IT Job Descriptions

Security Manual Template

Salary Survey

Disaster Plan

IT Infrastructure Strategy Charter

XML and RSS News Feeds
CIO Tools - Disaster Planning - Security
Infrastructure - Job Descriptions



US Smart Grid Could Cause Business Interruptions - Disaster Planning Consideration

11/02/2009 

Disaster Business ContinuityA cybersecurity coordination task force released a report that assesses various security and privacy requirements for the U.S. Smart Grid, as well as strategies needed to address them. It looks at security and disaster planning issues.

The 256-page document was compiled by the task force, composed of individuals from the government, industry, academia, and regulatory bodies, and led by the National Institutes of Standards and Technology (NIST). Now open for comment, NIST will release a final version of the document in March 2010 describing a overall Smart Grid security architecture and security requirements.

    Buy      Table of Contents

The draft report highlights the need for planners to address threats that could potentially allow attackers to penetrate the smart grid, gain access to control software, and alter load conditions to cause widespread disruptions. Cybersecurity strategies for protecting the smart grid need to address not only deliberate attacks but also inadvertent compromises resulting from user errors, equipment failures and buggy software, the report said.

Released as part of the report was a Privacy Impact Analysis that examines some of the privacy implications of establishing a smart grid for power distribution.

A smart grid uses digital technology to transmit, distribute, and deliver power to consumer in a more reliable and efficient manner than traditional electricity systems. A key component of the smart grid is the real-time, two-way communication it establishes between consumers and power distributors for tracking energy use and enabling smarter consumption and pricing. Current plans call for nearly 17 million two-way connected smart meters to be installed in U.S. homes over the next few years.

- more info



Disaster Recovery Planning International Standard Set by Janco

10/25/2009 

Disaster PlanDisaster Recovery Business Continuity Template Now Accepted as the International Standard

Update to the Disaster Recovery Business Continuity Template has just been released by Janco Associates..

Park City, UT - The Disaster Recovery Business Continuity Planning template has been sold to enterprise in over 65 countries around the globe.  With the release the latest verison of the template it is in complete compliance with Sarbanes-Oxley, HIPAA, ITIL (Ver 3), ISO 17799, and PCI DSS.

M V Janulaitis the CEO of Janco said, "Our DRP /BCP Template has been accepted by enterprise around the globe as the standard for disaster recovery plan and business continuity plan creation." In response to that need Janco has updated its "Disaster Recovery / Business Continuity Template" by increasing the content of the template as well as updating the entire document to be compliant with Sarbanes-Oxley, HIPAA, ITIL (Ver. 3), ISO 17799, and PCI DSS.

The Disaster Recovery Business Continuity Plan has been purchased for use in over 65 countries around the globe including:

  • Angola
  • Australia
  • Austria
  • Bahamas
  • Barbados
  • Belgium
  • Belize
  • Bermuda
  • Brazil
  • Bulgaria
  • Canada
  • Cayman Islands
  • Columbia
  • Croatia
  • Czech Republic
  • Denmark
  • Egypt
  • Finland
  • France
  • Germany
  • Greece
  • Honduras
  • Hungary
  • Iceland
  • India
  • Indonesia
  • Israel
  • Italy
  • Jamaica
  • Japan
  • Jordan
  • Kenya
  • Lebanon
  • Lithuania
  • Macao
  • Malta
  • Mexico
  • Mozambique
  • Namibia
  • Netherlands
  • New Zealand
  • Nigeria
  • Norway
  • Panama
  • Philippines
  • Poland
  • Portugal
  • Puerto Rico
  • Qatar
  • Republic of Ireland
  • Romania
  • Russia
  • Saudi Arabia
  • Singapore
  • South Africa
  • South Korea
  • Spain
  • Sri Lanka
  • Swaziland
  • Switzerland
  • Taiwan
  • Thailand
  • Trinidad & Tobago
  • Uganda
  • United Kingdom
  • United States
  • Venezuela
  • Zambia

The Disaster Recovery Business Continuity Plan has been purchased for use in  government, public, and private enterprises in almost all industries including:

