How to Create an Effective Business Continuity Plan

Business continuity and disaster recovery planning: The basics Disaster recovery and business continuity planning are processes that help organizations prepare for disruptive events—whether those event might include a hurricane or simply a power outage caused by a backhoe in the parking lot. The CSO's involvement in this process can range from overseeing the plan, to providing input and support, to putting the plan into action during an emergency. This primer (compiled from articles on CSOonline) explains the basic concepts of business continuity planning and also directs you to more resources on the topic. Last update: 4/2/2012. Q: "Disaster recovery" seems pretty self-explanatory. Is there any difference between that and "business continuity planning"? A: Disaster recovery is the process by which you resume business after a disruptive event. Given the human tendency to look on the bright side, many business executives are prone to ignoring "disaster recovery" because disaster seems an unlikely event. What do these plans include? Where do I start?

Public-key cryptography An unpredictable (typically large and random) number is used to begin generation of an acceptable pair of keys suitable for use by an asymmetric key algorithm. In an asymmetric key encryption scheme, anyone can encrypt messages using the public key, but only the holder of the paired private key can decrypt. Security depends on the secrecy of the private key. In the Diffie–Hellman key exchange scheme, each party generates a public/private key pair and distributes the public key. Public-key cryptography, also known as asymmetric cryptography, is a class of cryptographic algorithms which requires two separate keys, one of which is secret (or private) and one of which is public. Public-key algorithms are based on mathematical problems which currently admit no efficient solution that are inherent in certain integer factorization, discrete logarithm, and elliptic curve relationships. Message authentication involves processing a message with a private key to produce a digital signature.

How to view and manage event logs in Event Viewer in Windows XP This article describes how to use Event Viewer to view and manage event logs in Microsoft Windows XP. Event Viewer In Windows XP, an event is any significant occurrence in the system or in a program that requires users to be notified, or an entry added to a log. The Event Log Service records application, security, and system events in Event Viewer. Event Log Types A Windows XP-based computer records events in the following three logs: Application log The application log contains events logged by programs. How to View Event Logs To open Event Viewer, follow these steps: Click Start, and then click Control Panel. How to View Event Details To view the details of an event, follow these steps: Click Start, and then click Control Panel. How to Interpret an Event Each log entry is classified by type, and contains header information, and a description of the event. Event Header The event header contains the following information about the event: Date The date the event occurred. Event Types Applies to

Risk Mitigation Planning, Implementation, and Progress Monitoring Definition: Risk mitigation planning is the process of developing options and actions to enhance opportunities and reduce threats to project objectives [1]. Risk mitigation implementation is the process of executing risk mitigation actions. Risk mitigation progress monitoring includes tracking identified risks, identifying new risks, and evaluating risk process effectiveness throughout the project [1]. Keywords: risk, risk management, risk mitigation, risk mitigation implementation, risk mitigation planning, risk mitigation progress monitoring Background Risk mitigation planning, implementation, and progress monitoring are depicted in Figure 1. The risk mitigation step involves development of mitigation plans designed to manage, eliminate, or reduce risk to an acceptable level. Risk Mitigation Strategies General guidelines for applying risk mitigation handling options are shown in Figure 2. Risk mitigation handling options include: Best Practices and Lessons Learned What actions are needed?

Heuristic analysis This article is about antivirus software. For the use of heuristics in usability evaluation, see Heuristic evaluation. Heuristic analysis is a method employed by many computer antivirus programs designed to detect previously unknown computer viruses, as well as new variants of viruses already in the "wild".[1] Heuristic analysis is an expert based analysis that determines the susceptibility of a system towards particular threat/risk using various decision rules or weighing methods. How it works Most antivirus programs that utilize heuristic analysis perform this function by executing the programming commands of a questionable program or script within a specialized virtual machine, thereby allowing the anti-virus program to internally simulate what would happen if the suspicious file were to be executed while keeping the suspicious code isolated from the real-world machine. Effectiveness References External links

ICABC: Industry Insights -- <strong>Risk Management:</strong> Understanding Risk Mitigation Risk Management: Understanding Risk MitigationIndustry Insights · February 2011 Download PDF Version By Lisa Dorian, CA∙CIA Risk management is all about understanding risks that can impact your organizational objectives, and implementing strategies to mitigate and manage those risks. In this article, we examine the most common mitigation strategies and how they can be used to effectively manage risk. When mitigating or managing risks, here are three steps to consider: What is the organization's appetite and tolerance for risk? Risk mitigation strategies Avoidance Some risks aren't worth taking in the first place. Acceptance Without risk there is no reward. Transference Risk transference is the process of transferring any losses incurred to a third party, such as through the use of insurance policies. Control A control is a procedure used to either prevent a risk from occurring or detect a risk after it has occurred. Figure 3 shows the link of control activities to the risk prioritization map.