---

Security Myths

Security Manual Template

ISO 27000 Compliant
Sarbanes-Oxley / HIPAA / CobiT
PCI-DSS Complaint

End users are not security-conscious and do not think about the implications of their online activities

 

The Top 10 Information Security Myths

MYTH #1: Organizations are more secure now than they were a year ago.

Most companies have initiated the necessary steps to safeguard their company assets. Information security has moved from a business cost to a business enabler. However, new threats and technologies are constantly and rapidly changing the network landscape. System administrators must scan the network continually for known security weaknesses, keep their skills current and, most important, reexamine corporate security policies periodically. Business processes defined a year ago may not match the organization's current needs.

MYTH #2: The presence or absence of regulations greatly matters when it comes to protecting customer data.

With or without a legal requirement, organizations still should safeguard their sensitive information. Failure to protect customers' personal data means a loss in consumer confidence, which results in lost revenue and government fines. Regulations and laws are getting the attention of C-level executives and forcing them to invest in information security initiatives, but don't be misled into thinking regulations mean data is protected.

MYTH #3: External consultants know more about information security than in-house personnel do.

People believe consultants have tools and advanced training that's lacking internally. But that's not always true. Before hiring an outside consultant, be sure you haven't overlooked your staff. Network and system administrators often make good full-time security personnel because they handle security problems as part of their daily duties. You might find you already have the required skills in-house -- all that's needed is some training classes. Training in-house personnel demonstrates your commitment to providing employees growth and career opportunities.

Consider using an outside consultant on an as-needed basis to supplement the skills of your staff. If you decide to bring in outside services, thoroughly validate the consultant's qualifications and experience. Be sure to check references. Outside consultants also can provide a good business partnership beyond the services outlined in a contract. Having an internal contact person well-placed within the organization can help foster a better working partnership and help staff view the consultant as a valuable team member.

MYTH #4: Information security must be managed as a separate business unit to be effective.

You may think keeping information security people together in one department is a good idea. After all, information security professionals all speak the same language and deal with similar concerns. However, a single security group would have to deal with all the business units that have some level of security as part of their charters. If you keep your information security professionals in one group, you risk alienating the business groups with which they'll need to work to conduct security awareness and training programs.

Top-level management must realize that information security is not solely the responsibility of IT, but rather an enterprise function that must mandate input from all business units so each unit can ensure its needs, concerns and mission statements are met. Smart organizations are starting to realize that security has evolved into an enterprise-wide support division, rather than an isolated group dedicated solely to protecting servers. Security professionals can offer cost management, build a stronger focus on customer relations, and help identify and communicate growth opportunities throughout the organization.

MYTH #5: Complex, frequently changed passwords will make my enterprise secure.

No one would argue that a 16-character password is easy to guess. But it's also hard to remember. If you require users to change passwords every 60 days, they'll be writing down their passwords, which is exactly what you don't want. Instead, create a flexible password policy that lets users create simple yet inconspicuous passwords. Written password security policies should be governed by the organization, not the end user. However, each end user must be held accountable for managing and safeguarding his or her own password. Passwords written on Post-It notes or stored in Excel spreadsheets are far bigger threats to security than password cracking.

MYTH #6: The padlock icon present during an SSL session means my data is safe.

This is untrue. That tiny padlock icon found at the bottom of a Web site is a sign that data sent between your device and the site is encrypted -- it doesn't mean the Web site itself is safe. And keep in mind that data sent isn't stored on the Web site, but on a server, and how well an organization safeguards its server is a bigger security risk than the communication transmission itself. Nothing is 100 percent secure, and even sites using 128-bit encryption can be compromised.

MYTH #7: Migrating from Internet Explorer to Firefox will make my enterprise secure.

If a vulnerability is discovered in your browser, your computers are susceptible to compromise, no matter which browser you're running. The real risk lies in users continuing to click on virus-infected attachments, which are browser-agnostic.

