The issues, procedures, and techniques involved in IT resource Research Paper

The issues, procedures, and techniques involved in IT resource contingency planning - Research Paper Example In this regard, a study of a sampled organization which has implemented a range of technologies is to be accomplished. The primary purpose of the investigation is to evaluate the policies, approaches, procedures, and teams which are associated to incident response and recovery. A secondary purpose of the investigation is to develop a set of the effective measures to ensure that the organization achieves business continuity after incidences with minimum incurrence of costs. As per the hypothetical case study, currently there is no business continuity, disaster recovery and incident response plans. In order to do so, there are many factors that can be taken into consideration. The first objective is to establish a risk management framework. The risk assessment framework will incorporate asset identification and classification. Asset identification can also be called as asset inventory. Asset inventory comprises of all assets that are deemed critical, important or general. After establi shing asset inventory, asset classification is carried out. Likewise, the classification scheme will be drawn, as defined by the data, system or application owners, as they are the relevant people to determine the levels for each asset. After defining the asset inventory and asset classification, our next objective is to carry out risk management. Likewise, risk management comprises of two components i.e. Risk assessment and Risk management. Risk assessment incorporates cost benefit analysis that justifies the total cost of the asset and the total cost required to protect and ensure redundancy. However, it is essential to make a balance or the total cost of an asset may not exceed the total cost required for securing it or providing redundancy. Critical questions that need to be answered for conducting a successful risk management are: Which information asset is the most critical to the success of the organization? Which information asset generates the most revenue? Which informatio n asset generates the highest profitability? Which information asset is the most expensive to replace? Which information asset is the most expensive to protect? Which information asset’s loss or compromise would be the most embarrassing or cause the greatest liability? After the completion of risk assessment, risks can be prioritized and can be managed with associated or allocated cost and their impact levels on the business. Moreover, for establishing a comprehensive business continuity plan, following factors are mandatory: Business Continuity Planning Governance Business Impact Analysis (BIA) Procedures and activities for business continuity Instant procedures Quality assurance The disaster recovery sites must ensure to meet the Recovery Time Objectives, Recovery Point Objectives Service Delivery Objectives, Crisis Opening (Disaster Declaration) and Crisis end. Figure 3 illustrates the formulation of designing and validating a BCP plan based on these parameters. Figure 3 I mage Retrieved from (Sheth, McHugh, & Jones, 2008) Furthermore, for establishing incident response functions, Computer security incident response teams are required with trained staff. Through a sampling methodology, a convenient sample will be attained from organizations which have heavily employed technology in their operations and have been affected by security incidences and breaches. Therefore a primary research methodology will be conducted to gather data and information on the approaches which the organizations selected in the sample employ in the achievement of effective response and recovery