NEC Planning In Healthcare Organization & Hurricane Katrina Case Entergy Discussions

Question Description

Task-1(Discussion) : Explain in your own words why you believe planning is important. Select one of the following businesses: a large bank, a government agency, or a hospital, and explain which systems you feel are mission critical. Then explain how the loss of these systems would affect the organization.

Task-2(Internet Research): Go online and search for information about companies that have been harmed or bankrupted by a disaster. Choose one such company and create a brief case study about it. Successful narratives will focus on the manner in which the organization was impacted, including financial losses, losses of sales, or the need for layoffs. Your assignment should be 3-4 paragraphs in length.

Note: I need 2 separate documents

Reference :

1.The Difference Between Business Continuity and Disaster Recovery :

2. Developing A Disaster Recovery & Business Continuity Plan :


Unformatted Attachment Preview

Business Continuity Planning and Disaster Recovery Planning Dr. Cindi Nadelman New England College ECS 6200 – Managing Information Security Week 6 – Lecture Objectives ◼ ◼ ◼ ◼ ◼ ◼ ◼ ◼ Distinguish between the business continuity plan (BCP) and the disaster recovery plan (DRP) Follow the steps in the BCP Explain to business executives why planning is important Define the scope of the business continuity plan Identify types of disruptive events Outline the contents of a business impact analysis (BIA) Discuss recovery strategies and the importance of crisis management Explain backup and recovery techniques, including agreements for shared sites and alternate sites 2 Overview of the Business Continuity Plan and Disaster Recovery Plan ◼ Business continuity planning and disaster recovery planning ❑ Share the common goal of keeping a business running in the event of an emergency or interruptions 3 Overview of the Business Continuity Plan and Disaster Recovery Plan ◼ Business continuity plan (BCP) ❑ ❑ ◼ Describes the critical processes, procedures, and personnel that must be protected in the event of an emergency Uses the business impact analysis (BIA) to evaluate risks to the organization and to prioritize the systems in use for purposes of recovery Disaster recovery plan (DRP) ❑ Describes the exact steps and procedures personnel in key departments must follow in a disaster 4 Overview of the Business Continuity Plan and Disaster Recovery Plan ◼ Steps for business continuity planning 1. Identify the scope and boundaries of the business continuity plan ◼ 2. This step typically involves an audit analysis of the organization’s assets and a risk analysis Create the business impact assessment ◼ The BIA measures the operating and financial loss to the organization resulting from a disruption to critical business functions © Pearson Education 2014, Information Security: Principles and Practices, 2nd Edition 5 Overview of the Business Continuity Plan and Disaster Recovery Plan Present the BCP to key senior management and obtain organizational and financial commitment Each department needs to understand its role in the plan and support and help maintain it The BCP project team must implement the plan 3. 4. 5. ❑ BCP must be updated with changes in the organization 6 Why the BCP Is So Important ◼ ◼ ◼ ◼ 80% of businesses without a recovery plan either closed or never reopened within 18 months 70% of companies go out of business after a major data loss 80% of companies without a BCP fail within 2 years 60% of companies that lose their data shut down within 6 months of a disaster Source: Continuity Central, 7 Types of Disruptive Events ◼ Natural events ❑ ❑ ❑ Earthquakes, fires, floods, mudslides, snow, ice, lightning, hurricanes, tornadoes, and so forth Explosions, chemical fires, hazardous waste spills, smoke, and water damage Power outages caused by utility failures, high heat and humidity, solar flares, and so forth 8 Types of Disruptive Events ◼ Manmade events ❑ ❑ ❑ Strikes, work stoppages, and walkouts Sabotage, burglary, and other forms of hostile activity Massive failure of technology including utility and communication failure caused by human intervention or error 9 Defining the Scope of the Business Continuity Plan ◼ ◼ ◼ Identifying critical business processes and requirements for continuing to operate in the event of an emergency Assessing risks to the business if critical services are discontinued, referred to as business impact analysis Prioritizing those processes and assigning a value to each process © Pearson Education 2014, Information Security: Principles and Practices, 2nd Edition 10 Defining the Scope of the Business Continuity Plan ◼ ◼ ◼ Determining the cost of continuous operation and the value ascribed to each service Establishing the priority of restoring critical services Establishing the rules of engagement upon the BCP plan approval 11 Creating the Business Impact Analysis ◼ ◼ Identifies the risks specific threats pose, quantifies the risks, establishes priorities, and performs a cost/benefit analysis for countering risks Three steps ❑ ❑ ❑ Prioritize the business processes, possibly using a scoring system to assign a weight or value to each process Determine how long each process can be down before business continuity is seriously compromised Identify the resources required to support the most critical processes 12 Disaster Recovery Planning ◼ The goals of the DRP Keeping the computers running ❑ Meeting formal and informal servicelevel agreements with customers and suppliers ❑ Being proactive rather than reactive ❑ 13 Identifying Recovery Strategies ◼ ◼ The BCP will identify the critical business processes that must be protected through the BIA documents The function of the DRP is to identify the exact strategy for recovering those processes, specifically IT systems and services that are struck by a disaster 14 Understanding Shared-Site Agreements ◼ Arrangements between companies with similar data processing centers ◼ ◼ Save time and money Could be difficult to implement 15 Using Alternative Sites ◼ Three main forms ❑ Hot site ◼ ◼ ❑ Cold site ◼ ◼ ❑ Provide an uninterrupted service expensive Provides only facilities with no hardware or software Cost effective but it takes longer to set up Warm ◼ ◼ Provides the facilities with hardware Software must be restored 16 Making Additional Arrangements ◼ Multiple centers ❑ ◼ Service bureaus ❑ ❑ ◼ ◼ Processing distributed across multiple sites Provide backup processing services at remote location Quick response, but high cost Mobile units The cloud 17 Testing the Disaster Recovery Plan ◼ Walk-throughs ❑ ◼ Simulations ❑ ◼ Members of the key business units meet to trace their steps through the plan, looking for omissions and inaccuracies Critical personnel meet to perform a “dry run” of the emergency, mimicking the response to a true emergency as closely as possible Checklists ❑ A more passive type of testing and a first step toward a more comprehensive test 18 How to Test a Disaster Recovery Plan ◼ Parallel testing ❑ ◼ The backup processing occurs in parallel with production services that never stop Full interruption ❑ Production systems are stopped as if a disaster had occurred to see how the backup services perform 19 Summary ◼ ◼ ◼ BCP and DRP are formal processes in any business that is concerned about maintaining its operation in the face of a disaster or interruption To implement its DRP a company typically uses outside services The plan must be thoroughly tested using one or more of the five testing techniques 20 …
Purchase answer to see full attachment