BCP wrote:
The focus of business continuity planning is the continued operation of the business or organization. The focus of a disaster recovery plan is on the recovery and rebuilding of the organization after a disaster has occurred. The DRP is part of the larger BCP since business continuity is always an issue. In a DRP, the protection of human life should be addressed and is a major focus of the document. Evacuation plans and system shutdown procedures should be addressed. The safety of employees should be a theme throughout a DRP. In the rest of the BCP, on the other hand, you may not see the same level of emphasis placed on protection of employees. The focus of the BCP are the critical systems the organization needs in order to operate.
So with risk management you identify your assents and your threats and you plan.
Risk Management wrote:
Identify and classify the assets, systems, and processes that need protection because
they are vulnerable to threats. This classification leads to the ability to prioritize assets,
systems, and processes and to evaluate the costs of addressing the associated risks. As-
sets can include
• Inventory
• Buildings
• Cash
• Information and data
• Hardware
• Software
• Services
• Documents
• Personnel
• Brand recognition
• Organization reputation
After identifying the assets, you identify the possible threats and vulnerabilities associated with each asset and the likelihood of their occurrence. Threats can be defined as any circumstance or event with the potential to cause harm to an asset. Common classes of threats (with examples) include
• Natural disasters Hurricane, earthquake, lightning, and so on.
• Man-made disasters Earthen dam failure, such as the 1976 Teton Dam failure in Idaho; car accident that destroys a municipal power distribution transformer; the 1973 explosion of a railcar containing propane gas in Kingman, Arizona.
• Terrorism The 2001 destruction of the World Trade Center, the 1995 gas attack on the Shinjuku train station in Tokyo.
• Errors Employee not following safety or configuration management procedures.
• Goodwill
• Malicious damage or attacks A disgruntled employee purposely corrupting data files.
• Fraud An employee falsifying travel expenses or vendor invoices and payments.
• Theft An employee stealing a laptop computer from the loading dock after it has been inventoried but not properly secured.
• Equipment or software failure An error in the calculation of a company-wide bonus overpaying employees.
Vulnerabilities are characteristics of resources that can be exploited by a threat to cause harm. Examples of vulnerabilities include
• Unprotected facilities Company offices with no security officer present or no card-entry system.
• Unprotected computer systems A web-facing server temporarily connected to the network before being properly configured/secured.
• Unprotected data Not installing critical security patches to eliminate application security vulnerabilities.
• Insufficient procedures and controls Allowing an accounts payable clerk to create vendors in the accounting system, enter invoices, and authorize check payments.
• Insufficient or unqualified personnel A junior employee not sufficiently securing a server due to a lack of training.
Then the impact which I wont go into... now after reading this... The security policies of Seagate, Western Digital and so on, is a threat to all computer techs and buisnesses. I mean how can I sell a computer when its hard drive costs sometimes 50% of the total cost of the entire system.
