Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Wednesday, August 16, 2006

When Disaster Strikes, Manage it

Business Continuity is a vast and often overwhelming subject which, in the main, has been adopted by the IT Department.  At its most basic level it encompasses everything involved in keeping a business up and running during a disaster.  Or depending on your business requirements, everything involved in getting the business operational within a set period of time after a disaster.  Before looking into all of this, it is necessary to assess the potential risks affecting your business, the likelihood they will occur and the disruption they could cause.  This will aid you in deciding what level of protection is required and may help in determining some realistic Recovery Time and Recovery Point Objectives, (RTO & RPO).  The cost associated with the loss of a particular business function, be it IT related or not, or the perceived cost of lost reputation or potential revenue.

The rapid development of the internet has made it easier to reach and communicate with your clients and suppliers, and whether you choose to be an e-tailer or are forced by suppliers to order online, IT functions will probably be at the core of your business. 

This may be in the form of communications, customer/supplier management or just product/company information.  As the majority of us rely so heavily on email for communication, I challenge anyone who is happy to tell their board of directors that email is not working and “might not be back online for a while”!

When disasters strike, the media will want to know what has happened, how it happened, whose fault it was, what you are doing to recover and how you are managing the relationships with your clients and suppliers.  You are not just responsible for creating the plan and deciding on appropriate levels of protection and recovery methods but also for training your staff.  Remember these are not the only skills required and I am looking at a fairly basic level, but without these key skills your business continuity plan is unlikely to get off the ground, let alone be effective.

Posted on 08/16