CMGT Week 3
re.bertyh.elpsfuben.t
CMGT245AssignmentWeek3IndividualSecurityRiskReviewContingencyPlan3rd.pptxInformation Security Risk Review/ Assessment and business continuity
What is a information security review/assessment plan ?
A plan to secure and protect your data and networks on your information system
To identify, assess, and take steps to avoid or mitigate risk
Every Small Businesses should have a plan:
Businesses needs to survive and recover.
A commitment to planning today will help support employees, customers, the community, the local economy and even the country. It also protects your business investment and gives your company a better chance for survival.
Key Steps in planning For a Flood
Continuity Planning
Emergency Planning For Employees
Talk to Co-Workers with Disabilities
Emergency Supplies
Planning to Stay or Go
Review Insurance Coverage
Secure Your Equipment
Secure Facilities, Buildings
Improve Cyber Security
All of these steps do play a part in planning to keep your business running after some type of disaster. The ones highlighted are what we are going to focus on to allow Ben’s to continue to service his costumers follow a flood.
Continuity Planning:
Carefully assess how your company functions, both internally and externally. Determine which staff, materials, procedures and equipment are absolutely necessary to keep the business operating.
Planning to Stay or Go
Circumstances and the nature of the disaster, the first important decision after an incident occurs is whether to shelter-in-place or evacuate. For Ben he wants to stay in place and continue to operate his business. So having a plan in place to stay with be key to him to continue operating his business. If the flood damaged the building you will typically want to evacuate.
Secure Your Equipment
The force of some disasters can damage or destroy important equipment. You want to do a room-by-room walk through to determine what needs to be secured. Ben should elevate equipment off the floor to avoid electrical hazard during flooding.
Brown, Quentin CTR USSOCOM USASOC HQ (BQCUUH) -
Secure Facilities, Buildings
While there is no way to predict what will happen or what your business’s circumstances will be. There are things you can do in advance to help protect your physical assets.
The ways in which people, products, supplies and other things get into and leave your building or facility.
Identify what production machinery, computers, custom parts or other essential equipment is needed to keep the business open.
Plan how to replace or repair vital equipment if it is damaged or destroyed.
Identify more than one supplier who can replace or repair your equipment.
Store extra supplies, materials and equipment for use in an emergency.
Finally, plan what you will do if your building or store is not usable.
Improve Cyber Security
Protecting your data and information technology systems may require specialized expertise.
Depending on the particular industry and the size and scope of the business.
The cyber security can be very complicated. Even the smallest business can be better prepared.
Use anti-virus software and keep it up-to-date.
Don’t open email from unknown sources.
Use hard-to-guess passwords. Protect your computer from Internet intruders by using firewalls.
Back up your computer data. Regularly download security protection updates known as patches.
Make sure your co-workers know what to do if your computer system becomes infected.
data backup
Data Backup Plan
Store your data on the network server, computer and any wireless device.
Any hard copy records and information
Should schedule backups for all systems and devices.
To make the hardcopy records and information backup easy, you can make digital copies by scanning them to a network drive.
The frequency of backups, security of the backups and secure off-site storage should be addressed in the plan.
Data Backup 2
Small business doesn't generate large amounts of data or data files.
Data can be lost, corrupted, compromised or stolen through hardware failure, human error, hacking and malware.
Loss or corruption of data could result in significant business disruption.
Vendors offer online data backup services like storage in the “cloud”. This is a cost-effective solution for businesses with an internet connection.
The software would be installed on the client server or computer is automatically backed up.
Reference page
https:// www.ready.gov/business/implementation/IT
http:// www.hse.gov.uk/comah/guidance/off-site-emergency-planning.pdf
http://www.mass.gov/anf/research-and-tech/cyber-security/security-for-state-employees/risk-assessment/risk-assessment-guideline.html
