The Value Of Information, Risk Management & Business Continuity - A Logical And Structured Approach

-
The Value Of Information, Risk Management & Business Continuity - A Logical And Structured Approach




VALUE of INFORMATION

To ensure continuity (going concern) we make use of many resources. The unavailability or impairment of some resources will threaten continuity and affect our chances of success and sometimes our chances of survival. One of these important/critical resources is information.

We can consider the 'intrinsic" value of information as the cost of acquiring, the means for storing, structuring, maintaining and delivering the information (computer systems).

The "consequential" value of computerized information is the potential loss (revenue, ability to service) if the information was destroyed/corrupted or could not be delivered on time.

We can buy insurance to cover the loss or inability to deliver/process information. However, that does not replace the loss.

So, where do we go from here? We need to protect against the loss of information and information systems and implement measures to recover the information and the systems. We cannot devise and implement effective measures based on theoretical assumptions or guesswork or gut feel. How much is too much? How much is not enough?

Our first step is the Risk Analysis where:

We establish the "intrinsic" and "consequential" values.
We identify the threats and the risks.
We remove the threats and minimize the risks where possible.

Our next step is to devise and implement contingency measures to address scenarios where the preventative measures have failed. With a good Risk Analysis we have removed the theoretical assumptions and have a much better measure of how much to invest in our contingency plans.

CONTINGENCY PLANS and CONTINUITY

Contingency plans can be produced quickly based on theoretical assumptions and expert consultations. While presenting a logical/methodical solution and giving a warm feeling ("WE HAVE A PLAN"), such a plan is only worth the paper it is written on.

A documented plan that is effective is the END RESULT of a process that adopts practical and tested (proven) solutions.

The method of developing and proving a Contingency Plans must be logical and practical. The method must answer the needs, be cost effective and provide the vehicle for success.

As opposed to other systems geared to supporting the business functions, contingency plans are not going to improve the profit margin or improve productivity. It involves added costs and human resources from which direct and tangible benefits might never be realised. It is, however, a key component of the overall strategy for protecting assets and ensuring business continuity and survival.

CONTINGENCY PLANS - Developing and Implementing the Plan

The definition of an effective plan:

A good Contingency Plan is a comprehensive and consistent statement of actions, tasks, dependencies and milestones along with resources required to accomplish a required level of recovery for given functions at given locations within given time frames.

The key words or sentences to be extracted from this definition are: ACTIONS/TASKS, DEPENDENCIES, RESOURCES, LEVEL OF RECOVERY, FUNCTIONS, LOCATIONS and TIME FRAMES. A good plan should address all these key words or sentences. A good plan should be detailed but to the point. It should exclude any lengthy policies and theoretical information. It is primarily an action plan giving very specific instructions.

I hope this short article and visits to my Blogs will help you in effectively addressing Business Continuity. Visit my Blogs below for more in depth discussions:

http://disaster-recovery-risk-assesment.blogspot.com/ for Value of Information.

http://disaster-recovery-planningcontinuity.blogspot.com/ for Contingency Plans and Continuity.

http://disaster-recovery-developplan.blogspot.com/ for CONTINGENCY PLANS - Developing and Implementing the Plan

Copyright José Masson All rights reserved.

José Masson has been in the IT industry for more than 30 years and writes about Information Protection and Information Security.

Article Source: http://EzineArticles.com/expert/Jose_Masson/95013


Article Source: http://EzineArticles.com/1129017



_(By Jose Masson).

Comments

Post a Comment

Popular posts from this blog

Homer

-
Learn to put the cart before the horse, the acid before the water, the fuel away from the blaze &/or flame and the surf before the wave or you are liable to plunge into destruction.
Read more

The Strategic Use of Information Technology

-
The Strategic Use of Information Technology TEACHER: Hello, Student. What do you know about Information Technology (IT)? STUDENT: Well, I know that most software is full of "bugs"! By the way, why are these errors in programs called "bugs"? TEACHER: Computer "bugs" have been around since malfunctions in a 1945 Mark II were blamed (facetiously) on a moth trapped in a relay. Nowadays the term refers to programming flaws -commands that don't accomplish the desired result. But I am sure you must know more about IT than the fact that programs have bugs! STUDENT: Recently I read an interesting article written by John Diebold years ago. Allow me to quote from it: "Information technology . . . is becoming increasingly the key to national economic well being, affecting virtually every industry and service. One would be hard-pressed to name a business that does not depend on the effective use of inf
Read more