Business Continuity Planning, Change Management, and Disaster Recovery

Verified

Added on 2022/11/15

AI Summary

This discussion post examines business continuity planning and disaster recovery strategies, emphasizing the importance of organizational preparedness in the face of unexpected interruptions, including natural disasters and cyberattacks. It highlights the role of IT systems, including the use of AI and cloud-based solutions, in maintaining communication and security during outages. The post provides a real-world example of a major DDoS attack on Dyn, illustrating vulnerabilities and the need for robust security measures. Based on this example, the post recommends utilizing firm-based devices and leveraging cloud services to enhance data control and prevent security incidents. Furthermore, it suggests implementing a Computer Emergency Response Plan and a Succession Plan as crucial disaster recovery policies. The post references several academic sources to support the discussed concepts, providing a comprehensive overview of business continuity and change management in the context of information assurance.

Business Continuity Planning Change
Management
1

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Discussion
For any kind of natural catastrophe government and other public sectors are concerned about this
issue and they have planned different strategy and planning for these kind of disasters, but it is also a
responsibility for the company’s and organization to have their own planning and strategy for overcoming
the loss occurring due to these kind of disasters. Information technology and other technologies related to
these are considered as the best method for alerting and recovery process. For the business continuity, it is
the process adopted by the organization to keep running the organization as much as possible after the
unexpected interruption (Sahebjamnia, Torabi & Mansouri, 2015). These catastrophic interruptions not only
reduce the production and stability of the organization but also hold the growth of the company for the long
period. Keeping these things in mind a company must have a business continuity plan or disaster recovery
plan. For communication and security purposes the IT system should be updated and planning should be
done according to that. In the case of outages it will be very difficult to maintain the communication and to
use the IT services but if a person plan some other power supplies methods for this kind of scenarios then
this situation can be handled easily (Misra & Rashid, 2016). Although, presently, there are latest technology
like AI and expert system based on different platforms and clouds which will help the organization in this
regard.
Example
In the year October, 2016, major DDoS attacks are launched by the cybercriminals along with
disrupting a host of the websites. This includes Twitter, Netflix, PayPal, and Network of play station and
Pinterest. The group behind the attack did this with the help of compromising thousands of endpoint IoT
devices (WeLiveSecurity, 2019). This becomes possible by transforming them in an essentially and bonnet
flooding traffic toward DNS hosting provider DYN. The attack was staggering for its size (WeLiveSecurity,
2019).
Recommendation
Based on the example of Dyn DDoS attack, two recommendations are given in this assessment and
those will be very helpful to prevent the security incident.
Recommendation 1: Utilized only the devices along with systems, which are firm based. This can
be considered as very important as if the employees are used their work email then this will be beneficial for
the organization to control the employees’ access (Hernandez, 2019).
Recommendation 2: In order to prevent the security incident, the cloud needs to be used as it can be
a good process for Dyn to obtain a massive control over the data of the organization (Hernandez, 2019).
Disaster recovery policy
2

There are many policies for disaster recovery and based on the security incident of Dyn, two policies
are recommended here.
Policy 1: Computer Emergency Response Plan
This can be beneficial for Dyn as if the computer response during the time of any kind of security
incident (Sans.org, 2019).
Policy 2: Succession Plan
This policy is useful as it describes the flow of responsibility when an employee is unavailable to
perform.
3

References
Hernandez, A. (2019). How To Prevent A Security Breach. Retrieved 2 August 2019, from
https://www.lawtechnologytoday.org/2016/07/how-to-prevent-a-security-breach/
Podaras, A., Antlová, K., & Motejlek, J. (2016). Information management tools for implementing an
effective enterprise business continuity strategy.
Sahebjamnia, N., Torabi, S. A., & Mansouri, S. A. (2015). Integrated business continuity and disaster
recovery planning: Towards organizational resilience. European Journal of Operational
Research, 242(1), 261-273.
Sans.org. (2019). Retrieved 2 August 2019, from https://www.sans.org/security
resources/policies/general/pdf/disaster-recovery-plan-policy
Such, J. M., Gouglidis, A., Knowles, W., Misra, G., & Rashid, A. (2016). Information assurance techniques:
Perceived cost effectiveness. Computers & Security, 60, 117-133.
WeLiveSecurity. (2019). The 10 biggest security incidents of 2016 | WeLiveSecurity. Retrieved 2 August
2019, from https://www.welivesecurity.com/2016/12/30/biggest-security-incidents-2016/
Wilding, E. (2017). Information risk and security: preventing and investigating workplace computer crime.
Routledge.
4