Share
Explore BrainMass

Disaster recovery/contingency plan

1. Security, Privacy, and Other AIS Issues
You've been hired by a growing organization to perform systems consulting work. The CEO has concerns about systems security and the impact of privacy considerations on the organization's AIS. She is also interested in learning more about new and emerging AIS technologies that the organization should consider. You have been asked to provide a report on these areas. Your report will be used as a basis for planning and developing improvements to the AIS.

Prepare a paper to deliver your findings to the CEO. In your paper, include the following:

a. A disaster recovery/contingency plan that includes the following:
b. Identification and analysis of procedures to detect vulnerabilities and security threats (i.e., controls)
c. Identification and analysis of risks and risk mitigation measures, including plans for
i. Systems and data recovery
ii. Off-site data storage
iii. Business continuity
c. An analysis of the impacts of privacy considerations on AIS (i.e., HIPAA)

Use at least two academically peer-reviewed sources and/or your text author to support your work or your text authors. Be sure to properly cite any references used in your summary. Format the summary according to APA style.

peer-reviewed sources :

HIPPA engagement help. (2003, April). Practical Accountant, 36(4), 10.

Justices: FERPA does not give student right to sue. (2002, Summer). News Media & the Law, 26(3), 34.

Abu-Musa, A. A. (2002, September). Computer crimes: How can you protect your computerized accounting information system? Journal of American Academy of Business, 2(1), 91.

Abu-Musa, A. A. (2002, September). Security of computerized accounting information systems: A theoretical framework. Journal of American Academy of Business, 2(1), 150.

Blackwell, R. (2002, June 17). With N.D. vote, privacy debate returns to fore. American Banker, 167(115), 1.

Bradbury, D. (2003, October 28). How to stay on the right side of the law. Computer Weekly, 48.

Crane , B. (2003, June 30). Small business and the new HIPPA privacy and security requirements -- what every Utah CEO needs to know. Enterprise/Salt Lake City, 33(1), 3.

Greenblatt, R. E. & Bakker, J. J. (2004, Spring). HIPAA privacy compliance: It''s time to take it seriously. Benefits Law Journal, 17(1), 102.

McCarthy, E. (2004, May). The best-laid plans. Journal of Accountancy, 197(5), 46.

Millman, G. J. (2004, July/August). Keeping data under lock & key. Retrieved on July 16, 2004 from Smartpros.com at http://www.smartpros.com/x44287.xml.

Naumann, J. W. (2004, May). Tap Into XBRL''s power the easy way. Journal of Accountancy, 197(5), 32.

Odell, P. (2003, February). HIPPA changes require close study, DMA exec says. Direct, 15(2), 9.

Parker, R. G. (2003, May). How to profit by safeguarding privacy. Journal of Accountancy, 195(5), 47.

Phelan, S. & Hayes, M. (2003, April). Before the deluge -- and after. Journal of Accountancy, 195(4), 57.

Richards, J. & Tower, G. (2004, March). Progress on XBRL from an Australian perspective. Australian Accounting Review, 14(1), 81.

Stewart, D. L. (2001, June 29). To protect and to serve. Intelligent Enterprise, 4(10), 42.

Solution Preview

You've been hired by a growing organization to perform systems consulting work. The CEO has concerns about systems security and the impact of privacy considerations on the organization's AIS. She is also interested in learning more about new and emerging AIS technologies that the organization should consider. You have been asked to provide a report on these areas. Your report will be used as a basis for planning and developing improvements to the AIS.

Disaster recovery/contingency plan that includes the following:
A disaster recovery plan (DRP) - sometimes referred to as a business continuity plan (BCP) or business process contingency plan (BPCP) - describes how an organization is to deal with potential disasters.
(Searchsecurity, 2007)

Disaster recovery is becoming an increasingly important aspect of enterprise computing. Appropriate plans vary from one enterprise to another, depending on variables such as the type of business, the processes involved, and the level of security
searchsecurity.techtarget.com/sDefinition/0,,sid14_gci752089,00.html

The document that defines the resources, actions, tasks and data required to manage the business recovery process in the event of a business interruption. The plan is designed to assist in restoring the business process within the stated disaster recovery goals.
http://www.drj.com/glossary

Thus Disaster recovery planning involves an analysis of business processes and continuity needs; it may also include a significant focus on disaster prevention. Disaster recovery plan covers the data, hardware and software critical for a business to restart operations in the event of a natural or human-caused disaster.

II. The Importance of Disaster Recovery Planning

Need for Disaster Recovery Plans

There are many different risks that the company faces which can be:

? Natural disasters
? Fire
? Power Outages
? Terrorist attacks
? Organized or deliberate disruptions
? System and/or equipment failures
? Human error
? Computer Viruses
? Legal programs

(Wikipedia)

According to Jon William Toigo (the author of Disaster Recovery Planning), fifteen years ago a disaster recovery plan might be more simple but the current enterprise systems tend to be too complicated and loss of data can have serious financial impact.

It is believed that some companies spend up to 25% of their budget on disaster recovery plans; however, this is to avoid bigger losses. Of companies that had a major loss of computerized records 43% never reopen, 51% close within two years, and only 6% will survive long term. (Cummings, Haag & McCubbrey 2005.)

http://en.wikipedia.org/wiki/Disaster_recovery

Thus the planning gave help in the inculcating the disciplines and efficiencies in the organization to tackle the risks in an effective manner. It helps in mitigating the losses and improving the confidence in the employees

III. Implementing a Disaster Recovery Plan

It is a part of the risk management process plan and the steps will include:
? Identification of the risks
One has to identify the various risks that can affect the organization. It will include the problem definition, project objectives and selection of the disaster recovery team.
As per the below link the important documents required for the preparing the plan are:

? Organization chart showing names and positions

? Existing plan (if available)

? Staff emergency contact information

? List of suppliers and contact numbers

? List of emergency services and contact numbers

? Premises addresses and maps

? Existing evacuation procedures and fire regulations

? Health and Safety procedures

? Operations and Administrative procedures

? List of professional advisers and emergency contact information

? Personnel administrative procedures

? Copies of floor ...

Solution Summary

This discusses the disaster recovery/contingency plan in detail

$2.19