Building Critical Infrastructure For Business Recovery

50 %
50 %
Information about Building Critical Infrastructure For Business Recovery
Technology

Published on January 12, 2009

Author: mlegary

Source: slideshare.net

Description

How can we enhance our business continuity plans by incorporating critical technical infrastructure, remote access and technical incident handling strategies? How do these strategies differ between man-made or natural disasters? Michael’s presentation will look at key issues that companies need to address now in order to recover from a business altering disaster. Considering key components that should be embedded in your business continuity plan. Michael will highlight key business continuity issues that technology can help address and detail implementation options available.

Building Critical Infrastructure for Business Recovery

Not a physical disaster • An Influenza Pandemic impacts our people • Proprietary knowledge is at high risk • Our businesses are reliant on relationships • Supporting vendors, industry & governments also impacted

Recovery vs Continuity Disaster Recovery • Restart operations after a disaster (Specifically IT) Business Continuity • Resume partially or completely interrupted critical functions

“Business Recovery” • An effective response plan considers • A simplified combination of DRP & BCP elements • Leveraging of communications • Enhancement of technical infrastructure • Mitigating loss of access to knowledge and skill sets is critical to on-going success of business

Building Critical Infrastructure • Mitigating loss of access to knowledge and skill sets is critical to on-going success of business • We need to build and enhance technology solutions to maintain access to this knowledge • Discuss issues that can be mitigated through technology • Highlight technologies available • Detail areas of review to ensure effective implementation

Pandemic Issues in our business Where are our concerns?

Pandemic Issues in our business • Staffing & Skill Issues • Exposure to infection • Propagation of infection • Availability of required skill sets • Increased security risks

Pandemic Issues in our business • Communication & Technology Issues • Changes & Loss of Client contact • Loss & Reduced availability of vendor technology • Internal Technology changes increase risk • Availability of required skill sets • Business Continuity Support • Central Communications Support

Pandemic Issues in our business • Weak BCP plans assume: • Access to key personnel • Proprietary business knowledge • Specialized technology knowledge • Access to key technology • Internet Availability • Connectivity • Applications • Vendor Support

Key Components of the BCP How do we identify our concerns?

Key Components of the BCP • Staffing & Skill Issues • Exposure to infection • Propagation of infection • Availability of required skill sets • Increased security risks

Staffing & Skill Issues • Exposure to infection • Employees exposed to through: • Travel to infected clients & sites • Usage of shared company vehicles • Usage of Public transport • Impacts employees such as: • Sales people • On-site support • Executives

Staffing & Skill Issues • Mitigation - Exposure to infection • Reduce • Face-to-face meetings • Travel & Commuting • Enabling Technologies • Telecommuting • Video Conferencing

Staffing & Skill Issues • Propagation of infection • Employees can spread infection • Potential external exposures are high • Symptoms may not arise immediately • Contamination of workplace has strong impact • Impacts employees such as: • Critical Internal Support • Technology Staff • Management

Staffing & Skill Issues • Mitigation - Propagation of infection • Separate critical staff • Create Work area quarantines • Restrict employee travel where possible • “Clean Team” • Enabling Technologies • Remote access to workplace • Wireless access work areas • Point-to-Point Video Walls

Staffing & Skill Issues • Availability of required skill sets • Key skill sets may be unavailable Management • Care for others • Illness • Prior commitments to other clients • Unwillingness to assist during pandemic • Impacts business operations: $ $ • Key functions halted Information Systems Manufacturing Purchasing • Undocumented process fails • Unique relationships breakdown Customer Service Mail Room

Staffing & Skill Issues • Mitigation - Availability of required skill sets • Training of additional support Management • Documentation of current environment • Prioritization of critical systems • Increase review & training of required technologies • Contract or acquire additional staff support $ $ • Enabling Technology Information Systems Manufacturing Purchasing • On-line training materials • Network Mapping tools Customer Service Mail Room

