SlideShare ist ein Scribd-Unternehmen logo
1 von 32
Downloaden Sie, um offline zu lesen
It’s Never So Bad
That It Can’t Get Worse
A REVIEW OF DISASTER RECOVERY AND
BUSINESS CONTINUITY PLANNING IN
PRACTICE
HARRY REGAN
VP, SECURITY CONSULTING SERVICES
SECURICON, LLC
HTTP://WWW.SECURICON.COM
Agenda
• WhoWe Are
• The Magic of MixingTechnology and Humans
• Things DRITellsYou
• 3Tales from the Field
o Clouds of 9/11
o What if they threw a disaster and nobody came?
o Financial Services andY2K
• ScarTissue and Recommendations
• WhenYou’ve Got Lemons…
• Conclusions and Q&A
Who are we?
• Securicon provides security services primarily in the US and
Canada
• Our clients are generally from regulated industries
(Financial Services, Utilities, Manufacturing, Higher
Education, Healthcare), and Federal and local government.
• Broad base of experience in the integration of human and
social issues into the implementation and impact on
security
• Enterprise-level experience in developing COOP and BCP
plans.
• Always fascinated and amused by the BTAFFD* syndrome
* buttered toast always falls face down
The Magic of Mixing
Technology with Humans
• Technology makes the world work
• People make the world weird
• Business Continuity happens at the intersection of
people and technology– with one or more
emergencies thrown into the mix.
• Plans may be detailed and logical, but human
behavior is not as predictable as we’d like.
• Emergency scenarios can get complex–
be flexible– very, very flexible.
The Magic of Mixing
Technology with Humans
• The development of policies and
procedures is based on the
assumption that people are inclined
to obey the rules
• That is generally correct, however
people’s performance is a variable,
not a constant
• Introduce an emergency into the
mix and all bets are off
Best Intentions…
• We’re going to examine three case
studies from three different
industries.
• All three companies involved had
a Business Continuity Plan
• All three had a major failure then
the disaster arrived
• We’ll also look at a fourth case
where a company used a disaster
as a decision point for a business
decision
Things DRI Tells You…
Key Objectives…
• Safety is #1 priority in a emergency:
Protect people first, then assets and
resources
• Keep the business operating to the
extent possible
• Maintain basic communications
(e-mail, phone)
• Don’t let them see you sweat! (Web
site up, services available and shipping
with minimal disruptions)
• Maintain billing, accounting, and keep
revenue flowing
More Things DRI TellsYou…
• Your DR/BCP plan should have strategies for…
• Emergency Response and Operations Contingencies
• Actionable and detailed Business Continuity Plans at
a situational and granular Level
• Training and Awareness – for everyone, but
especially for key staff involved in the plan– they
have to pull it off!
• Maintaining andTesting DR and Business Continuity
Plans and Operability – and really do it!
• Public Relations and Crisis Communications–
reassure customers, vendors, suppliers
• Coordination with Public Authorities
3 tales from the field
• All ItTakes Is People
o Shelter-in-Place approach
o Great plan, now where’s the staff?
• The Other 9/11 Issue
o The traditional DR contract approach
o Hurricane Gabrielle hits Florida
• Financial Services andY2K
o Comprehensive “situational plan”
o Y2K Plan used successfully (sort of)
The Other 9/11 Issue
• September 9, 2001 –Tropical Storm
Gabrielle forms off the west coast of
Florida in the Gulf of Mexico.
• September 11, 2001 – Hurricane
Gabrielle threatens western Florida
coast.
• A manufacturing company in central
Florida, already experiencing flooding
in their facility and data center from
heavy rain, declares a disaster and
went to exercise their contract with
their DR provider
• Scheduled DR site –
Sterling Forest, NY
• The request
“could not be accommodated”
The Other 9/11 Issue
• They had arranged for specific equipment
to be available at the DR site
o They assumed they could just “swap over” to
the DR site
o They further assumed they could just show up
with the tapes
• WhenYou Fail to Plan…
o They were a small company and had a very
basic but untested DR/BCP plan
o They had a DR contract with a big, reputable
name firm
o They kept backup tapes on site and planned to
FedEx them to the DR site when needed
The Other 9/11 Issue
• Lessons learned
o With an untested plan,
it was really iffy that
they could successfully
exercise the DR plan at
all
o With a 3rd party DR
contract, you may be
able to get your money
back if you “can’t be
accommodated”!
o Yes, their data center
flooded…
All It Takes Is People
• Picture rolling New England
hills, nestling a quaint little
mill town. In this town is a
manufacturing company
that makes specialty
products for the medical
industry
• “Shelter in Place” is a strategy some companies adopt– that’s the
approach this company chose– backups and redundant equipment
maintained on site.
• They maintained food, various beverages and water expecting
outages to be no more than “a couple of days”
All It Takes Is People
• The data center featured a
natural gas generator tied to the
city gas lines, so as long as they
had fuel, they had power
• The network featured divergent
carriers with failover
• They engineered their systems
to be all remotely administered
and operated so there was little
need for staff to be onsite – but
some functions had to be
manually attended.
• They had robust, tested remote
access processes.
All It Takes Is People
• But…
o Their DR/BCP documents had a
a very exacting “Bob will do X,
Frank will doY” approach.
o Sooner or later, they said,
they’d cross train folks.
o The disaster came before
“later” did.
All It Takes Is People
• The systems were up! No one
was available to do anything with
them, but they were up!
• Discovered many processes they
had not considered needed to
had to have someone on site for
