Developing a System for CalaKare Pty Ltd to Manage the Documentation Problem - Research Paper Example

Major Written Report Significant Points Summary The proper security system needs to be developed to enhance the risk management and business continuity in the long run The organisation must be assessing their risk in a proper manner so that they can ensure a proper development of the security system In order to enhance their business continuity the organisation must provide better applicability of the disaster recovery plan so that they could easily resolve their operations in minimum time lapse ClaraKare must be securing their storage system to prevent from any vulnerabilities and can also develop a proper documentation of the recovery process To maintain a sustainable growth organisation must be safeguarding their support system in order to enhance their risk management procedures Executive Summary Present day business environment is highly dependent on the information technology. This dependency has also enhanced the requirement of protection from the vulnerabilities of the external as well as internal risk. It has also been noted that the dynamic behaviour of the external environment is observed to be imposing huge threat on the operations of organisation. This dynamic behaviour of the environment has also exposed the organisation with the risk of unsecured information sharing. With this elated need of security the organisation has been largely exposed to the need of development of a secured system that would help them operate better. To create a proper risk management strategy the organisations needs to enhance their storage security as well as enhance their network security so that they can maintain a transparency of operations. Additionally, the organisation should also establish their disaster recovery planning to ensure the system of business continuity. Business continuity has been observed to be one of the prime requirements in the present day business context. It has been observed that in order to maintain their competitive edge in the long run the organisation needs to develop a secured system and confirm business continuity. Table of Contents Significant Points Summary 2 Executive Summary 3 Introduction 5 Case Overview 5 Niche Marketing Opportunities 6 Suggestive Measures 7 Identification of the Risk 9 Analysis of the Risk 10 Designing Strategy 10 Plan Develop and Execute 10 Test the Success 11 Network Security and Information Privacy Policy 11 Securing Physical Environment and Storage System 12 Disaster Recovery Plans 12 Advantages of the Suggestive Measures 14 Disadvantages of Suggestive Measures 15 Alternative Strategic Measures 16 Conclusion and Recommendation 21 References 23 Bibliography 27 Introduction Information Security Management (ISM) provides a detailed overview of the control that an organisation needs to contrivance in order to enhance a better security from the different vulnerabilities of the external and internal environment. ISM provides for a systematic approach to the company to plan its risk management strategy1. With this regard, the paper focuses on developing a system that would help the organisation CalaKare Pty Ltd to manage their documentation problem. Moreover, the paper also elaborates on the development of opportunity at the niche market by the organisation that has been operating from Perth. The research even details out the contributions of employees operating in the information security group to find an opportunity for the organisation in the niche market. Furthermore, elaborations are also provided for the development of the system that would help the businesses to manage their risk as well as help to continue in the long run. Case Overview The international organisation that was operating from Perth tries to nurture a niche market opportunity that remained uncovered and has huge scope for development. In this context, an opportunistic employee operating in the information security group plans to design a system that would help in implementing a risk management tool to ensure continuous business development. However, while venturing and making enquiries about their own business the employee finds an opportunity to cultivate the niche market. The employee ventures into the market and locates a business entity CalaKare Pty Ltd that has been managing aged care. The organisation has been catering their services through 12000 staffs in 15 facility centres. The organisation even had a client base of 15000 aged patients who were being provided with special care in the major regional locations of Perth. This organisation CalaKare has been facing difficulties in documenting their formal procedures that was creating problem in business continuity. Niche Marketing Opportunities In the present day dynamic and challenging market effective management of business has been observed to be very crucial. The organisations have been cultivating continuous development only by adopting innovation strategies. By espousing niche market strategies the organisations in the present day competitive domain has been managing their business continuity through the innovation processes. By exploiting the niche market opportunity the organisation can meet the elated needs of the consumers in the long run. In the present era of the competitive domain, the niche market provides for an opportunity that helps in developing the business background. The niche market provides