Emergency Preparedness Design
Design a preparedness plan for your agency or organization.
Include all aspects of the preparedness model, survey to identify threats and vulnerabilities, analyze all available material, plan how to prepare, prevent and/or respond, and mitigate any impact.
Use APA Style to document your research. Length should be 8 – 10 pages.
Emergency Preparedness Design
Organizations are prone to a wide range of threats and risks, both internal and external and have a negative impact; thus, there is a need to adopt emergency preparedness and response plan in the interest of business continuity and prosperity. Attacks are normal in businesses and organizations. Thus, the management or related parties need to take the relevant measures to counter threats and risks or address them in good time when they occur in an organization (Aruru, Truong, and Clark, 2020). In this regard, the different risks to a business include location hazards such as fires or storm damage, technological risks such as power outages, hacking, cyber-attacks, service outages, password theft or security, and fraud or security and fraud risks. The different risks and threats have devastating impacts on a business to run businesses down or reduce their productivity and efficiency. Consequently, the emergency preparedness plan is implemented in parts or processes that involve prevention, mitigation, preparedness, response, and recovery. Emergency preparedness is effectively backed up by emergency management elements, emergency response procedures. The agency needs to adopt a robust and progressive emergency preparedness plan to counter and address threats and vulnerabilities in business and operations continuity and prosperity.
Preparedness plan design
Survey to identify threats and vulnerabilities
The agency needs to survey the threats and vulnerabilities exposed to its operation. The survey is vital in ensuring that the agency understands and identifies the available risks and threats in preparation to handling them through countering, preventing, or mitigating them in the interest of organizational safety and security. The listing, identification, and ranking based on their importance and likelihood of occurring (Pernik, Wojtkowiak, and Verschoor, 2016). The information provides information on the steps to take and the resources to address the risks and threats. The survey on the threats and vulnerability ensures that the agency engages in the relevant and appropriate investment concerning the threats and risks linked to the agency.
The survey on the threats and vulnerabilities need to be done based on the risk assessment approach. The risk assessment needs to be conducted from an all-hazard approach affecting the agency. The risk matrix enhances identifying areas where investments in risk and threat countermeasures are required (Pernik, Wojtkowiak, and Verschoor, 2016). The agency staff used the risk matrix to categorize risks and emergencies based on their impact on the organization in the event that they occurred.
The risk matrix evaluates all the facility faces’ potential emergencies gives one a head start on the preparedness operations. The operations ensure that that the management can request emergency preparedness.
Image 1: The above image indicates a sample risk matrix that can be adopted to identify and rank risks to ensure that the preparedness plan handles all the threats and vulnerabilities affecting its organization.
Retrieved from: https://www.facilitiesnet.com/emergencypreparedness/article/5-Steps-To-Emergency-Preparedness-For-Any-Disaster–17186
The agency identifies that the most probable threats are physical and technological threats. In this regard, the agency handles sensitive and confidential operations and documents; thus, it will be vulnerable to cyber-attacks, theft and fraud, service outages, and system compromised by attackers. The different threats can compromise the organizational operations that appropriate emergency preparedness plans need to be adopted to enhance the security and safety of organizational resources.
Analysis of available materials
Identifying the risks and vulnerabilities will incline the agency to form a team to analyze the available materials concerning the agency’s threats and vulnerabilities (Shackelford and Bohm, 2016). The available materials indicate the agency’s position concerning countering threats and vulnerabilities, thus creating additional measures and material that need to be adopted to achieve the desired security and safety.
The emergency plans need to be a product of an inclusive team that evaluates the organization’s needs concerning the existing threats and vulnerabilities. The teams need to be composed of experts from different departments, enabling the plan’s overall span, including the cycle of the four phases of emergency management. The team evaluates the available materials and the packing materials from the different phases in the emergence management (Shackelford and Bohm, 2016). In this case, the available materials and the lack of materials to achieve the desired security and safety measures are assessed from the mitigation, preparedness, response, and recovery phases. Every phase has its role in enhancing the security and safety of the organizational operation.
The emergency preparedness experts and representatives from the safety, security, public relations, human resources, communications operations, and upper management needs to be involved in the analysis of the available materials and the lacking material to ensure that there is sufficient recommendation on materials to be included in achieving the goals and objective of the emergency preparedness plan.
