Disasters are those interruptions that cause the system’s critical information resources to be unavailable for a period of time, which will adversely affect the operation of the organization. Outages can range from minutes to months, or the system can no longer be restored, depending on how damaged the information resources are. Disasters may be caused by natural disasters, such as earthquakes, floods, fires, etc., or they may be caused by human accidents, such as hacking, viruses, human error, and terrorist attacks, as well as some system and technical reasons.
For an organization, any event that causes the organization’s critical business functions to be unavailable for a certain period of time is considered a disaster,
which is characterized by:
- Unplanned service disruption
- Outdated service interruption
- Interruptions cannot be resolved through usual incident management procedures
- Significant cost of disruption
Business Continuity Planning (BCP) is a plan established to prevent the interruption of normal business behavior. It is a set of management requirements and regulatory processes based on business operation rules. Business continuity refers to the ability of an enterprise to respond to risks, automatically adjust and respond quickly to ensure the continuous operation of its business. The purpose of business continuity is to ensure that the business can continue to provide critical services during the outage and enable the business to recover from a catastrophic outage. Providing business continuity for important enterprise applications and processes should include the following three aspects:
- High Availability refers to the ability to access applications in the event of a local failure, no matter the failure is a business process, physical facility, or IT software and hardware failure.
- Continuous Operations refers to the ability to keep the business running continuously when all equipment is faultless. Stopping applications is not needed for normal backup or maintenance.
- Disaster Recovery refers to the ability to recover data at different locations when a disaster destroys a production center.
The development management process of the Business Continuity Plan (BCP) can be broken down into the following parts:
Business Impact Analysis:
- Develop a questionnaire
- Conduct workshop to Instruct business function and process managers how to complete the BIA
- Receive Completed BIA questionnaire forms
- Review BIA questionnaires
- Conduct follow-up interviews to validate the information and fill any information gaps
Flows into Recovery Strategies:
- Identify and document resource requirements based on BIAs
- Conduct gap analysis to determine gaps between recovery requirements and current capabilities
- Explore recovery strategies options
- Select recovery strategies with management approval
- Implement strategies
Flows Into Plan Development:
- Develop plan framework
- Organize recovery teams
- Develop Relocation Plans
- Write business continuity and IT disaster recovery procedures
- Document manual workarounds
- Assemble plan; validate gain management approval
Flows into Testing & Exercises:
- Develop testing, exercise, and maintenance requirements
- Conduct training for business continuity team
- Conduct orientation exercises
- Conduct testing and document test results
- Update BCP to incorporate lessons learned from testing and exercises
LIFARS’ CISO as a Service is designed to address organizations’ information security leadership needs. Our CISOs are highly skilled at establishing, improving, and transforming Cybersecurity Programs focused on maximizing business values by minimizing risks and optimizing opportunities. LIFARS’ astute Information Risk Management leaders can discern security needs, design effective solutions & programs, and deliver results while steering through challenging organizational culture. Our over 20 years of security, risk, and compliance leadership experience encompassed various industries and globally dispersed organizations. Below are examples of some key areas delivered via LIFARS vCISOs:
Information Risk Management
- Ascertain Cybersecurity and Compliance risk landscape (current maturity)
- Determine adequate Cybersecurity Risk Posture (appetite and tolerance – target maturity)
- Influence the organization’s culture with effective communication and awareness
- Develop, lead and manage Cybersecurity vision and change journey
Cybersecurity Strategy
- Develop a Cybersecurity strategy
- Develop Roadmap (remediation program plan included) to pragmatically execute Cybersecurity strategy
- Develop an operations management plan (operational and projects plans)
- Establish and manage Information Security Program aligned with industry best practice/framework
- Optimize productivity via harmonization with audit, compliance, privacy, etc.
- Develop and manage Cybersecurity budget
Cybersecurity Governance
- Develop effective Cybersecurity Governance Structure
- Develop, monitor and report Key Goal and Performance Indicators (to relevant stakeholders, e.g., the Board, the Audit Committee, and the Executive Team)
- Develop and enforce comprehensive Information Security Policies, Standards, and Procedures
- Manage internal and external stakeholders (including partners, suppliers/service providers, auditors, etc.)
- Manage Cybersecurity and compliance relevant changes (initiatives/projects, new or updated regulation, 3rd party risk, etc.)
Cybersecurity Operations Management
- Develop effective Information Security team structure (Security Architecture, Security Engineering, Security Operations Center, BCP/DRP/IRP, etc.)
- Recruit/engage required human resources to establish an Information Security team
- Determine security solutions ( tools, services, etc.) and manage vendors
- Manage Strategic Projects
- Manage (mentor and coach) Security Teams (Security Operations Center, Security Architecture, Security Engineering, etc.)
Contact LIFARS Immediately For
Our CISO as a Service
Credits:
https://www.ready.gov/business-continuity-plan#