Question

1. What strategies can be used to test contingency plans? [MANAGEMENT OF INFORMATION SECURITY]

Answer 1

Strategies of Testing Contingency Plans(MANAGEMENT OF INFORMATION SECURITY):-

Once problems are identified during the testing process, improvements can be made, and the resulting plan can be relied on in times of need.

There are five testing strategies that can be used to test contingency plans:

1. Desk Check
2. Structured walkthrough
3. Simulation
4. Parallel testing
5. Full interruption

1. Desk Check:- The simple kind of validation involves distributing copies of the appropriate plans to all individuals who will be assigned roles during an actual incident. Each of these people performs a desk check by reviewing the plan and creating a list of correct and incorrect components. While not a true test ,this strategy is good way to review the perceived feasibility and effectiveness of plan.

2.Structured walkthrough:- In a structured walk-through, all involved individuals walk through the steps they would take during an actual event. This exercise can consist off of an on site walk-through in which everyone discuss their actions at each particular location and juncture ,or it may be more of a talk-through or chalk-talk,in which all involved individuals sit around a conference table and discuss in turn their responsibilities as the incident unfolds.

3.Simulation:- In a simulation ,each person works individually , rather than in a group setting to simulate the performance of each talks . The simulation stop short of performing the actual physical tasks required ,such as installing the backup data or disconnecting the communication circuit, the major difference between a Walkthrough and simulation is that individual work on their own talks and are responsible for identifying the faults in their own procedures.

4.Parallel testing:- In a parallel testing individuals act as if an actual incident occurred and begin to performing their required tasks and executing the necessary procedures, without interfering with the normal operations of their business great care must be taken in ensure that the procedure performed do not halt the operation of the business function ,thereby creating and actual incident.

5.Full interruption:-In full-interruption testing ,the individuals follow each and every procedure, including the interruption of service, restoration of data from backups,and notification of appropriate individuals .This exercise is often performed after normal business hours in organizations that cannot afford to disrupt or simulate the disruption of business function .Although full-interruption testing is the most rigorous testing strategy ,it is unfortunately too risky for most Businesses.