Project 1: Case study- Gap Analysis

CMIA 485

By Sinesh Patel

Purpose

Purpose of this Case study is to gap analysis Bank Solutions, Inc. disaster recovery and business continuity which is comparison of actual performance with desired performance of organization.

Introduction

The Bank Solutions, Inc. offers lots of services which transfer lots of customer’s personnel and financial information over the network. The Bank solutions, Inc. offers services like Proof of deposit processing, loan associations, and item processing services for community banks. The most important asset of Bank Solutions is Information. Confidentiality, Integrity and availability of bank information are critical to its tasks. As Bank solutions, Inc grows and increases its production, the data and information it will handle will be huge and crucial. To get favorable price for members of executive management in company buyout, company needs to invest in their disaster recovery and business continuity plan.

For many businesses, adjusting requirements strengthen the importance of developing and maintaining disaster recovery strategy and a detailed business continuity. Effective planning in turn requires a comprehensive understanding of both critical business operations and systems. Destruction into Organization’s operations and system can disrupt financial stability and company performance.

Based on Risk assessment on The Bank Solution provides critical risks with business continuity and disaster recovery plan of company.

  • Disaster recovery and Business continuity was tested in 2007. BC and DR will be useless until you properly test in timely manner.
  • The Bank solutions, Inc. last updated BC and DR was in 2009. Which means it is outdated.
  • BC and DR are written for five largest item processing locations, others locations have basic plans which were given to them in 2010. There is no customization into BC/DR plans exercise.
  • Recovery point objectives and recovery time objectives are not listed into BC/DR plans
  • Not all contributors are properly trained or have copy of DRBC Plans. Copies of plans are stored in network which everyone uses.
  • IDS is robust host based, none of policy standards, guidelines lists steps for collecting forensic evidence in event of disasters.
  • Several users’ logs are not recorded into event logging who also have rights to modifying logs.
  • There are lots of redundancies implemented on network of The Bank Solutions.
  • No documents or DR/BC lists proper processing responsibilities of backup locations.
  • Data backups and recovery utilities are implemented at each location and full backups perform every week.
  • There is no proper location of storing all backup tapes, backup jobs have been failing.

With knowing all this risks, it will be very hard to get desire price for members of executive’s management. Business continuity and recovery should be top priority for company to run smooth in event of unexpected disaster. Without property BC/DR Plans Company is open to any risks, with keeping that mind it is impossible to get desire buyout price.

Disasters recovery and business continuity in the company space include

  • Protecting Confidentiality, Integrity and availability of information
  • Preventing critical systems and services from failing
  • Fast restoration after disaster
  • Prevent loss of data

Recommendations

  • Ensure that your infrastructure hosting its information data is furnished with proactive loss prevention, like UPS backup, redundant power.
  • Ensure that storage devices, servers and other devices are up to date and not necessarily fault tolerant.
  • Ensure contingency planning policy have following
  • Scope
  • Purpose
  • Roles and responsibilities
  • Management responsibilities
  • Communications among company
  • Ensure that organizations protects confidentiality and integrity of backup data at storage facility
  • Ensure that data is backed up periodically.
  • Must user off site backup storage facility and updated once every week.
  • Ensure Automation backups which have multiple backup media.
  • Secure physical location of backup facility
  • Offsite backups should be tested periodically
  • Ensure organization have alternate storage site in case of disaster which is accessible during disaster for backing up and recovery of data.
  • Ensure everyone takes BC/DR awareness and training, specially senior management
  • Organization needs to give sufficient training to staff
  • Disaster recovery plan should have following elements
  • Backup process
  • Recovery process
  • Implementation process
  • Test process
  • Maintenance plan
  • Documenting processes and critical resources together by implementing business impact analysis.
  • Ensure BC plan have training staff, communication of crisis and reporting status of crisis to management is properly listed.
  • Ensure all BC and DR plans are up to date and all locations have copies of plans.
  • Establish recovery point objectives and recovery time objectives

System / Threat / response / action / Recovery / action
Engineering / Loss of engineering system / Run backup engineering system / Verify data of down system is safe and switch system over to back up system / Fix engineering system which is down / Record cause of system outage and fix threat

All organizations have objectives and goals identified which they would like to achieve in future. To determine if organization will achieve desire objectives, company need to determine progress they made. Gap analysis compares desired objective to current status or organizations. The Bank Solutions wants to raise their buyout price to their desire price. In order to attract desire purchase options to members of executives my team is hired to identify regulatory and operating risks and give advice to prevent any future risks. Risk assessment finding shows that company have lots of risks with BC/DR plans. After Implementing recommendation given above The Bank Solutions Company will have option of desire purchase price and will have low risk of disaster striking company operations.

Resources

Disaster Recovery Plan Strategies and Processes.(n.d.). Retrieved October 27, 2015, from

Disaster Recovery: Best Practices [High Availability]. (n.d.). Retrieved October 27, 2015, from

Guide for Assessing the Security Revision 1 Controls in Federal Information Systems and Organizations. (n.d.). Retrieved October 27, 2015, from

How to write a disaster recovery plan and define disaster recovery strategies.(n.d.). Retrieved October 27, 2015, from

​Is Your Organization's Business Continuity Plan Effective? (n.d.). Retrieved October 27, 2015, from