Reference no: EM133520987
Case Study: A vital role for all managers is planning. Managers in IT in general and information security usually provide strategic planning for an organization to ensure the continuous availability of information systems. Unfortunately for managers, the probability that some form of the damaging event will occur, whether it be from inside or outside, intentional or accidental, human or nonhuman, annoying or catastrophic, is very high. Thus, managers from each community of interest must be ready to act when a successful attack occurs. There are various types of plans for events of this type, and they all fall under the general definition of contingency planning. A contingency plan is used to anticipate, react to, and recover from events that threaten the security of information and information assets in the organization; it is also used to restore the organization to normal business operations. Contingency planning (CP) typically involves four subordinate functions: 1 Business impact analysis (BIA), Incident response planning (IRP), Disaster recovery planning (DRP), Business continuity planning (BCP).
Question: Describe your approach to handling an organization's incident contingency plan.
Budgeting for Contingency Operations As a final component to the initial planning process, the CPMT must prepare to deal with contingency operations' inevitable expenses. Although some areas (such as incident response) may not require dedicated budgeting, other locations (such as disaster recovery and business continuity) require ongoing expenditures, investment, and service contracts to support their implementation. The ugly reality is that many organizations are "self-insured" against some types of losses, such as theft of technology, equipment, or other resources. Ideally, this means that instead of payments to an outside insurance organization, the organization puts a set amount each fiscal cycle into an account it can then draw upon should replacements be required. However, with tight budgets and drops in revenues, some organizations forego these investments instead of betting on the probability that such losses, if they occur, will be minimal and can be funded out of regular budgets. Should a disastrous expense occur, however, the organization is at risk of complete failure and possible closure. Some of the budgeting requirements of the individual components of CP planning are presented in the following sections. Incident Response Budgeting to no small extent, IR capabilities are part of a typical IT budget. It is customary for the CIO to have their managers ensure that data protection and response and backup and recovery methods (described later) are part of normal operations.
Question: How would you present a financial report for the next year to your supervisor or CEO? What analytics would you offer to support your upcoming budget?