Home > Articles > Security > Network Security

  • Print
  • + Share This
This chapter is from the book

Securing the Future: Business Continuity Planning

Crises will inevitably occur. Whether they are physical, such as an earthquake or a terrorist attack, or cyber, such as a distributed denial of service (DDoS), preparedness is the key to effectively managing a crisis. The difference between falling victim to an event and working through a highly challenging time is planning.

A comprehensive continuity plan is essential in maintaining or restoring business operability. A hospital or public utility, as an example, would require a plan to maintain operations during a crisis. Conversely, a sporting goods distributor might decide to concentrate on a plan that restores its operability after a crisis has passed. The potential lost revenue might not justify the expense of a costly program that attempts to maintain operability regardless of challenges. A hospital or utility would not have a choice.

Continuity plans should consider the following items:

  • Knowing the parameters of a given situation that could warrant the use of the plan

  • Having a detailed inventory of standby systems, including the length of time required for each one to be fully operational

  • Determining what would constitute the completion of a critical period and a return to normal operations

  • Selecting an appropriate leader(s) to manage the crisis. While separate leaders could exist for technology and business requirements, one overall leader must be chosen

  • Knowing the actions that need to be performed and the persons (or job functions—see next bullet) responsible for performing them

  • Assigning job functions rather than specific people to specific continuity tasks so that if a person leaves a firm, the new occupant of the job function is the replacement for the continuity task

  • Assigning specific reporting sites if an alarm is sounded

  • Ensuring that users know the sites and are confident in their assignments, particularly if the continuity site is in another physical location

  • Using the expertise of individuals, particularly the IT staff

  • Formally testing the plan, rooting out all weaknesses

  • Defining the amount of time needed to bring the continuity plan online

  • Most importantly, keeping the continuity plan current, both in its practice and content

Continuity plans are similar to term life insurance policies: One plans for the worst but hopes never to realize the policy's payoff. A detailed and workable plan to maintain operations during trying times can allow a sense of confidence that is only achievable through comprehensive contingency planning.

  • + Share This
  • 🔖 Save To Your Account