December 1999
SC223 : COMPUTER SECURITY

QUESTION 4

Total Marks: 15 Marks

• Question 1
• Question 2
• Question 3
• Question 5
• Cover Page

SUGGESTED SOLUTIONS
Solutions and allocated marks are indicated in green.
Return to Question 4

The three main stages of disaster planning are risk assessment, constructing a plan, and testing the plan.
Stages of disaster planning:

(i) Explain the goals of these stages. [3 marks]
(i)Goals of disaster planning:

Assessment: to determine what might happen;
Planning: to decide what to do about it;
Testing: to make sure that you can do it, and that it helps recovery. (1 mark each.)

(ii) Identify the major tasks involved in each stage.[8 marks]
(ii)Tasks of each stage:

Assessment:

• identify disasters that may occur;
• determine possible consequences of these disasters;

Planning:

• perform a cost-benefit analysis of protecting resources;
• decide on priorities — what to restore first;
• allocate responsibilities to personnel;
• locate and prepare backup resources; Testing:
• conduct simulations;
• evaluate results, and modify plans as necessary.

(1 mark for each task; other reasonable answers should be credited.)

Why is it important to obtain high-level management support for disaster planning?
Disaster planning takes time, and hence money (1 mark). If staff are too busy coping with day-to-day tasks, they will have no time to prepare for emergencies (1 mark). [2 marks]

What are the advantages and disadvantages of a cooperative agreement for backup facilities, versus a complete set of duplicate facilities?
A cooperative agreement is cheap (1 mark), whereas a duplicate set of facilities is likely to be more reliable and provide a faster response. (1 mark).