operations support
• Also discovered that the phone
system and the PACS were
never moved to backup power
• In May of 2006, the area experienced severe flooding. All
telecommunications were out, roads impassable, residents
evacuated from the area.
All It Takes Is People
• Lessons learned
o It was a good plan! It was a
tested plan!
 It didn’t go quite far enough
 Cross-training participants is
important (but wouldn’t have
worked in this instance)
o Was their plan successful for
this event?
 They were inaccessible for
several days, back in operation
within a week – so it met the
“couple of days” outage
scenario
 All automated processes ran
 There was no one in control for
two or three days
Financial Services andY2K
• Standing hotel
accommodations for
operations teams near
both data centers
• Situational BCP built with
input from each business
unit. Tested, tested,
tested.
• Identification of positions
that needed to be on-site
(the rest would work
from home)
• Large globally recognized
financial services firm with
heavy transactional network
traffic.
• Primary data center in
southern New England, about
an hour north of NYC
• Backup data center 200 miles
south.
Financial Services andY2K
• NYC staff in 1 Liberty
Plaza,Times Square
and nearWall Street
• If staff had to be
displaced, they
would go to one of
several locations or
be issued laptops to
work from home
• Monthly live test of failover
from primary to backup.
Well understood system and
network for financial
services. Business systems
were lower priority.
• Y2K – Nothing
Happened
Financial Services and Y2K
But then there was 9/11…
This was the DR/BCP Plan on
Place when the WorldTrade
Center attack appened
1 Liberty Plaza was across the
street from theWTC
Financial Services andY2K
• On 9/11 the first plane hit before the stock market
opened– so the decision was made not to open the
market until the extent of the disaster was known
• As events unfolded, activated disaster plan
o Liberty Plaza andWall Street staff evacuated to
Times Square (until SouthTower collapse)
o Network transferred to Backup Site without
incident
• Long-term displacement of workforce
Financial Services andY2K
• On one level, the DR/BCP was successful.
o Almost seamless transition to backup systems
(turned out not to be necessary)
o Market systems staff was on-site, in place and ready
for normal operations when the disaster occurred
o Corporate systems staff generally was in transit or
about to leave home, but in DC – another 9/11 target
site
o Market systems were ready for scheduled market
open at 10AM, but decision was made to keep the
market closed.
o There were staff injuries, but no reported fatalities
Financial Services andY2K
• Problems with the BCP
o No plan for loosing Manhattan
o Evacuation plan assumed navigable streets,
availability of public transportation
o Severe and lasting workforce displacement
o IT not ready for influx of teleworkers– not enough
VPN licenses. But that’s OK, not enough laptops
either.
• Sometimes you get lucky
o AT&T NYC Switch Center and most cellular service
was destroyed in the WTC collapse
o The company used MCI for telephone and network
service
Scar Tissue and Recommendations
Recurring drills are important. Annual drills are
simply not frequent enough. Test it, darn it!
Still doing weekly/monthly backups with
incrementals? You should rethink your backup
strategy.
Practice bare-metal restores. Even with great
planning and preparation, odds are good you’ll
have to do one or more and they take time.
Transactional systems love to have journal
problems. Understand how to identify problems
early and quickly and how to resolve them.
If you’re using a 3rd party backup site, expect
equipment problems. Plan for it.
Scar Tissue and Recommendations
Understand what disasters are facing your disaster
recovery sites!
Understand the logistics of getting the right people
to the right place in different kinds of disasters!
See if you can arrange to have your restoration
media transmitted to the DR site.
(Throwing the backup media in the van with the DR AwayTeam
may make the disaster even worse)
Maintain the equipment for the DR site! It won’t
help you if the DR hardware can’t run the current
mission critical applications!
Scar Tissue and Recommendations
• Cross train DR/BCP teams onALL roles. DRI
recommends backups roles and backups to
backups. But you won’t know for sure who reports
for duty until the disaster.
What this “Granular” stuff?
• It’s rare that a disaster/emergency will unfurl on
your terms. The key to survival is flexibility
o Be ready for a “half disaster”
o Also be ready for multiple, simultaneous disasters
o Finally, be ready for key staff unavailability
• Situational planning is important
o Have plans built for the most likely disaster scenarios
o To the extend possible, compartmentalize
o Also have a OCISD Strategy
OCISD = “Oh crud! It’s something different!”
WhenYou’ve Got Lemons…
• They planned to move
researchers from their
Nice, France facility to
the new US facility
• In the Summer and Fall of
2001, I had a client in the
cosmetics industry
expanding their New
Jersey research facility…
WhenYou’ve Got Lemons…
• After 9/11, they ended up halting the plans for the
expanded R&D center, converted it to offices and
moved their executive staff from Manhattan to the
new offices.
• A good example of capitalizing on a disaster
scenario to change your potential risk profile.
( But I’ve always wondered if the R&D team from the
French Riviera was the real force behind 9/11… )
Conclusions and Q&A
If you take nothing else away from this presentation, remember:
#1 Test. Refine. Repeat.
#2 Be very flexible. It probably won’t happen like you think it will
#3 When it does happen, you’ll find out which pieces you
didn’t test enough.
Remember…
When the first shot is fired,
battle plans go out the window.”
General George Patton
Harry.Regan@securicon.com
“

