Tag Archives: CISSP

Disaster Recovery

Question

“Disaster Recovery” Please respond to the following:

  • Disaster recovery has been the topic of study this week. What do you think is the most difficult and expensive disaster to plan for? Do you think companies plan adequately? In your experience (or research if you have no experience) what aspect is most lacking in corporate planning? Why do you think this is?

Sample paper

Disaster Recovery

The most difficult and expensive disasters to plan for are the natural disasters, specifically storms. Natural disasters arise from environmental causes and are beyond human control. The cost of damage from natural hazards is very expensive to not only organizations but also the government. Natural hazards such as storms may cause great damage to buildings and infrastructure. The damage may extend over a wide geographical region hence affecting the entire economy. When natural hazards such as storms occur, businesses suffer direct and indirect losses. The direct losses result from the destruction of the buildings and the need to close business for some period. On the other hand, the indirect losses relate to the disruption of economic activities throughout the entire economy. In the recent period, the risk of natural disasters especially storms and floods have significantly increased due to the effects of climate change. The possibility of such catastrophic natural events continues to rise due to climate change.

Although the organization may take several measures to minimize its vulnerability to natural disasters, it is not possible to mitigate fully the risks emanating from various natural disasters such as storms and earthquakes. As the natural hazards increase in intensity and severity, the ability of the organization to mitigate the risks weakens. In 2014, the United States experienced severe storms leading to the closure of businesses. Majority of small businesses affected by these storms were unable to resume operations due to the severe damages experienced. A report by the American Red Cross (n.d) indicates that about 40 percent of small businesses never reopen following a major disruption caused by erratic weather such as flooding.

Companies often lack adequate disaster management plans and often react to events as they occur. A recent survey indicated that 43 percent of real estate investors did not consider disaster planning and recovery as an important business issue (“Real Estate Weekly News,” 2013). This survey was an analysis of 200 real estate professionals. The findings of this study support the findings of another study by Drew (2012). This study involved various business professionals in the small-scale sector. The findings indicated that over 60 percent of small businesses in the U.S. lack emergency response plans. This means that such businesses are vulnerable to natural catastrophes. A recent study by Zetta (2016) reveals that even among the organizations that develop disaster recovery plans majority fail to test their strategy. This leaves them vulnerable to applying the inefficient and ineffective strategies.

Majority of companies that lack disaster management plans associate this to high costs and difficulty in implementation of the plans. It is worth noting that disaster recovery plans are difficult to develop and maintain. They often take time to develop and may be too costly especially for the small businesses. They may also require the organization to tie a significant amount of resources to the plans. This may significantly increase the operational costs. Nonetheless, organizational leaders should be aware that disaster recovery plans are critical for the survival of the organization when disasters occur. The plans provide the organization with direction during difficult moments.

The aspect that is most lacking in corporate planning is the failure to test and implement the plans. While a significant number of organizations develop disaster recovery plans, few commit to ensuring that the plans are effective or practical. Most organizational leaders write plans but then fail to follow up with the plans to ensure they may be of use in times of disasters. Organizational leaders should continually review disaster recovery plans in order to ensure those plans are realistic. Continuous monitoring of the plans enables the organizational leaders to identify weaknesses in those plans and take necessary action to eliminate the weaknesses. Testing of the plans is a critical part of the disaster recovery process.

Failure to test the plans is the aspect lacking most because about 60 percent of firms have established some form of disaster recovery plans, yet when disasters strike a significantly higher number of firms see their operations affected. This is because in such firms, organizational leaders do not take adequate time to test the plans and see whether they can be of use in times of a real disaster occurring. The managers may assume that once drawn, the plans are fit to ensure the organization continues operations in the face of disasters. The failure to test the disaster recovery plans is one of the major reasons why the plans fail. As such, organizational managers must ensure that the plans are relevant and may actually support the organization even when the worst disaster strikes.

References

American Red Cross. (n.d). Preparing your business for the unthinkable. Retrieved from             http://www.redcross.org/images/MEDIA_CustomProductCatalog/m4240206_PrepYourB            usfortheUnthinkable.pdf

Drew, J. (2012). Most U.S. small businesses lack disaster-recovery plans. Journal of         Accountancy. Retrieved from h         ttps://www.journalofaccountancy.com/news/2012/aug/20126135.html

Survey reveals more than half of real estate companies lack business continuity and disaster         recovery plans. (2013). Real Estate Weekly News, , 371.

Zetta. (2016). State of disaster recovery 2016. Retrieved from         https://www.zetta.net/resource/state-disaster-recovery-2016

Related:

Dealing with Breaches-IT SECURITY MANAGEMENT