an opportunity that helps in developing the business and ensures a continuous development of the business2;3. The different opportunities of the niche market strategies are observed to create a competitive domain on the market at a larger note. The niche markets create an opportunity for the organisations to reach new customers. The organisations can even ensure the radical strategy for innovation and ensure better growth. Moreover, to gain a competitive advantage the firm can impose incremental innovation through the development of the products. The niche market provides great opportunities to the economies of scale to develop a better advantage and to enhance their innovative skills and compete with the market. Through the niche market small organisations gets better opportunities to develop segmentation of the market and avail a strong market opportunity. Additionally, the niche market helps in reaping the market opportunities to gain competitive advantage over the new market opportunities4; 5. Similarly, as per the case the niche marketing opportunity provided development to ensure continuous innovation and competitive edge on the market. Through the practice of niche marketing strategies the employee, who is a member of the Information Security Group, found a positive opportunity to develop a market for their new products. Correspondingly, with the development of opportunities, to market the product could only be catered through the niche market. Moreover, the marketability of the product depends on innovation and development of the new market. Suggestive Measures With the present era of information sharing it has become quite evident that the organisations are becoming vulnerable to the risk of treachery. The requirement of privacy has become the prime motive of information sharing organisation. Moreover, to ensure privacy and security amid the organisation the different business sectors are enhancing their security measures to protect information. It has also become the prime motive of the information organisation to develop a security system that enhances the procedure of information sharing in the long run. As in the present case the organisation was facing severe problems in regards to the lack of development of the strategic tools to enhance the quality of the system. Additionally, to ensure the development of the quality system proper security needs to be developed. Moreover, in the present case the information security group needs to develop the information security toolkit that would enable the organisation ClaraKare to implement the security policy for greater effectiveness6. To manage the business continuity an organisation needs to manage their internal and external threats. Hence, privacy becomes one of the major issues for the organisations to maintain their corporate stability and business continuity in the long run. It has been noted that exposure to the external and internal environment affects the business continuity to a considerable extent. Moreover, to ensure a continuous development, business continuity plan must be tested and updated on a regular basis. With the elated demand for privacy and security organisations needs to design and implement network security to enhance process of business continuity. For contingency planning and documentation for continuity of business, planning could be observed as an authentic method for continuous development7. The organisation in order to develop their business continuity plan needs to manage their designs effectively. The possible measures could be rectified through the implementation of phases of business continuation. The phases could be identified as elaborated hereunder: Fig 1: Phases of Business Continuity Planning Source:8 Identification of the Risk Identification of the risk is observed to be the most integral part of the business continuity planning. The risk assessment helps to identify the possible threats that an organisation is likely to face in its course of operation. This helps in developing an understanding of potential threats elaborating on probability and potentiality of occurrence. Similarly, the potential risk of the organisation ClaraKare needs to be identified so that the possible risk that is imposed by the external and internal environment could be ascertained9. Analysis of the Risk Once the risk has been duly identified the effectiveness of the risk needs to be analysed so that the impact of the assessed risk could be duly ascertained. The information that needs to be gathered for the relevant risk must be crucial and should be able to represent the effect of the risk on the business. The analysis of the risk should be conducted by the employee of the information security group10. Designing Strategy After the risk has been duly analysed the possible strategic developments needs to be identified so that the strategic measurement could be ascertained. Moreover, this would even help in developing a proper strategic plan that would ensure that the impact of the risk could be mitigated to a greater extent. Similarly, in the given case the strategic measures need to be planned so that a secured system could be established that would ensure effective risk mitigation11. Plan Develop and Execute Once the strategic plan for risk mitigation has been duly identified the proper planning and designing needs to be conducted. This aspect is required to be done so that the execution of plan could be