Disaster Recovery
Discussion
Search “scholar.google.com” for a company or school that has defined the role of end- users in the creation of a contingency plan. Discuss why it is (or is not) important to include end users in the process of creating the contingency plan? What are the possible pitfalls of end user inclusion?
Note:-
Respond to at least 2 of your colleagues’ postings
• Ask a probing question, substantiated with additional background information, evidence or research.
• Share an insight from having read your colleagues’ postings, synthesizing the information to provide new perspectives.
• Offer and support an alternative perspective using readings from the classroom or from your own research in the Walden Library.
• Validate an idea with your own experience and additional research.
• Offer and support an alternative perspective using readings from the classroom or from your own research in the Campbellsville University Library
• Make suggestions based on additional evidence drawn from readings or after synthesizing multiple postings.
• Expand on your colleagues’ postings by providing additional insights or contrasting perspectives based on readings and evidence.
Last time feedback:-
Please note that a good portion of your initial response is from other sources. It is best to paraphrase the information. The idea here is that you will synthesize the content and write in your own words. The recommendation is to paraphrase, and avoid a verbatim approach.
Reply 1:-
Contingency planning is an operational method that is used to restore the business systems in contingency circumstances. The main purpose of contingency planning is to lower the chances of failure and its continuity, reduce possible risks, and also to prevent damage to brand’s notoriety of the business(Whitman, Mattord, & Green, 2013). In 2013, Yahoo experienced a data breach which affected 500 million users.The attackers have stolen user data such as names, date of birth, email addresses, hashed passwords, and phone numbers and also the security question and answers. Hackers used spear-phishing technique and sent mail to the semi-privileged engineer. The stolen data was put up for sale on the dark web and others used this data for scams.
In order to ensure preventing this type of cyber-attacks in the future, Yahoo developed a contingency plan. While making a contingency plan, Yahoo involved its end-users so that the plan become more effective and useful. Involving end-users helps companies in developing optimal contingency planbecause end-users are the people who are ultimately affected by the cyber-attacks. It is very important to consider perceptions of the user while planning strategies to prevent events that may occur unexpectedly (Vacca, 2017). So that, useful plans are made and can successfully implement them whenever needed. Also, there are some pitfalls while involving users in contingency planning. All users do not have the same thought process and considering them produces numerable plans in which only some works, implementing them becomes more costly and is a time-consuming process.
Reply 2:-
A contingency plan is a series of steps or actions designed to help an organization respond effectively to a future event or situation that may or has a probability to happen.
A contingency plan is also referred to as Plan B as it can be used as an alternative for action if the expected results fail to materialize. Contingency planning is a part of disaster recovery, risk management and business continuity.
The seven-steps outlined for an IT contingency plan in the NIST 800-34 Rev. 1 publication are:
1. Develop the contingency planning policy statement: A formal policy proves to be a bible for the parties involved to develop an effective contingency plan.
2. Conduct the business impact analysis: The analysis of the Business impact enables to identify, prioritize information systems and parts that are critical to supporting the organization’s business functions.
3. Identify preventive controls: Steps undertaken to minimize the effects of system disruptions can increase system availability and reduce contingency life cycle costs.
4. Create contingency strategies: Recovery strategies ensure that the system will be recovered quickly and effectively following a disruption.
5. Develop an information system contingency plan. The contingency plan must include a detailed guidance and procedure for restoring a damaged system unique to the system’s security impact level and recovery requirements.
6. Ensure plan testing, training and exercises. Testing helps in validating recovery capabilities, while on the other hand training helps in making the recovery personnel for plan activation and exercising the plan identifies planning gaps and the activities improve plan effectiveness and overall organization preparedness.
7. Ensure plan maintenance. The plan should be updated regularly to remain current with system enhancements and organizational changes.
I work for a retail store chain, Weis markets and we work on an ERP tool that helps take care of the company’s HR systems. We house important information like bank account, SSN and other vital personal payroll information. Hence while preparing a contingency plan it is very important to include the business representatives as it is for them that we are developing the plan as the main goal of the plan is to ensure continuous service delivery to the business to ensure the goals are achieved. The business users are the ones who drive the organization towards its goals.
It is extremely important for including the business user while developing the contingency plan as they would help to determine what all are the key factors from the application and the database poit of view that will ensure continuous business delivery and progress, faster recovery in case of a disaster.