All organizations recognize that Business continuity planning is an important activity that should be analyzed critically. Nevertheless, the development of a good business continuity plan is not easy and requires a lot or resources, skill and effort. Before any plan is laid down, there should be an understanding of the possible impacts of disaster and the risks associated with such an eventuality (Fishman, 2007). The risks should be well thought-out in details. Business continuity plan is built upon this basis. This should be followed by testing and auditing on regular basis to guarantee that it will remain relevant to the needs of the organization.
The best strategy to follow to ensure business continuity is developing software that automatically detects the potential risk
Business Continuity Planning thus requires specific software to assist with the risk analysis. The software should have the necessary tools and services that can develop, maintain and review the plan on regular basis. Software is the computer programs, procedures or algorithms that give instructions to the computer telling it how to perform various tasks (Zeidman, 2011). The tasks may be what to do or how to it. The software performs the various functions of implementing programs. It may provide instructions to the computers' hardware directly or act as an input to another software. The term may also mean data that is related to computers like records, film or tapes. Any data or computer instruction, which may be stored in electronic form, is software. There are different types of computer software like Application software, middleware or system software. Developing a Business continuity planning is not easy since it should have specific features that can analyze varying ranges of disaster. The software should have the ability to analyze the potential impacts of the varying types of disaster presented to it (Phillips, 2009). This should be followed by generating a proper plan for the disaster. After determined the impacts, the software should be able to generate the degree of the risks that might result from the impacts of the disaster. This is the only way that the management can tell likelihood of a disaster to occur. The management should therefore decide where to put most attention throughout the planning process. Risk analysis is discipline in its own right, a method of simplify these tasks involved in risk analysis should thus be developed. Many organizations are now using the COBRA methodology and tools. In order to safeguard the software and information within an organization, proper information security should be put in place. Information security is associated with confidentiality, integrity and authenticity. The information stored in the computer should be confidential. That means that only authorized personnel should be able to access it. Integrity of the information calls for their safeguarding. This means that no one should alter it. In many cases, unauthorized users alter the information such that it becomes undetectable. Authenticity means that the users should be the persons they claim to be. The security of the information is not restricted to confidentiality, integrity and authenticity. Security can also be analyzed based on function. The common functions include Prevention, Deterrence, and Admonition. These three security approaches can be used to improve information security within an organization.
Prevention is the traditional core of information security. It consists of safeguarding of the information by ensuring that they are confidential, and are accessed by authentic users only. However, complete prevention is theoretical; this is because there is a vanishing end where extra preventative measures are no longer gainful. There are soft wares that can be used to monitor and prevent unauthorized access to information hat belong to an organization. They reduce the risk of loosing sensitive corporate information. They lessen security breaches hence safeguarding organization's information. Prevention ensures that it is difficult for unauthorized persons to breach the system.
Deterrence on the other hand reduces the risk that the information posses through instilling fear. It was developed by the military during the cold war in an attempt to reduce conflict (Jervis, 1999). This is achieved through communicating strategies intended to frighten potential attackers away. They are informed of the likelihood of being caught. This scares away unauthorized users who have negative motives. Deterrence also masks the value and openness of the information by changing its external structure so that it is insignificant and unattractive to unauthorized users.
Admonition involves warnings presented to employees working in the organization so that they stop involving themselves in actions that jeopardize security of the information system. This may also be termed as polite request. The decent employees can willingly abide by this simple rule hence make the organizations information secure. Those who repeatedly violate admonition can be sacked to prevent further violation in the organization (Sloma, 2008). Admonition software can also be developed to improve the security of information. In my opinion, preventive security approach is the best method to improve information security within an organization. This is because unlike deterrence and admonition, it consists of safeguarding of the information by ensuring that they are confidential, and are accessed by authentic users only. In both deterrence and admonition, unauthorized people can easily access information within the organization.