This essay has been submitted by a student. This is not an example of the work written by professional essay writers.
Uncategorized

Risk Management Plan for DLIS

Admin 21 Apr 2024

Pssst… we can write an original essay just for you.

Any subject. Any type of essay. We’ll even meet a 3-hour deadline.

GET YOUR PRICE

writers online

Risk Management Plan for DLIS

Outline

  1. 1. Introduction
  2. Scope and boundaries for the plan
  3. Organizations within departments

iii. Level of risk

  1. Risk mitigation plan
  2. Impact Analysis
  3. Business Impact Assessment
  4. Departments
  5. Business Impact

iii. Costs Analysis

  1. 3. Recommendations for Business impact Assessment
  2. Business Impact Analysis Results
  3. Maximum Acceptable Outage

4 Business Continuity Plan for DLIS

  1. Objective
  2. Scope of the plan

iii. Plan Objectives

  1. What is Disaster?
  2. Recovery teams
  3. The Roles and responsibilities of Team members

vii. How to use the plan

viii. Data backup

  1. Procedures for offsite storage of data
  2. Incident of a disaster
  3. Computer Incident Response Team Plan
  4. i. Secure funding for relocation
  5. ii. Notify EMT and corporate business units of recovery Startup

    Don't use plagiarised sources.Get your custom essay just from $11/page

iii. Operations recovered

Introduction

The objective of the risk assessment plan is to curb effects of a disaster. For this case , the plan for DLIS is vital in providing information on the cost of the outage assigning duties to the members, documentation of recommendations, creating plans for actions and milestones and implementing recommendation.

 

Scope and Boundaries

Risk assessment involves identification of the potential threats, analyzing and evaluating what might happen if the risk occurs. This affects nearly all organizations. For instance mechanical breakdown, fire, cyber-attack, terrorism, supplier failure, utility outage and work violence. Some the assets art risks are people, business operation, information technology and reputation or confidence in an entity. The consequences of the risk include financial loss, loss of confidence in the organization, and business interruption

Network expert must play a role of keeping the network safe and secure to avoid the risk of information being hacked cyber security personnel plays a role of keeping all the data secure and maintains the computer network

Organizations and individuals within the Department.

Information logistic department

Departmental managers are involved in controlling, planning directing and implementing the work flow within the department .This will ensure effective and efficient flow of information between the departments.

Other duties within the department will be delegated to the departmental supervisors this will enhance efficient and effective work flow .This will minimize duplication of roles.

 

 

 

 

Levels of risk

Low

No control measures required because the threat is less effective and requires low cost to implement.

Medium the risk is lowered to the tolerable level and the cost should be added so as to implement risk reduction measures.

 High measure should be put in place to curb this threat because it very harmful and at the same time resources should be allocated to ensure control measures are put in place to control the situation

Risk mitigation plan

The adverse impact of a security event can be described in terms of loss or degradation of any, or a combination of any, of the following three security goals.

Lack of Confidentiality information should not at all be disclosed or made available to unauthorized individuals, entities or processes (Stone burner et al 2002).

Integrity it’s about the completeness and complete and accuracy of data and cannot be changed or altered.

Availability-The computing system must be effective, efficient and available so as to prevent service interruptions and to ensure communications channels are in proper conditions.

Impact Analysis

Type of Impact

High – may result in the highly costly loss of major tangible assets or resources.

– may significantly violate, harm, or impede an organization’s mission, reputation, or interest.

-may result in human death or serious injury.

Moderate -may result in the costly loss of tangible assets or resources.

-may violate, harm or impeded an organization’s mission, reputation, or interest.

– may result in human injury.

Low-may result in the loss of some tangible assets or resources.

– may noticeably affect an organization’s mission, reputation, or interest.

Defense Logistics Information Service (DLIS) Business Impact Analysis Plan

Business impact Assessment

. (DLIS) provides supplies to the military services and supports their acquisition of weapons, repair parts and other materials.

Departments

  • Land and Maritime
  • Troop Support
  • Aviation
  • Energy
  • Disposition Services
  • Distribution
  • Logistics Information Service
  • Documentation Center
  • Defense National Stockpile Center to DLA Strategic Materials

Business Impact

Critical business function and non-critical business functions

Wide Area Network consisting of over 250 files servers around the world

Network Infrastructure Systems Administration

Email VPN Automated systems Remote Access |

Costs analysis

This includes days used ,dollars spent  ,email ,the area networking with over 250 files servers worldwide and network infrastructure.

Business Impact Analysis Results

Maximum Acceptable Outage

Wide Area Network consisting of over 250 files servers around the world. = 12.0 days = 60,000

Network Infrastructure Systems Administration. = 9days = 50,000

Email. = 10.0 days = 60,000

Wide Area Network: Cost of loss would be complete company bankruptcy without the wide area network there is no company. To mitigate the WAN; firewalls and IT personnel will maintain logs and constant redundancy so if one server goes down than the organization will have a backup and then update the new server to play catch up. Cost of loss would be 30,000 dollars in six days the maximum acceptable outage is one day.

