Disaster Recovery Plan: Case Study of Bank of America

Introduction:

Overview of the disaster recovery plan:

A business needs to deal with many vital operations through which it can provide the services to its clients or customers. Higher the number of customers; higher is the pressure for the business to provide quality services in time. For example, a banking organization needs to provide financial services to its customers and need to manage all its business operations without interruption. However; problem occurs when the business operations are interrupted due to some disasters or the business assets can get damaged heavily causing interruption in the services to the customers (Cortes & Strahan, 2017). Disasters can be hugely devastating for organizations and can come in the form of natural ones or those made by human beings. Although the possibilities of manmade disasters can be reduced by implementing security measures in the network, however; protection against natural disasters such as cyclones, floods and fire breaks can be hugely difficult. This is because natural disasters are uncertain and the consequences can be heavier than that of manmade disasters (Monllor & Murphy, 2017).

However; both these forms of disasters can impact hugely on the flow of business operations in the organizations. Therefore; strategies are required to be made for both and those should be effective for the business as well. This strategies or planning for protection against disasters is known as disaster recovery plan (Wallace & Webber, 2017). A business continuity plan needs to be prepared by analyzing the resources that would be required to make it effective one. In this regard; it is highly important to identify the resources that can get impacted the most by the consequences of disasters. Therefore; planning should be made to protect those assets from getting damaged. The resources that are required for a disaster recovery plan include the stakeholders of the company who can play vital role and the technological requirements (Saheb Jamnia, Torabi & Mansouri, 2015). Moreover; the stakeholders who would be involved in the plan should be made aware of their roles and responsibilities in the process of execution of the plan.

Overview of this report:

This report will develop a disaster recovery plan for a banking organization known as Bank of America. Due to the fact that the banking organizations perform extremely critical business operations and a large section of public in a country is dependent on the banking organizations for financial services; therefore; it is required to be ensured that the business assets of these organizations are not damaged due to disasters (Nitescu, 2016). Even protection of the digital information and infrastructures is equally important so that these organizations are able to provide uninterrupted services to their customers. This report will thus analyze the assets of the Bank of America that are required to be protected from natural disasters and the process of recovering the assets after the effects of natural disasters. The resources that will be required will be highlighted along with making the stakeholders aware of their roles and responsibilities in disaster recovery planning.

Discussions:

Background of the company:

The company in discussion is the Bank of America which is the second-largest banking organization of the United States of America. The headquarters of the Bank of America is based in New York. This is also the ninth-largest banking organization in the world. The services of the bank include opening of savings and current account of the customers, providing financial solutions, providing credits and loans and investing in various projects ('Bank of America - Banking, Credit Cards, Home Loans and Auto Loans', 2019). Bank of America deals with millions of customer both in The United States and as well as in other countries. Therefore; it requires uninterrupted services to meet with the financial demands of the customers. The business assets of the bank are extremely critical and important and these are required to be protected from getting damaged or lost. Similarly, data of the bank are also highly confidential as those contain the data of the financial information of the customers and the clients and vital information of the business. Therefore, it will be important to identify the assets which are required to be protected from the impact of natural or manmade disasters.

Assets which are required to be protected:

A banking organization has some critical assets. These assets are of two types- physical and non-physical. Some of these are:

Physical assets

• Server
• Computers
• Equipment of financial services
• Vaults
• Cash

Non-physical assets:

• Data of the customers
• Data of loan and mortgages
• Balance sheet
• Financial reports
• Investment reports
• Website of the bank
• Online banking system

Therefore; both these assets are required to be protected and also kept at a safe distance from the impact of the disasters. There are other assets of the bank; however; the above-mentioned assets are most critical and requires to be protected from the impact of natural and manmade disasters. After this, the focus will be given on identifying the risks from the disasters and their impacts on the business operations of the bank.

Risk analysis:

After identifying the important assets of the Bank of America; next focus will be on conducting a risk analysis. Risk analysis is going to be extremely important in order to identify the risks and further evaluating them to provide required mitigating solutions (Birkmann et al., 2016). This is thus a vital part of the disaster recovery plan for the Bank of America.

• Risks
• Result
• Type
• Probability
• Impact

Break down or damage of the server

This can result in deletion of the database of the bank which contains vital business information. Damage of the server can delete vital data of customers and other clients.

• Natural
• High
• High

Disclosure, alteration and deletion of data from the database

This can occur when the hackers are able to access the database of the bank. This can result in access of confidential information of the customers and the business which in turn can result in privacy issues. This can also result in legal issues for the bank

• Manmade
• High
• Medium

Damage of the assets such as computers, printers and others

This can occur due to impact of natural disaster which can result in huge financial losses for the bank. The systems may contain vital information of the business and if this is lost; then the bank can find it extremely difficult to get it revived.

• Natural
• Medium
• Medium

Damage of physical data and cashes

This can occur due to either fire or floods and can result in huge damage for the bank. If the cashes of the public are damaged, then the bank can get into huge financial losses

• Natural
• High
• High

Spoofing or denial of service attack in the online banking system of the bank

This can result in huge financial losses for the customers. Hackers can spoof the bank as authorized users and steal the credentials of the users to steal the money from their account. Denial of service attack can prevent the customers to conduct financial transactions in an uninterrupted way.

