Discuss the critical need for understanding cyber risks and the potential impact to the organization.
Cyber security is one of the most urgent issues of the day. Computer networks have always been the target of criminals, and it is likely that the danger of cyber security breaches will only increase in the future as these networks expand, but there are sensible precautions that organizations can take to minimize losses from those who seek to do harm.Not long ago, companies prepared for cyber risks the way they might for a hurricane, flood, or another disaster situation: Brace for the worst, and hope for the best. Those days are over. Security breaches across industries have put cyber squarely on everybody’s risk agenda.
But, while they’re taking cyber threats seriously, many companies are struggling to find the right balance in their approach. The moves they’re making to get ahead in the marketplace—globalization, mergers and acquisitions, extension of third-party networks, movement to the cloud—are the same tactics that create cyber risk. What organizations need to do is define the level of cyber risk they’re willing to accept in the context of their overall risk appetites.
Research and discuss one recent cyber incident and how it impacted the company in revenue, profit or brand.
On February 4, 2015, Anthem faced a significant data breach. The impact of Anthem’s data breach is reported as more than 775,000 members of health plans in North Carolina were affected. Those affected include 601,347 members of Anthem plans, 110,434 members of non-Anthem plans (including Blue Cross and Blue Shield of North Carolina plans), and 63,825 members of unknown plans dating back to 2004. Anthem’s massive data breach impactis beyond $100 million. (DeBruyn, 2015)
Discuss the similarities, differences and overlap for Disaster Recovery, Business Continuity and Incident Response. Please express and justify your point of view.
A lot of people use the terms disaster recovery (DR) and business continuity (BC) plans interchangeably, but technically there is a difference. A disaster recovery plan is more reactive while a business continuity plan is more proactive. With disaster recovery, your DR plan springs into action when something goes wrong, but you risk information systems being down for a while. With business continuity, you have systems in place that “fail over” and allow key systems to stay up and running and the business afloat.A BCP tells your business the steps to be taken to continue its key product and services, while a DR tells your business the steps to be taken to recover post an incident (Beaver, 2010).
The terms “incident response” and “disaster recovery” both refer to an organization’s handling of computer or network threats after a disastrous event. Incident response plans help minimize business risks, and they’re mandatory in today’s computing environments. A good incident response plan will outline the who, what, when, where and how to respond to data security breaches. Just like disaster recovery/business continuity plans, incident response procedures provide invaluable guidance when you really need it: in the midst of, or just after a data security breach. Impact analysis, Business continuity strategy and business continuity plans are a part of BCP. Incident response, Emergency response, Damage assessment, Evacuation plans, etc. are all a part of DR. (Kunthe, 2012)
In disaster recovery (DR) and business continuity (BC), an incident response is the step-by-step process of responding to data security breaches such as lost laptops and Web application hacks etc. Incorporating incident response plans in your DR/BC plans is essential for keeping critical company data safe and secure.
DeBruyn, J. (2015, February 24). Report outlines impact of Anthem data breach in N.C. Retrieved from http://www.bizjournals.com/triangle/news/2015/02/24/report-outlines-impact-of-anthem-data-breach-nc.html
Beaver, K. (2010, January). The importance of incident response plans in disaster recovery. Retrieved from http://searchdisasterrecovery.techtarget.com/tip/The-importance-of-incident-response-plans-in-disaster-recovery
Kunthe, C. (2012, October). Difference between BCP and DR. Retrieved from https://www.isaca.org/Groups/Professional-English/business-continuity-disaster-recovery-planning/Pages/ViewDiscussion.aspx?PostID=72