Weitere ähnliche Inhalte

Was ist angesagt?

Runtime Protection in the Real World
Runtime Protection in the Real WorldRuntime Protection in the Real World
Runtime Protection in the Real WorldBrooks Garrett
 
Cloud Security for Life Science R&D
Cloud Security for Life Science R&DCloud Security for Life Science R&D
Cloud Security for Life Science R&DChris Dagdigian
 
NZISF Talk: Six essential security services
NZISF Talk: Six essential security servicesNZISF Talk: Six essential security services
NZISF Talk: Six essential security servicesHinne Hettema
 
Rothke - A Pragmatic Approach To Purchasing Information Security Products
Rothke - A Pragmatic Approach To Purchasing Information Security ProductsRothke - A Pragmatic Approach To Purchasing Information Security Products
Rothke - A Pragmatic Approach To Purchasing Information Security ProductsBen Rothke
 
NESCO Town Hall Workforce Development Presentation
NESCO Town Hall Workforce Development PresentationNESCO Town Hall Workforce Development Presentation
NESCO Town Hall Workforce Development PresentationEnergySec
 
Cybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceCybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceEnergySec
 
Deral Heiland - Fail Now So I Don't Fail Later
Deral Heiland - Fail Now So I Don't Fail LaterDeral Heiland - Fail Now So I Don't Fail Later
Deral Heiland - Fail Now So I Don't Fail Latercentralohioissa
 
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...Symantec
 
Jeffrey Sweet - Third Party Risk Governance - Why? and How?
Jeffrey Sweet - Third Party Risk Governance - Why? and How?Jeffrey Sweet - Third Party Risk Governance - Why? and How?
Jeffrey Sweet - Third Party Risk Governance - Why? and How?centralohioissa
 
How to improve your system monitoring
How to improve your system monitoringHow to improve your system monitoring
How to improve your system monitoringAndrew White
 
ISM and its impact on Government Project Delivery
ISM and its impact on Government Project DeliveryISM and its impact on Government Project Delivery
ISM and its impact on Government Project DeliveryKevin Landale
 
Info Sec2007 End Point Final
Info Sec2007   End Point FinalInfo Sec2007   End Point Final
Info Sec2007 End Point FinalBen Rothke
 
The role and impact of IT in society
The role and impact of IT in societyThe role and impact of IT in society
The role and impact of IT in societyAnjan Mahanta
 
CEO's Guide Effective IT Management
CEO's Guide Effective IT ManagementCEO's Guide Effective IT Management
CEO's Guide Effective IT Managementguest86c967
 
Achieving Compliance Through Security
Achieving Compliance Through SecurityAchieving Compliance Through Security
Achieving Compliance Through SecurityEnergySec
 
Cyber Security: Strategies, Defence and what’s not working
Cyber Security:Strategies, Defence and what’s not workingCyber Security:Strategies, Defence and what’s not working
Cyber Security: Strategies, Defence and what’s not workingJonathan Sinclair
 
Digitization solutions - A new breed of software
Digitization solutions - A new breed of softwareDigitization solutions - A new breed of software
Digitization solutions - A new breed of softwareUwe Friedrichsen
 
Webinar: Top 2020 Digital Workplace Trends
Webinar: Top 2020 Digital Workplace Trends Webinar: Top 2020 Digital Workplace Trends
Webinar: Top 2020 Digital Workplace Trends Withum
 

Was ist angesagt? (20)

Runtime Protection in the Real World
Runtime Protection in the Real WorldRuntime Protection in the Real World
Runtime Protection in the Real World
 
Devsec ops
Devsec opsDevsec ops
Devsec ops
 
Cloud Security for Life Science R&D
Cloud Security for Life Science R&DCloud Security for Life Science R&D
Cloud Security for Life Science R&D
 
NZISF Talk: Six essential security services
NZISF Talk: Six essential security servicesNZISF Talk: Six essential security services
NZISF Talk: Six essential security services
 
232 a7d01
232 a7d01232 a7d01
232 a7d01
 
Rothke - A Pragmatic Approach To Purchasing Information Security Products
Rothke - A Pragmatic Approach To Purchasing Information Security ProductsRothke - A Pragmatic Approach To Purchasing Information Security Products
Rothke - A Pragmatic Approach To Purchasing Information Security Products
 
NESCO Town Hall Workforce Development Presentation
NESCO Town Hall Workforce Development PresentationNESCO Town Hall Workforce Development Presentation
NESCO Town Hall Workforce Development Presentation
 
Cybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceCybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond Compliance
 
Deral Heiland - Fail Now So I Don't Fail Later
Deral Heiland - Fail Now So I Don't Fail LaterDeral Heiland - Fail Now So I Don't Fail Later
Deral Heiland - Fail Now So I Don't Fail Later
 
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
 
Jeffrey Sweet - Third Party Risk Governance - Why? and How?
Jeffrey Sweet - Third Party Risk Governance - Why? and How?Jeffrey Sweet - Third Party Risk Governance - Why? and How?
Jeffrey Sweet - Third Party Risk Governance - Why? and How?
 
How to improve your system monitoring
How to improve your system monitoringHow to improve your system monitoring
How to improve your system monitoring
 
ISM and its impact on Government Project Delivery
ISM and its impact on Government Project DeliveryISM and its impact on Government Project Delivery
ISM and its impact on Government Project Delivery
 
Info Sec2007 End Point Final
Info Sec2007   End Point FinalInfo Sec2007   End Point Final
Info Sec2007 End Point Final
 
The role and impact of IT in society
The role and impact of IT in societyThe role and impact of IT in society
The role and impact of IT in society
 
CEO's Guide Effective IT Management
CEO's Guide Effective IT ManagementCEO's Guide Effective IT Management
CEO's Guide Effective IT Management
 
Achieving Compliance Through Security
Achieving Compliance Through SecurityAchieving Compliance Through Security
Achieving Compliance Through Security
 
Cyber Security: Strategies, Defence and what’s not working
Cyber Security:Strategies, Defence and what’s not workingCyber Security:Strategies, Defence and what’s not working
Cyber Security: Strategies, Defence and what’s not working
 
