5. Classify each of the following occurrences as an incident or a disaster. If an occurrence is a disaster, determine whether business continuity plans would be called into play. For each of the scenarios, describe the steps necessary to restore operations. Indicate whether law enforcement would be involved.
a. a hacker breaks into the company network and deletes files from a server.
††††††††††† I would classify this as an incident and attempt to prevent future attacks while also looking to a backup to restore the files.
b. A fire breaks out in the storeroom and sets off sprinklers on that floor. Some computers are damaged, but the fire is contained.
††††††††††† This would probably be an incident if all the computerís data was backed up, getting new systems and reinstalling the files from the damaged models should be fine. As for the rest of the office, it may be called a disaster since the fire may have shaken people up and drastically altered the workplace.
c. A tornado hits a local power station, and the company will be without power for three to five days.
††††††††††† I would think this would be a disaster, but if the company was unaffected by the tornado physically, if they had proper backups before the tornado happened, they should be fine once power returns so long as a disaster recovery response team checks it all over. If not, they can attempt to figure out what data may be compromised while the company is out of power and attempt to mitigate losses, again with the disaster recovery response team.
d. Employees go on strike, and the company could be without critical workers for weeks.
e. A disgruntled employee takes a critical server home, sneaking it out after hours.
††††††††††† This is an incident as itís a violation of law and policy, And will probably involve the reacquisition of the server and the firing and possible arrest of the employee.
1. What would be the first note you wrote down if you were Charlie?
I would add more rigorous off-site backups for data and off-site copies of physical documents not in the systems.
2. What else should be on Charlieís list?
What to do in case of fire or arson destroying critical systems for one, along with general disaster plans and general data backup and recovery ideas in case of the worst possibilities. I would also think of other sites to expand parts of the business to, as having everything in one location is a blessing and a curse in scenarios like his dream, creating a few extra places for people to work and minimize company losses if one location got destroyed.
3. Suppose Charlie encountered resistance to his plans to improve continuity planning. What appeals could he use to sway opinions toward improved business continuity planning?
Talking about what the consequences of his dream might be would be a good start. Of course, it plays into his actual attempts as well, but the severity of a catastrophic disaster like that is worth the effort to have backups and other plans to handle them. He could talk about how much of a problem the last few viruses were and how itíll only get worse if they donít prepare to deal with them.
Ethical Decision Making
††††††††† In some cases, especially when organizations expand into foreign countries, they experience a form of culture shock when the law of their new host country conflict with their internal policies. Suppose that SLS has expanded its operations in France. Setting aside any legal requirements that SLS make its policies conform to French law, does SLS have an ethical imperative to modify its policies to better meet the needs of its stakeholders in the new country?
††††††††††† I would say that they have a business imperative to conform to French cultural standards, not just ethical concerns. Its important that many companies try and fit the needs and cultural norms of their different operations, for many reasons, to succeed in the new area they chose. Some reasons being the people that are used to a different way of things working, and the climate and possible issues with the location ecologically should be considered as well.
††††††††††† Suppose SLS has altered its policies for all operations in France and that the changes are much more favorable to employees, such as a requirement to provide child and elder-care services at no cost to the employee. Is SLS under any ethical burden to offer the same benefit to employees in its original country.
††††††††††† They donít really have an ethical burden to provide those things at their original location, as it doesnít seem like its more of a frequent deal at the original location. If more companies started offering those benefits at home then they would have more ethical pressure then, but not right now. Of course, their employees would greatly benefit from extras like that so there is some ethical pressure to add them but not a whole lot.