Premium Essay

The Cost of Business Continuity Planning Versus the Potential of Risk

In: Computers and Technology

Submitted By blham56
Words 2924
Pages 12
The Cost of Business Continuity Planning Versus the Potential of Risk
Though the cost of mitigating risk can be high, the lack of proper business continuity planning and disaster recovery planning will leave a company is at risk of a catastrophic loss of revenue due to the loss of the Information Systems. Any company that relies on its Information Systems for their operations should invest the time and revenue in developing an efficient and effective Business Continuity Plan (BCP) and a Disaster Recovery Plan (DRP). This study will compare the differences in what a Business Continuity Plan is used for and what a Disaster Recovery Plan is used for. Additionally, it will evaluate the risk having a Business Continuity Plan and Disaster Recovery Plan versus accepting the potential loss of revenue and business in the event of a disaster. It is important to any company that uses it Information Systems to generate revenue. If a company is effected by a disaster, the longer a company takes to respond to the emergency and recover its resources, the more time it will take the company to get back to normal operations (Harris, 2013, p. 887).
As history has shown, our world has and will continue to experience many destructive events such as, floods, earthquakes, terrorism, hurricanes, and many other catastrophic events that could cripple a company that is not prepared. Disasters are uncontrollable and over time, every organization will have to deal with the fallout of a disaster. Three of the most common categories for the causes of disaster are, environmental, human, and natural. Natural disasters can include tornadoes, earthquakes, certain types of fires, hurricanes, and floods,. Historically, natural disasters have shown to be some of the most devastating events that a company can expect to have to respond to. The next of the three common types of threats are human threats.…...

Similar Documents

Premium Essay

Business Risk

...Introduction and Overview Business complexity and increase in uncertainty amplifies the conflict between documented means of managing risk and current practices. While companies had been conventionally addressing issues of foreign exchange, taxation, interest rate and prices, the widespread adaptation of internet in sourcing customers and online facilities are creating a new wave of corporate risks. Do current corporate risk practices prove wrong the established academic theories? Large Corporation such as Lehman Brothers, Northern Rock, Royal Bank of Scotland and many organisations had fallen to receivership all across the world showing the evident of the necessity of risk management strategy and a business continuity strategy. Some multi national organisations had also been exposed to risks such as Sony with unidentified battery issue before release of product in 2006, Dell supply chain problem in 2007, fiasco caused by software failure in 2008 to British Airways etc. This is because they had failed to take into account risks that could be created by people, resources and occurrence that is outside the normal business practises. Risk management is now an essential element of organisation’s strategy by putting in place a process to handle risk in priority of the likelihood of occurrence. The managerial decisions necessary for smooth running of organisation cannot be taken without element of risk. As a cornerstone of business practice the question management need to......

Words: 2842 - Pages: 12

Premium Essay

Emergency Planning and Business Continuity Management and How It May Be Integrated with Security Risk Management.

...large multinational and small to medium, should take the threats and risks they could face seriously. Security Risk Management (SRM), Business Continuity Management (BCM) and Emergency Planning (EP) assist in achieving this by putting in place effective risk identification and management measures. Effective management of risk can make the difference between success or failure of business operations during and after difficult events. Threats can include man made threats, such as terrorist attacks, or naturally occurring threats such as earthquakes. Effective risk identification and management is essential to any business, especially with the current uncertainty in the world’s economic climate. In order for businesses to survive, during times of increased strain on business operations, it is essential that an alignment between security and business operations can be achieved. This can be achieved by the security department not only widening the remit to cover more risks, but changing how the department works and relates to the rest of the business; including shared responsibility for things such as Corporate Governance, Information Assurance, Business Continuity, Reputation Management and Crisis Management. The problem is security departments now have more responsibilities in an increasingly complex and fast moving world. Security Risk management is no longer an activity just for companies who work in high-risk areas or with exposure to significant security threats.......