Digitization solutions - A new breed of software
Digitization solutions - A new breed of softwareDigitization solutions - A new breed of software
Digitization solutions - A new breed of software
 
Webinar: Top 2020 Digital Workplace Trends
Webinar: Top 2020 Digital Workplace Trends Webinar: Top 2020 Digital Workplace Trends
Webinar: Top 2020 Digital Workplace Trends
 

Ähnlich wie Harry Regan - Disaster Recovery and Business Continuity - "It's never so bad that it can't get worse"

DR luncheon presentation
DR luncheon presentationDR luncheon presentation
DR luncheon presentationseishi1
 
Bcp coop training taxpayer services 1-15-09
Bcp coop training taxpayer services 1-15-09Bcp coop training taxpayer services 1-15-09
Bcp coop training taxpayer services 1-15-09Richard Turner
 
It's Snow Joke; Protecting your Business from Acts of God, Mother Nature and ...
It's Snow Joke; Protecting your Business from Acts of God, Mother Nature and ...It's Snow Joke; Protecting your Business from Acts of God, Mother Nature and ...
It's Snow Joke; Protecting your Business from Acts of God, Mother Nature and ...jdixonbrash
 
Guidelines & Metrics for Efficient & Dynamic Inside-Outside Counsel Partnerships
Guidelines & Metrics for Efficient & Dynamic Inside-Outside Counsel PartnershipsGuidelines & Metrics for Efficient & Dynamic Inside-Outside Counsel Partnerships
Guidelines & Metrics for Efficient & Dynamic Inside-Outside Counsel PartnershipsLiquid Litigation Mangement, Inc.
 
Underground Cable Strikes - Best Practice Guidelines For Construction Compani...
Underground Cable Strikes - Best Practice Guidelines For Construction Compani...Underground Cable Strikes - Best Practice Guidelines For Construction Compani...
Underground Cable Strikes - Best Practice Guidelines For Construction Compani...Thorne & Derrick International
 
Business continuity at_northrop_grumman
Business continuity at_northrop_grummanBusiness continuity at_northrop_grumman
Business continuity at_northrop_grummanAnshuman Jaiswal
 
Best Practices for Proactive Disaster Recovery and Business Continuity
Best Practices for Proactive Disaster Recovery and Business ContinuityBest Practices for Proactive Disaster Recovery and Business Continuity
Best Practices for Proactive Disaster Recovery and Business ContinuityReadWrite
 
World conference on disaster management 2014
World conference on disaster management 2014World conference on disaster management 2014
World conference on disaster management 2014Corey Makar
 
Innovation as a Necessity in the UK Water Sector
Innovation as a Necessity in the UK Water SectorInnovation as a Necessity in the UK Water Sector
Innovation as a Necessity in the UK Water SectorJames Dunning
 
Everbridge Webinar - Ten Years After 9/11
Everbridge Webinar - Ten Years After 9/11Everbridge Webinar - Ten Years After 9/11
Everbridge Webinar - Ten Years After 9/11Everbridge, Inc.
 
Dr Steve Goldman's Top Ten Business Continuity Predictions / Trends for 2014
Dr Steve Goldman's Top Ten Business Continuity Predictions / Trends for 2014Dr Steve Goldman's Top Ten Business Continuity Predictions / Trends for 2014
Dr Steve Goldman's Top Ten Business Continuity Predictions / Trends for 2014xMatters Inc
 
Disruptive Technologies: Impact on Strategic Alliances, Partnerships & Channels
Disruptive Technologies: Impact on Strategic Alliances, Partnerships & ChannelsDisruptive Technologies: Impact on Strategic Alliances, Partnerships & Channels
Disruptive Technologies: Impact on Strategic Alliances, Partnerships & ChannelsPhil Hogg
 
Willem A. Hoekstra Business Continuity Management in Banking Industry World C...
Willem A. Hoekstra Business Continuity Management in Banking Industry World C...Willem A. Hoekstra Business Continuity Management in Banking Industry World C...
Willem A. Hoekstra Business Continuity Management in Banking Industry World C...BCM Institute
 
NetMotion Wireless Continuity of Emergency Response Communications
NetMotion Wireless Continuity of Emergency Response CommunicationsNetMotion Wireless Continuity of Emergency Response Communications
NetMotion Wireless Continuity of Emergency Response CommunicationsNetMotion Wireless
 
Preparing for the Unexpected with The Town of East Haddam, CT
Preparing for the Unexpected with The Town of East Haddam, CTPreparing for the Unexpected with The Town of East Haddam, CT
Preparing for the Unexpected with The Town of East Haddam, CTEverbridge, Inc.
 
Cyber Crisis Management - Technology Risk Management Forum
Cyber Crisis Management - Technology Risk Management ForumCyber Crisis Management - Technology Risk Management Forum
Cyber Crisis Management - Technology Risk Management Forumjellegroenendaal
 
Chapter 13 heragu
Chapter 13 heraguChapter 13 heragu
Chapter 13 heraguAjit Kumar
 
Mastering disaster e book Telehouse
Mastering disaster e book TelehouseMastering disaster e book Telehouse
Mastering disaster e book TelehouseTelehouse
 
Jersey City Hurricane Sandy
Jersey City Hurricane SandyJersey City Hurricane Sandy
Jersey City Hurricane SandyCandice Osborne
 

Ähnlich wie Harry Regan - Disaster Recovery and Business Continuity - "It's never so bad that it can't get worse" (20)

DR luncheon presentation
DR luncheon presentationDR luncheon presentation
DR luncheon presentation
 
Bcp coop training taxpayer services 1-15-09
Bcp coop training taxpayer services 1-15-09Bcp coop training taxpayer services 1-15-09
Bcp coop training taxpayer services 1-15-09
 
It's Snow Joke; Protecting your Business from Acts of God, Mother Nature and ...
It's Snow Joke; Protecting your Business from Acts of God, Mother Nature and ...It's Snow Joke; Protecting your Business from Acts of God, Mother Nature and ...
It's Snow Joke; Protecting your Business from Acts of God, Mother Nature and ...
 
