BC 020105 Serious Information Security Incidents

The BCP Project Team will need to examine each potential disaster or emergency situation. The focus in this section should be on the level of business disruption likely from each serious information security incident. Potential emergencies include business disruption caused by one or more of the following serious Information Security incidents:

Cyber crime is a major area of information security risk. It includes attacks by hackers, denial of service attacks, virus attacks, hoax virus warnings and premeditated internal attacks. All cyber crime attacks can have an immediate and devastating affect on the organisation's normal business processes. The average cost of an information security incident has been estimated at US$30,000 and over 60% of organisations are reported to experience one or more incidents every year.

The loss of records or data can be particularly disruptive where poor back up and recovery procedures result in the need to re-input and re-compile the records. This is normally a slow process and is particularly labour intensive. This can result in an increase in costs through additional working hours and a great deal of embarrassment where information is unexpectedly not available.

This is a serious information security incident which can result in severe embarrassment, financial loss, and even litigation where damage has been caused to someone's reputation or financial standing. Further types of serious disclosure involve secret patent information, plans and strategic directions, secret recipes or ingredients, information disclosed to legal representatives etc. Deliberate unauthorised disclosure of sensitive information is also referred to as espionage.

With the almost total level of dependence on IT systems within the vast majority of businesses, a failure to these systems can be particularly devastating. The types of threats to computer systems are many and varied, including hardware failure, damage to cables, water leaks and fires, air conditioning system failures, network failures, application system failures, telecommunications equipment failures etc.

Each of the above scenarios needs to be developed and examined in detail and an analysis prepared of the consequences of each potential scenario. Each scenario should also be assessed for possibility of occurrence (probability rating) and possible impact (impact rating).

 

PROBABILITY RATING

IMPACT RATING

SCORE

LEVEL

SCORE

LEVEL

1

VERY HIGH

1

TERMINAL

2

HIGH

2

DEVASTATING

3

MEDIUM

3

CRITICAL

4

LOW

4

CONTROLLABLE

5

VERY LOW

5

IRRITATING

 

(To complete the relevant section of the Business Continuity Plan, click here)

 

 Only US$199 Buy Now: Only US$199

 
This information is derived from the BCP Generator
For further information about the Business Continuity Plan Generator, visit The Disaster Recovery Shop
 
      See also Business Continuity World
This site created with EasyHTMLHelp(tm) for MS Word   
World Weather   
 

 

Up One Level