Words: 5764 - Pages: 24

Premium Essay

Business Continuity Planning

...Business continuity planning Business continuity impact analysis identifies the effects resulting from disruption of business functions and processes. It also uses information to make decisions about recovery priorities and strategies. The Operational & Financial Impacts worksheet can be used to capture this information as discussed in Business Impact Analysis. The worksheet should be completed by business function and process managers with sufficient knowledge of the business. Once all worksheets are completed, the worksheets can be tabulated to summarize: • the operational and financial impacts resulting from the loss of individual business functions and process • the point in time when loss of a function or process would result in the identified business impacts Those functions or processes with the highest potential operational and financial impacts become priorities for restoration. The point in time when a function or process must be recovered, before unacceptable consequences could occur, is often referred to as the “Recovery Time Objective.” Resource Required to Support Recovery Strategies Recovery of a critical or time-sensitive process requires resources. The Business Continuity Resource Requirements worksheet should be completed by business function and process managers. Completed worksheets are used to determine the resource requirements for recovery strategies. Following an incident that disrupts business operations, resources will be needed to carry......

Words: 1185 - Pages: 5

Premium Essay

Business Continuity Implementation Planning

... Business Continuity Implementation Planning A Business Continuity Plan is “a plan for how to handle outages to IT systems, applications and data access in order to maintain business operation. A Business Impact Analysis is a prerequisite analysis for a Business continuity plan that prioritizes mission critical systems, applications and data and the impact of an outage or downtime.” (Kim. 2012. Pg.478) Every organization faces risk. Sometimes risk is measurable and predictable, and other times it is not. For example, a lawn care company knows that it has a seasonal business. There is some unpredictability in the seasons in that you do not know for sure if it is going to be a “wet” spring or a “dry” spring, or a hot summer or a cooler summer and so on. However, at least in the Midwest, a lawn care company can pretty well determine that we will have winter, spring, summer and fall. Additionally, it is predictable that the grass will need mowing from about mid to late March all the way through November. So, there is a small risk that it may start a little later and/or end a little sooner, but on the average it is fairly predictable. Other organizations have much greater risk inherent in their organizations. For example, a small stock brokerage firm may lose its entire business if stocks take the type of tumble that they did in 1998. (I personally know of some small firms that did just that – many family firms that had been in business for over 60 years.) Just as risk can......

Words: 1104 - Pages: 5

Premium Essay

Business Continuity Planning

...weakness or gap in our protection efforts. Risk – The potential for loss, damage or destruction of an asset as a result of a threat exploiting a vulnerability. Risk is the intersection of assets, threats, and vulnerabilities. A + T + V = R That is, Asset + Threat + Vulnerability = Risk. Risk is a function of threats exploiting vulnerabilities to obtain, damage or destroy assets. Thus, threats (actual, conceptual, or inherent) may exist, but if there are no vulnerabilities then there is little/no risk. Similarly, you can have a vulnerability, but if you have no threat, then you have little/no risk. Impact is the total profit/loss which is obtained through the above activities. Impact is like an output. In the context of Risk assessment, the relation between Assets, Threats, Vulnerabilities, Impact and Risk can be clearly understood with the aid of this picture. 2. Risk Assessment versus Business Impact Analysis In today’s world, the difference between Risk assessment (RA) and Business impact analysis (BIA) are becoming increasingly thin, and in many cases we see the terms being used interchangeably.  However, This is not correct and may pose a risk to the organization through not understanding the important unique features of each process. Risk Assessment Simply put, Risk assessment is a structure discipline that must discover the threats, vulnerabilities, and values of an organization’s assets. A key factor in risk assessment is the determination of the......