As the popularity of Firefox increases, so does the number of exposed flaws. Small shops and individual users shouldn't find switching to Mozilla's Firefox a problem -- after all, it's targeted at that user base. However, mid- to large-size enterprises may find that Firefox isn't quite ready for the enterprise, despite its better security. First, Firefox lacks a management system, making it difficult for administrators to control how the browser is used. Second, if your company has several Web-based applications built around Internet Explorer, migrating to Firefox will incur development costs in addition to deploying Firefox to your users. Instead, restrict Internet browsing activity to "what access is needed" and "who needs it." Teaching proper browsing behavior will keep your organization much safer than worrying about which browser you use.

MYTH #8: Increased security spending results in greater security.

This is false. Organizations often use some sort of metric to justify security spending. This can result in spending more money for security products, but not actually building a more secure enterprise. Every company has a unique risk profile that will determine its required security investment. You can't generalize security needs. Instead, establish a risk management profile, manage those risks within a given budget and purchase wisely to meet the needed security level. But don't spend your entire information security budget on hardware and software. Security is as much a matter of awareness as technology, so be sure to spend appropriately on training and educating your users and customers. It's also vital to make security a visible and important part of your organizational culture.

MYTH #9: Wireless networks aren't secure.

Wireless networks, in their early incarnation, were considered less secure than wired networks because the WEP (Wired Equivalent Privacy) protocol had numerous security holes. Today, however, there are security methodologies and technologies that can be used in place of WEP. Having a good understanding of the 802.11i wireless standard and the 802.1x authentication standard will assist you in properly designing and configuring your wireless network. Although wireless is more susceptible to security problems than wired networking, IT professionals can make secure and effective use of wireless technology by building in additional security, properly managing the rich features found in Wi-Fi products and planning to take advantage of future Wi-Fi security enhancements.

MYTH #10: Dumping Windows for Linux will increase security.

With proper planning, you can securely deploy both Windows and Linux. Although there are more viruses written for the Windows platform, Linux isn't in the clear. Linux tends to have an advantage over Windows in that it's an open-source platform with a worldwide programming and security community supporting it. But an improperly configured Linux server is just as vulnerable as any Windows server.

So, should you dump Windows and migrate to Linux? For the majority of enterprises, the answer is no. While more software is becoming available for the Linux platform, organizations will have a hard time finding Linux versions of everything they need to run their businesses. The work associated with migrating to Unix -- testing applications to see if they function properly on the platform and retraining users -- makes the switch cost-prohibitive and not a viable long-term solution. The better alternative is to use Linux where it performs best -- as the underlying OS on appliances and powering high-end workstations and file servers.

 

 

---

 

 

Security Management News

---

Cloud Distaster Planning Articles

Cloud Distaster Planning Articles

• 10 steps to cloud disaster recovery planning  Many companies now are including cloud disaster recovery process in their business continuity plans.   Janco has found that disaster plans that include the cloud if...
• 10 Backup Best Practices supplementing a disaster recovery and business continuity solution with the cloud  10 Backup best practices -  supplementing a disaster recovery and business continuity back-up solution with the cloud Backup best practices are used by many CIOs...
• Cloud storage aids disaster recovery and business continuity  Cloud Storage is a next step to implement after the disaster recovery plan is created Cloud storage is a next step after the CIO creates a...
• Cloud as part of disaster planning  Cloud as part of disaster planning VARs and service providers are seeing that providing physical media to end users upon first backup and on an...
• 10 best practices for cloud disaster recovery  Cloud Disaster Recovery 10 Best Practices Creating out a complete cloud disaster recovery infrastructure can be cost prohibitive for many organizations.  Ten best practices are:...

