THE IT SECURITY PROFESSIONAL |
Barlowtek
The It security Pro
Helping Organizations Understand IT Security
&
Best Practices
Making a PlanWhen it comes to disasters, you never know what type will hit your organization. How do you know what to prepare for? There are so many things that could go wrong, and planning for all of them will definitely impact your bottom line. Planning for the most likely event or one that would have the most impact on your business might be the way to go. Nevertheless, regardless of what you decide to prepare for, you need to have a plan. Plan Development Develop a plan outline that addresses all of the various areas that could be impacted during a disaster. (A disaster for this blog is anything that could potentially impact your organization or hinder its normal operational tempo). Below are a few of the areas that should be included in your Disaster Plan (DP):
Areas of Focus For most businesses, you will want to get up and running as soon as possible and it is for this reason that you will want to be a thorough as you can with your planning process. There will also be additional documents/evaluations that will be included in the planning process for the DP, which are:
Bringing it Together When developing the DP, it is important to have finished the supporting documents and conducted the various evaluations. This will take time, as you will want to talk with all of the stakeholders in your organization and gather their input. (The plan should not be prepared in isolation from the rest of the company, but be inclusive). Including the findings of the supporting documents and findings will help to flesh out the DP as you specifically address those areas. Using diagrams and flow charts will also be an important part of the plan. These will help to illustrate the plan and provide additional detail that may not be in other areas of your document. Creating process flows and decision trees will be an important part of the development process as these may change depending on the scope of the incident. Including additional content will also help to explain specific requirements of the DP, as there may be a need to include lists of employees, vendors, and other support personnel who will need to be contacted in case of an incident. Communicating the Plan You have gathered all of the stakeholders in your organization and they have helped bring the plan together. After the plan has been signed off, and adopted by your organization, you will need to communicate the plan to the rest of the business. How do you do this? There are several effective ways, but making sure that all of the people that you listed (assigned duties to) know what they are responsible for and what they are specifically required to do for the plan. Depending on what your specific organization handles employee communication, the plan could be communicated through an email, or a classroom training session. Both of these can be effective as they provide a way to pass along the information that the employee’s will need to know. When a disaster hits your company, you don’t want people to wonder what they are supposed to be doing during the event. You are only as prepared as your last test. Testing the Plan
Probably the most important part of the plan is the testing of the DP. You should be testing your plan at least on an annual basis to make sure that it is still valid. In addition, updating your plan throughout the year is not a bad idea either, as your environment may change with additions or upgrades to current technologies. The plan should be a living document, in that it reflects the current situation of your organization. If it does not, make sure that you address it as soon as you are able to do so. At a minimum, a tabletop test of your plan should be performed with all of the stakeholders and those with responsibilities outlined in the DP itself. Testing should be documented and the findings addressed if there are any. This will provide areas that will need to be addressed in a timely manner. For most certifications, having a DP is a must and the organization needs to show documentation that they are testing it on an annual basis, so this will help with any of those compliance requirements that you might face. Summary While there is, a lot that will go into a DP, in the end it is worth all of the effort when you see the plan in action. Developing the plan when you are not stressed with an incident allows you to think through the situation in a calm and collected manner. Developing a DP is one of the most important items that an IT Security Pro can do to help their organization. Whether it is making changes to the plan, or finding a solution that will meet the needs of the business. It is also important to make sure all areas of the business are addressed and that the plan takes into consideration contractual and regulatory requirements as well as specific needs of the company.
0 Comments
Your comment will be posted after it is approved.
Leave a Reply. |
IT Security ProSecuring the future one byte at a time! Mr. Barlow is here, staying ahead of the curve in Information Security Leadership. Ready to help your company stay safe and secure. Categories
All
Archives
January 2023
|