|
Title: [Article]-BCP and DRP from Scratch Post by: don on April 02, 2007, 12:48:49 AM This month RichM tackles disaster recovery and business continuity. One would think that since he was hired to secure the joint, that he would have support from management on such plans. Not so fast. Seems like everyone has mountains to climb.
Permanent Link: [Article]-BCP and DRP from Scratch (http://www.ethicalhacker.net/content/view/124/24/) Quote (http://www.ethicalhacker.net/images/stories/columns/richm/dr-dilbert.gif) This month's column has been quite a learning experience. Well not the column as much as what I discovered in the process of getting management buy-in for a Business Continuity Planning (http://en.wikipedia.org/wiki/Business_continuity_planning)/Disaster Recovery Planning (http://en.wikipedia.org/wiki/Disaster_recovery) (BCP/DRP). In all of the information I have read, three main objectives need to be met in order to develop a BCP/DRP good plan. The major emphasis (and motivation behind this column) is point one: 1. Management buy-in 2. Develop the plan (Leave 4 - 6 months for this step) 3. Ability to test and verify plan Once I approached management they were extremely excited and asked me to come up with a disaster recovery plan in a week. I explained that BCP/DRP takes a long time to create and requires feedback and input from key management members, and that rushing it would create an inaccurate plan. As I watched the decision maker's eyes glaze over, he mumbled something about off site storage of backup tapes and walked away. And thus my learning experience kicks into high gear. Be sure to add your comments, Don Title: Re: [Article]-BCP and DRP from Scratch Post by: jimbob on April 02, 2007, 03:40:57 AM BCP/DRP are among the unglamorous and often forgotten aspects of security. Security practice aims to keep the business rolling, so that includes backup (and more importantly restore), disaster planning, incident response policy and all of the other work that ensures if something goes titsup the damage is minimised. Good to see an article focused on this aspect since it can potentially save a company from ruin.
Jimbob Title: Re: [Article]-BCP and DRP from Scratch Post by: slimjim100 on April 02, 2007, 06:49:52 AM This is where your Project management skills meet your sales skills to get a upper management buy off. I have been in smiler places where you would think common sense would pervale. The reason we have SOX (Sarbanes-Oxley) and HIPPA (Health Insurance Portability and Accountability Act) is because business dose not always want to focus on anything that dose not drive profits to the bottom line. As security professionals we are obligated to know what is the correct course of action is to protect or networks and the company. Understand BCP & DRP is very important and will only add another layer of protection to your company/client. RichM Thanks for pointing out some of the real day to day projects & tasks that are not always brought up in security forums.
Thanks RichM for the article! Brian Wilson Title: Re: [Article]-BCP and DRP from Scratch Post by: don on April 02, 2007, 11:06:11 AM Submitted to digg:
http://digg.com/security/BCP_and_DRP_from_Scratch_Saving_Your_Company_s_A_ets Don Title: Re: [Article]-BCP and DRP from Scratch Post by: LSOChris on April 02, 2007, 03:07:13 PM ohhh good article.
out of curiosity, what type of fire supression do you have in the server room? I am guessing water, which means you may want to have a plan in place for replacing every single server in that room and restoring the data once the water hits them. Title: Re: [Article]-BCP and DRP from Scratch Post by: Cutaway on April 02, 2007, 03:51:05 PM ChrisG's comment actually happened the other day to a friend of a friend. The fire suppression system malfunctioned and destroyed $200,000+ worth of furniture plus the water damage to the building and other assets bumping the price tag up significantly. The insurance company will not pay up because anything over a couple hundred thousand dollars they fight over so that you have to settle a lesser claim or lose everything. Everyday they wait for the settlement they are losing money. They are in the process of triple mortgaging everything just to get enough stock to keep people coming in and supply the people who have already purchased.
Sometimes owning your own business is tough. But, then again, a good BC/DRP "might" have helped. Moral of this comment: Do not depend on the insurance company to have your best interest in mind. Cutaway Title: Re: [Article]-BCP and DRP from Scratch Post by: RichM on April 03, 2007, 07:46:57 PM Thanks to everyone for the kind words.
slimjim100, It is disturbing how little business thinks about contigency planning till it is too late. It is our job (whether we like it or not) to sell the concept. It has been 5+ years since those horrific events on September 11th and many companies still do not get it. ChrisG, to answer your question, our fires suppression stops and starts with handheld charged fire extinguishers. As is more par for the course (than most will admit), our server room was at one time office space. There are no sprinklers of any kind throughout the space, and the door to the "server room" is left unlocked b/c the space is large enough to accomodate old but possibly still usuable (in management's eyes) it equipment printers, switches, etc. I agree though that if you do have water suppression in your server room that you absolutely need a contigency plan for replacing the hardware. Even if you have a dry system (water is not charged in the line) once it goes off, it seems as if the cure can be much more harmful than the disease. cutaway, Thank you for that sobering example, I will definately carry that with me the next time someone thinks they are mitigating a considerable risk through the purchase of insurance.
Powered by SMF 1.1.18 |
SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com |