A business continuity plan is a procedure that helps an organization prepare for disrupting events ranging from data system service disruptions and electrical power outages to fire or a full blown hurricane. The involvement of the organization’s chief security officer (CSO) in the process is to oversee the plan, provide support and put the plan into action during an emergency that has the potential to halt an organization’s continuity.
Risks of Business Continuity
When planning for business continuity, it is important to prepare for any conceivable risk that can disrupt operations and effect an organization. The Centers for Disease Control (CDC) director, Doctor Ali Khan, notes, “If you are generally well equipped to deal with a zombie apocalypse you will be prepared for a hurricane, pandemic, earthquake, or terrorist attack” (Centers for Disease Control , 2012). If the government office of the CDC is supposedly prepared for a zombie apocalypse, organizations must look to prepare for anything that can go wrong, from the smallest to the most catastrophic incident. There are many risks that can plague an organization. Four risks that can afflict a school or organization are fire, environmental factors, power outages, and data loss.
Fire as a risk can be devastating to an organization in terms of loss of life and destruction of an organization’s physical assets as well as its intellectual property. Preparation in the form of fire suppression systems is a small investment in contrast to the loss that this type of risk can inflict on an organization and its people.
Environmental factors can deter the continuity of an organization when things such as the cooling system designed to make computer systems operate at peak efficiency ceases to operate. “Temperatures and relative humidity (RH) levels that are too low or high, or that change abruptly, may result in unreliable components or even system failures” (Ciampa, 2009).
The heating, ventilation, and air conditioning (HVAC) systems that regulate heating and cooling are crucial in the control, maintenance and protection of an organization’s data assets.
Power outages can cripple an organization. Maintaining a constant flow of electricity to an organization is as important as guarding against fire. Equipment such as an uninterruptible power supply (UPS) will maintain power to vital systems in the event of a power outage to the external primary electrical power source. A UPS can also communicate with a server to instruct it to shut down properly over extended periods of power loss to prevent data loss.
Data loss prevention is accomplished by the use of redundancy systems. Redundancy systems are built to be excessive in data storage capacity. Duplication of systems is created in standby mode if primary systems fail. Fault tolerance is achieved through the use of a technique known as a redundant array of independent drives (RAID) system. With the use of a RAID, performance and reliability are realized. Duplication of systems is known as hot or warm sites.
A warm site is a complete hardware duplication that only needs the latest data copied to it and is a lot less expensive to maintain than a hot site. Whereas, a hot site is one that is a complete duplicate of an organization’s production system, including its vital data.
Roles of Information Technology (IT) Personnel
The roles of IT personnel are in the areas of development, administration and support of continuity plans. The CSO does his “best to convince management that [business continuity] BC is a cost of doing business” (Paul, 2012). As the CSO builds the business plan for security operations, IT personnel are responsible to develop, plan, and initiate new technology to support the security plan. Depending on the size of the organization, other IT personnel may be responsible for its administration and support of the plan with necessary periodic evaluation to ensure all systems are protected. As systems change, they must be modified and updated making sure that the existing systems run smoothly. Support may also be needed to fix problems as they arrive and to make necessary changes to ensure security is maintained.
An excellent business continuity plan will keep the organization up and running. The plan will protect the organization from destructive interruptions such as power failures, fire, natural disasters, system crashes and in a worst case scenario: zombies!