Chapter 4 ITS 370
5. Classify each of the following occurrences as an incident or disaster. If an occurrence is a disaster, determine whether business continuity plans would be called into play.
a. A hacker breaks into the company network and deletes files from a server.
This would be an incident. The files should be backed up and the company should be prepared with incident response plans. These should be realistic and should protect any confidential information. Authorities will be involved to try to find the hacker.
b. A fire breaks out in the storeroom and sets off sprinklers on that floor. Some computers are damaged, but the fire is contained.
This is also an incident. It could have been a disaster, but it was contained, and everything was handled by the incident response team. They should be able to replace the equipment and get all appropriate files loaded back on them. The fire rescue team will be involved and possibly a forensic agency to determine whether it was an accident or intentional.
c. A tornado hits a local power station, and the company will be without power for three to five days.
This would be considered a disaster. The company will be completely shut down for multiple days because of something that could not have been avoided. The company should have a Disaster Recovery Plan and should be able to respond in the next few days. Disaster relief authorities will be involved.
d. Employees go on strike, and the company could be without critical workers for weeks.
This would also be considered a disaster. These employees are the backbone of the company and the company won’t be able to function without them. This will lead to huge losses and will be a detriment to the company. The bureau of labor is involved in strikes and determine whether they are legal.
e. A disgruntled employee takes a critical server home, sneaking it out after hours.
This could be an incident or a disaster depending on how much data is on the server and it the employee is able to retrieve the data. There will be an investigation launched and law enforcement will be involved. The employee will be arrested, and the company will focus on securing their servers.
For each of the scenarios (a–e), describe the steps necessary to restore operations. Indicate whether law enforcement would be involved.
(Done after each question.)
4. Use your library or the Web to find a reported natural disaster that occurred at least six months ago. From the news accounts, determine whether local or national officials had prepared disaster plans and if the plans were used. See if you can determine how the plans helped officials improve disaster response. How do the plans help the recovery?
The natural disaster that I found was the Mati, Greece wildfires. 86 people died in the fire, many of them died in the actual fire and others died from drowning while they were trying to escape the fire. The Country was not prepared for the fire when it began but they had a Disaster Recovery Plan in place and promptly began their search and rescue operations. Volunteer divers and ex-navy diving specialists helped search the waters for survivors and victims while the fire rescue force focused on the land side of things.
1. What would be the first note you wrote down if you were Charlie?
Stop eating so late at night so you don’t have so many nightmares. I would also make sure to write down that I need to test the off-site servers to ensure they are working properly, and I should also make a copy of the circuit specs to be stored on an off-site location.
2. What else should be on Charlie’s list?
Charlie should write that he needs to look over the existing contingency plans. He clearly doesn’t have as much information about his response plans and needs to refresh himself on what’s in place.
3. Suppose Charlie encountered resistance to his plans to improve continuity planning. What appeals could he use to sway opinions toward improved business continuity planning?
He could appeal to people’s desire to keep their damn jobs. If the company doesn’t have a continuity plan the employees are likely to lose their employment if the company can’t continue to operate.
The policies that organizations put in place are like laws, in that they are directives for how to act properly. Like laws, policies should be impartial and fair, and are often founded on ethical and moral belief systems of the people who create them. In some cases, especially when organizations expand into foreign countries, they experience a form of culture shock when the laws of their new host country conflict with their internal policies. Suppose that SLS has expanded its operations in France. Setting aside any legal requirements that SLS make its policies conform to French law, does SLS have an ethical imperative to modify its policies to better meet the needs of its stakeholders in the new country? Suppose SLS has altered its policies for all operations in France and that the changes are much more favorable to employees—such as a requirement to provide child and elder-care services at no cost to the employee. Is SLS under any ethical burden to offer the same benefit to employees in its original country?
If SLS moves to France, they should change their policies to match laws because it is legal and ethical. If they see that this change in policy is making the employees in that location happier it would be ethically correct for them to change the policy in all their places of operation to lead to a happier work force. If you can happy employees lead to better productivity.