Major Steps in Contingency Planning Contingency Planning Timeline Planning in consideration of Continuity

 www.phwiki.com

 

The Above Picture is Related Image of Another Journal

 

Major Steps in Contingency Planning Contingency Planning Timeline Planning in consideration of Continuity

Centenary College of Louisiana, US has reference to this Academic Journal, Planning in consideration of Continuity Objectives Explain what contingency planning is in addition to how incident response planning, disaster recovery planning, in addition to business continuity plans are related so that contingency planning Continuity Strategies Incident response plans (IRPs); disaster recovery plans (DRPs); business continuity plans (BCPs) Primary functions of above plans IRP focuses on immediate response; if attack escalates or is disastrous, process changes so that disaster recovery in addition to BCP DRP typically focuses on restoring systems after disasters occur; as such, is closely associated alongside BCP BCP occurs concurrently alongside DRP when damage is major or long term, requiring more than simple restoration of information in addition to information resources

 Mayberry, Doug Centenary College of Louisiana www.phwiki.com

 

Related University That Contributed for this Journal are Acknowledged in the above Image

 

Contingency Planning Timeline Continuity Strategies (continued) Before planning can begin, a team has so that plan effort in addition to prepare resulting documents Champion: high-level manager so that support, promote, in addition to endorse findings of project Project manager: leads project in addition to makes sure sound project planning process is used, a complete in addition to useful project plan is developed, in addition to project resources are prudently managed Team members: should be managers or their representatives from various communities of interest: business, IT, in addition to information security Major Steps in Contingency Planning

Incident Response Planning Incident response planning covers identification of, classification of, in addition to response so that an incident Attacks classified as incidents if they: Are directed against information assets Have a realistic chance of success Could threaten confidentiality, integrity, or availability of information resources Incident response (IR) is more reactive, than proactive, alongside the exception of planning that must occur so that prepare IR teams so that be ready so that react so that an incident Incident Planning First step in overall process of incident response planning Pre-defined responses enable organization so that react quickly in addition to effectively so that detected incident if: Organization has IR team Organization can detect incident IR team consists of individuals needed so that handle systems as incident takes place Planners should develop guidelines in consideration of reacting so that in addition to recovering from incident Incident Detection Most common occurrence is complaint about technology support, often delivered so that help desk Careful training needed so that quickly identify in addition to classify an incident Once attack is properly identified, organization can respond

Background The Self: Is this elaboration process effortful? Discussion Results Remember responses (see graph): Current experiment Recognition Test Spontaneous But Not Effortless: The Ownership Effect in Recollective Recognition Is Affected by Divided Attention at Encoding. Mirjam Brady-Van den Bos?, Martin A. Conwayý, & David J. Turk?, ?University of Aberdeen, UK ýUniversity of Leeds, UK

Incident Reaction Consists of actions that guide organization so that stop incident, mitigate impact of incident, in addition to provide information in consideration of recovery from incident In reacting so that an incident there are actions that must occur quickly: Notification of key personnel Documentation of incident Incident Containment Strategies Before incident can be contained, areas affected must be determined Organization can stop incident in addition to attempt so that recover control through a number or strategies Incident Recovery Once incident has been contained, in addition to control of systems regained, the next stage is recovery First task is so that identify human resources needed in addition to launch them into action Full extent of the damage must be assessed Organization repairs vulnerabilities, addresses any shortcomings in safeguards, in addition to restores data in addition to services of the systems

Damage Assessment Several sources of information on damage, including system logs; intrusion detection logs; configuration logs in addition to documents; documentation from incident response; in addition to results of detailed assessment of systems in addition to data storage Computer evidence must be carefully collected, documented, in addition to maintained so that be acceptable in formal proceedings Individuals who assess damage need special training Recovery Once extent of damage determined, recovery process can begin Process involves much more than simple restoration of stolen, damaged, or destroyed data files Automated Response New systems can respond so that incident threat autonomously Downsides of current automated response systems may outweigh benefits Entrapment is luring an individual into committing a crime so that get a conviction Enticement is legal in addition to ethical, while entrapment is not

