Business Continuity plan and

Operation Cycle of Disaster

Recovery
Module 1 – Lecture 2
Business Continuity plan
• Business continuity planning is about prevention, not cure.
• It is about being able to deal with incidents when they occur and
taking actions that mitigate loss (or greater loss) during such events.
• This process calls for the identification of potential incidents that
would affect the mission-critical functions and processes of an
organization.
• Business continuity planning requires that effective plans be
established to ensure an organization can respond to any incident.
But the process does not stop at the planning stage.
Threats to Personal Privacy
The large amounts of electronic information combined with the
increased ability of computers to

• monitor,
• process,
• and aggregate this information about people, creates a massive
threat to our individual privacy.
Fraud and Theft
For example,
• computers to transfer a company’s proprietary customer data to
computer systems that reside outside the company premises
• sell this valuable customer data to that company’s competitors.

Preventative measures
• periodic auditing, and firewall.
Internet Fraud
• Financial Institution Fraud - Credit/debit card fraud is an example of financial institution fraud
• Gaming Fraud - chance to win a prize when there is a misrepresentation of
• the odds or events
• Communications Fraud - Thefts
• of wireless, satellite, or landline services are examples of communications
• fraud.
• Utility Fraud - A knowing misrepresentation or intention to harm by defrauding a government
regulated entity that performs an essential public service, such as the supply of water or
electrical services
• Insurance Fraud - submitting claims for injuries ordamage that never occurred
• Government Fraud - tax evasion, welfare fraud, and counterfeit currency.
• Investment Fraud -
• Business Fraud
• Confidence Fraud
Employee Sabotage
• Easiest form of employee sabotage known to all system
administrators is “accidental” spillage.
• The act of intentionally spilling coffee or soda on a keyboard for the
purpose of making the computer unusable for some time is a criminal
offense.
Infrastructure Attacks
• This infrastructure loss can include power failures (outages, spikes,
and brownouts), loss of communications, water outages and leaks,
sewer problems.
• lack of transportation services, fire, flood, civil unrest, and strikes.
Malicious Hackers
• The term “malicious hacker” refers to someone who breaks into
computers without authorization.
• Malicious hackers can be outsiders or insiders.
• The hacker threat should be considered in terms of past and potential
future damage.
Malicious Coders
• Malicious code refers to viruses, worms, Trojan horses, logic bombs,
and other “uninvited” software.
Industrial Espionage
• Industrial espionage is the act of gathering proprietary data from
private companies or governments for the purpose of aiding others.
• Industrial espionage can be perpetrated either by companies seeking
to improve their competitive advantage or by governments seeking to
aid their domestic industries.
Social Engineering and Educate Staff and Security
Personnel
• Social engineering begins with the goal of obtaining information
about a person or business
• Improving awareness of the need to protect system resources;
• Developing skills and knowledge so computer users can perform their
jobs more securely; and
• Building in-depth knowledge, as needed, to design, implement, or
operate security programs for organizations and systems.
Computer security Awareness and Training
(CSAT)
Step 1: Identify Program Scope, Goals, and Objectives
Step 2: Identify Training Staff
Step 3: Identify Target Audiences
Step 4: Motivate Management and Employees
Step 5: Administer the Program
Step 6: Maintain the Program
Step 7: Evaluate the Program
Operation Cycle of Disaster recovery
THE DISASTER MANAGEMENT
CYCLE
• Basic
Format
Phases of a Disaster
Preparatio
n

Rehabilitation Warning Phase

Recovery Impact

Emergency Response
COMPONENTS OF
DISASTER
MANAGEMENT
• Hazard Analysis
• Vulnerability Analysis
• Prevention and
mitigation
• Preparedness
• Prediction and warning
• Response
• Recovery
Hazard Analysis

• Disaster history
• Disaster analysis
• environmental
• epidemiological
• meteorologic
• agricultural
• political
Vulnerability Analysis

• Historical experience
• Community experience
• Technical evaluation
• Land use
• Building standards
• Disaster specific
vulnerabilities
Prevention and Preparedness
• Organizational response planning
• Government structure and disaster legislation
• Planning mechanisms
• stockpiling
• awareness
• resources
• communications
• education
Prediction and warning
• Tracking
• Warning mechanisms
• Organizational
response
• Public education
• Communication
• Evacuation planning
Disaster Response Phases
Four Major Phases (many sub-
categories)
• Activation
• Implementation
• Mitigation
• Recovery
Respons
e
• Notification
• Evacuation/extrication
• Search and rescue
• Coordination
• Immediate needs assessment
• Shelter/protection
• Implementing existing disaster
plans
 Emergency Response Phases of a Disaster
Phase Preparation

Rehabilitation Warning Phase

Recovery Impact
• Search and rescue
Emergency Response
• Emergency medical services
• Immediate health service
mobilization
Recovery
• Logistics
• Distribution of resources
• Warehousing
• Tracking
• Rehabilitation and
Reconstruction
• Housing
• Water/sanitation
• Infrastructure
Recovery

• Material cleanup
• Environmental and
structural safety measures
(temporary) Phases of a Disaster
Preparation

Rehabilitation Warning Phase

Recovery Impact

Emergency Response
Rehabilitation and Reconstruction
Phases of a Disaster
Preparation
• Health service
Rehabilitation Warning Phase

assessment and
Recovery Impact
reconstruction
• Structural reconstruction Emergency Response

• Resume development
efforts
• Transition from relief to
development