PricingBlogAbout Us

A Comprehensive Report on Business Continuity and Disaster Recovery

Verified

Added on  2023/04/19

|4
|625
|318
Report
AI Summary
This report delves into the critical aspects of business continuity and disaster recovery planning, drawing upon resources like 'Information security and risk management' to highlight the increasing importance of robust security measures in modern businesses. It emphasizes the need for contingency planning to address information security challenges, especially as traditional methods become less effective. The report also discusses measures for assessing information security risk, such as expected loss, expected severe loss, and standard deviation of loss, using the Analytical Hierarchy Process (AHP) to combine these measures into a composite metric. Furthermore, it examines incident response planning, including the development of incident response policies, the formation of security incident response teams, and the creation of incident response plans, all aimed at preparing organizations for unexpected events and ensuring business continuity in the face of potential disruptions.
Document Page
Business continuity
and
disaster recovery plan
tabler-icon-diamond-filled.svg

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
1
Bodin, L.D., Gordon, L.A. and Loeb, M.P., 2008. Information security and risk
management. Communications of the ACM, 51(4), pp.64-68.
Information security and risk management are selected as a topic and it is interesting as large
numbers of firms and individuals are facing the challenges related to information. Companies
must have a contingency planning in these areas so as to deal with these kinds of challenges.
Information security has become one of the growing concerns in the modern day business.
The article shows that with the increasing importance of information security, traditional
security methods cannot be effective. This article suggests three measures that capture
different aspects of information security risk. It also proposes a methodology that helps the
management to combine these different risk measures into a single composite metric named
perceived composite metric. For this the article suggests about the Analytical Hierarchy
Process that helps to find weighing factors that can be utilised for combining these risk
measures into PCR. This AHP helps Chief Information Security Officer to make decisions
that makes company to be ready for any kind of attack.
The three measures of loss that they have selected for themselves are expected loss; the
expected sever loss and the standard deviation of the loss. The expected loss is a resultant of
taking the sum of the products of each loss with its respective probability. The expected
severe loss highlights on the breaches that makes the survival of the company to be at the
brink of risk. Any company whose risk is above $8 million or greater is known to be in the
category where survivability of the organisation is at risk. On the other hand the standard
deviation of loss represents the dispersion around the expected loss.
The formulae are used for calculating the weights that helps in designing of the metrics which
helps the organisation to understand the areas they need to work upon so as protect their
information security.
Expected Loss Expected Severe
Loss
Standard
Deviation of
Loss
Weights
Expected Loss
E[X]
1 1 2 0.4
Expected Severe
Loss
1 1 2 0.4
Document Page
2
Standard
Deviation of
Loss
1/2 1/2 1 0.2
Table 1: Example of Pairwise Comparison Matrix and Weights
A decision maker can form a set of criteria that acts as a general methodology for forming
PCR type of metrics and utilise AHP for finding the weighing factors hence it acts as a
powerful decision making tool. This is an effective method for reducing the risk as it helps to
define the ways in which risks of data breach happens. Even when the chief information
officer and their staffs have estimated the probability of loss linked with three proposed sets
of information security activities. The estimated loss probabilities linked with each proposal
have been broken down into ten discrete amounts.
Losses from Information Security Breach in millions of Dollars
0 1 2 3 4 5 6 7 8 9 Other
values
Probability
of loss-
Proposal 1
0.1 0.1 0.1 0.1 0.1 0.1 0.1 0.1 0.1 0.1 0
Probability
of loss-
Proposal 2
0 0 0.2 0 0 0.5 0 0.1 0.2 0 0
Probability
of loss-
Proposal 3
0.3 0.2 0 0 0 0 0.05 0.05 0.1 0.3 0
Probability
of loss-
Proposal 4
0.0 0.0 0 0 0 0 0 0.45 0.45 0.1 0
Table 2: Probability of Losses under Three Information Security Project Proposals
These probabilities can be used by the decision makers to make information security
decisions.
Document Page
3
chevron_up_icon
1 out of 4
circle_padding
hide_on_mobile
zoom_out_icon
logo.png

Your All-in-One AI-Powered Toolkit for Academic Success.

  +13062052269
info@desklib.com

Available 24*7 on WhatsApp / Email

[object Object]
Unlock your academic potential

© 2024   |   Zucol Services PVT LTD   |   All rights reserved.