Search results

The purpose of this article is to identify the role of cloud computing services in business continuity and disaster recovery plans and delineate responsibilities for their execution. In recent times, there has been a huge upsurge in the usage of cloud service models such as infrastructure-as-a-service, platform-as-a-service, software-as-a-service and disaster recovery-as-a-service. However, in case of an emergency event or during contract negotiations, a question might arise as to who should be accountable and responsible for the content and execution of recovery plans. The main stakeholders in this scenario are cloud service providers and cloud consumers.

After a review of academic articles, standards, guidelines and vendor documentation, a proposal for assigning accountability and responsibility for business continuity and disaster recovery plans is presented, based on the RACI (responsible, accountable, consulted and informed) matrix. In this regard, a critical information infrastructure protection plan, a disaster recovery plan, an information systems contingency plan and a business continuity plan have been elaborated on in the article.

RACI matrices are presented for three general cloud service models and for three DRaaS models (managed, assisted and self-service). Accountability and responsibilities depend on the deployed cloud service model and the roles of cloud service providers and cloud consumers.

The proposed model for accountability and responsibility assignment provides a guideline for the allocation of responsibilities to roles not only during recovery but also during contract negotiations between cloud service providers and cloud consumers. By delving into business continuity and disaster recovery processes and activities, similar yet nuanced RACI matrices should be developed, as presented in this paper. They need to be customised for the specific context.

The purpose of this study is to address the problem of a plethora of potential plans related to business continuity and disaster recovery.

A review of the relevant academic articles, standards and guidelines related to business continuity and disaster recovery was conducted, and the discussed plans include critical information infrastructure plans, disaster recovery plans, information system contingency plans, business continuity plans and continuity of operations plans.

The content of each plan is explained. A layered business continuity and disaster recovery model is proposed, which consolidates all plans in a coherent manner.

Relationships, similarities and differences among each pair of plans are discussed, and the longitudinal validity and applicability of plans are presented.

The purpose of this paper is to present the findings that describe any correlations between leadership demographic characteristics with that of the levels of business continuity (BC) and disaster recovery (DR) planning by surveying the academic department's continuity planners at two major research universities in Southern California.

The research methodology was a quantitative method utilizing a correlational research design (logistic regression). Survey data from a self-reporting web-based survey were analyzed.

Analysis of five leadership demographic characteristics and four covariates reveals one statistically significant predictor of resiliency planning. Furthermore, close to one-quarter of the academic departments were found to have no BC or DR plan. Conversely, having a budget for resiliency planning was not found to be a significant predictor of resiliency planning.

This study was specifically limited to continuity planners within two major, public, academic research institutions within Southern California. This allows for an in-depth understanding of a specific contingency planning phenomenon: geographically bounded public, research-oriented, higher education institutions. This study could provide a framework for administrative leaders in academic settings to assess their organizations’ capacity for recovery from an unexpected business disruption. This study could assist university administration in identifying personnel to lead resiliency planning within the institution.

The research indicates that educational institutions lack in organizational resiliency planning. This study could provide a framework for administrative leaders in academic settings to assess their organizations’ capacity for recovery from an unexpected business disruption.

While there is much literature on the separate topics of leadership in an academic environment and contingency planning, no study exists that attempts to observe any correlations between these concepts.

To explain the requirements of Regulation Systems Compliance and Integrity (“Regulation SCI”) and the new responsibilities of organizations defined as “SCI entities.”

Explains the purpose of Regulation SCI, the responsibilities of SCI entities, systems covered by the rules (“SCI systems”), and specific obligations of SCI entities, including the establishment and periodic review of policies and procedures, compliance with the Exchange Act, designation of “responsible SCI personnel,” appropriate corrective action in response to “SCI events,” notification of systems changes, annual “SCI reviews,” business continuity and disaster recovery testing, and recordkeeping and filing. Discusses future implications for SCI Entities and other market participants.

Regulation SCI launches a broad and extensive overlay of rules and guidance to address systems capacity and integrity issues that have increasingly affected the securities markets. The adoption of this regulation suggests that there will continue to be increased scrutiny by the SEC, FINRA and other regulators of the automated systems and related policies and procedures of all market participants.

SCI entities will need to devote considerable attention and resources not just to prevent incidents where possible, but also to establish systems for ensuring thorough compliance and well-documented and reasonable follow-up actions where necessary. All market professionals – including broker-dealers, investment advisers, pension funds and investment companies – should study the new regulation and consider adopting appropriate policies and procedures to address operating as well as cyber security issues with respect to their own critical operating technology.

Practical guidance from experienced financial services lawyers.

To summarize Managed Funds Association's (MFA's) 2005 Sound Practices for Hedge Fund Managers™, which is designed to enhance the ability of hedge fund managers to manage operations, comply with applicable regulations, address unexpected market events, and help hedge funds satisfy responsibilities to investors.

Highlights the development of, and some of the recommendations set forth in, MFA's 2005 Sound Practices under the following categories: management and internal trading controls, responsibilities to investors, valuation policies and procedures, risk monitoring, regulatory controls, transactional practices, and business continuity and disaster recovery.

MFA's 2005 Sound Practices builds on recommendations first published in 2000, and subsequently revised by MFA in 2003, offering sound guidance on business and operational practices. In the 2005 update, MFA has expanded on topics of importance, including internal trading controls, responsibilities to investors, valuation, and risk controls, and has addressed new issues such as compliance programs, codes of ethics, and certain transactional practices. The 2005 Sound Practices is written from a “peer to peer” perspective and focuses on practices that are relevant primarily to the single‐manager hedge fund operation.