Guidelines & Metrics for Efficient & Dynamic Inside-Outside Counsel Partnerships
Guidelines & Metrics for Efficient & Dynamic Inside-Outside Counsel PartnershipsGuidelines & Metrics for Efficient & Dynamic Inside-Outside Counsel Partnerships
Guidelines & Metrics for Efficient & Dynamic Inside-Outside Counsel Partnerships
 
Underground Cable Strikes - Best Practice Guidelines For Construction Compani...
Underground Cable Strikes - Best Practice Guidelines For Construction Compani...Underground Cable Strikes - Best Practice Guidelines For Construction Compani...
Underground Cable Strikes - Best Practice Guidelines For Construction Compani...
 
Business continuity at_northrop_grumman
Business continuity at_northrop_grummanBusiness continuity at_northrop_grumman
Business continuity at_northrop_grumman
 
Best Practices for Proactive Disaster Recovery and Business Continuity
Best Practices for Proactive Disaster Recovery and Business ContinuityBest Practices for Proactive Disaster Recovery and Business Continuity
Best Practices for Proactive Disaster Recovery and Business Continuity
 
World conference on disaster management 2014
World conference on disaster management 2014World conference on disaster management 2014
World conference on disaster management 2014
 
Level 1 Slides Lessons 1 5 V4wb70 Ml
Level 1 Slides   Lessons 1 5 V4wb70 MlLevel 1 Slides   Lessons 1 5 V4wb70 Ml
Level 1 Slides Lessons 1 5 V4wb70 Ml
 
Innovation as a Necessity in the UK Water Sector
Innovation as a Necessity in the UK Water SectorInnovation as a Necessity in the UK Water Sector
Innovation as a Necessity in the UK Water Sector
 
Everbridge Webinar - Ten Years After 9/11
Everbridge Webinar - Ten Years After 9/11Everbridge Webinar - Ten Years After 9/11
Everbridge Webinar - Ten Years After 9/11
 
Dr Steve Goldman's Top Ten Business Continuity Predictions / Trends for 2014
Dr Steve Goldman's Top Ten Business Continuity Predictions / Trends for 2014Dr Steve Goldman's Top Ten Business Continuity Predictions / Trends for 2014
Dr Steve Goldman's Top Ten Business Continuity Predictions / Trends for 2014
 
Disruptive Technologies: Impact on Strategic Alliances, Partnerships & Channels
Disruptive Technologies: Impact on Strategic Alliances, Partnerships & ChannelsDisruptive Technologies: Impact on Strategic Alliances, Partnerships & Channels
Disruptive Technologies: Impact on Strategic Alliances, Partnerships & Channels
 
Willem A. Hoekstra Business Continuity Management in Banking Industry World C...
Willem A. Hoekstra Business Continuity Management in Banking Industry World C...Willem A. Hoekstra Business Continuity Management in Banking Industry World C...
Willem A. Hoekstra Business Continuity Management in Banking Industry World C...
 
NetMotion Wireless Continuity of Emergency Response Communications
NetMotion Wireless Continuity of Emergency Response CommunicationsNetMotion Wireless Continuity of Emergency Response Communications
NetMotion Wireless Continuity of Emergency Response Communications
 
Preparing for the Unexpected with The Town of East Haddam, CT
Preparing for the Unexpected with The Town of East Haddam, CTPreparing for the Unexpected with The Town of East Haddam, CT
Preparing for the Unexpected with The Town of East Haddam, CT
 
Cyber Crisis Management - Technology Risk Management Forum
Cyber Crisis Management - Technology Risk Management ForumCyber Crisis Management - Technology Risk Management Forum
Cyber Crisis Management - Technology Risk Management Forum
 
Chapter 13 heragu
Chapter 13 heraguChapter 13 heragu
Chapter 13 heragu
 
Mastering disaster e book Telehouse
Mastering disaster e book TelehouseMastering disaster e book Telehouse
Mastering disaster e book Telehouse
 
Jersey City Hurricane Sandy
Jersey City Hurricane SandyJersey City Hurricane Sandy
Jersey City Hurricane Sandy
 

Mehr von centralohioissa

Mike Spaulding - Building an Application Security Program
Mike Spaulding - Building an Application Security ProgramMike Spaulding - Building an Application Security Program
Mike Spaulding - Building an Application Security Programcentralohioissa
 
Jake Williams - Navigating the FDA Recommendations on Medical Device Security...
Jake Williams - Navigating the FDA Recommendations on Medical Device Security...Jake Williams - Navigating the FDA Recommendations on Medical Device Security...
Jake Williams - Navigating the FDA Recommendations on Medical Device Security...centralohioissa
 
Bob West - Educating the Board of Directors
Bob West - Educating the Board of DirectorsBob West - Educating the Board of Directors
Bob West - Educating the Board of Directorscentralohioissa
 
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
Mark Villinski - Top 10 Tips for Educating Employees about CybersecurityMark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecuritycentralohioissa
 
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access SystemsValerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systemscentralohioissa
 
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016centralohioissa
 
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...centralohioissa
 
Tre Smith - From Decision to Implementation: Who's On First?
Tre Smith - From Decision to Implementation: Who's On First?Tre Smith - From Decision to Implementation: Who's On First?
Tre Smith - From Decision to Implementation: Who's On First?centralohioissa
 
