National Institute of Standards and technology (NIST) came up special publication 800-34, Rev.1 which is a contingency planning guide for Federal information systems (Bowen, Gallup, Lynes, Phillips & Swanson, 2010). It is very important for any business to have information systems for it to register a success. The publication gives instructions, considerations and even recommendations for the contingency planning of the federal information systems. The measure taken to restore information systems after a disruption has occurred is what is referred to as contingency planning. These interim measures may include but not limited to the following, moving of the information systems to a different location, restoration of information system functions by the use of alternative equipment (Bowen et al., 2010). This paper examines the background, description and purpose of the NIST special publication 800-34.
Background of Contingency Planning
Information systems just like any other man made program is equally susceptible to disruptions. They could be mild, for instance a power outage or failure of the disk drive. Severe damages may include fire break out or even destruction of the equipment. It is for these reason that the needs to have contingency planning evolved. Through proper management and developing controls, such risks are minimized and at times even eliminated. The idea of contingency planning was born to mitigate such risks through provision of efficient and effective solutions to improve the availability of the system (Bowen, Gallup, Lynes, Phillips & Swanson, 2010). An organization needs to possess the ability to withstand all hazards, thus very necessary that they work towards creating resilient infrastructure to reduce the effect of any disruption.
Delegate your assignment to our experts and they will do the rest.
Description
The first steps towards contingency planning are the development a planning policy and then subject “each information system to a business impact analysis (BIA)” (Bowen et al., 2010). This enables the organization to prioritize the process and systems based on FIPS199 impact level. The FIPS 199 operates on three security objectives namely; integrity, confidentiality and availability. In order for this plans to be effective as well, they have to include security controls in the development of information system as early as possible. Bowen et al., (2010) state that, there are several types of plans representing a vast scope of activities necessary for sustaining and recovering systems after a disruption. Business continuity plan (BCP) deals with sustaining business process after an interruption. It may include a customer services or a payroll process. The second plan is known as continuality of Operations plan (COOP). It specializes on recovering the mission essential functions (MEF) at a different site for up to 30 days before the return of normalcy. Minor disruptions which do not require relocation are not addressed by the COOP plan. The third plan is Crisis communication plan which is used for documenting the procedures for both external and internal communications in case of an interruption. The plan documents different formats for communication in relation to the incident. Critical infrastructure protection (CIP) plan refers to the components that are vital, in that when lost could largely affect security safety, economy and health of the nation. A CIP plan basically refers to a set procedures and policies which protect and restores national assets and minimize risks. Cyber incident response plan provides procedures for rectifying cyber-attack like viruses thereby minimizing loss of information. The disaster Recovery Plan (DRP) stipulates the procedures used for transferring information systems to another site. The plan is used when a major disruption has taken place which also bears long term impacts. We also have information system contingency plan (ISCP) which addresses recovery of current single information system. Finally there is the Occupant Emergency plan (OEP). This plan unlike the others focuses on reducing loss of life or injury as well as protecting physical damage to property. The plan more often than not precedes a COOP or even DRP activation. All the above plans are inter related in an organization.
Purpose of Having Contingency Plans in Organizations
According to Bowen et al. (2010), there are seven steps in developing and maintaining effective information systems. They are as follows; one development of the planning policy, carrying out a BIA, identifying preventive measures and generation of contingency strategies. The next step is to ensure that the plans are tested, training carried out and finally exercise plan maintenance. These processes are extremely useful and depict the purpose of having this contingency plans in any organization. The plans ensure that information systems are protected from damage and that the information systems are maintained even after a disruption.
Reflection
Following a critical analysis of the Special Publication (NIST SP) - 800-34 Rev 1 by Bowen et al. (2010), I have come to a conclusion that the article has brought out a conclusive overview of contingency planning. The authors did a great job in researching about the special publication, the figures and tables used are accurate and the information given is factual. I have appreciated the heavy use of the terminologies relevant in NIST and am confident that anyone who comes in contact with the article will have a lot to learn about contingency planning. The article has clearly elaborated the process involved in developing the plans, the objectives behind the plans and above all explained how each plan works and when exactly it will be necessary in an organization. In conclusion, it is thus evident that the plans mitigate or at times eliminate threats and vulnerabilities and also enhance cyber security. It is thus very important for every organization to protect their systems using contingency plans (Bowen et al., 2010).
Reference
Bowen, P., Gallup, D., Lynes, D., Phillips, A.W. and Swanson, M. (2010). Contingency Planning Guide for Federal Information System: Special Publication (NIST SP) - 800-34 Rev 1. Retrieved from http://www.nist.gov/manuscript-publication-search.cfm?pub_id=905266