Words: 882 - Pages: 4

Premium Essay

Business Continuity and Disaster Planning

...business Continuity Module 4, Discussion 1 Disaster preparedness for business continuity as a contribution to community recovery Heidi Generaux Walden University Disaster preparedness for business continuity as a contribution to community recovery. A disaster is an event that overwhelms available resources. Businesses within a community are necessary resources available to the community. According to the Federal Emergency Management agency 4% of businesses never reopen following a natural disaster (GetReady website, no date). This statistic does not bode well for the economic well-being of the community (Arend, 2005). The better prepared a business is for a crisis that is also experienced by the larger community (such as a large scale fire, chemical spills, pandemic, power outage or extreme weather or geological event) the greater its ability to ensure business continuity throughout the event or reduce delay in recovery (Prewitt, 2005). When business are up and operating during or immediately following a disaster, I believe the community is better able to move into and through the recovery period more quickly than when the businesses have been chronically or mortally wounded. When businesses remain functional employment (and thus individual incomes) remain intact, as well, access to necessary day to day and special disaster recovery items and services are available. Historically, businesses concerned themselves with planning for crisis in service demand.......

Words: 714 - Pages: 3

Premium Essay

Business Continuity Plan

...Business Continuity Plan Under Development (May 2006) California State University, Stanislaus CALIFORNIA STATE UNIVERSITY, STANISLAUS BUSINESS CONTINUITY PLAN May 2006 Table of Contents INTRODUCTION I. II. III. IV. V. Incident Command System Business Impact Analysis Risk Assessment Business Plan for Localized Business Disruption Business Plan for Pandemics Page 3 Pages 4-7 Pages 8-11 Pages 12-13 Pages 14-15 Pages 16-17 Pages 18-19 Pages 20-36 Appendix IV-A: Power Outage Business Continuity Plan Appendix V-A: Pandemic Flu Business Continuity Plan 2 Final CP 5-30-06 CALIFORNIA STATE UNIVERSITY, STANISLAUS BUSINESS CONTINUITY PLAN May 2006 INTRODUCTION A Business Continuity Plan (BCP) is developed by an institution to plan for and describe how it will respond to and recover from disruptions. These disruptions can be localized threats (e.g., earthquakes, fires, floods, bombs, etc.) or global threats (e.g., Flu Pandemic). As part of the overall Emergency Operations Plan, California State University, Stanislaus has developed, and continues to refine and enhance, a Business Continuity Plan (BCP) for the University. This plan is about maintaining, resuming, and recovering the University’s activities as an educational institution. It considers human factors along with operational issues. The BCP was developed by a team of the University’s senior administrators and department managers representing all University divisions: Business & Finance, Academic......

Words: 10523 - Pages: 43

Premium Essay

Business Continuity

...1. Go online and conduct research on business continuity planning (BCP). 2. In 600 words, write a APAv6 formatted paper which discusses the following: ◦ What does this term mean? ◦ What practices or procedures does it include? ◦ Why should IT personnel be concerned with business continuity planning? Business Continuity Plan Before businesses were involved in contingency management, disaster recovery and contingency planning were predominantly IT driven responses to the increased attacks of Mother nature and terrorist events in the late 80s and early 90s (Tangen & Austin, 2012). It became apparent to business owners the link between events and profit loss which led to the establishment of business led processes. These processes were developed and planned to address the types of threats that could occur and affect business operations. The discipline became known as business continuity management (BCM). Business continuity management is about identifying and understanding the risks to the everyday running of a business and planning how business will be maintained if an incident actually happens (Business Bolton, n.d.). When a business is disrupted, it suffers financially. A business continuity plan (BCP) is a collection of procedures and information which is developed, compiled and maintained in prep for use in the event of an emergency or disaster. of any kind. Types of incidents identified addresses IT system crashes along with ,......

Words: 947 - Pages: 4

Premium Essay

Business Continuity Planning

...Business Continuity Planning – Proactive and Reactive Business Continuity is managing and establishing plans that will help the organization to stand up again on its feet to continue its business. As we had learned in the class Business Continuity is the process of ensuring continuance of a business if a disruption occurs. This planning is like an immunological fort and a preventive shield which means a focus on the prevention of unplanned events, rather than just the cure. This has meant that disaster recovery has now become a subset of the whole process that covers the whole lifecycle of disaster prevention and recovery. Nowadays we need business continuity planning more than before. Within few years most news headlines capture many kind of catastrophes suck as bombs, fires, floods, and tornadoes. Most of time these catastrophes are not predictable such as the events of 9/11 that had affect many organizations not just the World Trade Center. So when I have a good complete preventive plan I can make sure of the continuity of the business after a disaster recovery.  In a recent research it has mentioned on average 20 % of all organizations will experience some form of unplanned event once every five years but there is still the need to think about how to cope with the more mundane events, such as power cuts or transport problems. When a crisis or a disaster occur the first thing that often will be affected is the effective communication and the internet. Therefore it...

