shown has some basic components, which include IRP (incidence response plan), DRP (disaster recovery planning) as well as BCP (business continuity planning). IRP focus on immediate response, DRP focus on ensuring that operations are restored to normalcy at the original site in the event of occurrence of the disaster and BCP facilitates the process of operationalizing an alternative site for business (Swift, 2008). Purpose: The contingency plan developed here is meant to establish possible procedures that would be adopted to recover the organization in the event of occurrence of such a risk as hacking where sensitive information from clients would leak out to an authorized person(s). It has the main objective as being to have a thorough preparedness for the organization to face the security threats that pose the major risk. Recovery tools and system upgrade are the basic tools to be sought by the organization in order to realize the effectiveness and efficiency sought in the operations of the organization. Applicability: The data handling security contingency plan will apply to the resources, functions as well as operations important in resuming and restoring Africaninvestments data handling organization’s capacity to operate and offer services to clients more professionally and with low security threat. Scope: The South African based data handling organization will use high security software to control the accessibility of the stored data by hackers or the possible threat that would be posed by malware. Malicious software in general refer to a variety of software which are intrusive or even hostile and includes such software as rogue security software, spyware, worms, adware, dialers, Trojan, computer virus and key loggers among others which normally appear in the form of active contents, codes as well as scripts (Klaus, 2013). However, it is worth noting that malwares are different from defective software in the regard that defective software may be legitimate software which would have had defective bugs before release and which were not corrected. However, higher security measures will be provided through decentralizing the operations by having the proposed operating branch in the west opened. Therefore, Africaninvestments data handlers organization will use the alternative IT infrastructure in the west to access and restore data which would be lost in an event of such a disaster as hacking and system corruption by malware. Assumptions: This plan is based on certain assumptions among which are the possibility of not recovering the lost data at all especially with the current system. We also assume that the organization has invested adequately in having the new branch established pretty soon and having invested in training recovery and disaster management and response team. We also assume that basic precautionary measures were taken into consideration while designing the organization such as the use of high quality hardware and software in the mother branch (in South Africa) and the installation of adequate power substitute generators in the event of power loss. Line of succession Decision making process in the entire process should not be altered and the chief information officer is to take responsibility for safety of the personnel and oversee the execution of the contingency plan as provided. However, in the event that the CIO is unable to command the authority, he/she should be in a position to assign responsibility. Responsibilities We shall have some specific teams, which will be accorded the responsibilities of effecting the contingency plan within the organization. The CP team will have the basic role of developing and overseeing the effectiveness of the contingency plan as a necessary tool to mitigate disaster within the data handling organization. IR team will be responsible of strategically adopting mechanisms to evaluate and bring to normalcy the organizational operations after such an occurrence of the incident. It is therefore tasked with ensuring recovery of an organization after the occurrence of the incident. DR team is tasked with formulating procedures to be followed in recovering the data lost during a disaster. The responsibility is therefore the most crucial one in the entire process of disaster management in such an organization as the data handlers. The BC planning team on the other hand is mandated to ensure that the effects of the outcome of such a disaster are not detrimental in the operations of the organization. It should therefore work towards ensuring that the image of the organization is restored and the customer confidence is restored. Policies and procedures in CP Among the fundamental policies in contingency planning is the ethics and morality. In planning for mitigation of possible disasters that may face the Africaninvestmemnts data handlers, it is necessary to adopt measures that are ethical and acceptable in legal procedures. Planning for disasters may equally involve participation of legal frameworks, which govern the nature of business as this is. This is because, in the event of evaluating the occurrence of the risk, it would be necessary in some instances to involve the course of justice, which implies that legal procedures would be sought. The contingency plan is procedural in working where the different departments and teams involved must co-work in order to realize effectiveness and efficiency. The four teams outlined above must therefore work together under the guidance of the respective team leaders to realize the goals outlined in the plan. Basic to the success of the plan is the procedural working of the various teams involved in running the organization. The entire process involved in contingency planning and full implementation of the same towards the Africaninvestments data handlers organization revolves around three major processes; incidence response, disaster recovery as well as business continuity. Whenever a threat becomes valid, it is inevitable to have the contingency plan implemented successfully in order to mitigate the effects that would be suffered by the organization. In the occurrence of the incidence, then the plan assigns specific roles to different teams as described above. The teams draft and implement procedures to carry out assigned roles. Therefore, the basic role of the contingency plan is to have incidence response actualized with specific roles performed before and after the incidence. In the event that the risk has actualize into a disaster, the plan clearly outlines the guidelines to actualize disaster recovery. Recovery from the disaster is a basic procedure while implementing the contingency plan of any business. This is because, it spells out the appropriate way to be adopted by a business while recovering from the disability suffered by the effect of the disaster. As an IT industry, recovery procedures are very essential in that it would guide the organization in adopting appropriate