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the WarGary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the Warcentralohioissa
 
Sean Whalen - How to Hack a Hospital
Sean Whalen - How to Hack a HospitalSean Whalen - How to Hack a Hospital
Sean Whalen - How to Hack a Hospitalcentralohioissa
 
Robert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software DesignRobert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software Designcentralohioissa
 
Rafeeq Rehman - Breaking the Phishing Attack Chain
Rafeeq Rehman - Breaking the Phishing Attack ChainRafeeq Rehman - Breaking the Phishing Attack Chain
Rafeeq Rehman - Breaking the Phishing Attack Chaincentralohioissa
 
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDNOliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDNcentralohioissa
 
Jack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security MetricsJack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security Metricscentralohioissa
 
Michael Woolard - Gamify Awareness Training: Failure to engage is failure to ...
Michael Woolard - Gamify Awareness Training: Failure to engage is failure to ...Michael Woolard - Gamify Awareness Training: Failure to engage is failure to ...
Michael Woolard - Gamify Awareness Training: Failure to engage is failure to ...centralohioissa
 
Ruben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security InitiativesRuben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security Initiativescentralohioissa
 
Ed McCabe - Putting the Intelligence back in Threat Intelligence
Ed McCabe - Putting the Intelligence back in Threat IntelligenceEd McCabe - Putting the Intelligence back in Threat Intelligence
Ed McCabe - Putting the Intelligence back in Threat Intelligencecentralohioissa
 
Ofer Maor - Security Automation in the SDLC - Real World Cases
Ofer Maor - Security Automation in the SDLC - Real World CasesOfer Maor - Security Automation in the SDLC - Real World Cases
Ofer Maor - Security Automation in the SDLC - Real World Casescentralohioissa
 
Jim Libersky: Cyber Security - Super Bowl 50
Jim Libersky: Cyber Security - Super Bowl 50Jim Libersky: Cyber Security - Super Bowl 50
Jim Libersky: Cyber Security - Super Bowl 50centralohioissa
 
Jim Wojno: Incident Response - No Pain, No Gain!
Jim Wojno: Incident Response - No Pain, No Gain!Jim Wojno: Incident Response - No Pain, No Gain!
Jim Wojno: Incident Response - No Pain, No Gain!centralohioissa
 

Mehr von centralohioissa (20)

Mike Spaulding - Building an Application Security Program
Mike Spaulding - Building an Application Security ProgramMike Spaulding - Building an Application Security Program
Mike Spaulding - Building an Application Security Program
 
Jake Williams - Navigating the FDA Recommendations on Medical Device Security...
Jake Williams - Navigating the FDA Recommendations on Medical Device Security...Jake Williams - Navigating the FDA Recommendations on Medical Device Security...
Jake Williams - Navigating the FDA Recommendations on Medical Device Security...
 
Bob West - Educating the Board of Directors
Bob West - Educating the Board of DirectorsBob West - Educating the Board of Directors
Bob West - Educating the Board of Directors
 
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
Mark Villinski - Top 10 Tips for Educating Employees about CybersecurityMark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
 
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access SystemsValerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
 
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
 
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
 
Tre Smith - From Decision to Implementation: Who's On First?
Tre Smith - From Decision to Implementation: Who's On First?Tre Smith - From Decision to Implementation: Who's On First?
Tre Smith - From Decision to Implementation: Who's On First?
 
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the WarGary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
 
Sean Whalen - How to Hack a Hospital
Sean Whalen - How to Hack a HospitalSean Whalen - How to Hack a Hospital
Sean Whalen - How to Hack a Hospital
 
Robert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software DesignRobert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software Design
 
Rafeeq Rehman - Breaking the Phishing Attack Chain
Rafeeq Rehman - Breaking the Phishing Attack ChainRafeeq Rehman - Breaking the Phishing Attack Chain
Rafeeq Rehman - Breaking the Phishing Attack Chain
 
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDNOliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN
 
Jack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security MetricsJack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security Metrics
 
Michael Woolard - Gamify Awareness Training: Failure to engage is failure to ...
Michael Woolard - Gamify Awareness Training: Failure to engage is failure to ...Michael Woolard - Gamify Awareness Training: Failure to engage is failure to ...
Michael Woolard - Gamify Awareness Training: Failure to engage is failure to ...
 
Ruben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security InitiativesRuben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security Initiatives
 
Ed McCabe - Putting the Intelligence back in Threat Intelligence
Ed McCabe - Putting the Intelligence back in Threat IntelligenceEd McCabe - Putting the Intelligence back in Threat Intelligence
Ed McCabe - Putting the Intelligence back in Threat Intelligence
 
Ofer Maor - Security Automation in the SDLC - Real World Cases
Ofer Maor - Security Automation in the SDLC - Real World CasesOfer Maor - Security Automation in the SDLC - Real World Cases
Ofer Maor - Security Automation in the SDLC - Real World Cases
 
Jim Libersky: Cyber Security - Super Bowl 50
Jim Libersky: Cyber Security - Super Bowl 50Jim Libersky: Cyber Security - Super Bowl 50
Jim Libersky: Cyber Security - Super Bowl 50
 
Jim Wojno: Incident Response - No Pain, No Gain!
Jim Wojno: Incident Response - No Pain, No Gain!Jim Wojno: Incident Response - No Pain, No Gain!
Jim Wojno: Incident Response - No Pain, No Gain!
 