- more info

---

5 Tips for DR and BC Managers

Tips for DR and BC Managers:

1. How to Evaluate your Disaster Recovery Plan  Evaluating your disaster recovery plan To ensure the protection of your critical data, applications, and the continuous availability of your network, you must look at...
2. 10 Commandments of Disaster Recovery and Business Continuity  10 commandments of disaster recovery and business continuity planning As requirements for avoiding downtime become increasingly stringent, administrators need tools and platforms that can help...
3. Options for a data center disaster recovery strategy  Data Center disaster recovery strategy – options A critical component of a disaster recovery business continuity is the data center disaster recovery strategy — Hot...
4. 10 Characteristics of a Good Business Continuity / Disaster Plan  10 Characteristics of a Good Business Continuity / Disaster Plan Most organizations have a Business Continuity / Disaster Recovery plan – but how can you recognize...
5. Should Disaster Recovery Plans Depend on SSD Storage  Can Disaster Recovery Plans depend on SSD storage Disaster Recovery depends on stable storage of data and modern storage technology (SSDs, No-SQL databases, commoditized RAID...

 

- more info

---

Reviews of natural disaster perils that occurred worldwide

The report reveals that late-season winter weather affected much of Europe throughout the month, bringing an extended period of heavy snowfall, sub-freezing temperatures, high winds, ice and flooding. Among the hardest-hit areas were France, Germany and Ukraine, where snow accumulations topped 50cm.

Early total economic loss estimates stood at EUR1.4 billion (USD1.8 billion), including EUR706 million (USD914 million) for France alone. More than 100,000 insurance claims were filed in France, with auto claims surpassing EUR101 million (USD131 million).

Heavy snowfall also engulfed northern sections of Japan between the end of February and early March, with recorded snow depths up to 5.5m seen in Hokkaido and northern Honshu. This resulted in local governments spending more than JPY1.36 billion (USD14.2 million) in clean-up costs.

Multiple winter storms also affected central and eastern sections of the United States, as an early March weather system brought heavy snow and coastal flooding along the Eastern Seaboard. Another system at the end of the month brought nearly 50cm of snow from the Rockies to the East Coast. Total combined economic losses from both systems were cited as less than USD100 million.

A strong derecho event (defined as a long-lived, intense squall line) left widespread hail and wind damage throughout the US Southeast. Mississippi was amongst the hardest-hit states, where at least 18 counties sustained damage. The state insurance department estimated that as many as 50,000 claims would be filed. Total economic losses throughout the region exceeded USD250 million, while insurance losses reached approximately USD150 million.

Preliminary data from the US Storm Prediction Center indicate that only 17 tornadoes touched down during the month, representing the fewest number of March tornadoes in the US since 1978, when 17 tornado touchdowns were also recorded.

- more info

---

10 commnadments of disaster recovery and business continuity planning

As requirements for avoiding downtime become increasingly stringent, administrators need tools and platforms that can help them plan, design, and implement disaster recovery strategies that can meet those needs.

• Analyze single points of failure: A single point of failure in a critical component can disrupt well engineered redundancies and resilience in the rest of a system.
• Keep updated notification trees: A cohesive communication process is required to ensure the disaster recovery business continuity plan will work.
• Be aware of current events: Understand what is happening around the enterprise - know if there is a chance for a weather, sporting or political event that can impact the enterprise's operations.
• Plan for worst-case scenarios: Downtime can have many causes, including operator error, component failure, software failure, and planned downtime as well as building- or city-level disasters. Organizations should be sure that their disaster recovery plans account for even worst-case scenarios.
• Clearly document recovery processes: Documentation is critical to the success of a disaster recovery program. Organizations should write and maintain clear, concise, detailed steps for failover so that secondary staff members can manage a failover should primary staff members be unavailable.
• Centralize information - Have a printed copy available: In a crisis situation, a timely response can be critical. Centralizing disaster recovery information in one place, such as a Microsoft Office SharePoint® system or portal, helps avoid the need to hunt for documentation, which can compound a crisis.
• Create test plans and scripts: Test plans and scripts should be created and followed step-by-step to help ensure accurate testing. These plans and scripts should include integration testing—silo testing alone does not accurately reflect multiple applications going down simultaneously.
• Retest regularly: Organizations should take advantages of opportunities for disaster recovery testing such as new releases, code changes, or upgrades. At a minimum, each application should be retested every year.
• Perform comprehensive recovery and business continuity test: Organizations should practice their master recovery plans, not just application failover. For example, staff members need to know where to report if a disaster occurs, critical conference bridges should be set up in advance, a command center should be identified, and secondary staff resources should be assigned in case the event stretches over multiple days. In environments with many applications, IT staff should be aware of which applications should be recovered first and in what order. The plan should not assume that there will be enough resources to bring everything back up at the same time.
• Defined metrics and create score cards scores: Organizations should maintain scorecards on the disaster recovery compliance of each application, as well as who is testing and when. Maintaining scorecards generally helps increase audit scores.

