Ensuring Business Continuity in Order to Protect Data Assets
Many businesses, especially those related to information technology, view data as a preeminent asset. Some assets, such as physical property and equipment are more obvious, but those that are less noticeable can be of greater value, define an organization’s image and success, and offer a competitive advantage. Information is considered such an asset and the collection, maintenance, and update of this asset is critical to an organization’s short and long-term success. Having information that is accurate, dependable, and current is often essential in a business’s day-to-day operations. For example, many businesses directly linked to the financial sector depend upon accurate and current information in order to perform daily financial transactions relating to the financial assets of many clients. Other businesses must have timely data in order to make informed decisions and allow daily operations to perform with optimum efficiency. Regardless of the business, it is necessary to preserve the integrity of the data and possess data that is current or real-time.
Because data can be so important and often inestimable, it is vital that businesses take steps to assess options and evaluate planning in order to ensure the continuity of the business in the event of disruptions such as server or network failure, a loss of power, or a range of natural disasters – and so on. Each business must determine what is in its best interests for addressing continuity, but a good framework usually consists of a Risk Assessment, a Business Impact Analysis, a Disaster Recovery Plan, server and network redundancy, one or more forms of data backup media, as well as a Universal Power Supply (UPS). In some instances, a business may also make arrangements to have a redundant site in which to temporarily move operations as a result of a disaster such as a fire, tornado, flood, etc. These components comprise a more comprehensive plan for permitting continuity and are further described in this paper.
Assessment, Analysis and Planning
Within the framework of continuity, risk assessment (RA) occurs after a vulnerability assessment and appraisal, and prior to the business impact analysis (BIA). The purpose of the RA is to provide a determination of the harm that would occur from the deterioration or exploitation of the recognized vulnerabilities. According to Main, “The goal of risk assessment is to reduce risks to an acceptable (or tolerable) level. The risk reduction process is not completed until tolerable risk is achieved” (Main, 2004). Each individual company has to evaluate the risks that are acceptable and those that are not tolerable.
Various risk assessments have been utilized and applied to a range of businesses over time and, with regard to information technology, the assessment is naturally narrowed to preserving the integrity of data assets. Specifically, harm could be...