Project 1: Vulnerability and Threat Assessment Step 12: Write Overview and Compile Final Vulnerability and Threat Assessment Report


Urie L. Reed

University of Maryland Global Campus

CMP 630 Risk and Organizational Resilience

Professor Hank Williams

The disaster recovery plan's scope describes the procedures that should be followed to recover all the critical services following a significant disaster that inhibits a financial institution from providing its services to its customers. The scope of this information technology disaster recovery plan is the primary objective of recovery planning. In order to survive an attack, a financial institution has to ensure that its critical operations resume as soon as possible or usually continue when the financial institution is attacked. Throughout the plan, it establishes the lines of authority and the teams responsible for ensuring that the financial institution resumes its operations as soon as possible. The team members' responsibilities that are integral in the implementation of this plan have also been stipulated clearly. That will avoid confusion and promote teamwork to ensure that the financial institution recovers as fast as possible. Although the likelihood of an attack occurring is minimal, it has catastrophic effects if it happens. That makes the disaster recovery plan significant in a business.

Its objectives guide the scope of this disaster recovery plan. The objectives of this disaster recovery plan are listed below.

1. It should help in the identification of the lines of business and supporting functions. That will ensure that the disaster recovery team focuses on the key and essential services before dealing with the financial institution's support services.

2. The plan should reduce the complexity of the recovery effort. To recover effectively and in a short period, the disaster recovery plan needs to be concise and understandable. Complex plans will increase the time used to ensure that the financial institution resumes its operations.

3. The plan should facilitate effective coordination of recovery tasks. That will be done by identifying the teams that will play a role and the role that they will play. That will avoid confusion and promote coordination among the groups, thus promoting joint effort.

4. The plan should stipulate the measures that will be taken to minimize the damage and the losses that may occur after a cyber-attack.

5. The plan should stipulate the measures that should be implemented to ensure the continuity of critical business operations. That will enable the financial institution to operate as the disaster recovery teamwork to mitigate all the effects of a cyber-attack.

6. The plan should develop ways to minimize the severe disruption of resources and operations when a cyber attack occurs.

When coming up with the disaster recovery plan, some factors need to be considered and fulfilled.

Contingency plans that address the immediate and long-term needs for the data center and other business facilities should be developed. That will be part of the disaster recovery process. The alternatives for providing backup operations capability and timely restoration of the services should be identified. The costs and the alternatives' benefits should be considered before choosing the most effective alternative for a financial institution. The immediate, extended, and intermediate recovery resource requirements and needs should be identified. That will ensure their availability so that they may be used in case of an attack. The vulnerability of significant service interruptions in the data center and other business facilities should be identified. That will ensure that effective preventive measures are identified to mitigate the vulnerabilities. Additionally, the most vulnerable areas and processes should be the priority in the disaster recovery plan.

Several assumptions are considered when coming up with a disaster recovery plan. The beliefs limit the circumstances that the disaster recovery plan addresses. The assumptions can also be used to indicate the disasters that the disaster recovery plan wants to address.