 

- more info

---

Disaster Recovery Planning a critical mandate

Business continuity and disaster recovery (BC/DR) planning is a critical mandate for all companies and especially for small and midsized businesses, where the cost pf downtime and/or lost data can be devastating.  It does not take a cataclysmic event to cause major disruption the untimely loss of a critical server or file for even a few hours can be extremely costly in today's highly competitive 24x7 business climate.

 

If you have implemented virtualization - cloud computing, you already know how this powerful technology can save you money on IT costs via server consolidation. But are you aware that the benefits of virtualization extend beyond IT cost savings, and that virtualization can also keep your business running through many types of planned and unplanned IT outages?

Many regulations require companies to support more stringent availability standards. Several new acts and regulations, directed at specific industries or a broad cross-section of companies, mandate the protection of business data and system availability. Businesses may incur financial or legal penalties for failing to comply with these data or business availability requirements.

- more info

---

Disaster Recovery Concerns

Unplanned IT and telecom outages is the leading cause of concern with 70% of respondents of a Business Continuity Institute (BCI) study are extremely concerned or concerned, followed by data breach (66%) and cyber attack (65%).

 

The top 10 threats rated by level of concern in the survey are:

1. Unplanned IT and telecom outages – 70% extremely concerned or concerned
2. Data breach – 66% extremely concerned or concerned
3. Cyber attack – 65% extremely concerned or concerned
4. Interruption to utility supply – 50% extremely concerned or concerned
5. Security incident 47% extremely concerned or concerned
6. Adverse weather – 53% extremely concerned or concerned
7. Supply Chain Disruption – 39% extremely concerned or concerned
8. Fire – 37% extremely concerned or concerned
9. Health & Safety incident – 37% extremely concerned or concerned
10. Act of Terrorism -  33% extremely concerned or concerned

Related posts:

1. 5 skills that Disaster Recovery Business Continuity Pros Need to Have  Disaster Recovery Business Continuity skills Recent disasters, like Sandy, have showed that business continuity professionals can offer a great amount of assistance to their companies...
2. Life cycle for business continuity and security breaches are the same  When a security breach or business interruption occur, the life cycle from the start to the end are the same.  First and foremost you must...
3. 10 Disaster Recovery Lessons Learned 10 lessons learned in Sandy’s aftermath on disaster recovery and business continuity The impacts of Hurricane Sandy have crystallized many executives’ minds on the importance...
4. 10 Backup Best Practices supplementing a disaster recovery and business continuity solution with the cloud  10 Backup best practices -  supplementing a disaster recovery and business continuity back-up solution with the cloud Backup best practices are used by many CIOs...
5. 10 point checklist for disaster recovery 10 point checklist for disaster recovery HR, Legal and Media Communications Disaster Recovery 10 Point Checklist A list of 10 questions to rank how comprehensive...

- more info

---

Setting up a remote disaster recovery site

During the  disaster recovery planning process a CIO needs to establish a remote disaster recovery site, but are faced a challenge all too familiar to many enterprises: How to replicate large amounts of data across the country and still meet Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs)?

