The Security of an Organizations Information System - Essay Example

BCP Plan Case Study Introduction The security of an organization’s information system or network system is critical and hence need to be addressed with a lot of concerns to ensure business continuity. Having an effective IT disaster recovery plan is crucial to any organization. The most significant information such customer records, financial information or employee’s information in to be well protected. The information or rather data is always kept in the datacenter and mechanism is supposed to be put in place to ensure that the data is protected and preserved. In addition, access to this information should be restricted so that the organization’s integrity is maintained. To ensure business continuity and compliance, there are data security policy guidelines that the organizations should put in place. These are basically tools that revolve around desktop virtualization. The information technology disaster recovery plan is formulated together with the business continuity plan so that the effective time recovery objectives and priorities are defined. The recovery strategies are formulated to restore hardware, data and applications within the shortest time to meet the organization’s business recovery plan. The major security tools that have been put in place include monitoring and logging, compliance to the objective, governance, and business continuity (Buffington 456). Information technology disaster recovery strategies Backup Data backup should be integrated in the business continuity plan. Data backup strategy commence from the identification of the data to backup, choosing and implementation of software and hardware backup procedures, conducting and scheduling backups and periodic validation. The data in all the servers are backed up by creating a replication in large capacity USB, cartridges and tapes. The security level accorded to the backups should be equal to the original security system. The potential for data loss is evaluated using business impact analysis. This is the basis for recovery point objective definition. The data recovery time should be set in conformity with business and information technology recovery times objectives. The best way to do this is keeping the data in the datacenter so that that sophisticated tools for watching, controlling and monitoring can be used. In addition, there are EISA policies that regulate the access to sensitive data.ht data on desktop computers, networked servers, wireless devices and laptop which needs to be backed up is identified. The backup plan also include the backup’s frequencies, secure off-site storage and security strategies. Desktop virtualization One of the solutions that have been design by Citrix to ensure desktop virtualization is Citrix XenDesktop. This technology uses policies that are granular. This technology separates the interaction of the en uses that are using virtual desktop and other application from the partition where these programs are installed. All the work station computers users make use of virtual replication of the critical data (Costello 64). When they make any alteration, the changes are facilitated via the network to the database in the datacenter. This particular design enables continuity in the business through various configurations of networks and hence secure data by preventing any data exit. Fault tolerance in critical systems The ability of a system to tolerate fault during and occurrence is very critical. This can be achieved by use of access gateway from Citrix. This gateway is the most secure remedy for access control. It can be placed as a component Citrix platform that combines a variety of performance and security component or as a SSL VPN that is dedicated to one component. This gateway uses SSL/TLS standardized encryption to ensure that the configuration across the network that is based in the headquarters and at the same time facilitate a user authentication that is dual-factor. Using access gate way as the only way to access the data in the datacenter for every workstation used by the healthcare and the employees in the headquarters facilitate a secure connection via encrypted and secure media that ensures network and information security. Testing process and frequency The testing process and frequency plan is formulated by developing and practicing a contingency plan which incorporate a succession plan. The individual who are responsible for carrying out the backups are trained to effectively carry out emergency tasks. The crisis communication plan and crisis meeting places are determined. Disaster communication is also practiced with the customers, employees and the stakeholder. There should investment in the alternative means of disaster recovery communication system. All the employees should participate in the disaster recovery process so that each one is prepared to handle emergency. . Even the devices whose purpose was intended to serve them at individual level still call for integration into the business. Most organization that have embraced the latest technologies as far as information security have appreciated the use of BYO in the quality of providing services that are satisfactory to the clients. BYO strategy aims at reducing the overhead cost and simplifying the management of devices in addition to permitting employees to use personal devices such as iPads to be used for business and hence facilitate convenience (Snedaker 89). A very good example of this is use of Citrix Receiver that provides strong solutions to the independence need for personal devices. Off-site storage The most suitable off-site storage facility is the national data center. This is because sensitive state information is station is stored therein, therefore the security is advanced. This will also act as the hot site for the organization’s sensitive data. The off-site storage for sensitive information should be updated on a weekly basis. The latest technologies such as cloud storage can be used to facilitate off-site storage. Some vendors have designed an off-site storage solution by designing devices that is able to accommodate user access and provisions that are rapid and at the same time maintain the environment security. A very good solution is the use of Netscape cloud gateway from Citrix that enables user account access that is rapid (Fenton and Halpert 132). Cold site There should an alternative connection between the database server and a single computer in each department. The network will remain stand-by so that in can salvage the situation in time of disaster. The cold site is essentially a data center power, space and network connection. The logistic support team is will assist in moving the organization’s hardware into the data center and set the platform to run. The cold site is established after considering the risk and the organization’s financial ability. Conclusion It is inevitable that an effective and true disaster recovery strategy to minimize the implication of a disaster strikes and ensure business continuity should entail more that uncoordinated and random backups. An effective disaster recovery plans should incorporate consideration and analyze of the frequency and timing of backup. The system should continually be mirrored daily, weekly or hourly. In addition, the data recovery plan gives consideration to the aspect of recovery or recovery during the event of disaster. The time taken to restore the data during a recovery incident should also be considered. Other recovery tools such as off-site storage, hot site and cold site are also critical. These will eliminate system downtime. Work Cited Fenton, Jeff, and Ben Halpert. "Business Continuity and Disaster Recovery."Auditing Cloud Computing: A Security and Privacy Guide (2011): 129-141. Buffington, Jason. "Business Continuity and Disaster Recovery." Data Protection for Virtual Data Centers (2010): 443-484. Costello, Tom. "Business Continuity: Beyond Disaster Recovery." IT Professional 14.5 (2012): 64-64.. Snedaker, Susan. Business continuity and disaster recovery planning for IT professionals. Butterworth-Heinemann, 2011. Read More