Activation Process Summary

Improved Essays
Activation procedures first begin with the designation of personnel to authorize declaration of disaster and signaling of resumption of normal processing, which TAMUITDRP effectively states that the President, Vice President, and Chief Information Officer hold these responsibilities. A team is also pre-organized with specific responsibilities if a confirmation of threat is declared. Within a large organization, each team has a leader (and alternates) that are key university personnel that are IT specialists. Within smaller organizations, such as TAMU, IT staff must be assigned to multiple teams with specific assignments based on the knowledge, experience, and availability (Texas A&M University, 2012). Another key player of DRP team is the DRP …show more content…
Cost and funding was not discussed except briefly highlighted in the administrative responsibilities overview and the testing the DRP section (Texas A&M University, 14, 56). These mentions only state to make sure plan is “cost effective” yet the DRP fails to designate how to do so. The lack of discussion of cost may have something to do with the lack of strategic decisions based on the BIA. The lack of business impact analysis is troublesome being that the entire DRP rests on its evaluation of the system and its criticality. According to the NIST document, the BIA is the primary source for determining resiliency and contingency planning strategies (Swanson, Bowen, Phillips, Gallup, & Lynes, 2010). The results of the BIA determines the amount of impact of loss could have on the university, determines the backup type and frequency, the type of alternative facility needed, and the need for mirroring of data (Swanson, Bowen, Phillips, Gallup, & Lynes, 2010). To effectively mitigate IT risks a complete RA and/or BIA should be available that includes an awareness of the wide range of potential risks to critical business/university systems. To properly mitigate risk there should be an organized method that is created to implement effective risk …show more content…
Having a solid and complete BCP/DRP not only ensures that the university establishes and maintains clients’, customers’, and suppliers’ trust in the security of their intellectual property and private data but it also facilitates legal compliance and privacy obligations for a more stable business future. It is imperative to identify, protect, and maintain security of the universities online systems from everyday internal and external digital threats. To do this there must be proper and up-to-date policies, procedures, and codes of conduct in place to ensure corruption of systems does not occur. There was a lack of attention to possible human error that could cause disastrous effect to the university and its IT systems. Personnel must be efficiently trained and supported in these critical IT processes and risk strategies to ensure that they do not unknowingly contribute to intrusions of systems and if so, what actions should be taken in the occurrence of a security breach. Security threats or breaches are bound to occur at some point in the universities lifespan; this is when insurance becomes a crucial measure in the planning of IT risk and recovery procedures. This business insurance should be maintained and updated to ensure coverage of new and emerging threats to the business landscape.

Related Documents

  • Improved Essays

    Risk management is a critical undertaking that must be addressed within every endeavor. Without a thorough risk assessment, a project can suffer major setbacks, increased costs, and the potential project failure. Along with evaluating each project for potential risks, each organization must also determine the type of risks that the organization will tolerate, mitigate or avoid. By identifying potential risks, a project management office (PMO) can develop an effective risk management plan that will protect the interests of the business and ensure project success. Background Risk management plans are a critical function of every project and must be continually performed within the project lifecycle.…

    • 946 Words
    • 4 Pages
    Improved Essays
  • Improved Essays

    As security threats continue to increase in frequency and complexity, small businesses must be vigilant and proactive in employing security measures. By implementing security solutions at multiple tiers, patching vulnerabilities, educating users, and keeping critical data backed up, small businesses can continue to leverage computer technology to keep their businesses competitive in an increasingly sophisticated digital…

    • 967 Words
    • 4 Pages
    Improved Essays
  • Great Essays

    C Analyze risks Identifying the mechanism that deal with the recognized risks and measure their strength. Based on this assessment, considering the risks in terms of possibility and significance, and the present risk level. Risk analysis is the procedure of defining and analyzing the threats to personals, organization and government agencies posed by potential natural or human-caused adverse events. A risk analysis aids to integrate security program with the company 's goals and requirements. It also helps the company to assign a suitable budget for an effective security program and its components.…