Words: 786 - Pages: 4

Premium Essay

Business Continuity and Disaster Recoery

...Audit of Business Continuity Planning (BCP) Final Audit Report Audit and Evaluation Branch June 2006 Tabled and approved by DAEC on January 9, 2007 Audit of Business Continuity Planning (BCP) Industry Canada (IC) TABLE OF CONTENTS 1.0 EXECUTIVE SUMMARY .............................................................................................. 2 1.1 INTRODUCTION ................................................................................................................ 2 1.2 OVERALL ASSESSMENT.................................................................................................... 2 1.3 MAIN FINDINGS, CONCLUSIONS AND RECOMMENDATIONS ............................................. 2 1.3.1 Business Continuity Plan Governance (See Section 3.1 of the BCP Standard) ......... 2 1.3.2 Business Impact Analysis (See Section 3.2 of the BCP Standard).............................. 3 1.3.3 Business Continuity Action Plans and Arrangements (See Section 3.3) .................... 4 1.3.4 BCP Program Readiness (See Section 3.4 of the BCP Standard) .............................. 5 1.3.5 BCP Training and Awareness (See Section 3.4 of the BCP Standard) ...................... 5 2.0 INTRODUCTION............................................................................................................. 7 2.1 BACKGROUND ........................................................................................................................

Words: 5659 - Pages: 23

Premium Essay

Business Continuity and Disaster Recovery Planning for It Professionals

...affordably. SYNGRESS OUTLET Our outlet store at syngress.com features overstocked, out-of-print, or slightly hurt books at significant savings. SITE LICENSING Syngress has a well-established program for site licensing our e-books onto servers in corporations, educational institutions, and large organizations. Contact us at sales@ syngress.com for more information. CUSTOM PUBLISHING Many organizations welcome the ability to combine parts of multiple Syngress books, as well as their own content, into a single volume for their own internal use. Contact us at sales@syngress.com for more information. 443_Disaster_Rec_FM.qxd 5/25/07 3:07 PM Page ii 443_Disaster_Rec_FM.qxd 5/25/07 3:07 PM Page iii Business Continuity & Disaster Recovery for IT Professionals Susan Snedaker, MCSE, MCT 443_Disaster_Rec_FM.qxd 5/25/07 3:07 PM Page iv Elsevier, Inc., the author(s), and any person or firm involved in the writing, editing, or production (collectively “Makers”) of this book (“the Work”) do not guarantee or warrant the results to be obtained from the Work. There is no guarantee of any kind, expressed or implied, regarding the Work or its contents.The Work is sold AS IS and WITHOUT WARRANTY.You may have other legal rights, which vary from state to state. In no event will Makers be liable to you for damages, including any loss of profits, lost savings, or other incidental or consequential damages arising out from the Work or......

Words: 189146 - Pages: 757

Premium Essay

Business Continuity Plan

...RUNNING HEAD: BUSINESS CONTINUITY PLAN Mercy Hospital Business Continuity Plan Susan Drago Jacksonville, Florida Western Governors University 1 RUNNING HEAD: BUSINESS CONTINUITY PLAN 2 Mercy Hospital Business Continuity Plan The number one priority for hospitals is to provide continuous, superior care to patients, regardless of circumstance. This principle results in the need to invest time and resources in preparing for disruptive events. Hospitals are required to invest in preparedness measures by external agencies, such as The Joint Commission and other accreditation bodies. This requires hospitals to have an emergency preparedness program. Six critical areas that a hospital plan must address include: Communication; Resources and Assets; Safety and Security; Staff Responsibilities; Utilities Management and Patient Clinical and support activities (JCAHO, 2012). Government regulations such as the Health Information Portability and Accountability Act (HIPAA) also require hospitals to protect all medical information, including electronic medical records (EMR), which requires a robust information security program. Business continuity refers to an integrated set of plans, procedures and resources that may be used to maintain and recover essential functions impacted from any event causing an interruption of healthcare delivery services. The key elements of a hospital business continuity plan are:  Governance-Define and align with executive......