conducted successfully as well as effectively. For instance, in the present day business the information technology is provided with highest priority and hence organisation should be having a backup plan to maintain the risk of infrastructure failure12. Test the Success After the plan has been duly implemented and executed the success needs to be tested. This would ensure that the plan has been designed at par with the requirement of the organisation. Moreover, owing to the diversity of the present day business it has become mandatory for the organisation to evaluate the effectiveness of the risk management strategies for the success of the business13. For the organisation like the ClaraKare dealing with huge number of aged patients the major requirement has been observed to be the privacy of the patients. The risk management could only be possible through the enhancement of the following security measures: Network Security and Information Privacy Policy The security of network system is observed to be one of the major requirements of the organisation. Information privacy is one of the vital aspects that lead to the enhancement of transparency in the present day business context.. Computers and networks security help to develop a better and increase the credibility of the system. Moreover, this even helps in developing a proper filter into the network system and assists in restricting the access of individuals into the system without prior permission14. This limited accessibility would help in developing a secured network and would in turn enhance the information privacy for organisation. This would help in enhancing the security of the system and would also make the system less vulnerable to the risk of hacking. Furthermore, to develop a better security system organisation must maintain their closed network system and enhance their ISM to facilitate their needs of network security15; 16. Securing Physical Environment and Storage System In order to secure the physical environment organisation must be maintaining their support system and technical devices efficiently so that they can maintain uninterrupted services into the system. Business continuity is observed to be one of the prime motives to enhance the continuous operation of any business17. Business interruption can possibly occur depending on the issues like equipment failure, application failure as well as on the malicious software or hacking. These possibilities could majorly affect the operation of business in the long run. The proper maintenance of the physical devices is likely to ensure a proper physical environment to enhance the security of the system. Moreover, the storage facilities need to be developed in order to enhance the security of the system so that hacking and confidentiality of the data can be attained. With the enhancement of the storage system the physical standards must be developed so that the organisation can ensure a better approach towards risk management. Securing the storage systems would help in developing the physical security of the organisation and with a greater clarity into the system18. Disaster Recovery Plans In order to maintain their large peripheral through the network system it is observed that the organisation needs to maintain network security. Furthermore, the organisation should also be well prepared in order to maintain security system to enhance their safety in the long run. With the enhanced dependency of the organisations on the Information Technology (IT) the major shut down of the system is observed to create a huge backlog into the operation of business. Hence, the organisation should be able to recover from the situation and continue the immediate restoration in order to enhance their functioning. The disaster recovery planning helps an organisation to minimise the instances of disruption of the system and ensure orderly recovery of the system19. The plan would help the organisation to provide a standard recovery and help in enhancing organisational structure. By determining a suitable protection and prevention process the organisation would be able to manage their risks effectively. The lapse of the system recovery is observed to be very crucial for the organisations. Continuity of the system is observed to be the prime requirement of the present day businesses20; 21. Strategic measurement helps in developing an efficient base that would help in enhancing the operation of the system. The security of the system would also help in developing a better domain that would help ClaraKare to enhance their process of business continuity Moreover, proper documentation is essential for the long run of the business and hence strategic management and security is an important aspect. The organisation like the ClaraKare has been providing health care facilities to the aged people as per their need to maintain their business as a continuous process. Advantages of the Suggestive Measures The business continuity planning helps in maintaining a continuous flow of the business both in short and long run. It has been observed that the business continuity planning helps in ensuring uninterrupted flow of operations in the long run. Owing to greater dependency on the information technology it has been observed that the present day organisations are highly vulnerable to the risk both at internal and external environment. Business continuity planning ensures that the organisations are capable enough