It has to define a measure of risks in each business consistently across the firm. Initiate procedures for risk managing at the point nearest to the assumption of risk. Develop databases and measurement systems in accord with business practices. Install comprehensive risk management system to evaluate individual, business, and firm level performance. Therefore, a Risk Assessment and Management project team must be formed to conduct a thorough analysis of the system and provide recommendations and policies to deal with disaster. At McBride, the design of the system network will affect security, auditing and disaster recovery, therefore a comprehensive analysis of the network design, security and disaster recovery will go a long way to mitigate against possible risks.
Disasters, Backup and Recovery Plan
McBride has to have data based on analysis of risk factors based on their likelihood and progressive nature of occurrence available to develop the backup and recovery plans. This data may be used to develop effective and balanced measures for loss prevention, mitigation, and recovery. Disasters can be classified into three broad categories:
Technical Disasters: Equipment Failure, Database Service Failure, Software Failure, Loss of Power, Loss of A/C. Natural Disasters: Fire, Tsunami, Flood, Earthquake, High Winds, Airplane Impact, Human-Caused Disasters: Theft, Vandalism, Virus, Unauthorized Access, Tampering, Code/Data Error Measures that must be taking to mitigate technical disasters include the following: UPS for all critical devices.
Consider the use of localized (directed) cooling and maintain back-up equipment cooling measures. The importance of backup and restoration are paramount; there will be off site as well as on site. All branch offices should back up their information to corporate headquarters after first doing a local backup, the corporate office data will in turn be backed up at other branch offices. McBride is a mortgage company that deals with customers' financial information. Customers' financial information and data is protected by the SOX act. Therefore, the following additional risk-mitigation and prevention measures should also be pursued prior to further protect the databases that contain the customer's information: Invoke "preferred" equipment replacement...