Employee Action Plan for Disaster Recovery
Employee Action Plan for Disaster Recovery

Employee Action Plan for Disaster Recovery

Available Only on StudyHippo
  • Pages: 5 (1111 words)
  • Published: August 19, 2017
  • Type: Essay
View Entire Sample
Text preview

This is an action plan if you will of what employees will do as result of a certain disaster. These disasters may include things such as; theft, fire, flood, human error or hardware failure.

The recovery policy is put in place to ensure that if such an event occurs the organisation can function as normal again as quickly as possible. There are several things you should consider when designing your disaster recovery policy. What storage media are you going to use will depend on two main factors, how much data needs to be stored and how quickly are you going to need to retrieve this data. Where you store the backup media, you can either store the backups on site which will mean you can retrieve the backups as quickly as possible but makes them vulnerable, or you can store the backup media

...

off-site which makes them more secure but increases the time it takes to retrieve it. Furthermore you may decide to upload your data to the cloud server of a trusted and respected data storage company, this will mean that you can access your data from anywhere with an internet connection and your data is safe from on-site disasters. Normally data storage companies with cloud servers store your data in two separate locations to ensure that if a disaster occur on their site your data is still intact, secure and available to you.

Updating of security procedures:The security procedure should reflect the technology used, if the procedure is not on par with the level of technology used then the security procedure will be flawed. The procedures must be regularly reviewed and updated, these update

View entire sample
Join StudyHippo to see entire essay

need to reflect what was outlined to be improved in the review and needs to be in date with current knowledge on security threats. However, the update may have a negative impact on the existing systems and so should be tested before applied to the entire organisations systems. Your security procedure should include things such as; never turn off your firewall, don't share you password, don't leave your PC unattended and logged in.Scheduling of security audits:A security audit is a technical assessment of how secure something is, be it physical, hardware, software or data security. A security audit needs to take place on a regular basis to ensure that the current policies are good enough and are effective.

This is often done without the knowledge of employees or security personnel to ensure that the findings of the security audit are accurate and relevant. This may be attempted in several ways, someone may attempt to break into the premises to test physical security of the organisations location, or it may be done by the use of a hacker or implanting a virus in the existing systems. Security audits are important to help provide information relating to the improvement of the disaster recovery policies and security procedures.Codes of conduct for email usage policy:This is a set of rules which outlines how a person is to behave within a group setting. For your company this will be used to help improve system security and will attempt to avoid downloading any Waldemar or be subject to any social engineering which may harm your systems or company.

This will be enforced by the use of a contract that your employees

must sign putting legal obligation on them to follow the codes of conduct. In relation to email usage it may include things such as; size of attachments, how to manage the in box, what personal view may be expressed, response times, forwarding of emails to other, unacceptable behaviour such as harassment or sending spam among other things. Included in this should be the right for the network administrator to monitor employees emails.Surveillance policy:This may be relate to the monitoring of premises by the use of CCTV cameras to improve physical security, or it may relate to the monitoring of how your employees use the systems you have provided for them to carry out the work they have been hired for. You may or may not make employees aware that the systems they use and how they use them is being monitored, if you do not tell them you may find the individuals who cannot be trusted to work professionally or efficiently, however, on the flip side if you do make them aware of this then they are less likely to misuse the systems. It would be my advice to make sure your employees are aware of your surveillance policy, how it operates and why it operates as it may cause some people to become unsettled if they find out at a later date and you did not mention this to them.

Either way you must make sure that you know all of the surveillance laws that apply to ensure you are not breaking the law.Risk management:This is the assessment and strategy in place in relation to the risk assessment. Basically, you identify potential risks to

your organisation and as a result put things in place to try and reduce the chance of these risks occurring and the effect of these risks if they come into being. There are several approaches to risk management, you may be reactive by changing how your company operates based on the information provided in the risk assessment. Or you can be proactive, by updating security policies and procedures reflecting the potential risks outlined in the risk assessment and reducing the chance of these risk coming into effect.

Risk management can refer to your systems security and be tackled by keeping systems software updated and installing anti-virus programmes or it may simply be in regards to health and safety.Budget setting:This is how much money you put into your systems security and it should reflect the amount of financial damage that may occur as a result of a security leak of your systems. Budget setting in relation to to systems and organisation security should not be an after thought, without proper funding for an appropriate security system the risk of loss increases exponentially. Budget setting in general in itself is a security risk, if it is done improperly then the organisation as a whole suffers and may even become bankrupt.

Smart budget setting for systems security is therefore imperative, things that must be considered in terms of the cost to benefit ratio are as follows; software licensing, security personnel wage, how much an audit will cost, the cost of your chosen disaster recovery plan for example the cost of backup media and the training of staff for your security procedures and codes of conduct.

Get an explanation on any task
Get unstuck with the help of our AI assistant in seconds
New