For example if the goal of full data recovery within 3 hours, with an RPO of 24 hours. CIOsoften are not coming close to meeting those objectives as replication process mat not able to complete across the WAN. A company simply may not be able to move that much data over long distances in a reasonable amount of time without very expensive and time consuming manual intervention.

 

More specifically, given the limited physical space in their data centers and the high volume of traffic that needed to be moved between data centers, the company may require a very high capacity virtual WAN optimization solution.

- more info

---

Compliance in the Cloud

The monolithic corporation we grew up with is being replaced by ecosystems of more specialized business entities, sometimes called extended enterprises. With this evolution has come a need for closer inter-enterprise collaboration and information flow, but with it also comes increased security and compliance risks.

- more info

---

BYOD disaster planning

Assuming security issues associated with a bring your own device (BYOD) policy have been formalized in your disaster recovery policy, the BYOD policy should then include provisions to have the intellectual property contained in the personal device backed up at a prescribed frequency, such as daily or twice per day, using an automated backup tool.

The BYOD policy may stipulate that replacement of approved devices from a disaster is the responsibility of the owner. It may state that the company may capture and retain a full image of the user's system at a secure location (e.g., cloud-based backup service) for recovery if the device is damaged or lost.

 

- more info

---

Why Recovery Plans Fail

Many disaster recovery (DR) plans end up being a documentation exercise and never rise above the day-to-day priorities of the business. Those that make it to the DR testing phases often encounter problems that if not properly addressed leave a bad mark on the whole DR processes. In a survey of 253 enterprises that had to activate their recovery plans Janco has identified the reasons why recovery is not successful.

The most common issue and occurring in 62% of all recovery plans are errors in the plan itself. This is often due to the plan not being kept up to date (47%) and the unavailability or inaccurate passwords (34%).

 

- more info

---

Disaster Recovery Business Continuity compliance culture

An entire chapter of BS 25999-1 and a significant section of 25999-2 are entitled 'Embedding BCM into the culture of the organisation'. However this title does not appear in the new ISO 22301 international business continuity management standard. Now do we no longer have to embed our BCM practices - or is there no longer a culture to embed into?

Disasters Happen -- Business Continuity Disaster Recovery

 

If you look more carefully into ISO 22301 there are headings such as 'Competence', 'Awareness', 'Communication' and the various requirements to conduct maintenance at regular intervals. You will also find a requirement to ensure the integration of business continuity management system (BCMS) requirements into business processes. So all the elements of embedding are there! The main reason why the requirements have become dispersed was the obligation to use the new standard ISO Management Systems structure.

In addition, the requirement to improve the BCMS implies a need to create an environment in which BCM can thrive and become ‘the way we do things around here’.

To create this business continuity-friendly environment CIOs have to:

• Create support by changing attitudes and behaviours;
• Improve capabilities by developing skills;
• Ensure plans, strategies and other BCM elements stay up to date whilst making best use of our limited business continuity resources of time and budget.

 

- more info

---

New technologies push cloud business continuity solutions

Traditionally, every new technology implemented by a company needed to have a positive ROI or reduce costs before it could be justified for implementation. While saving money is still important today, it is not necessarily the main reason companies are deploying innovative solutions.

As new cyber attacks and natural disasters pressure small organizations to be prepared with robust disaster recovery and business continuity plans, decision-makers are turning to cloud computing for scalable and automated environments, according to a study by InformationWeek Reports. Since the cloud comes in a variety of forms, enabling executives to leverage on- or off-site structures to host mission-critical information, small companies can use the services to promote long-term safety.

As cybercriminals become more sophisticated and natural disasters continue to threaten the livelihood of companies around the world, decision-makers need to plan ahead and have innovative backup strategies in place. By using the cloud, executives can have a cost-effective and agile business continuity plan that can evolve with long-term corporate goals. While not all organizations will see the immediate benefits of using a cloud-based disaster recovery program, the initiatives will likely become more important in the coming years.

