Cyber Security and BIA – Preparation is the Key!

As part of the overall Disaster Recovery (DR)  and Business Continuity Plan (BCP), organizations must look into certain time sensitive factors hence put into practice a thorough business impact analysis.  When implemented properly, this all contributes to the overall success of an organizations’ Cyber Security strategy.

As discussed previously, Business Impact Analysis helps a company decide exactly what needs to be recovered and in what amount of time. There are 2 different types of analysis that business planners take into consideration:

Quantitative Decision Making: Basically, this involves the use of numbers and formulas to make a decision. As a result, the data often expressed is in terms of dollar value for the business.

Qualitative Decision Making: This type of decision making take into account non-numerical factors such as emotions, investor/customer confidence and stability among other concerns.

The Cyber Security team incharge of BCP needs to assess all the organizations’ assets and then assign an asset value (AV) in monetary terms to each asset. The second quantitative measure that team must look into is the maximum tolerable downtime (MTD) also known as maximum tolerable outage (MTO). In a nutshell, the MTD is the maximum length of time an organization function can be inoperable without causing irreparable harm to the business. Overall, MTD  provides crucial information and when an organization is performing  both BCP and DR planning. The Recovery Time Objective (RTO) should also be considered for each organization function. This is basically, the amount of time in which you think the organization can easily function in the event of disruption. Furthermore, Recovery Point Objective (RPO) also needs to taken into account which basically tells the planner the point of time up until the data needs to be recovered.

 

Overall, the goal of BCP process is to ensure that businesses RTO are less than their MTDs resulting in situation in which a business function should never be unavailable beyond the maximum tolerable downtime. The man made and natural risks also need to be identified as well. Besides the loss in terms of monetary amount other qualitative points of view need to be considered such as:

1.) Loss of trust among your client base

2.) Loss of employee to other jobs after lengthy downtime

3.) Social and Ethical responsibilities to the community

4.) Getting negative publicity

In conclusion, BIA can prove invaluable to the overall success of the organization.  As result, this can save organization thousands and even millions of dollars when done properly. The security consultants at Silex Systems can guide an organization to meet their BIA and cyber security needs.

 

Disaster Recovery and Business Continuity – Are You Ready?

It’s Friday night and you are having a nice dinner with your family at a fancy Italian restaurant when all of sudden you get a call that Server room ceiling has been leaking water and as a result  has spread all over the floor along with power outage.  This is probably the worse news an IT Director or IT Manager can hear going into the weekend unless they have tested Disaster Recovery and Business Continuity plan in place.

The terms Disaster Recovery (DR) and Business Continuity (BC) are used  together and for good reason. Basically, DR is set of plans and procedures to prepare and recover from disaster. From a Business Continuity (BC) perspective, a negative impact on its operations and finances can be classified as disaster. Overall, DR includes both hardware and/or software failure, power malfunction, network malfunction, physical as well as human error.

Let the truth be told. Disasters are bound to happen whether they are in the form of tornadoes, hurricanes, earth quake, floods or even fire. In other words, organizations worldwide need to have plan in place to deal with potential natural or human-induced disasters. By following a few guidelines, organizations of any size can be well prepared before disaster strikes.

A well organized DR/BC plan can be formulated by following a few steps or phases. The first phase involves the following:

Phase 1 – Collection of Data

1.) The entire DR/BC project should be put together including a timeline, expected output and resources.

2.) Business impact analysis needs to take place regularly

3.) Risk assessment needs to happen quite often as well

4.) Both Onsite and Offsite backup and recovery procedures should be reviewed

5.) Other locations need to be chosen and ready for use

Phase 2 – Plan, Develop and Test

1.) All the data needs to come together to develop a disaster recovery plan

2.) The newly formulated plan needs to be tested

Phase 3 – Monitoring and Maintenance

1.) Maintenance of new plan through updates and review

2.) Inspection of disaster recovery plan on periodic bases

3.) Document all the updates and changes regularly

The disaster recovery and business continuity planning professional must involve the senior management at the early stages of DR/BC planning since they would approve all the necessary steps as well as well budget to make this happen. They would also bring on board, department heads from other units within the organization to discuss mission critical functions and business processes and strategies to recover from disaster.

Furthermore, the following issues need to be taken into account when formulating a disaster recovery strategy:

1.) Allocation of funds (Budget)

2.)  People and physical facilities (Resources)

3.) Stance of senior management on risks

4.) Vendors and suppliers

5.) Data

6.) Technology

Overall, major breakdowns as well as loss of revenue can be minimized or even avoided by putting a well thought out disaster recovery and business continuity plan in place. We at Silex Systems consist of team of disaster recovery professionals that can help your organization achieve its business continuity objectives and devise a robust disaster recovery plan. Call us to schedule an appointment today!