May 27, 2007
The 3 P's of Disaster Recovery
If you are a regular reader of my blog, you know every so often I come out with general rules that can help you in your daily IT life. A few examples include:
Today during my presentation I talked about "The 3 P's of Disaster Recovery". In ORDER, they are:
Of course this is an over-simplified view of things. But if you remember to follow the 3 P's.... you are on the right track to getting your business back up and running after disaster.
Disaster Recovery - Creating Asset Catalogs
So I have spent the memorial weekend down here in New Orleans attending the IT Pro Disaster Recovery Conference. When I was on stage talking about asset catalogs, and the extrodinary value it is for a small business, some people were asking for the best practices "checklist". They wanted guidance on what that would look like. Normally I would never quote an ISO standard for small business, as they typically don't gel well. But I am going to do so here.
Within ISO 17799, all businesses should strive to maintain appropriate protection of their assets. This is accomplished by ensuring all information assets are accounted for, and that there is an owner accountable for them. Along side of a documented business workflow, they need to be classified, labeled and properly protected.
Making up an Asset Catalog, in regards to information systems atleast, would include :
Once you know WHAT belongs in the asset catalog, now you need to determine WHO is responsible for each item. When documenting this, its good to associate the items to a job title and their positions opposed to individual people. This way, whomever is in that role can understand their responsibilities and asset ownership. As an example, as we discussed total devistation from a fire, the "accounts payable" role would ensure "cheque book" was an asset required in his or her role. Ensuring you can pay for new items needed during recovery is kind of important... and knowing WHO has access to cheques is critical. (May not be the perfect example, but you get the idea)
So for those of you that asked for guidance.... check out ISO 17799. Seem too overwhealming? Hire an information security professional who enjoys DR. That's what we are here for. You are a consultant yourself? Don't feel ashamed to ask for help. an infosec pro is there to help.
May 15, 2007
Where information security meets IT operations... disaster planning for risk and crisis recovery
So next week I will be down in New Orleans sitting on a few leadership panels at the "Small Business IT Disaster Planning for Risk and Crisis Recovery" conference. I think it is a fitting location for such a conference, especially with the results of Katrina a few years back.
Some of the sessions are going to be very interesting. From virtualization and backups to access control, there is quite a bit to learn from when it comes to mitigating risk in the face of disaster. There is something for everyone, and is an event you shouldn't miss.
The format is quite interesting as well. This isn't about slidedecks and single people speaking TO the audience. It's about a leadership panel that communicate WITH the audience to answer questions and explore issues facing our organizations today.
If you are going to be going down, let me know. Maybe we can hook up during the conference, or go check out the jazz scene in the evening. Bring your own beads. :)