Disaster Recovery Planning Disaster recovery planning (DRP) is planning the preparation in consideration of in addition to recovery from a disaster The contingency planning team must decide which actions constitute disasters in addition to which constitute incidents When situations classified as disasters, plans change as so that how so that respond; take action so that secure most valuable assets so that preserve value in consideration of the longer term DRP strives so that reestablish operations at the primary site Crisis Management Actions taken during in addition to after a disaster focusing on people involved in addition to addressing viability of business Crisis management team responsible in consideration of managing event from an enterprise perspective in addition to covers: Supporting personnel in addition to families during crisis Determining impact on normal business operations and, if necessary, making disaster declaration Keeping the public informed Communicating alongside major customers, suppliers, partners, regulatory agencies, industry organizations, the media, in addition to other interested parties Business Continuity Planning Outlines reestablishment of critical business operations during a disaster that impacts operations If disaster has rendered the business unusable in consideration of continued operations, there must be a plan so that allow business so that continue functioning Development of BCP somewhat simpler than IRP or DRP; consists primarily of selecting a continuity strategy in addition to integrating off-site data storage in addition to recovery functions into this strategy

Continuity Strategies There are a number of strategies in consideration of planning in consideration of business continuity Determining factor in selecting between options usually cost In general there are three exclusive options: hot sites; warm sites; in addition to cold sites Three shared functions: time-share; service bureaus; in addition to mutual agreements Off-Site Disaster Data Storage To get sites up in addition to running quickly, organization must have ability so that port data into new site?s systems Options in consideration of getting operations up in addition to running include: Electronic vaulting Remote journaling Database shadowing Model For a Consolidated Contingency Plan Single document set approach supports concise planning in addition to encourages smaller organizations so that develop, test, in addition to use IR in addition to DR plans Model is based on analyses of disaster recovery in addition to incident response plans of dozens of organizations

The Planning Document Six steps in contingency planning process Identifying mission- or business-critical functions Identifying resources that support critical functions Anticipating potential contingencies or disasters Selecting contingency planning strategies Implementing contingency strategies Testing in addition to revising strategy Law Enforcement Involvement When incident at hand constitutes a violation of law, organization may determine involving law enforcement is necessary Questions: When should organization get law enforcement involved? What level of law enforcement agency should be involved (local, state, federal)? What happens when law enforcement agency is involved? Some questions are best answered by organization?s legal department Benefits in addition to Drawbacks of Law Enforcement Involvement Involving law enforcement agencies has advantages: Agencies may be better equipped at processing evidence Organization may be less effective in convicting suspects Law enforcement agencies prepared so that handle warrants in addition to subpoenas needed Law enforcement skilled at obtaining witness statements in addition to other information collection

Benefits in addition to Drawbacks of Law Enforcement Involvement (continued) Involving law enforcement agencies has disadvantages: Once a law enforcement agency takes over case, organization loses complete control over chain of events Organization may not hear about case in consideration of weeks or months Equipment vital so that the organization?s business may be tagged evidence If organization detects a criminal act, it is legally obligated so that involve appropriate law enforcement officials

Mayberry, Doug Host; Meteorologist

Mayberry, Doug is from United States and they belong to Host; Meteorologist and work for Channel 13 Evening News – KSWT-TV in the AZ state United States got related to this Particular Article.

Journal Ratings by Centenary College of Louisiana

This Particular Journal got reviewed and rated by Benefits in addition to Drawbacks of Law Enforcement Involvement (continued) Involving law enforcement agencies has disadvantages: Once a law enforcement agency takes over case, organization loses complete control over chain of events Organization may not hear about case in consideration of weeks or months Equipment vital so that the organization?s business may be tagged evidence If organization detects a criminal act, it is legally obligated so that involve appropriate law enforcement officials and short form of this particular Institution is US and gave this Journal an Excellent Rating.