Fluent Essays

CIS 693 W7 Continuity Requirement #5: Enterprise-Wide Business Continuity and Disaster Recovery Plan – (Due end of week 7) Using your enterprise security plan proposal as a guide, write the enterprise business continuity and disaster recovery plan for your chosen organization. Good business continuity plans will keep your company up and running through interruptions of any kind: power failures, IT system crashes, natural disasters, supply chain problems and more. Given the human tendency to look on the bright side, many business executives are prone to ignoring "disaster recovery" because disaster seems an unlikely event. Your plan should have the following attributes: Disaster Recovery Plan - The disaster recovery provides detailed strategies on the steps that employees must follow during, and immediately after, a disaster. Not only does the plan provide exit procedures, it outlines communication instructions that ensure that every employee is accounted for and in communications with the central hub. This business hub includes emergency supplies, flashlights, backup business information and other items that have been outlined as important to the business and the safety of its employees and customers. Business Continuity Plan - The business continuity plan takes the disaster recovery plan one step further. This plan outlines how the business will continue its operations after the disaster. It also outlines how the business will continue its operations after smaller, less disastrous events, such as power outages. The plan outlines how and where the business will operate if it is forced to move to a temporary location. It identifies the long-term, crucial strategies that are needed to ensure that the business maintains stability and generates profits. Source: http://smallbusiness.chron.com/disaster-recovery-p... Your plan should be a 3.5 page paper (a minimum of three pages of content) to discuss the enterprise Business Continuity and Disaster Recovery plan for the organization that you have chosen. A link for articles on recovering from computer disasters (link shortened): http://tinyurl.com/h5sla8s How to write a Disaster Recovery Plan (link shortened): http://tinyurl.com/zvuzfmf On Sun, Oct 11, 2020 at 12:31 PM oduor evans <[email protected]> wrote: On Sat, Oct 10, 2020 at 11:45 PM cosmas ngila <[email protected]> wrote: 11am On Sat, Oct 10, 2020 at 8:49 AM cosmas ngila <[email protected]> wrote: 4 pages due 1am Using your enterprise security plan proposal as a guide, write the enterprise risk assessment for the organization. Enterprise Risk Management (ERM) has been defined by some as “a process, affected by an entity’s board of directors, management and other personnel, applied in strategy-setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.” What this long definition is saying (not in so many words) is Risk Assessment includes the methods and processes used by organizations to define and manage risks and seize opportunities related to the achievement of their objectives. The Committee of Sponsoring Organizations of the Treadway Commission (COSO) ERM Framework has eight components and four objectives categories. The eight components - additional components highlighted - are: Internal Environment Objective Setting Event Identification Risk Assessment Risk Response Control Activities Information and Communication MonitoringThe four objectives categories - additional components highlighted - are: Strategy - high-level goals, aligned with and supporting the organization's mission Operations - effective and efficient use of resources Financial Reporting - reliability of operational and financial reporting Compliance - compliance with applicable laws and regulationsYour Risk Assessment plan should be a 3-5 page paper (a minimum of three pages of content) to discuss how risks are defined, assessed and responded to. Monitoring activities should be included in the assessment process you outline. A link for an example of a Risk Assessment Plan for Purdue University: http://www.purdue.edu/ia/erm/assessment.html A link for knowing risks and best practices: Neoh, D. (2004). Corporate Wireless LAN: Know the Risks and Best Practices to Mitigate Them. Retrieved from http://www.sans.org/rr/whitepapers/wireless/1350.php Hey, It is building on the security proposal plan I will attach if needed. Attachments area Running head: ENTERPRISE SECURITY RISK MANAGEMENT 1 ENTERPRISE SECURITY RISK MANAGEMENT 5 Enterprise Security Risk Management Name Course Tutor Date Enterprise Security Risk Management Introduction In the previous enterprise security proposal paper, it was clear that many companies now consider information security as their number one concern. We also saw various strategies put in place by several organizations to help them go about the challenges posed by insecurity. Some of the strategies are meant to protect the organization's informational technology from all manner of threats. In contrast, others target mitigation of risks that might scale up the security protocols in place. We focus on the latter by looking at enterprise security risk management by looking at the various parts' enterprise risk assessment plan. Defined as a coordinated set of activities, processes, and methods aimed at supporting the risk control mechanisms by way of identifying, defining, and providing means of ameliorating risks; the Committee of Sponsoring Organizations of the Treadway Commission (COSO) provides a framework that outlines eight standard components making up risk assessment plans as well as a category of for objectives. The components include the internal environment, objective setting, identifying an event, risk assessment, risk response, control activities, information, and control communication and monitoring. The additional objective categories comprise strategy, operations, financial reporting, and compliance. A risk assessment plan is an essential item in enterprise risk management as it provides a step-by-step approach to combating risks to mitigate them. If left unattended, the