Advertisement
"It is critical that organizations ensure they have measures in place toswiftly respond to adverse affects of natural disasters, such as hurricanesand man-made disasters," said Al Tirevold, director of security architectureat SecureWorks. "Safeguarding critical customer or member data is not just anIT issue; it's a business continuity issue, and the opposite can cause youfinancial loss and an inability to serve your customers."
Advertisement
"We checked on our clients in Texas after Hurricane Ike hit because ourclients' well-being is always our first concern," said Tirevold. "We werepleased to find out they were doing well and in good spirits despite thecircumstances, and they were in full disaster recovery mode. One clientreported 13 of their 29 centers in Houston had power, and they were open forbusiness. They had disaster recovery trailers equipped with computers andgenerator power in place. They had ample fuel capacity for their data center,and they were able to shift personnel to other locations because of a damagedcall center and damages to their corporate headquarters. This is anorganization that minimized business disruption because of a well-thought outand well-executed disaster recovery plan," explained Tirevold.
Although hurricanes originate in the Atlantic and Eastern Pacific oceansbefore making landfall along coastal states, organizations in othergeographical areas should be concerned with preventing business disruptions aswell. According to news reports, the affects of Hurricane Ike, for example,reached areas like Illinois, Ohio, Kentucky and New York, causing floods, winddamage and power outages. Kentucky alone saw winds of up to 75 mph and hadfour deaths attributed to the storm.
Many organizations and regulating bodies have guidelines on how companiesshould handle data loss prevention, response and recovery. The FederalFinancial Institutions Examination Council (FFIEC), which prescribes uniformprinciples and standards for financial institutions, outlines key areas of abusiness continuity plan (BCP) in its Business Continuity Planning ITExamination Handbook( http://www.ffiec.gov/ffiecinfobase/booklets/bcp/bcp_00.html ).Additionally, the National Institute of Standards and Technology (NIST), anon-regulatory federal agency within the U.S. Department of Commerce, offersguidance on preparing for disasters as well ( http://www.nist.gov ).
For companies who have not yet formalized their BCP plans, here are someguidelines which are aligned with some of today's common regulations:
-- Make sure your business continuity plan has a section for disasterrecovery, and make sure your BCP is enterprise-wide, considering everycritical aspect of your business including personnel and physical workspace.The BCP should include a sequence of tasks and responsibilities that areclearly spelled out.
-- Do a thorough business impact analysis (including a security businessimpact analysis) and risk assessment.
-- Test your BCP for its effectiveness, and make adjustments/updates toreflect changes in your organization. Testing is recommended at least on anannual basis, and you should include third parties like data processors,managed security service providers and core processors.
-- Identify alternate locations to operate from in the event you are nolonger able to conduct business from your office. This should include acapacity for data centers, computer operations and telecommunications.
-- Back up data, operating system configurations, applications and utilityprograms, and identify alternate telecommunications.
-- Identify off-site storage for back up media, supplies and documentssuch as your BCP, inventory list, operating and other procedures, etc.
-- Make sure you have alternate power supplies in case you are withoutelectricity (uninterruptible power supplies [UPS] and back-up generators).
-- Assemble a team in advance and designate people who are responsible forvarious tasks in the event of a disaster. All personnel should be trained intheir contingency-related duties and new personnel should be trained as theyjoin your organization.
About SecureWorks
With over 2,000 clients, SecureWorks is one of the market's leadingSecurity as a Service providers. Organizations are protected from external andinternal cyber-threats through SecureWorks' On-Demand Security Information andEvent Management (SIEM) platform, the SecureWorks Counter Threat Unit(SM) andthree fully synchronous Security Operations Centers (SOCs) staffed with SANSGIAC certified analysts working 24x7 to safeguard client systems. SecureWorkshas won SC Magazine's "Best Managed Security Service" award for 2006, 2007 &2008 and has been named to the Inc. 500, Inc. 5000 and Deloitte lists offastest-growing companies. http://www.secureworks.com .
SOURCE SecureWorks