Business Contingency Planning

Name

Institution

Business Contingency Planning

Question 1

Question 1.1

Cybersecurity risks are likely to increase due to a projected increase in service requests from various remote points. Vulnerabilities in the remote access points are expected to impact the security and privacy of information within the UC information systems. Home networks could be used as an entry point for hackers and penetration activities to gain permissive access to sensitive information system resources and data. The implementation of remote access services will impact the confidentiality and integrity of information in cases where the users do not comply with security measures in deploying their connections. Establishing remote access services to facilitate the learning activities by the UC system will require the integration on new applications which re likely to have backdoors for malicious activities and exploitation.

The provision of services to facilitate learning will depend strictly on remote support systems which pose a risk of increased load and limitations on the bandwidth. The services provided by the information system are likely to be unreliable, resulting from poor connection and access to resources. An increased load of services requests is expected to cause congestion when the capacity is overwhelmed thus interruptions and distractions.

The UC information systems face the threat of staffing due to unreliable information dissemination and management of system resources. The measure of employee productivity through the virtual environment is unpredictable and can not conclude accurate metrics on services ordered. The supervision of output for each staff in the university is a challenge and impacts the ability to track progress and efficiency in ensuring business continuity.

The reliability of the UC information system services will depend on individual network infrastructure, which is likely to impact productivity in cases of weak internet connection or poor access platforms.

Question 1.2

The review process will start with the development of a contingency planning policy framework to define the objectives for the exercise. Roles and responsibilities will be specified in the policy statements to provide guidelines for contingency planning.

The second step will involve conducting a business impact analysis to effectively identify possible operation interruptions as a result of risks impacting business processes (Moturi, 2014). This phase will prioritise UC information systems components to support the business functions and objectives (Moeller, 2013). Business process and IT governance plan documents will be used to support information gathering for comprehensive impact analysis process. The business stakeholders will also be interviewed to obtain useful first-hand information which will impact decision making in designing response plan (Bechor et al., 2010). Students and department staff will be interviewed through questionnaires regarding the services using the UC information systems (Moeller, 2013). The top management will also be involved in the information gathering process to gain authority and support in conducting the contingency planning process. Identified business processes will be used to obtain useful data on the requirements for operation, including the resources supporting the process (Swanson et al., 2010). The information collected will be reviewed through the evaluation process to create prioritised documentation of the business processes and functions (Moturi, 2014). The requirements for each process will also be identified. A business impact analysis report will be documented based on the findings of the study to aid in decision making (Bechor et al., 2010).

The third phase will involve the identification of possible preventive control to address the vulnerabilities facing defined business processes (Moturi, 2014). All the control measure will be evaluated to determine the most effective and reliable measures to compact the identified risks. The selected measures must be reliable and effective in addressing security and privacy information concerns (Bechor et al., 2010).

The fourth step of the review process will develop recovery approaches to address the risks of deploying remote access services using the UC information system. During this phase, the critical business process will be identified and prioritised based on impact metrics on business continuity. All dependencies of the identified business processes will be labelled and outlined. A Recovery Point Objectives (RPO) is defined in this stage to highlight the priority of information dependencies to enable replication of data through backup to meet and align to business process requirements (Swanson et al., 2010). The Recovery Time Objectives (RTO) will be defined in this phase to act as a guideline in the time taken for a full recovery of information during risk occurrence (Bechor et al., 2010). The Maximum Tolerable Downtime (MTD) will also depict the length of time a business process can be unavailable when risks occur (Swanson et al., 2010). Possible risks that can impact the disaster response plan (DRP) will be evaluated and assessed to create awareness and impact the priority ranking of the business processes. A response team will also be developed and roles and responsibilities assigned to team members, including a communication structure for easy information dissemination. The response team will oversee the overall recovery process and will, therefore, undergo training to ensure they are informed and prepared for risk handling.

In the fifth step, a contingency plan will be developed and will include a guidance framework for addressing and mitigating identified risks. Procedures for addressing each business process will be documented and will include the response teams and communication structures.

The sixth phase will ensure that all the system contingency plan is tested and all stakeholders given training for preparedness in case a risk occurs (Moturi, 2014). The system will be tested to ensure it works correctly and that it gives expected results.