Words: 3492 - Pages: 14

Premium Essay

Compare and Contrast Various Business Continuity & Disaster Recovery Planning Models.

...and Contrast various Business Continuity & Disaster Recovery Planning models. Information is a vital resource to modern companies. The loss of that information can throw a company into chaos and even be the end of it. For these reasons, businesses go to great lengths to ensure that the information they store and rely on will always be safe and available. Unfortunately despite these best efforts, disaster can still strike and the few hours of days after such an event may be crucial to the long term survival of the company. This is why businesses must be able to recover quickly from natural and man-made disasters. Business Continuity & Disaster Recovery covers how companies should act in the hours and days after a disruptive event. “What is Business Continuity and Disaster Recovery” describes disaster recovery as “...specific steps taken to resume operations in the aftermath of a catastrophic natural disaster or national emergency.” They go to give examples of such steps to include restoring servers and data connections, egress, employee muster, etc. Business Continuity is described as a the steps a company takes to ensure its information systems don't go down during a disaster (What is Business Continuity and Disaster Recovery). This may include the location of hot or cold sites as well as procedures for relocating to them. Disaster Recovery plans may also focus on preventive measures such as smoke alarms and fire drills (Smith, C., n.d.). Business recovery plans may......

Words: 399 - Pages: 2

Premium Essay

Enterprise Continuity Planning

...------------------------------------------------- ENTERPRISE CONTINUITY PLANNING FXT2 TASK 2 November 10, 2015 chrystal kimbrough WGU November 10, 2015 chrystal kimbrough WGU EXPLANATION SUMMARY ENTERPRISE CONTINUITY PLANNING A company’s worst fear came to fruition when an employee hacked into his own records on the human resource system and was successful in modifying their own records. The employee gave himself an increase in pay by increase his base salary rate. The employee had success in performing this crime by spoofing an IP address, allowing their self the ability to eavesdrop on the network. By spoofing the specific IP address, the employee was able to find the location of the data and successfully modified it for their gain. After the fact, the employee received two paychecks containing the fraudulent salary. An auditor, who was effectively performing their job duties, became aware of the fraudulent acts of the employee, and thus sent an email to several pertinent individuals within the organization making them aware of the situation and that there is potentially a discretion with the employee’s paycheck. Probably on the “look-out” for reaction from their errant ways, the employee somehow was able to intercept the emails that were intended for the original recipients. The employee then created falsified responses, posing them to seem as if they were coming from the intended individuals that the original email was sent to. This exchange went on back......

Words: 3197 - Pages: 13

Premium Essay

Continuity Planning Overview

...University Continuity Planning Overview CIS-359: Disaster Recovery Management October 29, 2015 Introduction: This paper will briefly expound upon the lead position or manager’s role, of a healthcare company. It will provide a list of responsibilities a business continuity manager is expected to perform, how to build the framework for, and execute a business continuity plan, and also display a chart that pertains to giving a BCP presentation. Explain four high-level activities that aid in the initiation of a viable, business continuity plan. The role of an experienced business continuity manager in a healthcare business must identify and implement all of aspects of the business’, business continuity plan or BCP. To remain in accordance with the BCP, in preparation for disaster, from the start date, while it is in ongoing stages, and also afterward. Business continuity managers, work directly and strategically with the in-house BCM (Business Continuity Management) division, the business owner, and also the BCM’s, guidance and/or steering committee. They are expected to supervise, utilize paramount communication skills, monitoring the efficiency and progress of those team members and/or subordinates, who report directly to the, business continuity manager. In a healthcare environment, an efficient and thorough business continuity leader, structures accountability framework, by working close-knit with the business’ IT department, existing business......

Words: 1125 - Pages: 5