100%(6)6 out of 6 people found this document helpful
This preview shows page 30 - 32 out of 32 pages.
Due care is concerned with the operations and maintenance of the secure mechanisms put in place by practicing duediligence.Lack of due care can lead to downstream liability. This is the case when a network is used by hackers as a springboard to conduct an attack against a third party. The victim of the attack could prosecute not only the hackers, but also the organization whose security was lax enough that its network was used as the launching pad for the attack.
Disaster Recovery and Business Continuity PlanningBusiness continuity planning and disaster recovery procedures address the continuing operations of an organization in the event of a disaster or prolonged service interruption that affects the mission of the organization. Such plans should address an emergency response phase, a recovery phase, and a return to normal operation phase. You should identify the responsibilities of personnel during an incident and the resources that are available to them.In reality, contingency and disaster recovery plans do not address every possible scenario or assumption. Rather, they focus on the events most likely to occur and they identify an acceptable method of recovery. Periodically, you should exercise the plans and procedures to ensure that they are effective and well understood.Business continuity planning provides a short- to medium-term framework to continue the organizational operations. The following are objectives of business continuity planning:Moving or relocating critical business components and people to a remote location while the original locationis being repairedUsing different channels of communication to deal with customers, shareholders, and partners until operations return to normalDisaster recovery is the process of regaining access to the data, hardware, and software necessary to resume criticalbusiness operations after a natural or human-induced disaster. A disaster recovery plan should also include plans for coping with the unexpected or sudden loss of key personnel. A disaster recovery plan is part of a larger process known as business continuity planning.After the events of September 11, 2001, when many companies lost irreplaceable data, the effort put into protecting such data has changed. It is believed that some companies spend up to 25 percent of their IT budget on disaster recovery planning to avoid larger losses. Research indicates that of companies that had a major loss of computerizedrecords, 43 percent never reopened, 51 percent closed within two years, and only 6 percent survived long term (and).Not all disruptions to business operations are equal. Whether the disruption is natural or human, intentional or unintentional, the effect is the same. A good disaster recovery plan takes into account the magnitude of the disruption, recognizing that there are differences between catastrophes, disasters, and nondisasters. In each case, a disruption occurs, but the scale of that disruption can dramatically differ.