Running Head: Business Continuity Plan

Your Name

Course Title

Instructor’s Name

Name of Institution

Date Submitted

Abstract

Business organization normally in the process of conduction their daily tasks encounter risks that disrupt the smooth flow of business. Software development companies are amongst the hardest hit considering the ever changing and advancing technologies coupled with the crucial position that these computer systems hold in these firms.

After conduction a risk assessment test in our internet based information database, we came out that our database was vulnerable to computer crimes which would compromise the integrity of the information in our computer systems. Various recommendations ere made on how to deal with the issue and with the highly advanced technology and experienced information technology staff that we have. We are going to embark on the process of recovering, protecting,

Business Continuity Plan

maintaining and ensuring secure continuity of business with regard to the database management system.

This paper establishes a business continuity plan which is aimed at taking corrective measures in the internet database e of our company which we realized that is highly exposed to risks of illegal intrusion by computer criminals lick hackers and crackers. It explain the long term and the short term measures that the company is going to implement in securing the database management system, the scope of the plan and the areas which the company believes will need more improvement at a alter stage.

The scope of this plan is going to be limited to the database management systems that are installed within the company and the supporting systems. The work of recovering the system is going to be accomplished by the company’s information technology department staff together with other experts whom the company is going to out source from the wider market.

The process of improving the information systems security level is expected to take as long as a month under which the company will be using the back up system to run its day to days operations.

Introduction

The integrity of data within an organizations database is one aspect which highly determines the survival and even improvement of an organization. Or organization has been very alert in terms of protecting our information systems and the database included. However, with the advanced technology, we have realized that a number of loopholes had left the company database system at risk. This situation was aggravated by the fact that the database is connected to the internet and hence hackers could access it at a variety of point. We believe t hat great care should now be taken in limiting the risks that the company database is exposed to. The steps that are

Business Continuity Plan

outlined within this paper are going to be instrumental in ensuring that these goals are met within the specified period of time

Implementation of the plan

The scope

This business continuity plan is expected to cover all the departments within this software Development Company. All the databases are going to be checked for risks and corrections made where there is need. The systems which are also connected to the database and the networks are also going to be inspected in ensuring that no part of the company’s information systems is left out.

All the workers within the company are also going to be considered in implementing the security systems. For this reason, they will be offered training on the procedures to applying in using the systems with regard to the levels of privileges accorded to them

Methods used for dealing with database security issues

The company’s internet database managements system is already equipped with some reasonable security measures like the application of firewall level agents and network level agent. These measures are however not reliable enough in terms of ensuring maximum information and information systems security .the Company has therefore decided to establish some additional measures in enhancing the security system of the company database.

Business Continuity Plan

Like we had recommended before, the company is going to employ the most modern methods of detecting and preventing the illegal intrusion of the internet database of the company. Some of the measures that the company’s going to put into place include the application of cryptographic systems and also the use of other authentication systems like biometrics.

Biometrics

The use of biometric method is going to be implemented in enhancing the level of security of the company’s internet database. The application of this machine learning system is going to bee effective in determining whether there is illegal physical intrusion of the system.

By detecting the hands and the faces of the individuals who access the database, the biometrics system is going to be able to know who is authorized to access the data in the company’s database and to what level cam he use or manipulate the information. This system is going to be effective in preventing illegal intrusion of the systems both from the outside criminals and the internal staff. (Federal Financial Institution Examination Council: Information Security)

Each and every staff will have his/her physical features scanned and analyzed then incorporate within the companies information systems and used as a basis for detection of illegal intrusion.

Cryptographic systems

Because of the limitations that our firewalls systems have presented over the past years the company has decided to enhance our level of security by incorporating the use of cryptographic systems within our information security measures. The technique which has proved functional

Business Continuity Plan

for other organization is going to be implemented within our internet database in the hope that it will limit the level of intrusion into our systems by unauthorized parties.

Being one measure of security that allows for the exchange and disclosure of hidden keys and algorithms only among the authorized members of the organization, the use of cryptography will be essential in protecting all the components relating to middleware, operating systems and the applications within the entire information database.

The method of cryptography that the company is going to put in place is the cryptographic harsh which will aid the company in the verification of the integrity of information within networks or computer system and hence the company database. The company has chosen the method since the use of the shortened fixed variable used within the harsh cryptographic system is easy to learn and hence use. By applying this method, a little time is going to be used in training the staff on how they will decrypt data which has been encrypted by the senders. All the members of staff of the company are also going to be sensitized on the ways of encrypting data before they sent it or store it within the database. Individuals within the organization will therefore be able to access and share data securely depending on the level of privileges that the systems administrator is going to assign to them

Cookies

Considering the fact that the company also have a database which serves the companies website, measures are going to be put in protecting the specific database and hence the information that is presented in the website. The information technology department has realized that there is need for the use of cookies in monitoring the content that a user has accessed and/or inserted within the database. The cookies are going to be effective in filtering what is relevant and what is irrelevant in terms of information content. This method will help in ensuring that only worthwhile data is entered within that database. This will go along way in enhancing the level of data integrity within the databases and the website.

Business Continuity Plan

The company is also implementing short time measures that will be used in detecting intrusion into the system. The system administrator is on high alert and since he is able to monitor all the activities that go on across all the systems within the organization, he will prevent the illegal intrusions of uses as soon as he find out.

The company has also laid down procedures for workers which are instrumental in ensuring that information security is maintained. Illegal intrusion into the system by staff will be punishable in accordance with the company’s regulations.

Limitations

As the company forecasts, the implementation of this plan is going to have some difficulties considering the level of computer literacy within other departments in the organization, The use of some of these systems is therefore going to take long to be fully implemented as learning how to use systems like cryptography is going to be too tasking for some of the staff.

Some of these methods though the best in the information security world, may have a short time impact. The growth of technology has always resulted into advanced tactics on the side of the computer criminals. The possibility that the hackers may use more stringent measures to intrude into the system is therefore of great concern to the company

Conclusion

Illegal physical intrusion of company databases is an issue that many companies are trying to come to terms with and the situation has seemed to worsen with the advent of more technical computer equipment. The increasing number of computer criminals ahs not helped with the

Business Continuity Plan

matter and hence companies are force to be always on the outlook for risks that may affect their organization.

The process of risk is one measure that has helped organization in dealing with this issue. By analyzing situations and finding out their points of weaknesses organization are now able to control the intrusion of hackers and crackers into their information systems.

Our company has also been at the forefront of individuals who illegally access these d databases. Various methods have been used in the past to ensure that our database systems are secure. However with the implementation of the planned improvements, we will be assured of a more secure environment for our information.

References

Anderson JM (2003) Why We Need A New Definition Of Information Security : Elsevier

High beam Research, Inc. (2009.) Information Security Risk Analysis, (2d Ed)

Hiles A (2004) Business Continuity: Best Practices World Class Business Continuity Practices ( 2

nd

Ed) : United Kingdom: Rothstein international Inc

Federal Financial Institution Examination Council (2006) Information Security

Business Continuity Plan

Wallace M, Webber L (2004) The Disaster Recovery Handbook: A Step By Step  Plan To Ensure Business Continuity And Protect Vital operations, Facilities And Assets

,

USA: Michael Wallace And Lawrence Webber