The last phase will detail the plan for maintaining the system through updates and patches. All procedures and update requirements will be documented for reference and will guide the patching process of future versions of the system (Moturi, 2014).

Summary

The major threats facing the UC following the implications of COVID-19 outbreak include cybersecurity threats which arise as a result of the integration of virtual networks which are entry points for hacking activities (Moeller, 2013). Unreliable infrastructure is also another threat caused by increased traffic which overwhelms the remote access support systems. The information system is limited to integrity risks resulting from limitations to track productivity of staff services, making it unreliable in accomplishing the business process.

The development of the contingency plan will involve the formulation of contingency policy to act as a guideline in developing the contingency plan (Moturi, 2014). The business impact analysis phase will involve the gathering of useful information from stakeholders and other supporting documents for detailed risk evaluation.

Risks obtained from business processes will be used in the third phase to develop response controls (Moeller, 2013). The disaster recovery plan will be planned in the fourth phase and will include the assignment of a response plan to each process and will include the assignment of response teams, each with members assigned roles and responsibilities. The formulated disaster response plan will undergo testing to ensure it is effective and that the team members have training and skills in handling such real-time risks. The last step of the contingency planning process involves the creation of a maintenance strategy detailing the procedures of patching systems and the release of new versions of the application (Moeller, 2013).

Question 2

Question 2.1

System failures are a major availability threat impacting information access from the remote locations. System breakdowns have been evidenced in recent times where services are limited due to bugs in remote access systems. The incompatibility of remote platforms with the institution’s remote access systems also poses availability risk causing access limitations. Bandwidth overload is also impacting the availability of information which is caused by congestion of traffic, resulting in slow services or no services. Penetration of communication channels by hackers also is a key threat to service access which is caused by virus and malware malicious activities (Teo & King, 2012). The service requests get redirected to inappropriate links causing limitations to access information from the UC information system.

Question 2.2

The backup strategy will be a key element to consider to ensure a reflective and continuous backing up of data to the current working state. This will enable restoration of information with minimised or no damage, thus ensuring continuity of the process. The backup strategy ensures data to be backed up is identified including the monitoring functions to always allow a regular restoration process to update information using the defined frequency (Moeller, 2013).

The maximum tolerance downtime for the process will be a key element to consider to ensure that the recovery of the information is finished in time to meet the submission key requirement. Interrupted services should be assigned the response time to allow for a defined timeline estimation aimed at meeting submission key requirement. The maximum tolerance downtime for the affected service process should not exceed the timeline for submission of the assignments. The element will focus on flexibility in completion of the tasks based on the remaining deadlines.

Summary

System failure is a major risk affecting the availability of information on the UC system based on remote access deployment. Platform limitations have also contributed to the lack of services from the institution caused by incompatibility issues.

The backup strategy and response time elements are the top key elements to consider in a personal disaster response plan. The backup strategy ensures a regular restoration and backup of data changes, thus providing continuity security to meet the completion and submission of services (Moturi, 2014). Response time for the process is a key element to consider in personal disaster response plan due to the need to track task completion and submission requirements.

References

Bechor, T., Neumann, S., Zviran, M., & Glezer, C. (2010). A contingency model for estimating the success of strategic information systems planning. Information & Management, 47(1), 17-29. https://doi.org/10.1016/j.im.2009.09.004Moeller, R. R. (2013). Novel approaches to contingency planning and security. Information Systems Security, 2(3), 34-37. https://doi.org/10.1080/19393559308551365Moturi, C. (2014). Embracing contingency planning for University information resources. British Journal of Applied Science & Technology, 4(3), 492-509. https://doi.org/10.9734/bjast/2014/6356Swanson, M., Bowen, P., Phillips, A. W., Gallup, D., & Lynes, D. (2010). Contingency planning guide for federal information systems. https://doi.org/10.6028/nist.sp.800-34r1Teo, T. S., & King, W. R. (2012). Integration between business planning and information systems planning: An evolutionary-contingency perspective. Journal of Management Information Systems, 14(1), 185-214. https://doi.org/10.1080/07421222.1997.11518158