Network Infrastructure Systems Administration: Cost of loss would be 25,000 dollars in four in a half days the maximum acceptable outage is one day. The mitigation plan for the NISA would be constant SP and correct configuration.

Email: Cost of loss would be 15,000 dollars in one in half days the maximum acceptable outage is one day. Mitigation to the risk is to keep backups in place if the E-mail server fails, the customers can’t complete their purchases(Stone burner et al 2002).

(DLIS) Business Continuity Plan

Purpose

The purpose of this business continuity plan is to prepare (DLIS) and the employees in the event of extended service outages caused by factors beyond our control (e.g., natural disasters, man-made events), and to restore services to the widest extent possible in a minimum time frame. All (DLIS) sites are expected to implement preventive measures whenever possible to minimize network failure and to recover as rapidly as possible when a failure occurs(Stone burner et al 2002).The plan identifies vulnerabilities and recommends necessary measures to prevent extended service outages. It is a plan that encompasses all (DLIS) system sites and operations facilities.

Scope

The scope of this plan is limited to DLIS global reach and at least 50 file servers and various databases. Running everything from an enterprise resource planning (ERP) system to the organization payroll system that has an electronic funds transfer (EFT) capability (Seneviratne pg. 44, 2009)And (DLIS) has a warm site within 50 miles of the headquarters data center.

Plan Objectives

Serves as a guide for the DLIS recovery teams.

Provides procedures and resources needed to assist in recovery.

Identifies vendors and customers    must be notified in the event of a disaster.

Assists in avoiding confusion experienced during a  crisis by documenting, testing and reviewing recovery procedures. Identifies alternate sources for supplies, resources and locations.

Documents storage, safeguarding retrieval procedures for vital records.

What is disaster?

Any loss of utility service connectivity or catastrophic event that causes an interruption in the service provided by DLIS operations. The plan identifies vulnerabilities and recommends measures to prevent extended service outages.

Recovery teams

Emergency Management Team.

Local Restoration Team.

Incident Response Team.

 

 

Team member responsibilities

Each team member will designate an alternate backup.

Keep an updated calling list of their work team members’.

Keep this binder for reference at home in case the disaster happens during after normal work hours.

Instructions for using the plan

When disaster occurs, Normal problem management procedures will initiate the plan, and remain in effect until operations are resumed at the original location and control is returned to the appropriate functional management.

Data backup policy

Full and incremental backups preserve corporate information assets should be performed on a regular basis for audit logs and files that are important (WestBrown et al 2013). Backup media should be stored in a secure way. Department specific data and document policies specify what records must be retained and for how long.

Offsite storage procedures

Only senor IT staff can be in the offsite campus backing up DATA for the 50 file servers and various databases.

In the event of a natural disaster

Dial 9-1-1 to contact the fire department

Immediately notify all other personnel in the facility of the situation and evacuate the area.

Alert the Regional Technical Manager.

In the event of a network services provider outage

Notify Regional Technical Manager of outage.

Computer Incident Response Team Plan

Secure funding for relocation.

Make arrangements in advance with suitable backup location resources, with local banks, credit card companies, hotels, office suppliers, food suppliers and others for emergency support. Depending on the incident, contact the appropriate alternate site organization, the local bank office and other relevant firms (West Brown et al 2013). Then notify the appropriate company personnel.

Operations recovered

Assuming all relevant operations have been recovered to an alternate site, and employees are in place to support operations, the company can declare that it is functioning in a normal manner at the recovery location.

 

 

 

 

 

 

References

West-Brown, M. J., Stikvoort, D., Kossakowski, K. P., Killcrece,G., & Ruefle, R. (2013). Handbook for computer security incident response teams (csirts) Carnegie-Mellon univ pittsburgh pa software engineering inst.

Seneviratne, S. J. (2009). Information technology and organizational change in the public sector. Information technology and computer applications in public administration: Issues and trends, 304.

Stoneburner, G., Goguen, A.Y., & Feringa, A. (2002). Sp 800-30. risk management guide for information technology systems.

 

  Remember! This is just a sample.

Save time and get your custom paper from our expert writers

 Get started in just 3 minutes
 Sit back relax and leave the writing to us
 Sources and citations are provided
 100% Plagiarism free
GET CUSTOM ESSAY
Copyright © 2016
error: Content is protected !!
×
Hi, my name is Jenn 👋

In case you can’t find a sample example, our professional writers are ready to help you with writing your own paper. All you need to do is fill out a short form and submit an order

Check Out the Form
Need Help?
Dont be shy to ask