Business Recovery after Disaster - Assignment Example

Task “Final Exam” Question one Given the recent events with Hurricane/Superstorm Sandy, and based on news coverage you’ve heard so far as well as first anniversary analysis, discuss the elements that needed to be part of the disaster recovery plans for affected businesses. These might include things like personnel safety, transportation, power, etc. Are there some items that are more important than others? Disasters such as Hurricanes or Super storm Sandy leaves businesses in a devastated status in terms of loss of physical property, information and the space they occupy. In addition, aspects such as infrastructure to the and fro the businesses’ physical locations might be hampered by such disasters. This situation calls for apt disaster recovery plans and strategies to ensure personal safety during the incidents and return to normalcy. In the case of business recovery, the businesses should embrace technological functions, which offer back up services through the Disaster Backup Recovery Site. This will enable quick and safe recovery of critical information that relates to the business functionality. On the other hand, for personal safety, the firms are required to embrace, the services of the Emergency Operations Center. Seeking refuge from this center does not only assures personal safety but also the firms’ physical property that may be in a position of rescue. Question 3 Physical security refers to the need to protect the physical assets of an organization. In some organizations, one senior officer is responsible for both physical and logical (workstation, network, system/application, and other domains) of security. In other organizations, physical and logical security are divided between at least two senior officers. (See http://www.csoonline.com/article/742317/the-emerging-turf-battle-between-information-and-physicalsecurity-pros?source=CSONLE_nlt_update_2013-10-31 for one take on the topic.) What do you see as the pros and cons of having an integrated organizational structure, responsible for both physical and logical security? (A paragraph plus bullets for pros and cons would be appropriate here.) An integrated security system of physical and logical security of a firm refers to the a system that protects the physical assets of an organization and the intangible assets, which is majorly the company’s data and information. This system keeps watch of both aspects of the company. Pros Less expensive in terms of the personnel required to monitor the systems In case of a security lapse, the management can easily point the responsible individual or department. Cons There is a big problem of the system to be compatible to the both physical and logical security and this leaves a security gap, which might cause great losses to the firm, in the event the individual responsible is not aware of the existing gap and how to resolve it. In the vent of a security lapse, it may take a lot of time and resources to detect and relate the security issues to either physical or logical aspects. Failure of the person in charge will lead to both physical and logical security lapses. Question 4 The “Internet of Things” refers to the interconnectedness of many formerly standalone/”dumb” devices, including thermostats, refrigerators, power meters, gas meters, etc. As background, you may choose to refer to the transcript, or watch the 12 minute whole video, at http://it.slashdot.org/story/14/03/26/1939203/security-for-the-internet-ofthings-video. What new problems do we create by having so many Internet-connected devices attached to our networks, both home and work? Internet connectedness of numerous devices such as power meters, gas meters and thermostats among others creates numerous problems, which include embedded security, vulnerability of malfunctioning, and spending to much on Kinetis device protection. The aspect of numerous device internet interconnectedness causes security threat which is attributed to embedded security. Embedded security is a security threat that results from jammed network. On the other hand, the devices connected to the internet risks loosing their memory because of online malware. On a similar note, a lot of money is spent to connect these devices with the Kinetis devices, which links them to the internet. Question 5 Part of a disaster recovery plan may make some assumptions about the state of services provided to the organization by third parties. In the event of a disaster as widespread as the Hurricane, what are some of the steps that an organization should take to ensure its long-term viability? How does short-term recovery planning differ from long-term viability planning? Long-term viability can be attained by establishing recovery windows and associating them with an e-commerce web site, which remains operational throughout. In addition, the continuity of the business can be ensured by linking the recovery Window with an email and the financial system of the firm. Short-term recovery planning refers to the process of recovering data and assets and locates them to either physical stores or digital online stores awaiting relocation to permanent havens. Long-term viability refers to the process of structuring the permanent haven where both physical and digital assets of the firm will be stored after recovery. Long-term viability ensures the company’s continuity after a disaster and consequent recovery. Question 6 What are some of the ways that technology-based tools can support an organization’s operations in the face of a disaster? For example, in banking, customers might be able to use Internet banking to conduct their business, even if the bank branch is closed. What other technologies can an organization put in place or leverage to support its operations. What critical points of failure might still be present that limit the effectiveness of these tools? Organizations can use tools such as real time messages (SMS), geospatial maps and real time shared connected servers to support their operations in the event of closure. These tools are effective in relaying the information using the real time technology; however, the critical point of their failure is centered on the network failure because of a disaster. Without internet connection, the tools remain ineffective Question 8 Refer to a recent article on the ability of researchers to hack a currency verification machine (see http://threatpost.com/researcher-finds-method-to-insert-malicious-firmware-into-currency-validator/102746 ). What do you think about the points raised by the author? Does this represent a new risk to the Euro currency? What risk mitigation approaches could be taken to reduce that risk? The author raises good opinions, because if individuals get access to the instrument and integrates it with a malicious malware, the tool will accept even fake currency. This is qualifies to be a new risk to the Euro currency. The risk mitigation required in this scenario includes more technological advancement in the Euro currency and the instrument in order to avoid insertion of malicious firmware. This will help curb the hackers’ techniques. In essence, continued advancement in the world of technology increases risks that affect humanity and this call for mitigation approaches to various security issues, which includes the anticipated ones. Work cited http://www.csoonline.com/article/742317/the-emerging-turf-battle-between-information-and-physicalsecurity-pros?source=CSONLE_nlt_update_2013-10-31 http://threatpost.com/researcher-finds-method-to-insert-malicious-firmware-into-currency-validator/102746 Read More