Explore BrainMass

Disaster recovery/contingency plan

This content was STOLEN from BrainMass.com - View the original, and get the already-completed solution here!

1. Security, Privacy, and Other AIS Issues
You've been hired by a growing organization to perform systems consulting work. The CEO has concerns about systems security and the impact of privacy considerations on the organization's AIS. She is also interested in learning more about new and emerging AIS technologies that the organization should consider. You have been asked to provide a report on these areas. Your report will be used as a basis for planning and developing improvements to the AIS.

Prepare a paper to deliver your findings to the CEO. In your paper, include the following:

a. A disaster recovery/contingency plan that includes the following:
b. Identification and analysis of procedures to detect vulnerabilities and security threats (i.e., controls)
c. Identification and analysis of risks and risk mitigation measures, including plans for
i. Systems and data recovery
ii. Off-site data storage
iii. Business continuity
c. An analysis of the impacts of privacy considerations on AIS (i.e., HIPAA)

Use at least two academically peer-reviewed sources and/or your text author to support your work or your text authors. Be sure to properly cite any references used in your summary. Format the summary according to APA style.

peer-reviewed sources :

HIPPA engagement help. (2003, April). Practical Accountant, 36(4), 10.

Justices: FERPA does not give student right to sue. (2002, Summer). News Media & the Law, 26(3), 34.

Abu-Musa, A. A. (2002, September). Computer crimes: How can you protect your computerized accounting information system? Journal of American Academy of Business, 2(1), 91.

Abu-Musa, A. A. (2002, September). Security of computerized accounting information systems: A theoretical framework. Journal of American Academy of Business, 2(1), 150.

Blackwell, R. (2002, June 17). With N.D. vote, privacy debate returns to fore. American Banker, 167(115), 1.

Bradbury, D. (2003, October 28). How to stay on the right side of the law. Computer Weekly, 48.

Crane , B. (2003, June 30). Small business and the new HIPPA privacy and security requirements -- what every Utah CEO needs to know. Enterprise/Salt Lake City, 33(1), 3.

Greenblatt, R. E. & Bakker, J. J. (2004, Spring). HIPAA privacy compliance: It''s time to take it seriously. Benefits Law Journal, 17(1), 102.

McCarthy, E. (2004, May). The best-laid plans. Journal of Accountancy, 197(5), 46.

Millman, G. J. (2004, July/August). Keeping data under lock & key. Retrieved on July 16, 2004 from Smartpros.com at http://www.smartpros.com/x44287.xml.

Naumann, J. W. (2004, May). Tap Into XBRL''s power the easy way. Journal of Accountancy, 197(5), 32.

Odell, P. (2003, February). HIPPA changes require close study, DMA exec says. Direct, 15(2), 9.

Parker, R. G. (2003, May). How to profit by safeguarding privacy. Journal of Accountancy, 195(5), 47.

Phelan, S. & Hayes, M. (2003, April). Before the deluge -- and after. Journal of Accountancy, 195(4), 57.

Richards, J. & Tower, G. (2004, March). Progress on XBRL from an Australian perspective. Australian Accounting Review, 14(1), 81.

Stewart, D. L. (2001, June 29). To protect and to serve. Intelligent Enterprise, 4(10), 42.

© BrainMass Inc. brainmass.com October 16, 2018, 9:34 pm ad1c9bdddf

Solution Preview

You've been hired by a growing organization to perform systems consulting work. The CEO has concerns about systems security and the impact of privacy considerations on the organization's AIS. She is also interested in learning more about new and emerging AIS technologies that the organization should consider. You have been asked to provide a report on these areas. Your report will be used as a basis for planning and developing improvements to the AIS.