to deal with the vulnerabilities and manage business efficiently. The management of risk is possible through proper business continuity planning as it would ensure that the business operates efficiently and is able to manage their operational risk effectively22. Moreover, business continuity planning would ensure an integrated program that would help in managing the entire system of operation. The complete business continuity planning would also ensure that the programs are properly executed and planned23.Moreover, the suggestive measures would provide solution in order to manage the impacts generated by different business operations. Correspondingly, business continuity even helps in conducting strategic planning to generate an awareness program and ensure success. The planning even integrates the management of risk and helps in developing a documented recourse that would ensure project controls. By developing a well-documented awareness program the organisation would be able to manage their risks imposed by both internal and external environment and also develop a transparent system. Furthermore, being a centralised managed system the business continuity plan is easy to maintain24. Disadvantages of Suggestive Measures The business continuity program could be identified to be a continuous process that provides a major backlog into the system. The continuity of the system if not updated on regular basis would lead to major down fall of the system. Moreover, the continuous process creates monotonousness in the approach that may prove to be obsolete as per the changing environment of business. The dynamic world and continuously changing business environment needs to be observed according to the changing needs of the business processes. On the other hand, documentation of proper planning could even prevent the practitioners to exercise more innovative procedure of problem. On a larger note it could also be observed that the business continuity plan needs to determine a specific scope and boundary of planning. Failing to ensure proper objective setting could even lead to the failure of the system in the long run25. Moreover, another major dilemma observed among the business continuity planning is the maintenance of the system. Being a centralised in nature the maintenance of the system in different branches becomes a nuisance. Another major backlog that could be identified among the users is the inadequate number of planning required for the development of a transparent system. The major problem is faced at the time when the local conditions of the place where the plan is being implemented are not similar. This leads to the stagnancy causing a failure in the system of operation. On a contrary, if each branch is allotted with one plan then each of the system would be vulnerable to the risks of duplication. Furthermore, this would also lead to the difficulty in co-ordination and information sharing between offices. Correspondingly, allotting each plan for each branch could involve huge amount of cost. This would make the system costly as well as lead the organisation into a system of administering less control on the integrated system26. Additionally, the security measures needs to have back up by proper storage and maintenance so that immediate response could be ascertained. However, continuous monitoring of risk management software needs to be conducted. This is observed to be important as proper management of risk management software would be ensuring proper development of the system. Monitoring of proper security is also an essential aspect for the success of the business with the help of security software. Likewise, the development of the software generated security system would make the operation largely dependent on the information technology making the system vulnerable to various risks. The system could only be sustainable with the use of proper support from the hardware and software, which makes a complete system vulnerable to various operational risks27; 28. Alternative Strategic Measures Business Continuity Management (BCM) could only be successful through proper identification of threats that could be imposed on the business in its due course. In order to build resilience to the threat, the system should be developed in such a way that it would be able to provide impromptu response to any major incident. The risk management could help in monitoring, assessing and implementing strategies that would help in developing a better approach towards business continuity. The BCM is referred to as a holistic approach of the management that enhances the measurement of possible threats that would lead to complexity in operation. The BCM is observed to be an umbrella term that covers all the operational and managerial processes of a business operation29; 30. Fig 2: Business Continuity Management Source: 31 To manage and develop a formal procedure that would address business continuity, company can develop a framework regarding crisis management. This would enhance the applicability of the company to manage their crisis and ensure a continuous flow of information. In order to comply with the legal practices of the business system the BCM ensure that all the operational peripheral is duly adhered and maintained. BCM framework provides requisites of prompt recovery of the business leading to proper management of risk. By following a scheduled process of the business continuity