Organizational Information Security

Outline

I. Description
a. Disaster recovery planning
b. Information system contingency panning
c. Differences between disaster recovery planning and information system
contingency panning

II. How information system contingency plan fits into an organization
a. An organization’s risk management program should identify the potential risks to
its information systems and develop plans to mitigate those risks.
b. should be closely coordinated with the organization’s risk management, security,
and emergency preparedness programs to ensure that the contingency plans are
effective in the event of an interruption to normal operations.

III. Integrating contingency planning principles
a. By having a plan in place, organizations can reduce the amount of time and
resources needed to respond to an incident.
b. The plan ensures that critical systems and data are protected and that the
organization can quickly resume normal operations.

3

Disaster Planning and Final and Final Presentation

Disaster recovery planning is the process of creating a plan which is essential for the
continuity of business operations in the event of a major disaster. Information system
contingency planning is the process of creating a plan to help in ensuring a business remains
functional in any case of a major disaster (Swanson et al., 2010). The two are similar, but
information system contingency planning is specifically concerned with ensuring that
information systems can continue to function, while disaster recovery planning is concerned with
ensuring that the organization as a whole can continue to function (Swanson et al., 2010). The
difference between disaster recovery planning and information system contingency planning is
that disaster recovery planning is a subset of contingency planning that specifically deals with
the recovery of systems and data following a disaster, while information system contingency
planning is a more general term that encompasses all aspects of contingency planning, including
disaster recovery.
The purpose of information system contingency planning is to ensure the continuity of
mission-critical functions in the event of an interruption to normal operations. Contingency
planning is a key component of an organization’s risk management and any other program that
helps in sustaining the business’ preparedness for disasters (Swanson et al., 2010). An
organization’s risk management program should identify the potential risks to its information
systems and develop plans to mitigate those risks. The security program should establish controls
to protect the information systems' capacity to achieve confidentiality and increase availability.
The emergency preparedness program should ensure that the organization is prepared to respond
to and recover from an interruption to normal operations (Swanson et al., 2010). Information
system contingency planning herein is supposed to be designed in a way that ensures that the

4

contingency plans are effective in the event of an interruption to normal operations. By having a
plan in place, organizations can reduce the amount of time and resources needed to respond to an
incident. Additionally, having a plan can help ensure that critical systems and data are protected
and that the organization can quickly resume normal operations.

5

Reference

Swanson, M., Bowen, P., Phillips, A. W., Gallup, D., & Lynes, D. (2010). NIST Special
Publication 800-34, Rev. 1, Contingency Planning Guide for Federal Information
Systems. Swanson, P. Bowen, AW Phillips, D. Gallup, D. Lynes.–2010.–149 p, 17.