1. Will your disaster recovery provider be in business when you need them?
2. Disaster Recovery and Business Continuity Top 10
3. Disaster Recovery Plan in the cloud
4. Modular data center – options for backup site
5. Business Continuity Planning for Survival Under Stress

- more info

---

Managed datacenters - do they make disaster recovery easier

With an internal IT operation, organizations can get greater control of their IT operations. The main business benefits from this are reduced costs and greater agility compared to their current outsourcing arrangements. However, each company has to develop its own data centre environment to achieve these objectives. In turn, this requires a complete business continuity strategy to be devised and implemented, covering the initial move as well as protecting systems in the longer term.

If organizations opt to bring IT back in-house, they must make sure they plan ahead and work with their existing provider to transition IT services before the outsourcing contract ends. This effort can be broken down into two stages: set-up and migration.

The set-up phase includes estimating all the physical IT equipment required to host the organization’s applications and data, including servers, storage and networking assets. For most organizations, this can include virtualized environments such as VMware or Microsoft Hyper-V on the server virtualization side, as well as a storage area network (SAN). There may be specific applications or services that have to remain on physical servers as well, due to specific workload requirements or licensing requirements from the vendor.

Disasters Happen -- Business Continuity Disaster Recovery

How do you balance the business continuity disaster recovery risk and investment equation? Is the potential risk greater than the investment? The facts are:

• 43% of companies experiencing disasters never reopen, and 29% close within two years.
• 93% of businesses that lost their data center for10 days went bankrupt within one year.
• 40% of all companies that experience a major disaster will go out of business if they cannot gain access to their data within 24 hours.

 

- more info

---

Disasters have long lasting economic impact

Japan's economy contracted between July and September, official data showed Monday, reversing two previous quarters of growth and underscoring fears that its post-disaster recovery has stalled.
 
Factory output in the world's third-largest economy has slowed and Japan recorded its worst September trade figures in more than 30 years as weakness in Europe, a strong yen and a territorial dispute with China hit exports.
 
The Cabinet Office said the economy of Japan, hammered by last year's quake-tsunami disaster, shrank 0.9 percent in the September quarter from the previous three months, a result largely in line with market expectations.
 
On an annualised basis -- which shows how the quarterly data would look if it were maintained for a full year -- the economy contracted 3.5 percent, it said, as exports slipped and demand among Japanese consumers also slowed.

Data Center Recovery Strategy

 

- more info

---

Core Disaster Recovery Business Continuity Assessment

Many businesses have never tested the recovery process in the event of a server or site failure

With business continuity a core component of risk management, a well-rehearsed plan lays the foundation for confidence that IT systems will work when needed most.

Terms like Maximum Tolerable Period of Disruption (MTPOD), recovery time objective (RTO) and recovery point objective (RPO) are often used, but what do they really mean? In practical terms, recovery time objective is the duration until a business can return to normal after the failure of a server or key computer site, and recovery point objective is the place in the transaction flow where the business resumes.

• Recovery Time Objective (RTO) – How long can your business afford to be down?
• Recovery Point Objective (RPO) – How often do you backup? How much data can your business afford to lose in the event of a disaster?
• Level of Service (LOS) – What are your business’ critical servers and essential units that cannot be disrupted?

- more info

---

What is the Recovery Time Objective (RTO)

CIOs, CSO's, Disaster Recovery and Business Continuity Managers constantly will work to improve their rescue point objective (RPO) plus recovery time objectives (RTO) as a result of performing fast, non-disruptive backups, and even by performing data recovery. All comprehensive data protection solutions involve many issues and contingencies.