Disaster recovery/contingency plan that includes the following:
A disaster recovery plan (DRP) - sometimes referred to as a business continuity plan (BCP) or business process contingency plan (BPCP) - describes how an organization is to deal with potential disasters.
(Searchsecurity, 2007)

Disaster recovery is becoming an increasingly important aspect of enterprise computing. Appropriate plans vary from one enterprise to another, depending on variables such as the type of business, the processes involved, and the level of security

The document that defines the resources, actions, tasks and data required to manage the business recovery process in the event of a business interruption. The plan is designed to assist in restoring the business process within the stated disaster recovery goals.

Thus Disaster recovery planning involves an analysis of business processes and continuity needs; it may also include a significant focus on disaster prevention. Disaster recovery plan covers the data, hardware and software critical for a business to restart operations in the event of a natural or human-caused disaster.

II. The Importance of Disaster Recovery Planning

Need for Disaster Recovery Plans

There are many different risks that the company faces which can be:

? Natural disasters
? Fire
? Power Outages
? Terrorist attacks
? Organized or deliberate disruptions
? System and/or equipment failures
? Human error
? Computer Viruses
? Legal programs


According to Jon William Toigo (the author of Disaster Recovery Planning), fifteen years ago a disaster recovery plan might be more simple but the current enterprise systems tend to be too complicated and loss of data can have serious financial impact.

It is believed that some companies spend up to 25% of their budget on disaster recovery plans; however, this is to avoid bigger losses. Of companies that had a major loss of computerized records 43% never reopen, 51% close within two years, and only 6% will survive long term. (Cummings, Haag & McCubbrey 2005.)


Thus the planning gave help in the inculcating the disciplines and efficiencies in the organization to tackle the risks in an effective manner. It helps in mitigating the losses and improving the confidence in the employees

III. Implementing a Disaster Recovery Plan

It is a part of the risk management process plan and the steps will include:
? Identification of the risks
One has to identify the various risks that can affect the organization. It will include the problem definition, project objectives and selection of the disaster recovery team.
As per the below link the important documents required for the preparing the plan are:

? Organization chart showing names and positions

? Existing plan (if available)

? Staff emergency contact information

? List of suppliers and contact numbers

? List of emergency services and contact numbers

? Premises addresses and maps

? Existing evacuation procedures and fire regulations

? Health and Safety procedures

? Operations and Administrative procedures

? List of professional advisers and emergency contact information

? Personnel administrative procedures

? Copies of floor ...

Solution Summary

This discusses the disaster recovery/contingency plan in detail

Similar Posting

Evaluation of computer system security: business v. vendor

Auditors test the computer controls for effectiveness through inquiry and observation. Auditors also review the computer security programs, risk policies, procedures, and standards on all major systems and facilities. They further check on who is responsible for monitoring, backups, log-ins, passwords, and vulnerabilities. In addition, auditors should check for the risk of errors, risk of fraud, effectiveness of application controls, risk of financial statement misstatements regarding security of data and assets, and relevant components of internal control.

In 1998 and 1999, Y2K was a term that was used to describe an anticipated computer problem that would occur in the year 2000. When reading the year, computers were originally designed to read two numbers instead of four numbers. Many people thought items that were run by computers would be unable to read the year 2000 and would revert back to the year 1900, potentially causing systems to fail. Many industries had to implement disaster recovery or contingency plans in preparation for this failure. As a result, auditors had to be prepared to review those plans.

Auditors must be prepared to test the effectiveness of controls and be able to evaluate a disaster recovery or contingency plan. Read the information provided in the Week 7 Application Form (linked below) about Anthony's Orchard's information system.

Week 7 Application Form
Evaluate the organizational structure and access to system program controls for Anthony's Orchard. Write a 2- to 3-page paper discussing the MDAC system and controls. Consider the following:

How would you delegate duties differently?

Did the organization use enough methods of asset protection and control provided by those methods?

What are the risks associated with the system?

What would you have done differently with system program control to improve asset protection?

Overall, does Anthony's Orchard have an effective disaster recovery/contingency plan? Your 2- to 3-page paper should reflect the application of the resources presented this week, as well as knowledge gained from previous weeks' required or optional readings.

View Full Posting Details