Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Data Breach
  • Creating Your Disaster Recovery Action Plan
  • Critical Vulnerability
  • Data Breach
  • Malware

Creating Your Disaster Recovery Action Plan

4 years ago Tripwire Guest Authors
Creating Your Disaster Recovery Action Plan

Perhaps Disaster Recovery (DR) isn’t one of the hot terms like the Internet of Things (IoT) or Hybrid Cloud, but I would argue that re-examining your DR plan now might be one of the most important IT management initiatives on which you can focus your energy.

Think about it. How much has the world changed in the past two years? Most people used to think about disasters as typical IT incidents such as system failure, ransomware incidents, or power outages. While these are still critical disasters to plan around, the pandemic brought a shift to increased decentralization of technology and people, changing the way we work, the security landscape, and how we define and respond to a disaster. Now our disaster recovery plans need to be broader and more comprehensive than ever before. 

Redefining a Disaster

DR planning often fails when a cookie cutter approach is taken. There are so many resources out there to help people create their DR plans, but oftentimes, these planning tools are not applied in a way that makes sense for the business. In other words, the people creating these plans tend to over-rely on templates and advice without addressing what could actually cause consequences. Before rewriting any policy or buying any new products, take a step back and think about the way you work. What has changed? What are the areas of your business that, if unavailable, would be painful? What might be considered a disaster for you that might be seen as uneventful by the average person and vice versa?

The best DR plans are created by focusing on the biggest business risks and investing the most time, energy, and resources on those first. Of course, you should address disasters such as facility failures, major system outages (both to technology you manage and Cloud/SaaS products you do not directly control), and security incidents. However, you might also consider other things such as major staff illnesses, weather, geographically specific concerns (i.e. hurricanes in Florida or earthquakes in California), legal or compliance violations that could put the operation at risk, as well as bomb threats and other risks of violence or harm. 

It’s impossible to outline and prepare for every possible contingency, but you need to start with the ones that are both plausible and impactful. 

How Comfortable Are You Reacting to a Disaster?

Go back and look at whatever DR plan you have right now and think about the disasters you just defined. Does your current plan really address those concerns?

Before prescribing solutions for planning around these disasters, go back and figure out your risk and recovery tolerance. If a particular disaster occurred, what would be a reasonably desirable outcome for recovery? You want to keep it reasonable because disasters are inherently destructive, so the more seamless and pain-free you want your recovery to be, expect to see that reflected in the amount of investment required to achieve that outcome. For technology recovery, you’ll want to define your Recovery Time (RTO) and Recovery Point (RPO) objectives as well as the budget you have to put towards it. But you can apply this to non-technology recovery, too, like having personnel trained to have backup roles during specific incidents. 

So, going back to the original question, after everything that has happened in the past couple of years, do you still think your DR plan addresses the disasters you could face in the way you hope? Management review, tabletop exercises, and other drills used for testing the effectiveness of your current DR plan will clarify the situation. Chances are that you’ll need to make a change at least in some way. That’s OK. DR plans are always a work in progress.

Implementing an Action Plan to Improve Your Disaster Recovery

Now that you’ve assessed your current DR plans and how effective they are, you should have a good sense of where your plan is lacking. Perhaps the laundry list is a little overwhelming. This can be the case when your organization is growing or changing and you are still early on in the planning process. Rather than focus on the negative, the only solution is to move forward and make improvements.

It is unrealistic to try to address all the shortcomings of your DR plan within, say, a month—especially if the issues with the plan run across different aspects of the organization. Rank your DR plan challenges based on impact and address-ability. Some items may be fixable simply by updating your company policies or processes, which may just require some time put aside or third-party assistance. However, if you must build out alternate recovery sites, solve challenges with new remote connections, or implement other changes to the plan that require more serious effort, you’ll have to set some realistic expectations and plan for the longer term. Your goals should be achievable; however, expecting major projects to run completely smoothly without challenges is setting your team up for failure.

When organizations try to fix shortcomings with a compliance plan, they oftentimes use a “Plan of Action & Milestones” or POAM. Applying a POAM to developing your strategy might be a good approach if your DR Plan requires multi-layered and longer-term changes. Most people just need something to organize their thoughts, hold their teams accountable, and work towards a shared goal.    

DR planning should really be a constant process. First, create a DR plan that suits your current needs. Then re-evaluate the suitability of your DR plan as things inevitably change. Identify the areas where the plan is lacking and come up with reasonable ways to address them (or at least be aware of the issues). There is never a perfect DR plan, so you will always have to make tweaks and improvements. The important thing to remember is that organizations that put care and attention into their DR plan always end up having better outcomes than those who purely react to the disaster they are bound to experience.

About the Author: Ben Schmerler is the Director of Strategic Operations at DP Solutions, a leading managed IT services provider serving the technology needs of businesses throughout the Mid-Atlantic. Ben works with organizations to develop a consistent strategy for cyber security, policy & compliance management, system design, integration planning, and other technology concerns. He has been a guest speaker, panelist, and presenter at several industry events, and he has made several TV and radio news appearances educating viewers about cyber-security best practices.

Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.

The post ” Creating Your Disaster Recovery Action Plan” appeared first on TripWire

Source:TripWire – Tripwire Guest Authors

Tags: Cloud, Critical Severity, Finance, Goverment, Malware, Ransomware, TripWire

Continue Reading

Previous What Are the Benefits of Adopting the Cloud in Industrial Cybersecurity?
Next Critical Security Bugs Uncovered in VoIPmonitor Monitoring Software

More Stories

  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

China-Linked DKnife AitM Framework Targets Routers for Traffic Hijacking, Malware Delivery

4 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

CISA Orders Removal of Unsupported Edge Devices to Reduce Federal Network Risk

5 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Asian State-Backed Group TGR-STA-1030 Breaches 70 Government, Infrastructure Entities

7 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach

How Samsung Knox Helps Stop Your Network Security Breach

9 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware

10 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Data Breach
  • Vulnerabilities

Claude Opus 4.6 Finds 500+ High-Severity Flaws Across Major Open-Source Libraries

13 hours ago [email protected] (The Hacker News)

Recent Posts

  • China-Linked DKnife AitM Framework Targets Routers for Traffic Hijacking, Malware Delivery
  • CISA Orders Removal of Unsupported Edge Devices to Reduce Federal Network Risk
  • Asian State-Backed Group TGR-STA-1030 Breaches 70 Government, Infrastructure Entities
  • How Samsung Knox Helps Stop Your Network Security Breach
  • Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT