Contingency Planning (CP)
The overall process of preparing for unexpected adverse
events is called contingency planning. Goal of Contingency planning is to
restore normal modes of operation with minimal cost and disruption to normal
business activities after an unexpected adverse event.
During contingency planning, Information Security
communities and respective organizational units to prepare for detect, react to
, and recover from events that threaten that security of information resources
and assets, which includes human, information, and capital.
Components of CP:
·
Business impact analysis (BIA)
·
Incident response Plane (IR Plan)
·
Disaster recovery plan (DR Plan)
·
Business Continuity Plan (BC Plan).
According NIST recommendation following steps required to in Developing CP
·
Develop the policy statement. A formal policy
provides the authority and guidance necessary to develop an effective contingency
plan.
·
Conduct BIA. The BIA helps identify and
prioritize information systems and components critical to supporting the
organizations mission/business process.
·
Identify preventive controls. Measures taken to
reduce the effects of system disruptions can increase system availability and
reduce contingency life cycle costs.
·
Develop a contingency plan. The contingency plan
should contain detailed guidance and procedures for restoring damaged
organizational facilities unique to the each business unit’s impact level and
recovery requirements.
·
Ensure plan, testing, training and
exercises. Testing validates recovery capabilities,
whereas training prepares recovery personnel for plan activation and exercising
the plan identifies planning gaps; combined the activities improve plan effectiveness
and overall organization preparedness.
·
Ensure plan maintenance. The plan should be a
living document that is updated regularly to remain current with system
enhancements and organizational changes.
Reference: Management of Information Security by Whitman and
Mattord
No comments:
Post a Comment