Here are a few of the things that can break with your data and therefore the backup requirements that ought to be addressed:

• Accidental or malicious deletion of critical data - Requirement that provides to be able to quickly and easily bring back individual files and version.
• Data that is wasted or corrupted over time - Requirement to jiggle back individual records to renovate database corruptions. The ability to get better data from any previous point in time, and have it as granular as you can.
• A crashed disk - Requirement to recover a disk volume is special than recovering a individual file, but it should be done just as fast, and with automation to keep operational disruptions to a minimum.
• A server failure - Requirement recover operations when replacing a broken server may well be complicated by the desire to install different drivers over the new system if the hardware seriously isn't an exact match. It helps to give the capability to move the required forms workload to a standby server (with unique hardware) or virtual server while the system is being swapped out or repaired.
• A local or regional disaster - Requirement once you lose an entire work to fire, flood, and / or other disaster, have a pre-existing copy of your you important information in another location that is definitely outside the disaster sector.
• Remote offices and part offices - Requirement to experience a process in place to revive with minimal technical sustain as remote and branch offices often will not have the luxury of acquiring an on-site technical resource that can assist in backups and restores.
• Resource-intensive backup processes - Requirement frequent or continuous backup that is not resource-intensive.
• Security breaches - Obligation to secure data. When ever moving data between websites, it needs to always be protected from potential security measure breaches. A breach of data security, whether actual damage is over or not, can be devastating to all your company's reputation, as dozens of substantial enterprises and government agencies have found a lot.

- more info

---

Managing the loss of a facility

Statistics tell us that facility floods are the fourth most common cause for an organization to abandon its facility and invoke its off-site recovery process. In reality what is described in this statistic as a flood, is more often than not an escape of water or liquid, which is considerably different to a flood: and impacts of both to a facility differ significantly.

Organizations are facing increased risk of business disruption from local and global security threats or other disruptive events. They have the responsibility to protect the staff and shareholder value at the time of disaster’ through effective crisis management, business continuity, and technology recovery approaches.

The ability to effectively manage business during a major operational disruption is now a key concern of any successful organization.  With organizations becoming ever more dependent on technology and reputational damage occurring in an increasingly short time-span, clients appreciate the need for business and technical specialists who can help them design and execute plans accordingly.

- more info

---

Cost of Downtime is High

The average yearly cost of downtime is $880,000 for mid-sized businesses.

Having a data disaster recovery strategy in place is critical to ensure business continuity in the event of unexpected disruptions. Implementing such a strategy can be delayed for two reasons: one, it's complicated to evaluate business operations to find critical data that needs to be made available immediately after a disaster, and two, many believe that disaster recovery is just too expensive, particularly for small and medium-size businesses.

Both of these issues create friction that slows down the adoption of disaster recovery strategies and technologies; but being able to recover quickly from a data disaster is more important than ever.

The three main options that a small or medium sized company has when building a disaster recovery strategy are:

• Physically moving tapes or drives offsite.
• Replicating data between offices or to an offsite data center/centre.
• DR-as-a-Service from the cloud.

- more info

---

Business continuity is a C level executive issue

Businesses must make availability of IT services a boardroom issue because there is growing evidence of employee frustration and resentment when systems are unavailable, according to research from Imperial College.

Many staff now expect systems to be accessible whenever they want and from any device, according to a professor of strategy and organisational behaviour at Imperial College London. "Information and systems should be available at all times," he said.

- more info

---

Social network integrated in disaster recovery template

During the disaster recovery and business continuity processes this year in many companies proved the worth of having social networks integrated in their disaster recovery and business continuity plans. However, Janco has found only about 25% of businesses have added social media like Facebook or Twitter to their disaster recovery and business continuity plans.

Depending on the scope of the disaster -- a national horror such as September 11 or an 8.9 earthquake -- the use of social media can ease some of the communication burden for government and businesses. Australian government agencies extensively used social media during the country's recent regional flooding. In the United Kingdom, the Resilient Nation project recommends that government set forth initiatives to leverage citizens' ready access to social networks.

Janco's disaster recovery business continuity template take this into consideration.

How do you balance the business continuity disaster recovery risk and investment equation? Is the potential risk greater than the investment? The facts are:

• 43% of companies experiencing disasters never reopen, and 29% close within two years.
• 93% of businesses that lost their data center for10 days went bankrupt within one year.
• 40% of all companies that experience a major disaster will go out of business if they cannot gain access to their data within 24 hours.

