Welcome to Scribd. Sign in or start your free trial to enjoy unlimited e-books, audiobooks & documents.Find out more
Download
Standard view
Full view
of .
Look up keyword
Like this
1Activity
0 of .
Results for:
No results containing your search query
P. 1
Unit 1 RISK ANALYSIS AND DISASTER PLANNING

Unit 1 RISK ANALYSIS AND DISASTER PLANNING

Ratings: (0)|Views: 31|Likes:
Published by dev chauhan
RISK ANALYSIS AND DISASTER PLANNING
RISK ANALYSIS AND DISASTER PLANNING

More info:

Categories:Types, Research
Published by: dev chauhan on Jan 06, 2011
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

01/06/2011

pdf

text

original

 
UNIT 1 RISK ANALYSIS AND DISASTER PLANNING
Structure
1.0 Introduction1.1 Objectives1.2 Risk Analysis1.2.1 Initial Planning1.2.2 Role of a Risk Manager1.2.3 The Need for Backup and Recovery1.2.4 Preparing Procedures1.2.5 Requirement of Critical Jobs1.2.6 Evaluating Alternate Response1.2.7 Compiling the Package1.3 Disaster Recovery Planning1.3.1 Disaster Recovery Planning Task 1.3.2 Disaster Recovery Plan Components1.4 Summary
1.0 INTRODUCTION
Information has now come to be treated at par with other vital resources by most organisations. Inadvertentor malicious loss, misuse or destruction of data can lead to consequences as disastrous as loss of men,material or money.Traditionally, the armed forces have been very sensitive to leakage of plans or information on dispositions.Financial institutions too have paid attention to building checks and balances to guard against fraud or misappropriations.Currently, the need for safeguarding Corporate Information has become more acute. This is due to the widedispersal of data within the organisation and the sophisticated means available for tapping into thedatabases. An ostrich like attitude, towards security of data, can only result in disasters, and, therefore, it is better to be aware of and implement security measures.
1.1 OBJECTIVES
At the end of this unit you would be in a position to
explain and appreciate the need of Risk Analysis
 
define initial planning and role of a Risk manager 
understand the need of backup and recovery process
explain disaster recovery planning
define various places of disaster recovery planning.
1.2 RISK ANALYSIS
The purpose of risk analysis is to determine the probability of problems occurring, the cost of each possibledisaster, the areas of vulnerability and the preventive measures to adopt as part of a contingency plan.Thus, what is required is risk management.Risk management has been described as that element of managerial action that is concerned withidentification, measurement and control of uncertain events. It is used to make decisions regarding thecosts of (monetary as well as other) protecting against possible events endangering the organisation.In subsequent sections let us look into several aspects relating to Risk Management.
1.2.1 Initial Planning
While carrying out the initial planning, considerable thought should be given to the following:
Estimated cost and availability of funds to perform an analysis.
Value of the physical installation.
Worth of data to the organisation and to others.
Existing safeguards.
Impact of data processing on the organisation's mission of goals.From this summary, management could then determine those risks that could be tolerated by theorganisation and those which require some control. Those requiring control then could be assessedclinically for risk avoidance.
1.2.2 Role of a Risk Manager
Creation of a position of risk manager is strongly recommended because the system is not likely to succeedwithout having one knowledgeable individual responsible for decision making, and supervision; overallcontrol of technical and analytical activities in the process; and it is continuum.In a small organisation, the position could be assumed as a collateral one to a top level managementofficial. In a large and complex entity, however, a separate position that is sufficiently high in theorganisation, should be established for a risk manager, with authority for data processing security acrossthe organisational lines. Some requisites for a top level risk management position are:
Knowledge of short and long range goals of the organisation;
Awareness of users security needs and priorities to the establishment and maintenance of appropriate level of security;
Awareness of new technology in security;
 
 
Authority to make, or assist in making, policy decisions on security programs and procedures;
Authority, with management approval, to implement security measures, deemed feasible froma risk analysis;
Ability to follow through, periodically, on security policies and practices in action; checkingactual performance and, results and taking corrective action; if necessary punitive action.It is advisable to take up this work along with the Data Base Administration of the organisation.To the start of the contingency planning project, a team of 3-4 managers from various functional areas isformed. The approach normally followed is to base the contingency plans on rational economic analysisand to avoid problems of internal politics of the organisation. The objectives of the project team generallyinclude the following :
Conservation of assets upon exposure to a major hazard whether fire, storm, sabotage of other hazard;
Assurance that the corporation will survive even if the computer facilities are disabled, or destroyed;.
Specific action plans that a 'prudent man' should take while incharge of the organisation's mostvital asset : data.Generally this activity is a pioneering effort, therefore a detailed project plan preparation is recommendedTypical duration of the contingency planning project is an estimate of 275 man-days for the total effort for the development of the contingency plan, Break up of activity duration are given in Table 1
Table 1Project Out-Line
 
S1.No.
 
Task 
 
Applied effort(man-days)
 1. Plan the project 112. Establish current status of backup and recovery 083. Prepare procedure, lists and forms 094. Establish loss due to delay* 1365. Specify critical applications 266. Evaluate alternate responses 187. Document the recommended plans 178. Creation of emergency procedures note-book 229. Document the information required to reconstruct1810. Complete project 'package' 10
Total 275
Remarks
*Establishing losses resulting in delays in processing is the most difficult part of the contingency planning.
1.2.3 The Need for Backup and Recovery

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->