planning, organisation can ensure development of the flow of operation. Parallel to provide strategic management to ensure safety to the security system ClaraKare must also be efficiently assessing their criticality. Moreover, to enhance the development of proper management system awareness and training should also be provided so that proper managerial system could be initiated32. Fig 3: Business Crisis and Continuity Management Framework Source:33 The foremost requirement of the business continuity is to manage integrated system of all other functions of a business. For risk management it has been observed that BCM is observed to be one of the most effective procedures. Risk management is a continuous process and requires monitoring. In a complete BCM or Business continuity and crisis management, risk management is derived as a decision that has a positive impact on the other functions contained in the framework34. With proper assessment of BCM lifecycle through the five phases (refer Fig 1) of the model the organisation can assign effective responsibilities providing full support to the management of the risk. Moreover, by assigning larger accountability amid the workforce the organisation can effectively coordinate to enhance the capability of BCM. Parallel to the development of an efficient model of BCM the organisation needs to ensure that the same is being established effectively. This could only be possible by deploying employees with effective management of BCM. It has also been observed that the success of effective management could only be possible through effective development of communication and appropriate training method to the staff members35. Correspondingly, by maintaining proper crisis management design organisation would be able to mitigate the effect of risk. In this regard, it should also be noted that effective response management helps in mitigating risk to a greater extent. BCM is an integrated system that helps in developing a better domain of risk management. Through rigorous monitoring and development of the system greater transparency could be ascertained36; 37. Fig 4: BCM framework Source:38 Conclusion and Recommendation With the changing needs of the present day business environment the major requirement for the business organisation is to develop a risk management strategy. The demand for privacy and security has been observed to be increasing in the present global environment. At the backdrop of the selected organisation, risk management for business continuity has been observed to be quiet crucial. The basics of development of BCM are observed to be highly dependent on the enhancement of training and consciousness among the employees. The organisation has been operating through several branches in different location of Perth. Hence, one BCM model will not be able to meet with the risk management strategies at all the branches of the organisation. Thus, the risk needs to be ascertained observing external and internal environment of each of the 15 branches so that proper risk management could be conducted. Moreover, to increase the transparency of the operation organisation must be maintaining an integrated system that would help in increasing the effectiveness of the system. However, the integrated system should be well protected through the development of a security system that would help to increase the dependency on the system. Likewise, the system would also help in developing a proper privacy as well as controlling of the security management system of the organisation. The appreciation of the security management system with use of BCM would help in developing a better approach to the risk management procedure. Moreover, the proper planning of risk management would also ensure that the security measures of the system should be appropriately developed. In this context, it could also be ascertained that the legal and the statutory matters related with the development of risk management needs to be implemented. The organisation also needs to maintain the disaster recovery plan so that the business continuity could be maintained. On a larger note it has been observed that as the organisation was providing service to large number of people the requirement for risk management to ensure continuous flow of business operations. Since, the organisation was majorly dependent on the Information technology to manage their daily operation proper management of risk becomes mandatory. Hence, the organisation must be developing a better and secured network system through proper business continuity plan that would help them to ensure clarity of approach. Furthermore, to develop a proper risk management technique the organisation must be managing their security and storage system. It has also been apparently observed that the support system needs to be maintained in order to effectively manage the operations related with the management of risk. Additionally, the management of external and internal risk could only be possible through effective monitoring of changes occurring in the environment. References Abrar, Muhammad, Zhilong Tian and Xinming Deng. “Exploration of Niche Market and Innovation in Organic Textile by a Developing Country”. International Journal of Business and Management 4(2), (2009): 1-7. Ananth, Prashant. “Business Continuity Planning”. Information Systems Security Association Journal (2007): 22-24. Bell, Michael Z. “How Many Business Continuity Plans Do You Need?” Albion Research Ltd. (2014): 1-2. Crown. How Prepared Are You? Business Continuity Management Toolkit (n.d.): 1-19. DRI International. Generally Accepted Practices. Disaster Recovery Journal (2007): 1-90. Hargreaves, Ian. “A Review of Intellectual Property and Growth”. Digital Opportunity (2011): 1-60. KPMG. “The Cloud Changing the Business Ecosystem”. 