Potential Disasters an Organization May Face

The goal of this assignment is to list between 10 and 15 disasters which may strike a typical organization, describe the impact each could have on the organization, and state methods by which the organization can either prevent or mitigate the damage from the disaster.

Severe Weather Events

Severe weather events include occurrences such as earthquakes, tornados, ice storms, and blizzards that can both impair the abilities of personnel to travel to work and damage the physical security of an organization. The methods used to prepare for a severe weather event vary depending on the event in question, so organizations should focus their prevention efforts on the specific events that they are at the highest risk of experiencing. It would also be wise for organizations to establish a remote access policy so that essential users have a method of accessing the organization’s network from home in the event that a weather event prevents them from getting to work.

Building Fires

Building fires are a disaster that has the potential to cause catastrophic damage to an organization’s information systems, physical assets, and staff. The probability of a fire occurring in a specific building is relatively low, but there are a number of risk factors that dramatically increase the chances of one occurring. (Yuan-Shang, 2005) Avoiding common fire hazards such as poor maintenance of electrical systems, improper storage of flammable materials, unmaintained alarm systems, and a lack of fire suppression methods is crucial for an organization to minimize its risk of being subject to a building fire.

It is also essential for an organization to have a response plan in the event a fire does occur in order to minimize the damage sustained. Fire extinguishers should be easily located and staff should know how to properly use them. Fire drills should be conducted regularly so occupants know how to safely evacuate. Automated fire suppression systems such as sprinklers should be maintained in order to prevent damage to critical assets such as servers and other network hardware before fire prevention authorities are able to respond.

Flooding

The risk of an organization suffering flood damage will vary considerably from region to region, but unexpected floods do occur and an unprepared organization could suffer significant damage if their property is flooded. Luckily, some simple preparatory steps can minimize the damage sustained by an organization in the event of a flood. These steps include building with water-resistant materials, applying a waterproof coating to walls, sealing windows and doors, bolstering walls against flood pressures and debris, and installing a pump system capable of removing floodwaters. (Insurance Institute for Business and Home Safety, 2012.)

Extra care should be taken to prevent damage to critical hardware such as servers and other network infrastructure. Such assets should be raised above the 100-year flood level to ensure they don’t sustain water damage if floodwaters do enter the building.

Network Systems Failure

Another possible disaster event is the failure of an organization’s network. While the damage caused by such an event will be relatively minor in most cases, it could result in lost productivity and revenue depending on how critical the connection is to a given organization’s routine operations. In some cases, this cannot be avoided, for example, if the failure is caused by the organization’s ISP rather than a hardware problem, but in other cases, it is a preventable issue. Organizations should maintain backups of key network infrastructure in case of a hardware failure, and should always have somebody on site who is capable of diagnosing and fixing connection problems.

Database Failure

Database failures can occur at any time and if not properly prepared for can cause catastrophic damage to an organization through the loss of critical data. All organizations with a cache of important data should take steps to ensure this data is not lost in the event that primary databases fail. There are a number of methods to prevent such data loss, including the use of frequent data backups, secondary power supplies, and the use of clustered configurations. (Microsoft, n.d.) Organizations with multiple sites spread over a diverse geological area should consider spreading their data clusters across their various sites to reduce the risk of a localized disaster damaging all of their data storage hardware.

Civil Unrest

Computer models that analyze vast swaths of news stories and compare them with other types of data are predicting increases in civil unrest during the coming years. (Emsak, 2011) While organizations in rural areas and outside of city centers have a much lower risk of sustaining damages due to civil unrest, organizations with a physical presence in high population areas do bear a real risk of experiencing both property damage and assaults on personnel. Such organizations should have a plan in place for how to secure their property in the event of rioting. For example, institutions with high-value equipment should consider having private security available.

A Breach in Network Security

An information technology breach can be a catastrophic event for many institutions, especially ones that store critical data which could cause harm if stolen or made public. Theft of such data could cause an organization to violate the trust of its stakeholders and in some cases industry regulations or legal statues. In order to prevent a breach in network security, organizations should both protect their network from outside attacks through the use of firewalls, encryption, and other methods of preventing hacking attacks as well as protecting it from malicious attacks and human error by establishing a data access policy which allows sensitive data to only be viewed by employees which have a clear business need to do so. A system that allows the auditing of who has viewed sensitive data is crucial to ensuring compliance with such policies.

Power Outages

Power outages don’t pose the immediate threat that other types of disasters do, but can still have a significant negative impact on an organization that isn’t properly prepared. Organizations such as campus laboratories or healthcare facilities are especially vulnerable, but the loss of power can cause at the very least interruption of normal operations.

The most important step in preparing for a power outage is to have emergency generators in place to provide power to the most essential facilities. A campus lab that relies on active ventilation, for example, will want to keep such systems powered to prevent harm caused by a build-up of chemical fumes. It is also important for there to be a set of policies that govern how individuals should respond to a power outage. At least one person on-site, for example, should have a pre-defined responsibility to determine the cause of the outage and take any needed steps to restore power.

Disease Outbreak

An outbreak of a communicable and infectious disease amongst members of an organization can have ramifications ranging from a simple loss of productivity to the loss of essential personnel. Prior preparation is the best way to minimize the risk of an outbreak occurring and to limit the scope of the damage if an outbreak is inevitable. (UK Health Protection Agency, 2012)

Important steps in preventing disease outbreaks include the implementation of health screenings for particularly threatening diseases such as tuberculosis, and having a sick leave policy that allows an ill employee to not feel obligated to come into work where they stand the chance of infecting other members of the organization.

Social Engineering Attacks

A growing trend is the use of human interaction by an attacker to obtain or compromise information about an organization. These attacks differ from typical hacking attempts, as they can capitalize on poorly trained employees to get access that would be difficult or impossible to get through alternative means. These attacks can have a similar impact on an organization as a data leak caused by other methods but are unique in that preventing them requires training employees on how to recognize and prevent them. To prevent damage from social engineering attacks, an organization should train their employees to be suspicious of any unsolicited messages asking for internal information and to always verify the identity of individuals making such requests before providing any non-public information.

Conclusion

This assignment was useful because performing the research needed to complete it showed the myriad of different disasters that could befall an organization, as well as the amount of work needed to avoid them.

References

Emsak, J. (2011, September 8). Supercomputer Predicts Civil Unrest: Discovery News. Retrieved from http://news.discovery.com/tech/supercomputer-predicts-civil-unrest-110908.htm

Insurance Institute for Business and Home Safety (2012). Reducing Property Damage from Floods. Retrieved from http://www.disastersafety.org/flood/protect-property-from-floods/

Microsoft (n.d.). Preventing Hardware Failures. Retrieved from http://www.msdn.microsoft.com

UK Health Protection Agency (2012, May 18). The Communicable Disease Outbreak Plan. Retrieved from http://www.hpa.org.uk/webc/hpawebfile/hpaweb_c/1317135166228

US Computer Emergency Readiness Team (2009, October 22). Avoiding Social Engineering and Phishing Attacks | US-CERT. Retrieved from http://www.us-cert.gov/ncas/tips/ST04-014

Yuan-Shang, L. (2005, November). Estimations of the probability of fire occurrences in buildings. Retrieved from http://www.sciencedirect.com/…/article/pii/S0379711205000834