The experts’ team’s analysis of the available materials at the agency’s agency indicates that there is a lack of materials, thus leaving a security gap and making the agency vulnerable. The assessment indicates that the agency operates under obsolete technology, prone to be compromised by the attackers (Shackelford and Bohm, 2016). The attackers have consistently advanced in the technology and innovation required in launching cyber-attacks; thus, the organization needs to adopt the necessary measures and materials to counter the attacks. Furthermore, the agency does not have sufficient staff members to counter the advanced threats and vulnerabilities linked to the organization. Therefore, the organization needs a comprehensive restructuring of its functions and equipment to counter the available threats and vulnerabilities effectively. Additionally, the agency needed to update its alert and response procedures to counter the current and future threats and vulnerabilities effectively.
Preparedness plan
The emergency preparedness plan is implemented in five different steps: prevention, mitigation, preparedness, response, and recovery. The emergency plan details the different emergencies involved, consequences, required actions, written procedures, and the available resources (Shafqat and Massod, 2016). The emergency response personnel need to be included in the plan indicating their different duties and responsibilities. A comprehensive emergency preparedness plan enhances the facilitation and organization of the different parties’ action when an emergency arises in the workplace.
Prevention/response
The prevention phase entails the actions adopted in avoiding the incident or stopping an incident from occurring. Different prevention steps need to be adopted to ensure that the agency counters threats and vulnerabilities in the course of its operations (Newhouse et al., 2017). In this regard, the agency needs to have strong passwords to protect its computer and other related resources. The different departments’ professionals need to have different password combinations for different accounts to ensure that they are safe and secure.
The computer and related devices such as servers need to be effectively secured to ensure that they are not compromised. The computer firewall needs to be activated as they form the first cyber defense line by blocking unknown sites, viruses, and hackers (Newhouse et al., 2017). The anti-virus and malware software need to be installed and regularly updated to ensure that viruses are prevented from compromising the computer. The spyware attacks need to be blocked, thus ensuring that spyware is prevented from infiltrating a computer.
The agency needs to effectively secure mobile devices to ensure that security and safety measures on the devices are upheld (Newhouse et al., 2017). The agency operates a wide range of mobile devices both in the offices and in the field, making them vulnerable to attacks. Mobile devices are vulnerable to hackers and viruses; thus, the employees need to only download applications from trusted sources.
The agency needs to install the latest operating system updates as they have advanced and current security features. The application and operating systems such as Linux, Mac, and Windows need to be current and with the latest updates (Srinivas, Das, and Kumar, 2019). The presence of automatic updates ensures that potential attacks on older software are effectively prevented.
Additionally, the identity of the employees and employer should be protected to avoid being scammed. The personal information concerning employees, such as names, addresses, phone numbers, and financial information on the internet, should be kept a secret (Srinivas, Das, and Kumar, 2019). The website should be secured, and privacy settings enabled to enhance their safety.
Preparedness plans
The preparedness plan entails the organizational capability to respond to disasters as they occur. The preparedness plan regarding threats and vulnerabilities in the agency needs to ensure that agencies can counter threats and vulnerabilities (Spidalieri, 2015). In this regard, preparedness takes the training of employees and any other party involves in the agency to ensure that they use the organization’s resources while maintaining high security and safety measures. The employees and parties related to the agency need to be regularly be involved in cyber-security training sessions to ensure they have the skills and knowledge to use the available resources and material.
The agency needs to conduct disaster exercises to reinforce and test its capabilities. Emergency drills need to be run in the organization to test the employees’ capability and the available equipment to counter them and restore normal operations (Spidalieri, 2015). The regular testing and drills ensure that organizations determine their capabilities to counter threats and vulnerabilities and consistently reinforce their capabilities.
Additionally, the preparedness plans can be achieved by adopting rules, regulations, and codes in the organization for the use of different materials and employee conduct to ensure that threats and vulnerabilities are effectively countered (Spidalieri, 2015). For instance, there are occupational and safety regulations and corporate policies to ensure that organization resources are used while observing high security and safety measures.
Response plans
The response plans detail the actions taken immediately, before, during, and immediately after a threat or vulnerability to an organization. The responses aim to reduce economic losses and counter the damage associated with risks and threats (Sabillon, Cavaller, and Cano, 2016). In this regard, the response to the threats and vulnerabilities takes the emergency operations center’s activation to handle the vulnerability to the point that it is controlled and contained.
The response can protect and separate the threatened department or devices in the organization to ensure that the attacks are constrained (Sabillon, Cavaller, and Cano, 2016). For instance, the servers and operations centers need to be protected in an emergency, ensuring that organizational resources and information are safe and secure.