Kürzlich hochgeladen

Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfDaniel Santiago Silva Capera
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
Babel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxBabel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxYounusS2
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Adtran
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 
Things you didn't know you can use in your Salesforce
Things you didn't know you can use in your SalesforceThings you didn't know you can use in your Salesforce
Things you didn't know you can use in your SalesforceMartin Humpolec
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPathCommunity
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintMahmoud Rabie
 
Cloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial DataCloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial DataSafe Software
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopBachir Benyammi
 
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdfJamie (Taka) Wang
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URLRuncy Oommen
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
Spring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfSpring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfAnna Loughnan Colquhoun
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesDavid Newbury
 

Kürzlich hochgeladen (20)

Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
Babel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxBabel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptx
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 
Things you didn't know you can use in your Salesforce
Things you didn't know you can use in your SalesforceThings you didn't know you can use in your Salesforce
Things you didn't know you can use in your Salesforce
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation Developers
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership Blueprint
 
Cloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial DataCloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial Data
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 Workshop
 
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URL
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
Spring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfSpring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdf
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond Ontologies
 

Harry Regan - Disaster Recovery and Business Continuity - "It's never so bad that it can't get worse"

  • 1. It’s Never So Bad That It Can’t Get Worse A REVIEW OF DISASTER RECOVERY AND BUSINESS CONTINUITY PLANNING IN PRACTICE HARRY REGAN VP, SECURITY CONSULTING SERVICES SECURICON, LLC HTTP://WWW.SECURICON.COM
  • 2. Agenda • WhoWe Are • The Magic of MixingTechnology and Humans • Things DRITellsYou • 3Tales from the Field o Clouds of 9/11 o What if they threw a disaster and nobody came? o Financial Services andY2K • ScarTissue and Recommendations • WhenYou’ve Got Lemons… • Conclusions and Q&A
  • 3. Who are we? • Securicon provides security services primarily in the US and Canada • Our clients are generally from regulated industries (Financial Services, Utilities, Manufacturing, Higher Education, Healthcare), and Federal and local government. • Broad base of experience in the integration of human and social issues into the implementation and impact on security • Enterprise-level experience in developing COOP and BCP plans. • Always fascinated and amused by the BTAFFD* syndrome * buttered toast always falls face down
  • 4. The Magic of Mixing Technology with Humans • Technology makes the world work • People make the world weird • Business Continuity happens at the intersection of people and technology– with one or more emergencies thrown into the mix. • Plans may be detailed and logical, but human behavior is not as predictable as we’d like. • Emergency scenarios can get complex– be flexible– very, very flexible.
  • 5. The Magic of Mixing Technology with Humans • The development of policies and procedures is based on the assumption that people are inclined to obey the rules • That is generally correct, however people’s performance is a variable, not a constant • Introduce an emergency into the mix and all bets are off
  • 6. Best Intentions… • We’re going to examine three case studies from three different industries. • All three companies involved had a Business Continuity Plan • All three had a major failure then the disaster arrived • We’ll also look at a fourth case where a company used a disaster as a decision point for a business decision
  • 7. Things DRI Tells You… Key Objectives… • Safety is #1 priority in a emergency: Protect people first, then assets and resources • Keep the business operating to the extent possible • Maintain basic communications (e-mail, phone) • Don’t let them see you sweat! (Web site up, services available and shipping with minimal disruptions) • Maintain billing, accounting, and keep revenue flowing
  • 8. More Things DRI TellsYou… • Your DR/BCP plan should have strategies for… • Emergency Response and Operations Contingencies • Actionable and detailed Business Continuity Plans at a situational and granular Level • Training and Awareness – for everyone, but especially for key staff involved in the plan– they have to pull it off! • Maintaining andTesting DR and Business Continuity Plans and Operability – and really do it! • Public Relations and Crisis Communications– reassure customers, vendors, suppliers • Coordination with Public Authorities
  • 9. 3 tales from the field • All ItTakes Is People o Shelter-in-Place approach o Great plan, now where’s the staff? • The Other 9/11 Issue o The traditional DR contract approach o Hurricane Gabrielle hits Florida • Financial Services andY2K o Comprehensive “situational plan” o Y2K Plan used successfully (sort of)
  • 10. The Other 9/11 Issue • September 9, 2001 –Tropical Storm Gabrielle forms off the west coast of Florida in the Gulf of Mexico. • September 11, 2001 – Hurricane Gabrielle threatens western Florida coast. • A manufacturing company in central Florida, already experiencing flooding in their facility and data center from heavy rain, declares a disaster and went to exercise their contract with their DR provider • Scheduled DR site – Sterling Forest, NY • The request “could not be accommodated”
  • 11. The Other 9/11 Issue • They had arranged for specific equipment to be available at the DR site o They assumed they could just “swap over” to the DR site o They further assumed they could just show up with the tapes • WhenYou Fail to Plan… o They were a small company and had a very basic but untested DR/BCP plan o They had a DR contract with a big, reputable name firm o They kept backup tapes on site and planned to FedEx them to the DR site when needed
  • 12. The Other 9/11 Issue • Lessons learned o With an untested plan, it was really iffy that they could successfully exercise the DR plan at all o With a 3rd party DR contract, you may be able to get your money back if you “can’t be accommodated”! o Yes, their data center flooded…