and most suitable recovery mechanisms to command competence in the industry. Business continuity on the other hand spells out the essence of the planning stage to consider the effects that the organization would suffer in terms of business performance and possibly perpetuity. The plan has continuity as a major concern in that the effects of such a disaster may cost the organization adversely in matters of customer trust and organizational image. For continuity therefore, it is necessary that the efforts sought for the organization aim at restoring the confidence of customers and improve the general image towards the customers. In an illustration, we would analyze a scenario where africaninvestments data handlers organization face a risk in losing customer data to hackers through corruption by malware. The data handling security contingency plan will apply to the resources, functions as well as operations important in resuming and restoring Africaninvestments data handling organization’s capacity to operate and offer services to clients more professionally and with low security threat. Despite the fact that this organization operates form one operating centre in South Africa, the contingency plan developed will be considerate of the effects of establishing the proposed operation center in the west. This plan is based on certain assumptions among which are the possibility of not recovering the lost data at all especially with the current system as it is currently. We also assume that the organization has invested adequately in having the new branch established soon and having invested in training recovery and disaster management and response team. We also assume that basic precautionary measures were taken into consideration while designing the organization such as the use of high quality hardware and software in the mother branch (in South Africa) and the installation of adequate power substitute generators in the event of power loss. This therefore shows that the plan is relatively adequate in addressing the risk as described above. This is because the period that would guide the implementation of the contingency plan as developed to address the risk in losing client data through corruption by malware from hackers is sufficient. We propose a period of three months since the hacking incidence and the conclusion of investigations and the subsequent legal procedures that would commence. The three months would be ample to allow the different teams involved in the procedure successfully carry out their respective duties. The CP team will have the basic role of developing and overseeing the effectiveness of the contingency plan as a necessary tool to mitigate disaster within the data handling organization. It will therefore draft and improve the plan as a necessary tool in addressing the risk posed by the hackers. IR team will be responsible of strategically adopting mechanisms to evaluate and bring to normalcy the organizational operations after such an occurrence of the incident. It is therefore tasked with ensuring recovery of an organization after the occurrence of the incident. The BC planning team is mandated to ensure that the effects of the outcome of such a disaster are not detrimental in the operations of the organization. It should therefore work towards ensuring that the image of the organization is restored and the customer confidence is restored. Finally, the DR team is tasked with formulating procedures to be followed in recovering the data lost during a disaster. The responsibility is therefore the most crucial one in the entire process of disaster management in such an organization as the data handlers. Ethics Ethics explain an acceptable code of conduct by individuals within a given context (Hooker, 2003). In our analysis therefore, the analysis of ethics concerning electronic data handling through cloud computing imply the acceptable behavior that govern the interactions within the online community, the organization and the clients. Ethics would entail upholding integrity while transacting business transactions and concerning the handling the data entrusted by the clients. For instance, it is immoral and unethical to have such an organization or the leaders collaborating with other unauthorized persons to access information from clients without their consent or authorization. On the other hand, every business has guidelines by the government and such oversight authorities, which define the legal procedures to be followed in establishing and running businesses operations. The internet business is not an exception to the adherence of such legal frameworks. Through the legal frameworks in operation in South Africa, it is illegal to operate a business without valid licenses, which in effect allow one to comply with the tax requirements. The failure to comply with the set legal provisions leads to legal action to be taken on such a person. This therefore incorporates this kind of a business into the confines of the law just like any other business. Specifically, our contingency plan under the guidance of the different teams will take into consideration ethical behavior of the leaders and the organization at large. Integrity in handling customers’ data and sensitive information that is entrusted to the custody of the data handlers is basic to the planning of contingencies in this organization. We would plan for such through different stages involved in contingency planning and through evaluation; recommendations would be made towards improvement in areas necessary. The incidence response personnel would be instrumental in carrying out an evaluation towards the disaster and in the process, the leaders would receive special attention in order to establish their role in the occurrence of such a disaster especially through unethical behavior. The contingency planning team leader has therefore the main responsibility in exhibiting ethical behavior through addressing the findings from the different teams without partiality for the sake of leading the organization in the right way to overcome the effects of such a risk. References Badger L. et al. (2012). Draft Cloud Computing Synopsis and Recommendations of the National Institute of Standards and Technology. National institute of standards and technology, special . Retrieved from:< http://csrc.nist.gov/publications/drafts/800-146/Draft-NIST-SP800-146.pdf> “Educause”, (2009). Things you should know about cloud computing. Retrieved from: http://net.educause.edu/ir/library/pdf/est0902.pdf Hooker J., (2003). Why Business Ethics? Retrieved from: < http://web.tepper.cmu.edu/ethics/whybizethics.pdf> Kuyoro S. O. et al. (2011). Cloud Computing Security Issues and Challenges. International Journal of Computer Networks (IJCN), (3)5: 247-255 Swift R. M., (2008). Introduction to Contingency Planning An Overview of the Business Contingency Plan. Retrieved from: < http://www.bisimplified.com/_pdf/article_411/Article5.pdf> Read More