Page 50 - index
P. 50
• Next you rank the impact of that function not being available. For example, disaster
recovery expert Michael Miora suggests using a scale of 1 to 4, where 1 = critical
operational impact or fiscal loss, and 4 = no short term impacts.
• If you then multiply Impact x Survival Days you can see which functions are most
critical. Top of the table will be functions with major impact and just one survival day.
Create the response and recovery plan
This is where you catalog key data about the assets involved in performing critical functions,
including IT systems, personnel, facilities, suppliers, and customers.
• Catalog equipment serial numbers, licensing agreements, leases, warranties, contact
details.
• You will need to determine “who to call” for each category of incident and create a
calling tree so the right calls get made, in the right order.
• You also need a “who can say what” list to control interaction with the media during
an incident.
• Any arrangements you have in place for transitioning to temporary locations and IT
facilities should be documented.
• Don’t forget to document an “all-hands” notification process and a customer advisory
procedure.
• The steps to recover key operations should be laid out in a sequence that accounts
for functional inter-dependencies.
• When the plan is ready, make sure you train managers and their reports on the
details relevant to each department and the importance of the plan to surviving an
incident.
Test the plan and refine the analysis
• Test your plan at least once a year, with exercises, walk-throughs or simulations.
• If a task seems too daunting to undertake on a company-wide basis, consider
beginning with a few departments, or one office if you have several.
• Apply learnings more broadly to your company as you progress through the test.
• Avoid thinking bad things won’t happen, because they do. But being prepared with a
plan is a step in the right direction.
50 Cyber Warnings E-Magazine – July 2014 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