  • Federal Government
  • State Governments
  • Local Governments
  • Law Firms
  • Think Tanks
  • Chemical
  • Telecommunication
  • Real Estate
  • Manufacturing
  • Universities
  • School Districts
  • Consulting Firms
  • Banks
  • Financial Service
  • Investment Banks
  • Credit Unions
  • Outsourcers
  • Property Mgt
  • Heavy Industry
  • Light Industry
  • Distribution
  • Retail
  • Hospitality
  • Energy
  • Insurance
  • Medical
  • ISPs
  • Application Development
  • Construction
  • Graphics
  • Entertainment
  • Paper Products
  • Defense
  • Aerospace
  • Media
 - more info



Disaster recovery continues to be an area of high risk and high cost

10/17/2009 

A recent survey by Janco Associates showed that organizations of all sizes considered that the loss of IT systems was the threat most likely to have an impact on costs and revenue and that it is the most commonly experienced disruption.

DRP/BCP Security Templates

The regulated nature of the IT environment, combined with the statutory obligations of clients' data protection, means that having a disaster recovery system in place is essential. Until now, enterprises of all sizes have faced enormous costs and inflexible regimes to implement effective IT disaster recovery provisions. Many have therefore been forced to settle for a mere plan of action or ineffective options, which may in reality, do little to reduce their risks. So what are the options for protecting critical IT systems for your firm?

Have a backup

Most organizations take backups, but it is the barest minimum requirement for protecting your firm from a disaster. Backups are for getting you out of a hole when you accidentally delete/lose/corrupt data on your working machines. If you lose those machines completely then the backup will only help once you have replaced and rebuilt your systems. In addition, replacing and rebuilding is not as simple as it sounds and can take a long time before you have working systems again.

Order DRPSample DRP

CIOs should also know that taking a backup is not the same as having a good working backup. Backup processes have a reputation for letting enterprises down when they need them most. If the recovery plan in based on backups only, CIOs should check regularly that backups are actually working and understand that they have only covered the first step and plan to be without working systems for typically around 3 to 7 days).  Also, remember that if you want to guard against a disaster that physically destroys your machines, then your backups need to be off-site - well out of harm's way.

- more info



How to calculate the cost of downtime

10/05/2009 

DRP Security TemplateOne overlooked truth is that downtime costs accelerate in a non-linear fashion every hour. If a system fails for five minutes, the costs are fairly low because manual methods (paper and pencil) of making records or communicating by telephone instead of e-mails can suffice to conduct business. Over an extended period, however, the volume of work overwhelms the manual processes. Yet some businesses -  such as Amazon or e-Bay - cannot run at all on manual processes. Business and financial operations increasingly deteriorate, and the rate of dollar losses grows - sometimes to the point of fatally damaging the business.

 

In addition, when assessing the financial impact of downtime, you need to consider factors such as potential lost revenue, reductions in worker productivity, and damaged market reputation. In some cases, downtime can even reduce shareholder confidence, which can create unnecessary and unplanned costs. Financial analysts and accountants at your company can help you come up with the factors at your company that are affected by downtime and contribute to its costs.

- more info



Swine Flu - DRP - BCP - CIO Issue

09/19/2009 

What swine flu has done is reminded us all of the necessity to plan for threat scenarios that affect people more than they do data centers and other physical corporate facilities. Alternate work area facilities, mobile recovery units, and other workforce recovery strategies are not effective when people are home sick or there are travel bans in place. In these scenarios, your workforce recovery strategy must rely on remote access solutions or virtual workforce solutions.

Large numbers of employees out sick will affect the business (revenue) and cost your company a lot of money in productivity loss (you still pay employees their salary when they are out).  In a recent Janco Associates survey, they asked over 300 DRP/BCP decision makers if their company had strategies for workforce recovery in their BCPs, 71% said yes. This means that 29% of you out there have a lot of work to do. Of the 71% that have strategies in place, 82% use remote access procedures as part of their strategy.

The US Center for Disease Control (CDC) has confirmed thousands of cases of swine flu in the United States and as other countries including Canada, New Zealand, the United Kingdom, Israel, Spain, and all of Europe has confirmed cases. This means health officials have confirmed that the disease can spread person-to-person and has the potential to cause "community-level" outbreaks.

IT disaster recovery is not necessarily business continuity.  In addition there is a good chance that the plan is out of date and that it has not been exercised in a long time.

A plan walk through is no substitute for a more thorough exercise but it is a good place to start.

