Data Security and Policy Assurance - Essay Example

Data Security and Policy Assurance Data Security and Policy Assurance Business continuity is a defined set of preparatory,planning, and any related activities to ensure critical business functions of an organization continue operating despite serious disasters or incidences that might interrupt. The activities will ensure that the organization is recovered to the operational position in a reasonable short period. Currently, technology has remained an important factor to be considered in business. In business continuity, technology will help the organization to recover to its original operational position. The organization can utilize technology in creating a backup for files, transactions, and any important document. In the case of a disaster, the organization will retrieve the information and continue to operate. The organization can utilize technology by partitioning servers such they can run in different machines. In the case of any disaster or interruption, not all the information will be lost because they are stored in different servers (Arduini & Morabito 2010, 122). When a disaster affects an organization, it requires coordination of different technologies and process for it to recover its operations in a short time. It is the responsibility of the people in the organization to coordinate the processes and technologies during the recovery process. The organization should prepare human aspects such that they can respond to any disaster by responding to all the activities in the organization. Staff should be prepared by trained and frequent mock exercises in preparation of any disaster. Since the organization has a defined process of coordinating activities in case of a disaster, it will be easy to recover to its operational position. It is because the staff will follow the processes in coordinating technologies and other activities for the organization to recover in a short time. The organization will not plan the processes after the occurrence of a disaster, but only implement the already planned processes. Data retention policies and computer retention policies help in raising the expectations of the users that the organization will remain operation or will recover in a short time in case of a disaster. Backup policy helps, the users to be sure that their information will be retrieved in a short time in case of any disaster. Client updates policies inform the users on what means or tools the organization is using and how often it can respond in case of any disaster. The users will be sure of business continuity that they will be sure that the organization is well prepared to face any disaster. Password policies help the users to be sure that their information is secured in case of theft or any disaster. The information will not be accessed or leaked to unauthorized people. The policies raise the expectations of users of business continuity due to the organizations preparedness as per the policies. Email, remote access, and use policies help in minimizing any anti-forensic efforts. In most cases, many email accounts are secure such that in case of any suspicious login attempt, it will demand identification. For example, when attempts to login with wrong details, identification will be demanded requiring the use of phone numbers, email account, or any security used during registration (Dahbur & Mohammad 2011, p. 12). Anti-forensic efforts will not succeed and will be minimized because it will not offer the security details. Remote access is a point where an individual login to another computer using a different computer. It is risky because the unauthorized person can access the information. Remote access policies will assist because it will be set such that security details are demanded one to log in from different locations. If the person logging in is not aware of the security details, it will be difficult for him/her to access the computer. As per the use policies, an individual is required to log into a computer, any other system using passwords, or other security details. Anti-forensic efforts will be reduced because unauthorized people will not access the information using any of these methods. Models that can be used to ensure business continuity and integrity of corporate forensic efforts are Business Continuity Management (BCM) and Business Continuity Maturity Model (BCMM). BCM protects critical business activities from the effects of major disasters or failures and counteracts interruptions to business activities. When BCM is implemented, it will reduce disruptions caused by security failures and disasters to an acceptable point by combining the recovery and preventive controls. The management will develop and implement contingency plans to ensure that business activities or processes are restored within a short time. BCM model approach has a ten-point model, which starts from project initiation and management and ends with coordination in the organization (Arduini & Morabito 2010, 124). BCMM model is a free and open access tool, which is created to assist business in creating and maintaining a sustainable business continuity program. Pressuring business continuity managers has led to continuous emerging new standards for business continuity. Unlike any other published standard, which defines program criteria, BCMM provides steps to follow on the path towards compliance and resilience with standards. BCMM is applicable in all sizes of businesses that they can perform self-assessment and improve their ability to recover from disaster or disruption. Digital forensics process is the identification, preservation, extraction, authentication, investigation, documentation, analysis, and interpretation of electronically stored information. Defining digital forensics is important because, in case of any disaster or disruption, the organization can recover or retrieve information easily or in a short time. The staff in the organization will follow a defined process during recovery. Since it is a well-defined process, and the staff has been reviewing the process, it will take them a short time to restore the organization to its operational point in case of any disruption or disaster. Forensic recovery plan or analysis is designed procedure on how to handle a disaster in the organization. The staff will review the process frequently in preparation for any disaster that might occur in the organization. For example, when a theft or any disaster occurs, the staff will adopt the recovery plan that had been developed in the process of recovery. A short time will be used to recover as compared to designing the recovery plan after the disaster has occurred. To develop and sustain organizations continuity process, the organization should develop a plan or procedure to be followed in case of any disaster or disruption. It will be a standby plan, which the staff will adopt and follow in case of any disaster. The organization should have risk and evaluation control. It is the process of assessing the possible risks in the organization and evaluating the procedure of handling the risks. After risk evaluation, the organization should design emergency response and operations on the risks (Randeree & Narwani 2012, p. 481). A planning will guide the staff in the organization on how to respond in case of any emergency related to the risks. The organization should develop and implement new business continuity plans. Due to improvements in technology, the organization should develop new business continuity plans, which will correspond to the developments in technology. The organization should conduct frequent awareness and training programs for the staff. It will help to keep the staff updated on the emerging trends that can be used to respond to any emergency in the organization. The last one is coordination between the staff. In the case of any disaster, the staff should coordinate and cooperate when handling the disaster. The role of incident responds teams is to identify, analyze, and respond to the incident that occurs in the organization. The team should be well trained on how to identify any disaster or disruption in the organization. When the team is highly trained on identification, they will detect the disaster before causing major damages and losses to the organization. The team should have the necessary knowledge and skills on analyzing the disaster. The analysis of the disaster will enable the team to pick the right procedure to be followed when responding to the disaster or disruption in the organization. Incident respond teams are important staff that should be invested on through training in the organization. It is because they are the immediate people to identify, analyze and respond to the disaster. The first awareness that should be made to prevent anti-forensic efforts is staff training to understand anti-forensic. It is the role of the staff to identify and respond to any anti-forensic efforts. The staff will not identify and respond to something that they are not aware. After staff awareness, the organization should invest on the programs, which will detect, bypass, or even prevent anti-forensic efforts (Dahbur & Mohammad 2011, p. 14). The staff is trained on how to install and use the programs in preventing anti-forensic programs. Knowledgeable workforce is very important in securing organizations behavior towards the disaster. The staff will the knowledge and experience in identifying and responding to any negative activity or intrusion in the organization. For example, when a virus attacks a computer, a knowledgeable staff or workforce will understand how the computer will behave and realize the problem in the computer. To ensure continuously, and effectiveness of anti-forensic, frequent awareness and training programs should be conducted in the organization. It will help the staff to refresh the responding procedure and remain updated on the emerging trends on how to respond to the disasters. The organization should have continuous maintaining and exercising plans. The staff should practice on the plan designed, which will be adopted in case of any disaster. The mock exercises will the staff to be ready for the responds because the procedure will remain fresh in the minds. The staff should be well-trained on how to coordinate in case of any disaster. Coordination is important because staff will work together targeting the same goal of containing the disaster. References Arduini, F., & Morabito, V. (2010). Business continuity and the banking industry. Communications of the ACM, 53(3), 121-125. Dahbur, K., & Mohammad, B. (2011, April). The anti-forensics challenge. In Proceedings of the 2011 International Conference on Intelligent Semantic Web-Services and Applications (p. 14). ACM. Randeree, K. & Narwani, A. (2012). A business continuity management maturity model for the UAE banking sector. Business Process Management Journal, 18(3), 472-492. Read More