9781435420168_IM_CH12 - Chapter 12 Contingency Planning...

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
Chapter 12 Contingency Planning Objectives After reading this chapter and completing the exercises, you will be able to: Recognize the need for contingency planning Describe the major components of contingency planning Create a simple set of contingency plans, using business impact analysis Prepare and execute a test of contingency plans Explain the unified contingency plan approach Discuss the reasons for sound backup and recovery practices, and know the elements that constitute backup and recovery techniques What is Contingency Planning? The overall process of preparing for unexpected events is called contingency planning (CP) . CP is the process by which the information technology and information security communities of interest position their organizations to prepare for, detect, react to, and recover from events—both human and natural—that threaten the security of information resources and assets. The main goal of CP is to restore normal modes of operation with minimal cost and disruption to normal business activities after an unexpected event—in other words, to make sure things get back to the way they were within a reasonable period of time. Ideally, CP should ensure continuous information systems availability to the organization even in the face of the unexpected. CP consists of four major components: Business impact analysis (BIA) Incident response plan (IR plan) Disaster recovery plan (DR plan) Business continuity plan (BC plan) Components of Contingency Planning The major project components performed during contingency planning efforts are business impact analysis, incident response planning, disaster recovery planning, and business continuity planning. Business Impact Analysis The business impact analysis (BIA) , the first phase in the CP process, provides the CP team with information about systems and the threats they face. The BIA is a crucial component of the initial planning stages, as it provides detailed scenarios of the effects that each potential attack could have on the organization.
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Incident Response Plan The actions an organization can and perhaps should take while the incident is in progress should be defined in a document referred to as the incident response (IR) plan . An incident is any clearly identified attack on the organization’s information assets that would threaten the assets’ confidentiality, integrity, or availability. The IR plan deals with the identification of, classification of, response to, and recovery from an incident. The IR plan provides answers to questions victims might pose in the midst of an incident, such as, “What do I do now?” Disaster Recovery Plan Disaster recovery planning (DRP) entails the preparation for and recovery from a disaster, whether natural or human-made. For example, if a malicious program evades containment actions and infects or disables many or most of an organization’s systems and its ability to function, the DR plan is activated. Sometimes incidents are, by their
Background image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 11/02/2011 for the course IDS 520 taught by Professor Staff during the Fall '08 term at Ill. Chicago.

Page1 / 14

9781435420168_IM_CH12 - Chapter 12 Contingency Planning...

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online