Internal Audit Report:

1. General info

- Improper operating procedures used by employees.

- Lack of security awareness and general security laziness.

- Nil acceptance of security responsibility.

- In-adequate standard operating procedures.

- Unattended machines.

- Failure to take care of media.

- Printing sensitive material.

- Failure to turn off computers at the end of the working day.

- Failure to backup information.

2. Hardware problems:

- Failure to adequately secure the hardware (eg laptops unsecured).

- Effects from the physical environment causing damage.

3. Software concerns:

- Some application software is of inferior quality and untested in the field and therefore not able to be trusted in the office environment.

- Nil audit logs.

- Lack of adequate access control.

- Lack of secure identification and authentication techniques.

- Limited antivirus software.

- Lack of restrictions to specific files when certain applications are operating.

- Lack of security awareness and general security laziness.

Based on the audit report above, prepare one of the four major components of contingency planning:

a. Business impact analysis (BIA)

b. Incident response plan (IR plan)

c. Disaster recovery plan (DR plan)

d. Business continuity plan (BC plan)