Article summarizes an essential hands‐on manual for hedge fund managers.

There is a noticeable confusion in the literature between Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP). The two expressions are very often used interchangeably especially when it comes to their application. In this paper, the differences between business continuity and disaster recovery are discussed. The disaster management cycle is also addressed in order to highlight the importance of having plans before, during and after the occurrence of an incident.

A review of the extant literature on business continuity and disaster recovery was made. A number of different views were then presented in order to provide a better understanding of the two concepts and their potential overlap/connection. The literature review was conducted in 2020 using a variety of academic resources ranging from journal articles to text books and credible Internet websites. Relevant journal articles were obtained from two primary databases: Emerald Insight and EBSCOhost. Keywords, such as DRP, continuity, disruption and BCP, were mainly used to facilitate the search for these resources and other related material.

Reviewing the literature revealed that BCP and DRP are not the same. Yet, they are used interchangeably very often in the literature. This indicates a possible relationship/overlap between the two. The relationship between BCP and DRP can be viewed from a variety of perspectives, which altogether provide a better understanding of their purposes and application.

On top of the need to differentiate between business continuity and disaster recovery, the widespread impact of the current COVID-19 crisis, especially on businesses and supply chains, has unfolded the necessity to deal with business disruptions in all their forms and the significance of quick and effective recovery. This research clarifies the purpose of BCP and the purpose of DRP and their role in combating impacts of disruptive incidents on businesses and organizations.

BCP and DRP are discussed extensively in the literature. Yet, few studies attempted to address the precise functions of the two resulting in an obvious confusion between their meaning and purpose which subsequently reduced the uniqueness of their application and the uniqueness of the application of each. Only a small minority of practitioners and academics recognise the precise differences between the two. This study aims at clarifying this misconception to a wider set of readers and interested parties.

This paper aims to explore the issues of information technology (IT) disaster recovery (DR) and business continuity planning (BCP) in light of Cyclone Gonu in Oman.

The paper includes a survey of the latest literature on the subject, then documents a study of public and private sector organizations together with their DR and BCP practices.

The paper investigates how public and private organizations in Oman plan to respond to disasters. It shows that while some organizations pay attention to the need for DR/BCP, many do not. A significant finding is that while organizations have disaster related plans, almost half of those surveyed do not rehearse them. Nevertheless, organizations surveyed indicate that they have learned valuable lessons from Gonu. It remains to be seen whether these lessons will be turned into effective and properly deployed DR/BCP plans.

This paper draws lessons from the experiences and challenges raised by Gonu, and concludes with a set of recommendations that organizations may adopt to ensure business continuity. It provides a useful evaluation of the preparedness of IT departments in both public and private sectors in Oman. The recommendations given at the end of the paper could be of a great value for many organizations and groups, spreading awareness of the importance of being prepared for such eventualities.

This study aims to review the stages of the traditional disaster timeline, propose an extended version of this timeline and discuss the disaster strategies relevant to the different stages of the extended timeline.

An extensive review of the existing literature was made to discuss the need for an extended version of the conventional disaster timeline and to explain the differences between the various disaster management strategies. The research approach was based on theoretical and practical reasoning underpinned by the literature.

The proposed extended disaster timeline allows better allocation of a wider range of management strategies. Successful disaster management depends on prioritisation of efforts and the use of the right strategy(s) at the right time: before, during and after an incident.

This study provides a better conceptualisation of the disaster stages and corresponding strategies. It clarifies the role of each strategy, thus linking it more effectively with the disaster timeline. Subsequently, this study is expected to improve decision-making associated with the disaster management process. In the end, it is expected to help transforming the conventional disaster timeline into a more practical one that is result-oriented more than only being a conceptual model.

Disaster management strategies are used interchangeably very often in the literature. A few attempts were made to capture multiple strategies in one study to demonstrate what constitutes effective disaster management without mixing irrelevant strategies with the different disaster stages.

The objective of this chapter is to identify the key characteristics of Global Services businesses that will thrive and achieve success in the future. These factors are integrated into three main pillars, which we refer to as the Triple-Win. The first and most obvious pillar is technology as a tool. The second pillar is the design and sustainability of the business model, without which the previous factor would be merely a cost and not an investment. And last but not the least, there is the purpose which gives meaning to the proposal, focusing on the human being and their environment. The DIDPAGA business model sits at the intersection of these three elements.

This study aims to identify the level of security from existing work, analyze categories of security as a service (SECaaS) and classify them into a meaningful set of groups. Further, the report will advise commercial applications and advice of SECaaS as an extended context to help firms make decisions.

This paper compares the SECaaS categories in Cloud Security Alliance (CSA) with the security clauses in ISO/IEC 27002:2013 to give a comprehensive analysis of those SECaaS categories. Reviewed from a number of related literature, this paper analyzes and categorizes SECaaS into three major groups including protective, detective and reactive based on security control perspectives. This study has discussed the three groups and their interplay to identify the key characteristics and problems that they aim to address.

This paper also adds new evidence to support a better understanding of the current and future challenges and directions for SECaaS. Also, the study reveals both the positive and negative aspects of SECaaS along with business cases. It advises on various sizes and domains of organizations to consider SECaaS as one of their potential security approaches.

SECaaS has been demonstrated to be one of the increasingly popular ways to address security problems in Cloud computing. As a new concept, SECaaS could be treated as integrated security means and delivered as a service module in the Cloud. However, it is still in infancy and not very widely investigated. Recent studies suggest that SECaaS is an efficient solution for Cloud and real industries. However, shortcomings of SECaaS have not been well-studied and documented. Moreover, reviewing the existing research, researchers did not classify the SECaaS-related categories.