Cyber Security Institute

DR/Crisis Response/Crisis Management

Friday, November 05, 2010

So, what is a crisis or incident team? (Part 2 in the Crisis Team Series)
It is only by removing the boundaries of our perceptions that we can grow and expand in our capabilities.   

So what is a crisis, or should we call it an incident? Different people have different perspectives according to their roles and responsibilities.


Tuesday, November 02, 2010

A new series of blog posts on Crisis Response
Now your are going to think that this is a strange thing to say but I like a good crisis.  You’re immediate reaction could be “What!”
But when I refer to a good crisis, I am thinking of those that quickly protect, recover, and that the lessons learnt are really valuable for the future. 
So I am going publish a couple of blog posts a week on my perspective on how to run an effective incident response team.
[PS: My bad, user registration is working now.. thank you to you know who you are, for letting me know.]


Friday, August 06, 2010

BIS: We Have Failed to Learn From the Nordic Crisis

[I see many parallels and lessons that can be applied to IT Crisis Response]
The Bank of International Settlements (BIS) recently released an excellent paper comparing the current crisis to the Nordic crisis.  This is a particularly interesting case study because the Nordic credit crisis was relatively clean for a credit crisis.  Perhaps most interesting is the fact that their crisis was unfolding at the same time as the Japanese crisis.  I believe the thoughts from the BIS are particularly interesting as I was a proponent of the harsher Swedish Model - a bit more of an Austrian economics approach to the crisis as opposed to the Japanese model of trying to ensure capitalism without losers.  Our analysis indicates that current policies have followed those (Nordic) principles in some respects, but have fallen short in other, arguably more important, ones.


Friday, July 27, 2007

Disaster Planning Is Critical, but Pick a Reasonable Disaster

If an avian flu pandemic broke out tomorrow, would your company be ready for it?  Computerworld published a series of articles on that question last year, prompted by a presentation analyst firm Gartner gave at a conference last November.  Among Gartner’s recommendations: “Store 42 gallons of water per data center employee—enough for a six-week quarantine—and don’t forget about food, medical care, cooking facilities, sanitation and electricity.”  And Gartner’s conclusion, over half a year later: Pretty much no organizations are ready.  It’s not that organizations don’t spend enough effort on disaster planning, although that’s true; it’s that this really isn’t the sort of disaster worth planning for. 


Monday, September 11, 2006

Six sensible steps to keep disaster recovery real

Unless we’re living under skies of brimstone and hellfire, most companies shouldn’t have to replicate every piece of data to protect their business from the next cataclysmic event.  Nor should they necessarily have to cough up millions for a mirror site that traces every network transaction.  And let’s face it, unless you’re cyber-cynical, catastrophes are extremely rare.  Be that as it may, enterprises are increasingly being held accountable for their data and prudence points to being prepared.  They asked three experts what the most commonly overlooked elements are in today’s disaster recovery plans.


Tuesday, June 13, 2006

Disaster Recovery at the Macro Level

Disaster Recovery is about three things: planning, testing, and procedures.  Banks have to satisfy compliance initiatives and answer to the FFIEC and OCC.  Satisfying compliance initiatives may get you off the hook with the regulators and make you look good on paper, but what you are really interested in is staying in business for the long haul.  Eighty-five percent of companies without a disaster recovery plan go out of business within a year after a disaster.  After the World Trade Center disaster, statistics showed that companies with complete plans were operational within 30 days.  While IT people are key partners in the disaster recovery efforts, their plates are usually full and overflowing.