The organization needs to have an effective communication plan to ensure that it is sufficiently prepared to counter threats and vulnerabilities in an organization. Communication ensures that the organizational team coordinates and cooperates in the threat and vulnerability counter operations (Sabillon, Cavaller, and Cano, 2016). The communication plan needs to ensure that the relevant parties are informed upon an emergency; thus, combined efforts are used to contain the attacks.
Emergency response procedures
The agency needs to develop or update the emergency response procedure to ensure that current and future vulnerability and threat emergencies are effectively countered. The emergency procedures determine the capability of the facility to respond to emergencies (Zimmerman, 2014). The procedures need to be created as a checklist that can be accessed by all parties in the agency, such as the senior management, heads of different departments, response team, and general employees, to ensure that the agency is able to recover and restore their operations.
Actions in emergency response procedure
a. The assessment of the situation to understand and make appropriate decisions.
b. protection of critical information and resources to ensure that they are safe in the course of restoration.
c. Initiation of business back up and running of operations.
d. Warning the employees, customers, and other parties affected by the threats to ensure that they take the necessary precautions.
e. Creating an effective communication plan and strategy with employees at every level to enhance cooperation and coordination in countering the threat and vulnerabilities.
f. Conducting a risk assessment to determine the extent of the damage to enhance the restoration operations.
g. Manage the response activities to ensure that restoration tools and equipment are available while the response team operates effectively in line with their duties and responsibilities in operation.
h. The emergency operation center should be activated and operated to ensure that response operations are effectively centralized to enhance fast recovery.
i. The agency’s normal operations need to be shut down to ensure that the threats are contained and controlled and that further damage is prevented until the operations are restored.
j. There is a need for the protection of vital records and resources. The vital records and resources need to be protected at all times to mitigate the damage
k. The restorations of the operations need to be initiated to ensure that normal operations are regained.
Recovery plans
The recovery plans need to be adopted after an attack to ensure that normal and productive operations are restored in the agency. The recovery plans ensure that basic services are restored in the interest of the organizational progress (Bartock et al., 2016). The agency needs to redirect the available resources into restoring data and information systems after a disaster. The critical information needs to be effectively backed up. Furthermore, critical software applications, data, and hardware need to be identified to ensure that the system restoration is productive.
Conclusion
Threats and vulnerabilities are normal occurrences in businesses and agencies, causing devastating impacts; thus, there is a need for an elaborate preparedness plan to counter the negative impacts while restoring the normal business operations. The emergency preparedness and response plan need to be implemented by surveying threats and vulnerabilities in the agency, analyzing the available materials to counter the threats and risks, preparing for threats, and preventing and mitigating threats. The different processes ensure that threats are prevented, and in the event that they occur, they are countered and contained. This approach ensures that normal operations are restored in the interest of agency continuity and prosperity.
References
Aruru, M., Truong, H. A., & Clark, S. (2020). Pharmacy Emergency Preparedness and Response (PEPR): a proposed framework for expanding pharmacy professionals’ roles and contributions to emergency preparedness and response during the COVID-19 pandemic and beyond. Research in Social and Administrative Pharmacy, 17(1), 1967-1977.
Bartock, M., Cichonski, J., Souppaya, M., Smith, M., Witte, G., & Scarfone, K. (2016). Cybersecurity event recovery. NIST Special Publication, 800, 184.
Newhouse, W., Keith, S., Scribner, B., & Witte, G. (2017). National initiative for cybersecurity education (NICE) cybersecurity workforce framework. NIST special publication, 800(2017), 181.
Pernik, P., Wojtkowiak, J., & Verschoor-Kirss, A. (2016). National cyber security organisation: United States. CCD COE, Tallinn.
Sabillon, R., Cavaller, V., & Cano, J. (2016). National cyber security strategies: Global trends in cyberspace. International Journal of Computer Science and Software Engineering, 5(5), 67.
Shackelford, S. J., & Bohm, Z. (2016). Securing North American critical infrastructure: A comparative case study in cybersecurity regulation. Can.-USLJ, 40, 61.
Shafqat, N., & Masood, A. (2016). Comparative analysis of various national cyber security strategies. International Journal of Computer Science and Information Security, 14(1), 129.
Spidalieri, F. (2015). State of the States on Cybersecurity. Pell Center for International Relations.
Srinivas, J., Das, A. K., & Kumar, N. (2019). Government regulations in cyber security: Framework, standards and recommendations. Future Generation Computer Systems, 92, 178-188.
Zimmerman, C. (2014). Cybersecurity Operations Center. The MITRE Corporation.