Staffing & Skill Issues • Increased security risks • Reduced availability of Police service • Delayed response to after-hours break-in • Delay for on-site incidents • Potential Emergency service delays • Delayed response to non-life threatening situations • Fire Fighting Services may be reduced • Specialty response units may be unavailable

Staffing & Skill Issues • Mitigation - Increased security risks • Monitor your workplace • Physical security • Personal security • Environment health • Enabling Technology • Install Digital Video Recording solutions • Enhance Alarm monitoring solutions

Key Components of the BCP • Communication & Technology Issues • Changes & Loss of Client contact • Status & Availability of Staff • Loss & Reduced availability of vendor technology • Internal Technology changes increase risk

Communication & Technology Issues • Changes & Loss of Client contact • Client availability may change • Personal issues • Hours of operation / Staggered starts • Change in staffing levels / Responsibilities • Suspension or discontinuation of business • Impacts business by: • Loss of sales Management • Poor delivery of goods & services • Poor customer service Marketing • Loss of client relationships $ $

Communication & Technology Issues • Mitigation - Changes & Loss of Client contact • Enhance client communications • Actively probe changes in client PBX contact Phone System VOIP Phone System • Enabling Technologies • Maintain longer hours of availability • Establish web enabled client contact • Implement PBX / VOIP phone solutions Customer Service • Implement toll-free line(s)

Communication & Technology Issues • Status & Availability of Staff • Internal staff availability will change • Staggered starts • Requirements to care for others • Unforeseen personal delays • Absenteeism due to fear / uncertainty • Impacts business by: • Reducing productivity • Delaying internal decision making • Preventing innovations

Communication & Technology Issues • Mitigation - Status & Availability of Staff • Create accountability for employee status • Employees update status regularly • Use accepted company methods • Create maintainable skills inventory • Enabling Technology • Implement central “SharePoint” for staff

Communication & Technology Issues • Lost availability of vendor technology • Changes in services will occur • Vendor staff levels and support may lower • Availability of provided services may lower (Supplies, Internet / Tech or BCP) • Vendor may suspend or stop business Management • Impacts business by: Marketing • Slowing or stopping Supply Chain $ $ • Potentially lowers output quality • Causes internal delays

Communication & Technology Issues • Mitigation – Lost availability of vendor technology • Review current SLAs • Implement redundant services where possible • Create “worst-case scenario” technology plans Vendor Vendor • Enabling Technology • Implement backup point-to- point wireless • Create “sneakernet” solutions where possible

Communication & Technology Issues • Internal Technology changes Database increase risk • “On-the-fly” changes may Financial cause harm • New staff may create unknown security risks • Maintenance of current environment Applications may reduce • Potentially Impacts Business: VOIP Phone System • Confidentiality PBX Phone System • Availability • Integrity

Communication & Technology Issues • Mitigation - Internal Technology Database changes increase risk Financial • Review the following • Systems & Facility Access Policy • Audit procedures • System Maintenance Polices Applications • Enabling Technology VOIP Phone System • Implement maintainable security PBX Phone System policies • Increase environment logging & monitoring

Key Components of the BCP • Business Continuity Support • Central Communications Support • “Virtual War Room” • Combination of all technologies • Requires additional security measures

Supporting Technologies How do we implementing these solutions?

Supporting Technologies • Supporting technologies available • Communication • Web Applications • Extended Access (Network & Desktop) • Network Enhancements • Physical Security • Policy & Training

Supporting Technologies • VOIP Services • Phone Service • Video Conferencing • Pros • Use almost anywhere with internet • Flexibility in installation (Phone or Computer) • Cons • Needs power & internet • Hardware / software to maintain

Supporting Technologies • PBX Services • Toll Free Access • Dial-out Services • Pros • Standard technology • Multiple Vendors • Cons • Unique skills required • Costly