 

The Disaster Recovery Plan (DRP) is provided in Word and PDF format. It is a complete DRP and can be used in whole or in part to establish defined responsibilities, actions and procedures to recover the computer, communication and network environment in the event of an unexpected and unscheduled interruption.

- more info

---

Business Continuity Plan Management

Business Continuity Plan Management -- The Time is Now

Business continuity plan is something that every organization needs to have in place before a disaster happens.  Every day somewhere in the world disasters are happening. Some are man-made and others are natural events. 

In any case they both can harm people and businesses. It can be something as common as a flood or extreme as civil disturbances.  The result is the same - can the business support it customers’ needs?

- more info

---

Disaster Preparedness equals risk, resilience and effective disaster recovery planning

Most people who are involved in emergency management are aware of the four primary phases of emergency management: prevention/mitigation, preparedness, response and recovery.

Recovery includes short-term measures taken to restore essential functions and systems, as well as longer-term activities intended to facilitate a return to pre-emergency conditions, or ideally to improve conditions through mitigation measures.

- more info

---

DR Plan a necessary requirement to remain competitive

It's no secret that IT is becoming increasingly-global every day - the days of the 9-to-5 business model are through, and have been replaced by a 24x7 marketplace within which businesses and consumers expect information to be available on-demand in a variety of formats and locations.

Follow us on https://twitter.com/@itmanagercio

 

Unfortunately, this creates some problems for those tasked with managing data protection and disaster recovery (DR) operations.

To remain competitive in a global marketplace, businesses need to adapt quickly to ever-­‐changing requirements. The days of a 9 to 5 economy have been replaced by an on-­‐demand 24x7 marketplace where both consumers and businesses expect to get the products and data where and when they want it. To deliver this level of service, organizations are extremely reliant on information technology to cope with this always on and dynamic environment.

These market conditions and strategic use of IT results in organizations creating robust business continuity/disaster recovery environments that will enable them to continue operations or recover in the shortest possible timeframes. Unfortunately, these solutions can become quite complex and costly. With data continuing to grow at a dizzying
pace and new technologies like server and storage virtualization, orchestration, automation, and even cloud services more readily available and adopted, organizations can easily become overwhelmed when it comes to architecting an effective business continuity/disaster recovery (BC/DR) environment.

- more info

---

Are you Prepared for a Disaster?

According to an AT&T Survey of 100 Chicago firms (revenues <$10M), 81 have DR plans, but only 43% have fully tested their plans within the last 12 months and 12% admitted they have never tested their business continuity plans.

Next to personnel, data is your most irreplaceable asset.  Networks, application hosting platforms, and end user computing environments can be replaced quickly.  However, without your customer lists, product catalogs, inventory, financial records, and other operational data your business cannot recover.

 

A disaster recovery is a response to a declared disaster or a regional disaster. It is the restoration or recovery of an entire Agent computer. A disaster recovery plan describes how an organization is to deal with potential disasters. Just as a disaster is an event that makes the continuation of normal functions impossible, a disaster recovery plan consists of the precautions taken so that the effects of a disaster will be minimized, and the organization will be able to either maintain or quickly resume mission-critical functions. Typically, disaster recovery planning involves an analysis of business processes and continuity needs; it may also include a significant focus on disaster prevention.

- more info

---

Core disaster recovery planning questions

Whether your business is a one-man operation or it employs a thousand people, the starting point is the same: identify the processes critical to your success. To do this, you should first define what critical means in your business. Rank each process according to that definition, and then ask how long can your business survive without it, who performs it, and what IT resources support it.

 

Questions you can ask:

• Can you simply not survive without this process? This should be your primary priority. Your business continuity plan must protect all primary priorities when a disaster strikes.
• Can you survive only a day or two without it? This should be a secondary priority. Your business continuity plan should address all secondary priorities after primary priorities are handled.
• Can you survive a week or more without it? Add it to your list of low priorities.

- more info