• Manmade
• Medium
• High

Injection in the database of the bank and scanning of the vulnerabilities

In this risks; hackers can conduct SQL injection process and find the vulnerabilities in the database (Batista et al., 2019). They can change or modify the tables and columns and even the data of the customers; thus creating huge problems of database management of the bank

• Manmade
• Medium
• High

Ransomware attack

In this process; hackers can send the ransomware in the systems of the bank and can take possession of the data stored in those systems until some amounts are not disbursed to them (Kharraz et al., 2015). This can result in both financial losses as well as interruption in the customer service.

• Manmade
• Low
• High

Thus, in this process; the probable risks of the disasters have been identified and in the next process; focus will be given on mitigation of these risks through suitable process as a part of the disaster recovery plan.

Plan for mitigation of these risks:

• Break down or damage of the server: As identified in the risk analysis; this issue can occur due to natural disasters such as cyclones. In order to mitigate the risk, the first focus of the Bank of America should be given on finding a suitable offsite storage in which the server can be replicated and even if the server in the main centre is damaged; then also the data can be revived and the business operations can continue. Therefore; an emergency operation centre should be developed in which a replication of the server of the bank can be kept and the data that are stored in the server should be replicated in that server (Cook, 2015). The emergency operation centre should be developed in a location which is far away from the main centre.
• Disclosure, alteration and deletion of data from the database: The best preventive measure of the impact of this risk is to create proper backup of the data. For this, an offsite storage should be identified and the data of the business should be kept as backup (Testardi, Cometto & Kulangare, 2016). Physical devices such as pen drives and external hard discs can be used to store small amount of data which are required to be revived immediately after the occurrence of the disaster. The emergency operation centre can act as the suitable offsite data storage for the bank.
• Damage of the assets such as computers, printers and others: This issue can be also mitigated with the help of developing an emergency operation centre.
• Damage of physical data and cashes: Cashes should be kept in a safe vault which should be damage proof. Physical data should be kept as duplicate copies and the duplicate copies should be kept in offsite storage.
• Spoofing or denial of service attack in the online banking system of the bank: To prevent this; the authentication and authorization system in the online banking should be enhanced with process such as two step authentication in which customers can login in their account with passwords and one time passwords.
• Injection in the database of the bank and scanning of the vulnerabilities: To mitigate these risks; the security of the network of the bank should be enhanced and principle of lest privilege should be used.
• Ransomware attack: For mitigating this risk, systems should be implemented with suitable anti malware software and antivirus along with creating proper backup of data (Scaife et al., 2016).

After identifying the mitigation process of the risks, next focus of the disaster recovery plan will be given on identifying the resources which will be important for implementing this plan with success.

Resources required for the plan:

Technical resources: Emergency operation centre, offsite storage, firewall implementation, encryption of data, update of software, update of hardware

Non-technical resources: Teams to execute the plan, finances, stakeholders of the company, suppliers of the resources, training of the employees

Roles and responsibilities of the stakeholders:

After identifying the resources required for executing the disaster recovery plan; next focus will be given on making the stakeholders aware of their respective role and responsibilities in the plan.

• Stakeholders
• Responsibilities
• Board of Directors

To provide consent of the plan and to ensure proper support for the execution

Save your time!
We can take care of your essay

• Proper editing and formatting
• Free revision, title page, and bibliography
• Flexible prices and money-back guarantee

Place Order

• Operational Manager

To monitor the project and to ensure supply of the resources

• Finance Managers

To manage the budget of the plan and to ensure cash flow in uninterrupted during the execution of the project

• Investors

To supply the finances required for proper execution of the project

• Suppliers

To ensure proper supply of the resources and to maintain communication with the operational manager

• Network administrator

To find the vulnerabilities in the network of the bank and to conduct the required risk mitigation process

• Database administrator

To find out the vulnerabilities in the database and to implement the process of data backup and the security processes for the database

• Trainer

To provide the required training to the employees on the aspect of security practices and the process of recovery of data

• Project teams

To execute the plans with perfection and to communicate with the project manager

• Project manager

The most important stakeholder for this plan and needs to supervise the projects along with maintaining communication with the project teams and higher authorities of the bank

Thus, the stakeholders involved in this plan should be aware of the steps that will be involved to execute their roles with perfection. The plan will be provided to them in a document basis and the contact information of important stakeholders associated with this plan is given below:

Name of the stakeholder

Contact number

Allan Richard, CEO 7318239782

James Smith, Project manager 7660321798

Stevens McDermott, Operational manager 9238794231

Nichols Smith, Network Administrator 7335614783

Sarah Davis, Database Administrator 9239874234

Tim Hales, Alice Johnson, Joint trainers 9239424789, 7335692543

These contact number should be used at the time of any emergencies and any requirements which are required to be cleared.