    • 1790 Words
    • 8 Pages
    Great Essays
  • Great Essays

    Information security policy refers to measures taken by a company in an attempt to control the behavior of the labor force. The policy ensures that no inappropriate activities take place within the working environment. As part of the rules that the policy has to abide by is the compliance with the laws and regulation and the ability to create defense in the court (Peltier, 2016). The management must support and administer the policy in a suitable manner. It is imperative to tailor the policy as a way of meeting the needs of the company.…

    • 1257 Words
    • 6 Pages
    Great Essays
  • Improved Essays

    Maintaining the security for a network can be challenging task. Hackers often seem to be one step ahead of network users, even those who are following the best security practices. However, securing the network is essential to protecting for privacy, reducing the risk of identity theft, and preventing hackers from steal of important data. Before company reconnect the network can take a security practices for protecting company sensitive information and data by preventing, detecting, and responding to a wide variety of attacks. I will provide more security for our company network by constructing firewalls and regular updating the login and password credentials (Whitman, Mattord, & Green,…

    • 855 Words
    • 4 Pages
    Improved Essays
  • Improved Essays

    Developing Strategic Action Plan: After the evaluation of the current IT status, identification of opportunities and issues and the creation of a implementation team with defined functions and roles, the Strategic direction must be defined; Strategic vision and afterwards, review and assess strategic options and while considering IT’s objectives, business priorities, resources needs and limitations. In this stage is very important any ‘data migration’ issues in order to avoid future complication in the process. This strategic plan will be finished with a thorough study of the resource needs that is integrated to the overall strategic plan in this way its development can be control and managed. V. Developing a Tactical Action Plan: In this stage we will be focusing in the potential issues and obstacles the new IT strategy can face, either from an IT perspective or a business-organization perspective. In this stage we also quantificate the resources needed in order to have an detailed view of the costs, benefits, impacts and risk of the implementation.…

    • 2441 Words
    • 10 Pages
    Improved Essays
  • Improved Essays

    SWOT analysis is a formal approach, where we analyses the strengths and weaknesses of the organization and opportunities and threats they will face in future of the project. Risk analysis is spotting risks occurs in project, weaknesses in the operation of project and identifying the risks that organization will be exposed. From the above risk analysis, there are changes of neutralizing some risks.…

    • 745 Words
    • 3 Pages
    Improved Essays
  • Improved Essays

    To protect my company assets from cyber threats/attacks many things must be taken into consideration because there is always a deeper internal issue in what we believe is secure. Risk assessment and risk management are both very important parts of planning to create a safe, secure work environment to protect my employees and company both on the inside and outside of the company. I would assure that my company conducts a risk assessment periodically. This helps to see what has failed in the past versus what improvements and corrective actions have been made to present day. Comparing and contrasting the effects of failures also helps to determine if the current improvement fall into the same category.…

    • 700 Words
    • 3 Pages
    Improved Essays
  • Improved Essays

    EDAD 524: Legal Case Study

    • 1355 Words
    • 5 Pages

    Once again this program has no terms provided for dismissal of the program. The bare minimum obligation of these contracts is for the university to act in good faith. Typically, in contract law, the courts defer to the university. Robert failed to meet many of the requirements listed to earn the degree, however there is no clear readmission policy provided. The university breached the contract because there was no language that would have made Robert know he was in danger of being dismissed from the program.…

    • 1355 Words
    • 5 Pages
    Improved Essays
  • Improved Essays

    Developing data analytics to monitor and screen cybersecurity threats and react to threat attacker episodes and review log activities (Bergquist, 2016). Technical recommendations to boost security without significantly increasing personnel management can be achieved by incorporating security frameworks reviews, examining any area(s) of weakness or vulnerabilities and implementing security controls. Business partners of ABC Healthcare such as banks, vendors, and collection agencies will continue to thrive with the integration of proper security measures without introducing significant overhead and complexity. Integrating data sharing polices can protect the information and ultimately reduce the level of access to individuals information. To tackle information security infringements, ABC healthcare business partners must concentration on the collaboration of security control with ABC Healthcare to enforce security regulations such as data encryption, data sharing and disposal policies, and educate personnel by…

    • 782 Words
    • 4 Pages
    Improved Essays