risks can affect the organizations’ ability to deliver on set goals and objectives. Enterprise Risk Management There are several ways of defining risk. The common one is an event whose chances of occurring fall between zero and one whose impact can be either positive or negative to the organization's course of attaining set goals and objectives. A risk can level one or many effects against the normal running of an enterprise and can as well have one or many causes. On the other hand, risk management is a continuous process that commences simultaneously with a project being undertaken by an organization and concludes at the closure of a project. It encompasses processes such as identification of risks, risk analysis, monitoring, and control. Enterprise risk management processes must always have an objective to accomplish, which sometimes can always be reducing the probability of risk occurrence or mitigating the impact of risk events (Multi-dimensional enterprise-wide security, 2020). Modern risk management planning processes attempt to reduce the likelihood of risk events occurring and mitigate the potential impacts if these risks arise. The risk identification process often commences before the organization formally starts a project. The expectation is always that the number of identifiable risks increases as the project advances. If a risk is successfully identified, there are a number of projects that ensure. First is to assess the risk to establish the underlying factors such as the probability of the risk occurring during the project, the extent of the impact to the organization's project schedule, cost and scope, and the quality of the product to be delivered. Risk Assessment Plan Risk assessment involves determining the chances of a risk occurring and the impact of the occurrence of such a risk to the project being undertaken by an enterprise. By talking of a project does not mean a specific process leading to delivering a product but can also include the day to day operations in an organization to achieve set goals and objects. As initially defined, the risk assessment plan is documentation detailing step by step approaches that define risks, identify them, mitigate, and establish monitoring and controls (Tricomi, 2020). The risk assessment process is essentially a cause and effect analysis since it is based on the event occurrence and impact of the event's occurrence. Risk assessment can be described as a two-factor process. The first factor is measuring the certainty of the occurrence of a risk (establishing probability), and the second factor is impact estimation (Urban, 2016). The possibility of event occurrence can further be carried in several ways, as shown in the table below. Establishing Risk Event Probability Defining the Probability Explanation Value Extremely low frequency Almost no chance of happening 0-1 Low frequency Unlikely to occur A small probability of happening and can only be identified under focused review. 2 Normal frequency Can sporadically occur Potential issues are identifiable during a focused review 3 High frequency Frequently occurs. Frequency is limited upon correction of the process. Trained auditors and other experts easily discover discrepancies. The regulators also find it easy identify the risks using guiding policies. 4 Extremely high frequency High chances of occurring The risk events can occur and re-occur unless a drastic measure is taken to correct the on goings massively. 5 The second factor is estimating the potential impact of the occurrence of the risks on the organization's project. Notably, this is a subjective assessment given the difficulties of quantifying the potential losses or gains resulting from the risk occurrences. However, it is always essential to quantify the resulting effect as it gives the full view of the impact on the organization's ability to still deliver on the goals and objectives (Zio, 2018). This can be done by assessing the changes in the project time schedule, scope, quality of the final product and the difference in the reviewed budget and the initial allocation. All these are always measured using standard tools of management and documented in the final risk statement. The risk Instead of laboring to come up with a detailed impact estimates, common risk registers classify risks into five rating categories as far as impact of each is concerned. These include category A that comprises catastrophic events resulting from compliance violations, data theft or serious breaches, or inability to validate critical data. Another category is critical risks, which comprise a non-compliance finding process. Control and monitoring include processes that continuously track, review, adjust, and issue reports on the project's general performance. Project plan, work statement, and budget documents are some of the control and monitoring tools used to manage enterprises' risk. Conclusion This article defines risk management as a coordinated set of activities, processes, and methods to support the risk control mechanisms by identifying; defining, and providing ameliorating risks. The article identifies several ways of expressing a risk with the common one being an event whose chances of occurring fall between zero and one whose impact can be either positive or negative to the organization's course of attaining set goals and objectives. References Multi-dimensional enterprise-wide security: An action plan. (2020). Retrieved 11 September 2020, from https://searchsecurity.techtarget.com/feature/Multi-dimensional-enterprise-wide-security-An-action-plan Tricomi, K. (2020): Policies, Procedures, and Standards | BPMInstitute.org. (2020). Retrieved 11 September 2020, from https://www.bpminstitute.org/resources/articles/policies-procedures-and-standards Urban, M. E. (2016). Enhanced Capabilities for Subcritical Experiments (ECSE) Risk Management Plan (No. LA-UR-16-22988). Los Alamos National Lab.(LANL), Los Alamos, NM (United States). Zio, E. (2018). The future of risk assessment. Reliability Engineering & System Safety, 177, 176-190.