Security Exercise 3

Questions :-

1. Describe organisational security procedures. Discuss its importance.
2. Discuss the different risk control practices.
3. Describe how business continuity helps organizations.
4. Discuss the importance of having an IT business continuity plan.

Answer :-

1. Security procedures is a step by step of rules that people must follow. It is very important especially when it comes to inside an organisation. To ensure that there will no threats happens. If the staffs or stakeholders follows the step of the procedure, They can know what to do and not to do when the threats happens.

2. There are 3 different risk control practices

• Risk Evaluation - This will be done after the threats happens. It is risk evaluation with a high level function for business or government security that should cover everything critical to core organizational functions, assets and people.
• Technical Risk Control - This will be done before the threats happens. It is security implementation. Each of your controls should reduce the risk security threats or deter them completely. 
• Operational Risk Control - This will be done before the threats happens, Operational risk controls focus on security threat prevention in the day to day functions of your business agency.

3. Business continuity is running a business perfectly without any interruption(or running smoothly). It is to be functional from any threats even from the people or disasters.

4. The importance of having IT business continuity plan is to create a prevention from the threats such as earthquake, flood, and etc. The way how to prevent them is doing the disaster recovery plan which means finding a way how to survive a disaster, what to do right after it happens. The next one is do backup alternatives which means hardware and software approaches, collocation, electronic vaulting, offsite facilities requirement and types. The last one to do is recovery testing, we have to test the recovery first so that the system will be running smoothly once again.