Supporting Technologies • Redundant Communications • Satellite • Radio • Pros • “Last Chance” access • Low failure rates • Cons • Transmission speed issues • Cost

Supporting Technologies • Web Applications • Web enabled contact • Sharepoint • Pros • Client access at any time • Real-time information updates • Cons • Security & maintenance concerns • Privacy limitations

Supporting Technologies • Remote Connectivity • VPN • SSL • Pros • Secure Access • Site-to-site access • Cons • Additional equipment • Additional monitoring of network required

Supporting Technologies • Remote Access • RDP • Citrix • Pros • Access to desktop • Lower requirement for new hardware • Cons • Security concerns • Licensing costs

Supporting Technologies • Wireless Networking • Wireless LAN (WLAN) • Wireless Point-to-Point • Pros • Expanded network reach • Provide flexible office areas • Cons • Security concerns • Hardware issues

Supporting Technologies • Physical Security • Digital Video Recording • Alarm Monitoring • Pros • Additional layer of security • Expandable technology • Cons • Obsolescence • Installation

Supporting Technologies • Policies & Training • On-line Training Tools • Security Policies • Pros • Cheap • Prove due diligence • Cons • Implementation • Enforcement

Technology Considerations What to look for during implementation

Technology Considerations • Before implementing any technology… • Perform needs analysis • Load & capability analysis • Security impact analysis • Conduct pilot rollout

Technology Considerations • After implementing a technology… • Complete security validation • Create awareness of installed technologies • Document Service Level Agreements (SLAs)

“Business Recovery” • Mitigating loss of access to knowledge and skill sets is critical to on-going success of business • Good plans will: • Facilitate & maintain access to key personnel • Proprietary business knowledge • Specialized technology knowledge • Facilitate & Maintain access to key technology • Internet Availability • Connectivity • Applications • Vendor Support

“Business Recovery” • An effective plan considers • A simplified combination of DRP & BCP elements • Leveraging of communications • Enhancement of technical infrastructure

Thank You Michael Legary, CSA, CISSP, CISM, CISA, CCSA, CPP, GCIH, PCI-QSA Founder, Chief Innovation Officer Seccuris Inc. Direct: 204-255-4490 Main: 204-255-4136 Fax: 204-942-6705

Add a comment

Related presentations

Related pages

Building the Critical Infrastructure for Resiliency

Building the Critical Infrastructure for ... “Building Critical Public ... challenges and opportunities in critical infrastructure sectors ...
Read more

Building and Infrastructure Protection Series: Designing ...

... (S&T) aims to keep critical infrastructure open for business. ... DHS S&T’s Building Infrastructure ... Building and Infrastructure ...
Read more

Building a Disaster-Ready Infrastructure - CenturyLink

Building a Disaster-Ready Infrastructure ... business-critical data and network ... Data Protection and Disaster Recovery With crucial business ...
Read more

A summary of the Sector Resilience Plans for Critical ...

Sector Resilience Plans for Critical ... business continuity planning, and recovery ... responders on building resilience in infrastructure.
Read more

Building resilience in the provision of critical national ...

Building resilience in the provision of critical national infrastructure ... • Ensure faster recovery and continuity of critical ... ISO 22301 Business ...
Read more

Infrastructure - American Planning Association

This Critical Infrastructure Council program ... disaster recovery, including improving infrastructure ... gov/building-and-infrastructure ...
Read more

Business continuity planning - Wikipedia

Business continuity planning ... to critical infrastructure ... development of a business recovery plan. Business continuity testing plans may ...
Read more

Critical Infrastructure Protection and the Evaluation Process

Critical Infrastructure Protection and the Evaluation ... Recovery and Business ... and system recovery of Critical Infrastructure in the ...
Read more

Critical Manufacturing Sector Resources | Homeland Security

The Critical Infrastructure ... Resources > Critical Manufacturing Sector Resources. ... on a business’s recovery efforts following ...
Read more