Thursday, June 18, 2009

Business Continuity Planning

Everyone with some form of security training should be aware of the fact that information security is commonly defined in terms of Integrity, Confidentiality and Availability. Integrity & Confidentiality is what most security pro's think of when they are securing an infrastructure. We deploy layers of defense, harden applications, encrypt data, develop (implement and monitor) policies and what not.

The availability part is often only addressed in a business continuity / disaster recovery plan. In such a plan, we worry about how a server's outage influences our ability to deliver value to the business and we make educated decisions on the amount of redundancy we need to implement to prevent interruptions or service degradations.

Today's weather is a perfect trigger to go review your business continuity plan. Areas of the USA have been hit by tornado's, the Mid-West is littered with severe weather alerts and other areas are threatened by tropical storms. It has not stopped raining here on the East Coast and it is coming down in buckets.

Are you ready to deal with leaks in the building that houses your primary data processing facilities? Do you have equipment in basements that might be affected by flooding? Have you made your backups (and checked that you can restore them) and stored them in a waterproof location off-site? How quickly can you relocate your critical systems? Do you even know what the critical systems (other than Facebook and Twitter) to your organization are? Is your key personnel aware of the fact that you have a business continuity plan? Are they familiar with it? Do you have an up-to-date call-list? Do you have (several) hardcopies of your plans?

You should have worried about this a long time ago, but if you haven't, now would be a good time to start.



No comments:

Post a Comment

Please share your view and opinions on what I wrote. In order to maintain quality, all comments will be moderated for merit. Contributions that call me out on statements that appear unfounded, wrong, or simply with which you disagree are highly appreciated and are even encouraged. Spam and 'me too' answers will be ignored.