  • Validate the currency of the plan and the procedures.
  • Validate team member, roles, and responsibilities.
  • Understand what technology and services you currently have in place.
- more info



Disaster Recovery Business Continuity for Remote Offices

09/12/2009 

Data residing outside the data center at remote and branch offices (ROBOs) accounts for a significant portion of an enterprise's information store, yet it often either is protected with inefficient backup processes or is not protected at all -- leaving companies at risk on many fronts.

In a recent research report, high priority projects for ROBOs included improving information security measures; ensuring compliance with government, industry or corporate governance mandates; and improving Disaster Recovery Business Continuity processes.

- more info



Which Files Need to be backed up

09/10/2009 

Order Disaster PlanHard drives often contain hundreds of thousands of files. Many of them should be backed up every day, others only occasionally, and still others - including temp files, the hibernation file, and your browser cache--not at all.

  • Documents: You should back up your word processing files, spreadsheets, and similar documents every day. Most basic backup program perform incremental backups, in which the program copies only the files that have changed since the most recent previous backup. (Several backup programs also perform versioning;  they keep several iterations of the same file on hand and enable you to choose which version to restore.)
  • Recent Documents: If your backup program can handle incremental backups, you don't have to worry about recent documents as separate entities. But if you often work on these files on other people's computers, you may want to carry a copy of them on a flash drive or store a copy of them online.
  • Application Data: Applications create and maintain data files such as e-mail messages, browser favorites, calendar entries, and contacts that require daily backing up. Many programs store them in a hidden folder inside your user folder (in XP, C:\Documents and Settings\your name\Application Data; in Vista, C:\Users\your name\AppData). Also, in XP, Microsoft stores Outlook and Outlook Express data in C:\Documents and Settings\your name\Local Settings\Application Data). Fortunately, any well-designed backup program intended for everyday, nonexpert users (as opposed to IT departments) knows where to look for Outlook data.
  • Operating System: You can always reinstall Windows and your apps, if you have the original discs or can download the programs. But if Windows becomes unusable or your hard drive crashes, switching to a system backup (also called a disaster recovery backup) that you create a couple of times a year can get your machine up and running smoothly without much effort.
  • Media: These large files require a separate backup strategy because of the amount of storage space they require..
  • Heirlooms: Files that you want to keep forever need backing up and extra protection.
- more info



Testing and training models for a disaster recovery and business continuity plan

08/29/2009 

After you created your disaster recovery and business continuity plan you are not done. In reality your disaster recovery and business continuity plan are useless until you test them and train your staff in how to activate and use them. The key is to incorporate testing and training as part of the overall disaster recovery and business continuity management process.

 Disaster Recovery Plan TemplateTesting and Training Models

 Plan Review

In a plan review, the disaster recovery and business continuity plan owner and team discuss the disaster recovery and business continuity plan. They look for missing elements and inconsistencies within the plan or with the organization. This type of exercise is comparable to plan auditing, and is useful to train new members of a team, including the business function owner. 

Walk-Thru

In a walk-thru exercise, participants gather in a room to execute documented plan activities in a stress-free environment. Walk-thru exercises can effectively demonstrate whether team members know their duties in an emergency and if they need training. Documentation errors, missing information and inconsistencies across disaster recovery and business continuity plan can be identified in a walk-thru exercise.

Simulation

To determine if disaster recovery and business continuity management procedures and resources work in a realistic situation, a simulation exercise helps. This exercise uses established disaster recovery and business continuity resources, such as the recovery site, backup equipment, services from recovery vendors and transportation. It can require sending teams to alternate sites to restart technology as well as business functions. Errors, omissions, missing or insufficient resources, incomplete coverage, and limited vendor capabilities may surface in this exercise. Simulations may also uncover staff issues regarding the nature and the size of their tasks. The use of a scenario is highly recommended for simulations.

OrderDownload Table of Contents

DRP BCP Audit Program

Objectives

Why exercise in the first place? The primary objective is to ensure that the plan works when it is needed.  But it is not enough to exercise parts of a plan. Ideally all elements of disaster recovery and business continuity plans should be exercised at least once a year if not quarterly. Each exercise may have different objectives, beside the primary one.

Main exercise objectives include identifying weaknesses and shortcomings, verifying recovery objectives and procedures, validating global efficiency of plans, verifying the adequacy of emergency operations centers (EOCs) and alternate sites, and achieving specific recovery time objectives (RTOs) and recovery point objectives (RPO).

