Business Impact Analysis And Preparedness Plan For First National University

General Considerations for Business Impact Analysis

The First National University or FNU is the first higher education institurion in the country to implement distance education via online programs handling over a wide area covering numerous students and faculty. Recently, due to few issues noticed in the business process, the organization handling the institution had suggested a change in the business structure by introducing latest technological advancements including Work-at-Home or WAT policies and IT networking techonologies (Ab Rahman, Cahyani and Choo 2017). This report would thus include the wholesome analysis of the implementation including the business impact analysis of the latest technology, the insurance considerations, the implementation of the incidence reponse team, the physical safeguards taken, the already prepared items, the incident response procedures, the restoration procedures, the forensics considerations and the ways by which the implementation plan would be maintained.

A business impact analysis or BIA mostly focuses on the consequences of a disruption in the business process and gathers information about how these disruptions can be eliminated from the process and develop a strategy for the recovery of the system (Torabi, Soufi and Sahebjamnia 2014). Based on the case scenario of First National University or FNU, the general considerations for Business Impact Analysis or BIA is as listed as below:

• Potential impact of the disruption: It has been found according to the reports that the entire institution of FNU has been under an intrecate and severely complex ICT infrastructure. It is speculated that this would impact heavily on the growth and sustainability of the organization.
• Financial impact of the disruption: The suggested recovery program involved a network security plan, a redesigning of network, and implementation of the technology. This would indefinitely need a huge amount to be implemented from the organization, which may impact heavily.

There are many kinds Cyber Insurance types that any considerable organization follows according to the coverage they possess, and any organization should begin their assessment needed for the cyber insurance with the assessement of the risk and perils of the insured sources (Hill 2016). While evaluating the Insurance Considerations for the networking structure of the organization, It should be kept in mind that the policy of insurance should consider all the apps of emissions of the third parties and according to the Fine National University there are some terms of exclusions that are explained below:

                                                  (Source: Created by Author)

Every computer network implementation means a computer incident response team or CIRT which is a group handling the events that involves the security breaches of a computer. This is a security Management process that most organisations utilise in order to prevent the problems they frequently have with the security such as events that might still occur unexpectedly and this should be handled effectively by the computer incident response team experts (Ab Rahman and Choo 2015). Fine National University as well a team members should be included who would specify in the department and specialities of handling intricate breaches. These include unexpected ransomware attacks, data thefts, and simplifying of the too complicated netwroking structure that the organization currently faces.

Insurance Considerations for the Networking Structure

Physical safeguards can be defined as the physical policies measures and procedures that is required to protect the electronic information of a covered entity or an organisational system as well as all the related equipments and buildings from any kind of natural or environmental hazards or any unauthorised intrusion (Quick and Choo 2016). Fine National University has recently implemented issues load of latest devices that needs to be protected from any natural hazards or unauthorised intrusions. Following would be the steps to be taken for an effective physical safeguarding:

• Contingency Operations: This step involves process implemented for restoration of lost data.
• Facility Security Plan: These are the procedures to safeguard the facility and the equipment, barring any unauthorized instrusion.
• Maintening Records:This is the documentation of all the processes for maintaining the data according to the changes implied or the progression of the latest provisions (Cahyani et al. 2017).
• Access Control and Validation Procedures: This procedure ensures individual access to any role or function including visitor control and secured access.

                                                  (Source: Created by Author)

                                                      (Source: Created by Author) 

• The Operating systems have a combination od Windows and Linus Operating Systems at once.
• The entire staff possesses Desktop PCs for individual use running on Windows 8 OS.

ICT infrastructure at Backup site

The backup site infrastructure have the same facility as the Operations.

