Despite every effort to avoid downtime and avoid any compromises, sometimes failures can still occur.
Robert Mueller, ex-FBI Director, stated that only two types are possible: those that have been hacked and those that will be. “Even that is merging in to one category: those who have been hacked again.
What is your organization doing to address this problem? How can you plan for security breaches and failures?
Analysis of Business Impact
Although many organizations have assessed risk to establish their initial security stance, very few have gone the extra mile and performed a business risk assessment.
Business impact analysis refers to the application of quantitative as well as qualitative risk analysis to business processes and not individual assets. The goal of business impact analysis is to identify which processes are important, mission-critical, necessary, desired/optional, as well as the dependencies and requirements for each process.
Once the business impact analysis is understood, it can help an organization plan for business continuity and disaster recovery.
Communication Plan
Communication is a key component of a successful business. Effective communication is essential within and between organizations. A communication plan clarifies communication lines and helps to clarify communication methods. It defines a classification or valuation criteria that applies to all data items and information sources.
It clarifies the boundaries and restrictions that apply to information when it is not possible to exchange freely. Communication plans also focus on the organization’s public relations and create a “face” for communicating with the public.
Continuity of Operations plan
A COOP (continuity-of-operation plan) is an integrated policy that protects the organization from becoming a disaster in the case of a small or moderate compromise or failure. The COOP addresses two main issues:
It focuses first on how to restore normalcy in situations where business operations are at risk. The COOP works to prevent an interruption in business operations when the organization has limited capacity, reduced capabilities or restricted resources. It also helps to solve problems and restore normal, stable, full capacity. This part of the COOP is also known as the business continuity program (BCP).
The COOP also implements additional protections to prevent near-disaster situations from affecting the business. A well-maintained COOP can help organizations avoid loss or reduced productivity, and allow them to quickly restore full operations in the unlikely event of an incident.
Disaster Recovery Plan
A disaster is the complete disruption of any mission-critical business task. The organization’s life is at risk if a mission-critical task goes down. A disaster could lead to the business closing its doors permanently if it is not able to recover at least partially.
A disaster recovery plan (DRP), usually includes the preparation of an alternative operations site. An alternate operations site could be a duplicate or multiple locations, use cloud services, or any other option.
The idea behind this plan is to provide a way to perform mission-critical business tasks while your primary site is being repaired. A functional disaster recovery plan includes backup and recovery, recovery, and hardware rep