How much should you test?

Tests can be simple or complex. A table-top exercise can establish a plan performance baseline. A specialized test, such as one which focuses on crisis management procedures at an EOC, provides valuable information about specific activities. At a higher level, an integrated exercise can address multiple disaster recovery and business continuity plans or plan components. Finally, an entire plan, with all components, can be exercised. It is far better to err on the side of exercising too much, rather than not enough.

Managing human resources

Tests present human resource issues. Tests are important for validating team member expertise and identifying training opportunities. Conversely, people could refuse to work overnight, weekends or be away from home even a few days. Be sure to discuss and resolve these issues with human resources management.

During disaster recovery and business continuity plan tests, it is good practice to treat team members well, especially when they are away from home or working difficult hours. Be sure to budget for appropriate hotel accommodations and food, while managing costs.

Effective test strategies

The test options will help improve disaster recovery and business continuity plans and train staff. But no matter how often you exercise plans, when reality strikes, your response capability could be much different than in the exercises.

Key strategies for testing include starting simple; raising the bar in terms of difficulty; involving vendors and stakeholders in exercises; making objectives increasingly difficult to achieve; and launching surprise exercises. When launching an exercise program, start with plan reviews and walk-thrus. This will help staff get comfortable with the exercise process. As they improve, increase the level of exercise complexity. Remember that if an exercise fails, it is not a failure; rather, it is a success. It is far better to identify systems and procedures that may fail, and rectify them, before a real incident occurs. Finally, a true test is to launch a surprise incident. This will truly test how well prepared the organization is to address a real incident.

What is a successful test?

The primary reason to exercise is to identify limitations of disaster recovery and business continuity plans. Recognizing that most organizations change frequently, even mature business continuity plans may be inappropriate in a given situation or at a given time. Tests that appear to be successful and uncover no problem should be suspect. Maybe the objectives were too easy or the situation was unrealistic. Exercises present opportunities to fix problems before a disaster happens.

A successful test uncovers and documents problems. Once the problems have been fixed, consider running a follow-up test to ensure the repairs work. Measuring the success of disaster recovery and business continuity tests means having relevant objectives that will help uncover problems. Testing is your chance to push your disaster recovery and business continuity plans increasingly closer to the reality of a disaster.

- more info



Budget cuts impact disaster plans

08/24/2009 

IT staff cuts spurred by the economy are likely to continue throughout the remainder of the year. According to a survey of 300 IT center managers last year, half of all data centers were planning to cut 2009 budgets by an average of 15%. Respondents at 14% of those companies said the cuts would include layoffs of IT staffers.

Disaster Recovery PlanningThe PayPal electronic payment system is one of many Internet-based services that have been hit with outages. And based on news reports, the number of such incidents appears to have been increasing in recent months, analysts said. They cited shutdowns of the Google Apps software hosted by Google Inc., outages at data centers run by Rackspace Hosting Inc. and a distributed denial-of-service attack on Twitter.

Observers pointed to several possible reasons for the apparent uptick in online outages, including IT budget and personnel cutbacks, increasing corporate dependence on hosted applications -- and bad luck. Companies are not doing the maintenance we should be doing, and when you do not do maintenance, they increase the probability of catastrophic failure.

- more info



UK Pandemic system for disaster fails

08/20/2009 

Disaster Business Continuity
The UK Government has rolled out the National Pandemic Flu Service in England today. Scotland, Northern Ireland and Wales have decided to opt out of the service as demands in numbers are significantly less than that of England.

According to the BBC, the UK may have over 100,000 cases of H1N1 infection along with roughly 30 deaths as a result. The US is reported to have 40,000 cases with over 250 deaths. But because the flu pandemic has spread so far and wide, it is difficult to determine whether someone’s death is a direct result from swine flu, or whether the figures and statistics are accurate. There are simply too many cases and not enough resources being spent on data collection; some would say at least governments have their priorities right.

The National Pandemic Flu Service will be primarily a web based service, alongside a call center which will not be operated by health staff or qualified professionals to allow an "ease of burden on the NHS". It will act as a checklist service that algorithmically determines whether your symptoms are severe enough to require Tamiflu, the main anti-viral drug used to combat the illness.

- more info