2011. Accessed October 13, 2014 http://www.kpmg.com/IN/en/IssuesAndInsights/ThoughtLeadership/The_Cloud_Changing_the_Business_Ecosystem.pdf Kaberia, KenBusiness Continuity and Risk Management. n.d. Accessed October 13, 2014 http://www.garp.org/media/883552/kenya_022212.pdf Kadlec, Christopher and Jordan Shropshire. “Best Practices in IT Disaster Recovery Planning Among US Banks”. Journal of Internet Banking and Commerce 15(1), (2010):1-11. Kent, Karen and Murugiah Souppaya. “Guide to Computer Security Log Management”. National Institute of Standards and Technology (n.d.): 1-72. Leatherby, Drew. “IT Disaster Recovery and Business Continuity Tool-kit: Planning for the Next Disaster”. NASCIO (2006):1-14. Loureiro, Maria, L. and Susan Hine. “Discovering Niche Markets: A Comparison of Consumer Willingness to Pay for a Local (Colorado-Grown), Organic, and GMO-free product”. American Agricultural Economics Association Meetings (2001): 1-25. Michigan Technological University. Information Security Plan. Information Security Board of Review Members (2011):1-29 McPhee, Ian. “Business Continuity Management”. Better Practice Guide (2009): 1-50. Portland State University. Disaster Recovery Plan for Office of Information Technologies. 2010. Accessed October 13, 2014 http://www.pdx.edu/oaa/sites/www.pdx.edu.oaa/files/Disaster%20Recovery%20Plan%202010.pdf Reeder, John. “Building and Maintaining a Business Continuity Program”. White Paper (2013): 1-11. Ristov, Sasko., Marjan Gusev and Magdalena Kostoska. “Cloud Computing Security in Business Information Systems”. International Journal of Network Security & Its Applications (IJNSA) 4(2), (2012): 1-19. Swanson, Marianne and Guttman, Barbara. “Generally Accepted Principles and Practices for Securing Information Technology Systems”. National Institute of Standards and Technology (1996)1-60. Storkey, Ian. “Operational Risk Management and Business Continuity Planning for Modern State Treasuries”. International Monetary Fund (2011): 1-35. SANS Institute. Introduction to Business Continuity Planning. 2002. Accessed October 13, 2014 http://www.sans.org/reading-room/whitepapers/recovery/introduction-business-continuity-planning-559 Smith, David. “Business Continuity and Crisis Management”. Management Quarterly (2003): 1-7. Singh, Dalvinder and John Raymond LaBrosse. “Developing a Framework for Effective Financial Crisis Management”. OECD Journal: Financial Market Trends 2, (2011): 1-30. Shaw, Gregory L. “Business Crisis and Continuity Management”. Institute for Crisis, Disaster, and Risk Management (n.d.): 1-18. Stoneburner, Gary, Alice Goguen, and Alexis Feringa. “Risk Management Guide for Information Technology Systems”. National Institute of Standards and Technology (2002):1-55. Svata, Vlasta. “System View of Business Continuity Management”. Journal of Systems Integration 12, (2013): 1-17. Thilmany, Dawn. What are Niche Markets? What Advantages do they Offer? n.d. Accessed October 13, 2014 https://ag.arizona.edu/arec/wemc/nichemarkets/01whatarenichemarkets.pdf UCISA. Business Continuity Management And Planning. n.d. Accessed October 13, 2014 https://www.ucisa.ac.uk/~/media/Files/publications/toolkits/ist/ISTEd3_Section_B%20pdf.ashx Bibliography Bowman, Ronald, H. Business Continuity Planning for Data Centers and Systems: A Strategic Implementation Guide. (UK: John Wiley & Sons, 2008). Blyth, Michael. Business Continuity Management: Building an Effective Incident Management Plan. (UK: John Wiley & Sons, 2009). Doughty, Ken. Business Continuity Planning: Protecting Your Organizations Life. (USA: CRC Press, 2000). Fulmer, Kenneth L. Business Continuity Planning: A Step-by-step Guide with Planning Forms. (USA: Rothstein Associates Inc., 2005). Graham, Julia and David Kaye. 2006. A Risk Management Approach to Business Continuity: Aligning Business Continuity with Corporate Governance. (USA: Rothstein Associates Inc., 2006). Heng, Goh Moh. Conducting Your Impact Analysis for Business Continuity Planning. (BCM Institute, 2008). Hile, Andrew. The Definitive Handbook of Business Continuity Management. (UK: John Wiley & Sons, 2008). Hiatt, Charlotte J. A Primer for Disaster Recovery Planning in an IT Environment. (USA: Idea Group Inc., 2000) Kahate, Atul. Cryptography and Network Security. (India: Tata McGraw-Hill Education, 2013) Li, Xiang-Yang. Cryptography and Network Security. n.d. Accessed October 13, 2014 http://www.cs.iit.edu/~cs549/lectures/CNS-1.pdf Swartz, Ethne and Brahim Herbane. 2012. Business Continuity Management: A Crisis Management Approach. United Kingdom: Psychology Press. Stallings, William. Cryptography and Network Security: Principles and Practice. (London: Pearson, 2014). Smith, Gavin. Planning for Post-Disaster Recovery: A Review of the United States Disaster Assistance Framework. (Fairfax: Island Press, 2011). Syed, Akhtar and Afsar Syed. Business Continuity Planning Methodology. (London: Sentryx, 2004). Wieczorek, Martin., Uwe Naujoks and Robert Bartlett. Business Continuity: It Risk Management for International Corporations. (U.K: Springer Science & Business Media, 2002). Read More