  • 13. All It Takes Is People • Picture rolling New England hills, nestling a quaint little mill town. In this town is a manufacturing company that makes specialty products for the medical industry • “Shelter in Place” is a strategy some companies adopt– that’s the approach this company chose– backups and redundant equipment maintained on site. • They maintained food, various beverages and water expecting outages to be no more than “a couple of days”
  • 14. All It Takes Is People • The data center featured a natural gas generator tied to the city gas lines, so as long as they had fuel, they had power • The network featured divergent carriers with failover • They engineered their systems to be all remotely administered and operated so there was little need for staff to be onsite – but some functions had to be manually attended. • They had robust, tested remote access processes.
  • 15. All It Takes Is People • But… o Their DR/BCP documents had a a very exacting “Bob will do X, Frank will doY” approach. o Sooner or later, they said, they’d cross train folks. o The disaster came before “later” did.
  • 16. All It Takes Is People • The systems were up! No one was available to do anything with them, but they were up! • Discovered many processes they had not considered needed to had to have someone on site for operations support • Also discovered that the phone system and the PACS were never moved to backup power • In May of 2006, the area experienced severe flooding. All telecommunications were out, roads impassable, residents evacuated from the area.
  • 17. All It Takes Is People • Lessons learned o It was a good plan! It was a tested plan!  It didn’t go quite far enough  Cross-training participants is important (but wouldn’t have worked in this instance) o Was their plan successful for this event?  They were inaccessible for several days, back in operation within a week – so it met the “couple of days” outage scenario  All automated processes ran  There was no one in control for two or three days
  • 18. Financial Services andY2K • Standing hotel accommodations for operations teams near both data centers • Situational BCP built with input from each business unit. Tested, tested, tested. • Identification of positions that needed to be on-site (the rest would work from home) • Large globally recognized financial services firm with heavy transactional network traffic. • Primary data center in southern New England, about an hour north of NYC • Backup data center 200 miles south.
  • 19. Financial Services andY2K • NYC staff in 1 Liberty Plaza,Times Square and nearWall Street • If staff had to be displaced, they would go to one of several locations or be issued laptops to work from home • Monthly live test of failover from primary to backup. Well understood system and network for financial services. Business systems were lower priority. • Y2K – Nothing Happened
  • 20. Financial Services and Y2K But then there was 9/11… This was the DR/BCP Plan on Place when the WorldTrade Center attack appened 1 Liberty Plaza was across the street from theWTC
  • 21. Financial Services andY2K • On 9/11 the first plane hit before the stock market opened– so the decision was made not to open the market until the extent of the disaster was known • As events unfolded, activated disaster plan o Liberty Plaza andWall Street staff evacuated to Times Square (until SouthTower collapse) o Network transferred to Backup Site without incident • Long-term displacement of workforce
  • 22. Financial Services andY2K • On one level, the DR/BCP was successful. o Almost seamless transition to backup systems (turned out not to be necessary) o Market systems staff was on-site, in place and ready for normal operations when the disaster occurred o Corporate systems staff generally was in transit or about to leave home, but in DC – another 9/11 target site o Market systems were ready for scheduled market open at 10AM, but decision was made to keep the market closed. o There were staff injuries, but no reported fatalities
  • 23. Financial Services andY2K • Problems with the BCP o No plan for loosing Manhattan o Evacuation plan assumed navigable streets, availability of public transportation o Severe and lasting workforce displacement o IT not ready for influx of teleworkers– not enough VPN licenses. But that’s OK, not enough laptops either. • Sometimes you get lucky o AT&T NYC Switch Center and most cellular service was destroyed in the WTC collapse o The company used MCI for telephone and network service
  • 24. Scar Tissue and Recommendations Recurring drills are important. Annual drills are simply not frequent enough. Test it, darn it! Still doing weekly/monthly backups with incrementals? You should rethink your backup strategy. Practice bare-metal restores. Even with great planning and preparation, odds are good you’ll have to do one or more and they take time. Transactional systems love to have journal problems. Understand how to identify problems early and quickly and how to resolve them. If you’re using a 3rd party backup site, expect equipment problems. Plan for it.
  • 25. Scar Tissue and Recommendations Understand what disasters are facing your disaster recovery sites! Understand the logistics of getting the right people to the right place in different kinds of disasters! See if you can arrange to have your restoration media transmitted to the DR site. (Throwing the backup media in the van with the DR AwayTeam may make the disaster even worse) Maintain the equipment for the DR site! It won’t help you if the DR hardware can’t run the current mission critical applications!
  • 26. Scar Tissue and Recommendations • Cross train DR/BCP teams onALL roles. DRI recommends backups roles and backups to backups. But you won’t know for sure who reports for duty until the disaster.
  • 27. What this “Granular” stuff? • It’s rare that a disaster/emergency will unfurl on your terms. The key to survival is flexibility o Be ready for a “half disaster” o Also be ready for multiple, simultaneous disasters o Finally, be ready for key staff unavailability • Situational planning is important o Have plans built for the most likely disaster scenarios o To the extend possible, compartmentalize o Also have a OCISD Strategy OCISD = “Oh crud! It’s something different!”
  • 28. WhenYou’ve Got Lemons… • They planned to move researchers from their Nice, France facility to the new US facility • In the Summer and Fall of 2001, I had a client in the cosmetics industry expanding their New Jersey research facility…
  • 29. WhenYou’ve Got Lemons… • After 9/11, they ended up halting the plans for the expanded R&D center, converted it to offices and moved their executive staff from Manhattan to the new offices. • A good example of capitalizing on a disaster scenario to change your potential risk profile. ( But I’ve always wondered if the R&D team from the French Riviera was the real force behind 9/11… )
  • 30. Conclusions and Q&A If you take nothing else away from this presentation, remember: #1 Test. Refine. Repeat. #2 Be very flexible. It probably won’t happen like you think it will #3 When it does happen, you’ll find out which pieces you didn’t test enough.
  • 31. Remember… When the first shot is fired, battle plans go out the window.” General George Patton

Hinweis der Redaktion

  1. V
  2. H
  3. V&H