Incidents can be of different types based on the nature of intrusion that had been in the institute (Ruefle et al. 2014). Nevertheless underlying is a list of incident response process and procedures that leads any kind of incident managed quite existentially. This should first be done as follows:

• Prioritizing assets
• Connecting, communicating and collaborating
• Observe
• Orient
• Act
• Make a decision about the handling of the incident

Data restoration procedures should follow the underlying procedures for data restoration process:

• Request for data backup
• Automated backup process
• Evaluation of institution needs for the data
• Evaluation of the technical needs or any backup plan for the restoration (Littlefieldet al. 2016)
• Process verification for backup
• Restoration test
• Inspection of backup log
• Media storage checking
• Informing the requester about the status
• Starting data restoration

The forensic considerations that the institue of FNU needs right now for data disaster discovery and business continuity is as follows:

• Legal Precedence
• Testing methodology
• Activity record maintenance
• Monitoring internet activity (Chang 2015)
• Local host activity monitoring
• Configuration and use of the system implementation
• Analysis of platform and tools

It is adviced to the Fine National University or FNU is that, it needs to keep up with the latest implementation according to the steps followed in the disaster recovery procedure and business restoration and continutiy plan (Rashmiet al. 2015). This is the only way by which the intricate and complicated system could be maitained or kept tamed. The regular data monitoring and record keeping to check the system vulnerabilities and further attacks for the data and information of the institute would ensure further effective preventive measures.

Conclusion

Thus, it can be concluded that Fine National University has been one of the primary institutions but the ICT Infrastructures have not been at par with the other levels of organizations having the same facilities as them.This report included the wholesome analysis of the implementation including the business impact analysis of the latest technology, the insurance considerations, the implementation of the incidence reponse team, the physical safeguards taken, the already prepared items, the incident response procedures, the restoration procedures, the forensics considerations and the ways by which the implementation plan would be maintained. Therefore, all the vulnerabilities of the system have been identified along with all the considerations that we needed to be made for the disaster recovery and business continuity of the university.

References

Ab Rahman, N.H. and Choo, K.K.R., 2015. A survey of information security incident handling in the cloud. Computers & Security, 49, pp.45-69.

Ab Rahman, N.H., Cahyani, N.D.W. and Choo, K.K.R., 2017. Cloud incident handling and forensic?by?design: cloud storage as a case study. Concurrency and Computation: Practice and Experience, 29(14), p.e3868.

Cahyani, N.D.W., Martini, B., Choo, K.K.R. and Al?Azhar, A.M.N., 2017. Forensic data acquisition from cloud?of?things devices: windows Smartphones as a case study. Concurrency and Computation: Practice and Experience, 29(14), p.e3855.

Chang, V., 2015. Towards a Big Data system disaster recovery in a Private Cloud. Ad Hoc Networks, 35, pp.65-82.

Hill, D.G., 2016. Data protection: Governance, risk management, and compliance. CRC Press.

Littlefield, D.A., Nallathambi, V.K. and Chanchlani, G., CommVault Systems Inc, 2016. Data recovery operations, such as recovery from modified network data management protocol data. U.S. Patent 9,244,779.

Quick, D. and Choo, K.K.R., 2016. Big forensic data reduction: digital forensic images and electronic evidence. Cluster Computing, 19(2), pp.723-740.

Rashmi, K.V., Shah, N.B., Gu, D., Kuang, H., Borthakur, D. and Ramchandran, K., 2015. A hitchhiker’s guide to fast and efficient data reconstruction in erasure-coded data centers. ACM SIGCOMM Computer Communication Review, 44(4), pp.331-342.

Ruefle, R., Dorofee, A., Mundie, D., Householder, A.D., Murray, M. and Perl, S.J., 2014. Computer security incident response team development and evolution. IEEE Security & Privacy, 12(5), pp.16-26.

Torabi, S.A., Soufi, H.R. and Sahebjamnia, N., 2014. A new framework for business impact analysis in business continuity management (with a case study). Safety Science, 68, p

Order an Essay Now & Get These Features For Free:

Turnitin Report

Formatting

Title Page

Citation

Outline

Place an Order