Assurance According to M. Miller

¶ … Assurance

According to M. Miller (2008), there are basically three types of safety levels. Listed in decreasing orders of safety, these include prevention, deterrence and admonition. Prevention provides the highest level of safety by entirely preventing danger. These systems entail an analog of the laws of physics in terms of computation. When a prevention system is implemented adequately, it is impossible to override it or create dangers against which the prevention system is implemented.

Miller compares the deterrence level with the human military, legal, or commercial systems and arrangements for security. The deterrence system discourages attack by implying that such attack would not be in the interest of any party involved, or indeed any potential attack would be against the interest of potential perpetrators.

Admonition is the lowest level of security, and operates on the principle of "polite request," according to Miller. Admonition systems rely on the decency or willingness of users to abide by the admonitions given. Admonitions generally do not entail any unpleasant consequences for their violation. They are usually given when the decency of others to comply when simply being asked not to do something is trusted.

Although deterrence and admonition are sometimes used in concomitance in order to ensure that computer safety is not violated, places of business generally prefer prevention systems as the highest possible form of computer security.

Business usually entails some extent of risk. This then also necessitates that risk factors and their potential impact be taken into account when planning for business continuity. Both the impacts of possible disasters and their magnitude need to be taken into account when planning for possible disasters. A thorough and sensible risk analysis determines which scenarios are most likely and should receive the greatest amount of attention and funding during the planning process (the Business Continuity Planning & Disaster Recovery Planning Directory). Concomitantly, a company also needs a disaster recovery/business continuity plan in order to ensure the well-being of the establishment. This could be a very complex task, as it is integrated with the risk analysis results. Many service providers are addressing the complexity of the task by providing planning products that simplify the process by means of disaster recovery templates, forms and guides.

According to Derek Slater, a further reason for a basic unwillingness to place a large amount of emphasis upon disaster recovery planning is because disastrous events are regarded as large unlikely. Business owners therefore tend to view such planning as less important than other business functions, such as new product promotion and investment. Slater however further emphasizes the importance of recognizing that businesses are not only affected by large-scale disasters, but also by smaller-scale problems such as malfunctioning computers or viruses. An adequate business continuity and disaster plan is therefore indeed important in order to ensure that the business can continue functioning regardless of whatever mishaps may occur.

Computer security issues as well as risk analysis and business continuity and disaster planning are integrated business issues in today's workplace environment. Most businesses today function on the basis of computers and programming. These machines and programs form the lifeblood of the business. It is therefore vital that unforeseen events and risks be quantified and thoroughly planned for to prevent costly events and possible disasters.

In terms of funding, I believe that risk assessment and planning should receive the most input. The most likely risks should be assessed and mitigated by software to not only admonish and deter, but rather to prevent costly violations and disasters from occurring. In this way, the company will ensure its long-term functionality and security.