Vulnerabilities Prevention and Recovery - Speech or Presentation Example

Dear Sirs/ Madams, Following your request, I have completed the vulnerability assessment report you have ordered. You should understand that this report has taken into account such diverse factors as the related environmental, economic, social mediums, always having in mind the purpose of your establishment, but also the different types of problems your clinic could face. These factors are not only of external, but also of internal nature, and could, at any time, endanger your not only your operational abilities, but also the life of your employees and that of your clients. In order for you to understand better the nature of the dangers you are facing, I have elaborated a scheme presenting most of the situations that might lead to disaster. This table is divided into five main sections, following the five main categories of factors that could harm your institution. You should also understand that, while some factors are not related to the nature of your activity, others are in a close relation with the services you provide, but are taking into account the area you are currently located in. The interpretation of the figures from the third column is as follows: a number between 15 and 25 shows a high level of vulnerability; scores between 6 and 12 a medium one while 1 to 5 show a low level of vulnerability. According to these figures, a priority chart was constructed; there are three levels of priority, from low to high, all corresponding to the vulnerability levels mentioned above. For your own convenience, the factors that present a high level of risk have been highlighted in yellow, while the medium level is highlighted in green. Potential disaster-causing factors Level of vulnerability Environmental Earthquake 16 Fire 12 Tornado 16 Flood 6 Landslide 4 Hurricane 12 Utilities & Service Electrical 4 Gas 4 Water 4 Communications 4 Transportation 4 Criminal Behavior Terrorism 10 Sabotage 4 Theft 25 Arson 16 Riots 8 Trespassing 16 Equipment Failure IT equipment 4 Non-IT equipment 4 Information Security Cyber crime 6 Loss of records 9 Info. breaches 4 For obvious reasons, high risk factors will be discussed first. As you have noticed, the first group of risk (that of high level vulnerability, and consequently of high level priority), consists of such factors as earthquakes, tornados, theft, arson and trespassing. The environmental factors of vulnerability do not depend on the nature of your activity; they are purely environmental-related and your current location is the only one that has anything to say from this point of view. While your employee’s performance and your client services shouldn’t be greatly affected by these threats, it is clear that they are still a stress-inducing elements, and that they could cause great damages to your informational network. This is why the recommendation is to have a backup system located, if possible, in an area that isn’t facing the same dangers (or at least not to this degree). Emergency plans should be developed in case of such natural disasters. Taking into account the area you are located in, and also the nature of your clients, the other high-risk group is that of criminal behavior. After a thorough examination of the criminality level from your area, the research has came to the conclusion that the most problematic point is dealing with criminal threat and criminal behavior. Thus, such disasters as theft, arson and trespassing are the most likely to occur, regarding the area you are located in. The consequences of these threats directly related to your personnel’s performance at work, not to mention the possible material damages. Regarding the nature of your primary clients and the fact that your clinic is situated in a high-traffic area, your employees have to face, on a daily basis, a great amount of stress, and the fact that they might feel that the medium is non-rewarding could have severe consequences on their performance, leading to a lower level in the quality of your services. It is strongly advisable to ensure the protection of your personnel, that of your clients, but also that of all your material goods in as many ways as you possibly could. Among the environmental factors that could be a threat to your clinic, two were found to be of a mid-level of risk, namely fire and flood. These two also depend on the environmental conditions, and are not to be neglected, as without a proper disaster recovery plan your ability to function after such a disaster could be totally affected. Proper planning could help you avoid loss of data and of personnel, and in order to make sure that your plan is entirely functional all channels of communication have to be open. The employees involved in disaster response and recovery must be properly trained and all personnel should be familiar with the disaster recovery procedures. This will not only be of great help in case of such disasters, but is also a way to reinsure your employees. As you can notice by yourselves from the above table, terrorism and riots are the criminal behavior factors that are of a mid-level risk to your establishment’s integrity. These levels were also calculated taking into account previous incidents, your location, your clients but also other social and also political factors. As your establishment is designed to offer medical care, it could also be one of the first points the human rage could turn to. In emergency cases, you should not only be prepared to receive and treat a lot of victims, but you should also be aware of the fact that people involved in such actions could actually see you as enemies, and consequently, as possible targets. You should also take into account that, in the eventuality that such a disaster erupts, some (or even a great part) of your personnel could not be counted on, thus reducing your ability to respond to the crisis situation. Your informational network could also be at risk during such moments, so, again, a backup system is required. Among the internal factors that may lead to crisis situation, two are as rated as mid-level priority ones: cyber crime and loss of records. The first is mainly due to the fact that you hold many information regarding your clients, including personal data and back account details; while your personnel isn’t likely to be affected by this type of threat, your database and its security could be greatly affected. Loss of data can be caused by human or machine failure; either way, this will have a major impact on your activities if it is not prevented, as it may lead to confusions, and, in some cases, even to court trials (if, for example, it is proven that the data was of great importance for a patient’s treatment). These threats can be avoided through thorough record-keeping, a backup system, but also by keeping your personnel motivated in doing their job. As you see, in developing a disaster recovery plan, no detail should be forgotten or considered unimportant. Only thorough planning could reduce the risk level of the above mentioned factors, and a correct implementation of the disaster response techniques is as important as good planning. Sources: Axia College Material- Appendix B- Week 7: Assignment – Categorizing Vulnerabilities - Michael Erbschloe , Understanding the Disaster Recovery Planning Process, Republished from SafetyIssues Vol 2 Issue 18, May 2003, electronic version, (http://www.safetyissues.com/magazine/2003/5/corp_5/corp_5.htm) Wikipedia, the Free Encyclopedia, article on Disaster Recovery (http://en.wikipedia.org/wiki/Disaster_recovery) Read More