Policies to be followed:

Team members and other stakeholders are required to follow these policies in order to make this project a successful one and to enhance the process of communication. The policies are as following:

• Stakeholders except the Board of Directors are required to participate in every meeting in which they are asked to attain.
• The team members should report all the problems that they find in the execution phase to their project managers
• Without prior notice; none of the team members are allowed to take a leave or leave the project at any point of time
• There can be changes in the plan in the execution phase according to the need of the proper security measures and those changes should be disclosed to all the participants
• Transparency in the aspect of information flow should be maintained between all the participants of this project.
• The information that will be shared in the meetings and during the execution of the project should not be disclosed to any third parties without the consent of the project manager.
• All the ethics of this project should be followed and those who would violate the policies will be subjected to strict actions which can be legal as well.

Conclusions and recommendations:

Conclusions:

This study thus highlighted a disaster recovery plan for the Bank of America. The plan has been made after identifying the critical assets of the business which are required to be protected from the impact of disasters and the risks that can arrive from the disasters which can have huge impact on the business continuity of the bank. The technical and non-technical resources required for the project have been highlighted. Role and responsibilities of the stakeholders involved in this project have been highlighted as well. Lastly, focus has been given on providing some policies of the project which are required to be followed by the participants of the plan.

Recommendations:

For the successful implementation of the disaster recovery plan for the Bank of America, communication between the participants will be extremely important. Along with this, focus in the future should be given on conducting risks audits and testing of the plan on a scheduled basis. This will help in identifying the vulnerabilities which can be unexpected and cannot be identified in the current situation. A scheduled update of the plan should be conducted to make it up to date with the security measures that would be required to mitigate the impact of the disasters in the future. The Board of Directors of the company should actively participate in the plans in the future to help the stakeholders aware of the importance of executing of these plans.

References:

1. Bank of America - Banking, Credit Cards, Home Loans and Auto Loans. (2019). Retrieved from https://www.bankofamerica.com/
2. Batista, L. O., de Silva, G. A., Araújo, V. S., Araújo, V. J. S., Rezende, T. S., Guimarães, A. J., & Souza, P. V. D. C. (2019). Fuzzy neural networks to create an expert system for detecting attacks by SQL Injection. arXiv preprint arXiv:1901.02868. https://arxiv.org/pdf/1901.02868
3. Birkmann, J., Wenzel, F., Greiving, S., Garschagen, M., Vallée, D., Nowak, W., ... & Fiedrich, F. (2016). Extreme Events, Critical Infrastructures, Human Vulnerability and Strategic Planning: Emerging Research Issues. Journal of Extreme Events, 3(04), 1650017. https://www.worldscientific.com/doi/pdfplus/10.1142/S2345737616500172
4. Cook, J. (2015). Six-stage business continuity and disaster recovery planning cycle. SAM Advanced Management Journal, 80(3), 23-35. https://go.galegroup.com/ps/i.do?p=AONE&sw=w&u=googlescholar&v=2.1&it=r&id=GALE%7CA432064503&sid=googleScholar&asid=bf2f85e1
5. Cortés, K. R., & Strahan, P. E. (2017). Tracing out capital flows: How financially integrated banks respond to natural disasters. Journal of Financial Economics, 125(1), 182-199. https://www.aeaweb.org/conference/2016/retrieve.php?pdfid=121
6. Kharraz, A., Robertson, W., Balzarotti, D., Bilge, L., & Kirda, E. (2015, July). Cutting the gordian knot: A look under the hood of ransomware attacks. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (pp. 3-24). Springer, Cham. http://193.55.114.4/docs/dimva15_ransomware.pdf
7. Monllor, J., & Murphy, P. J. (2017). Natural disasters, entrepreneurship, and creation after destruction: A conceptual approach. International Journal of Entrepreneurial Behavior & Research, 23(4), 618-637. https://www.researchgate.net/profile/Patrick_Murphy4/publication/315343244_Natural_disasters_entrepreneurship_and_creation_after_destruction/links/59f724fda6fdcc075ec62f97/Natural-disasters-entrepreneurship-and-creation-after-destruction.pdf
8. Nițescu, D. C. (2016). New pillars of the banking business model or a new model of doing banking?. Theoretical & Applied Economics, 23(4). http://store.ectap.ro/articole/1229.pdf
9. Saheb Jamnia, N., Torabi, S. A., & Mansouri, S. A. (2015). Integrated business continuity and disaster recovery planning: Towards organizational resilience. European Journal of Operational Research, 242(1), 261-273. https://bura.brunel.ac.uk/bitstream/2438/11835/1/Fulltext.pdf
10. Scaife, N., Carter, H., Traynor, P., & Butler, K. R. (2016, June). Cryptolock (and drop it): stopping ransomware attacks on user data. In 2016 IEEE 36th International Conference on Distributed Computing Systems (ICDCS) (pp. 303-312). IEEE. https://regmedia.co.uk/2016/10/27/scaife-icdcs16.pdf
11. Wallace, M., & Webber, L. (2017). The disaster recovery handbook: A step-by-step plan to ensure business continuity and protect vital operations, facilities, and assets. Amacom. http://catalogelepdf.com/the-disaster-recovery-handbook-a-step-by-step-plan-to-ensure-business-continuity-and-protect-vital-michael-wallace-larry-webber-the-oldest-ebook-arhive-online.pdf