CIS 527 IT Risk Management

The phrase “the show must go on” is perhaps more true in business than in performing arts. Organizations need to be prepared to run continuously regardless of environmental conditions.

For this assessment, imagine that you are the IT manager for the only print shop in a small town in Idaho. The shop is connected to the internet by satellite link. Orders are received via the internet as well as by walk-ins with portable storage drives or smart phones that can transfer files via Bluetooth network.

Write a four to five (4-5) business continuity plan (BCP) in which you:

1. Identify the organization's exposure to internal and external threats.
2. Identify ways that the organization can maintain its risk.
3. Describe the foreseen security risks.
4. Assess the importance of training the shop personnel on security risks.
5. Recommend at least two (2) strategies for continually improving the quality and effectiveness of the BCP.
6. Analyze the organizational risks inherent in the execution of the BCP plan.

Introduction

This paper is a Business Continuity Plan (BCP) for a print shop in Idaho. I am working as an IT manager in this print shop to handle IT related activities. This shop is connected to internet by a satellite link. The printing orders are received by internet as well as by walk-ins with portable storage drives or the smart phones. Through these devices documents can be transferred via Bluetooth network. Now owner of this shop wants a business continuity plan for business of print shop for better growth and to enhance the business performance. It is a better way to attract more customers towards business. In this Business Continuity Plan (BCP) we will emphasize identification of the organization’s exposure to internal and external threats, identification of ways that can be maintained by organization at its risk, description for foreseen security risks and other essential points.

Discussion 

Here we will discuss in detail about Business Continuity Plan of print shop.

Identify the organization’s exposure to internal and external threats 

Internal and external threats for an organization can be identified by implementing its SWOT analysis. SWOT stands for Strengths, Weaknesses, Opportunities and Threats of an Organization. Here internal threats will be strengths and weakness of an organization and external threats will be opportunities and threats of an organization. With exposure of my print shop, the internal and external threats are (Howell, & Howell, 2017). Strengths: The strength factor of our print shop is that it is using Information Technology and connected with its customers by using internet or via Bluetooth network. These IT applications are less expensive as compare to other ways to run printing business (Continuitycentral.com, 2017). Weakness: The weak factor of our print shop is that in case of slow internet connection or other IT service that is used here, it will easier to send and receive documents. Opportunities: This print shop deals with IT applications so there are various chances to approach international customers and to deal with new business clients. It is a good way to make business globalized. Threats: The security and privacy issues of using IT applications is a biggest threats for online printing business. Hacking, phishing, denial of service attacks and other virus attacks are commonly conducted by hackers to access online information. Malware attack can corrupt whole systems of print shop that are connected with internet and via Bluetooth this virus attack will spread to customers’ mobile during sending and receiving documents.

Ways that Organization can maintain its Risk 

As we have discussed in above segment some essential threats that can be faced by print shop while implementing business. These threats cause various risks for business. Therefore, it is necessary to maintain risk with a proper risk management. As an IT manager, I would suggest to implement some essential steps to maintain its risk such as keep focus on that how securely and in reliable way, our business can fulfill demands of customers and stakeholders without any risk (PRIMO, 2017). It should be the responsibility of company’s management to clearly define responsibility of every employee to achieve business goals. All policies and procedures to do work in company should also be clearly described to all. Lack of description about essential information of business enhance chance of risk (SearchDisasterRecovery, 2017).

Description about Foreseen Security Risks 

Some expected security risks for online printing business are the employees of this print shop, whole data such as customer information, orienting documents and payment information, are stored into online database. There is a security risk of hacking of database through virus attacks. It is unauthorized access of data. Denial of service attack is also possible in case of online businesses. By restricting access of main server to whom other computer systems are connected, it is possible to deny users to access any website and information from online database (Horton, 2017). 

Asses#sment of Importance of training the shop personnel on security risk

The importance of training for print shop personnel is important regarding security risk because it will help them to understand how security risks put vulnerable impact on our business and how we can get prevention from those risks. In this training, information about potential security risks for online businesses and security maintenance against these risk factors at users’ level should be clearly defined. By doing this, we can get prevention from foreseen security risks (Infoentrepreneurs.org, 2017).

Strategies for continually improving the quality and effectiveness of BCP

There are two essential strategies that should be implemented to improve quality and effectiveness of BCP. Under business organization, its critical business processes and threats that put influence over business processes. Create a plan with details that what is done by organization to handle critical situations or risks. In this proper measurement about every business process is required. Besides this, proper testing, auditing and other required changes should be done in business processes (Ariel Peled, 2017). 

Analyze Organizational Risks inherent in the execution of BCP Plan 

The main risk factor of print shop that inherent in BCP plan is its way to implement Business Continuity Plan. As an IT manager, I observed that in this shop some IT activities are not implemented properly by its personnel and also they have less knowledge about IT. In BCP, I have discussed various important things about Information Technology, its risks and way to maintain its security risks. So it is necessary to consider these points of BCP seriously by shop personnel and owner. Lack of knowledge of personnel about basic IT applications, can also cause problem for executing BCP plan of print shop (StoneBridge Business Partners, 2017).

Conclusion 

As an IT manager, I have considered every essential point in BCP for Print shop regarding internal and external threats, risk management, foreseen security risk etc. Now it is responsibility for every worker of this print shop to follow this plan and work accordingly to get prevention from security risks that are commonly used by IT users. Otherwise heavy loss can occur.

References 

Howell, G., & Howell, G. (2017). How to improve the quality of your Business Continuity Plan | Business Continuity UK. Businesscontinuityuk.net. Retrieved 18 May 2017, from http://www.businesscontinuityuk.net/businesscontinuity/how-improve-quality-of-your-business-continuity-plan

SearchDisasterRecovery.(2017). Improving business continuity plan exercises. Retrieved 18 May 2017, from http://searchdisasterrecovery.techtarget.com/tip/Improving-business-continuity-plan-exercises 

PRIMO. (2017). 10 Ways to improve risk management. Retrieved 18 May 2017, from https://www.primo-europe.eu/10-ways-to-improve-risk-management-2/ 

Infoentrepreneurs.org. (2017). Manage risk. Retrieved 18 May 2017, from http://www.infoentrepreneurs.org/en/guides/manage-risk/ 

Horton, M. (2017). How do companies identify and manage business risk?. Investopedia. Retrieved 18 May 2017, from http://www.investopedia.com/ask/answers/042915/how-do-companies-identify-and-manage-business-risk.asp 

Ariel Peled, V. (2017). Five steps your company can take to keep information private. Computerworld. Retrieved 18 May 2017, from http://www.computerworld.com/article/2563307/security0/five-steps-your-company-can-take-to-keep-information-private.html     

StoneBridge Business Partners. (2017). External Threats Facing your Organization | StoneBridge Business Partners. Retrieved 18 May 2017, from https://stonebridgebp.com/library/uncategorized/external-threats-facing-your-organization/ 

Continuitycentral.com.(2017). Ten easy ways to improve your business continuity plan. Retrieved 18 May 2017, from http://www.continuitycentral.com/feature0759.html