disaster planning

Disaster plans must vary

Thu, 01 May 2008 06:59:58 -0400

IT executives often focus on data center replication, building design and backups when doing disaster planning. Yet experts say that recovery plans should be customized for whichever type of major disaster is most likely to occur in any given area. Ken Brill, founder and executive director of The Uptime Institute in Santa Fe, New Mexico, believes that regional considerations such as city location, proximity to the ocean, whether the data center will be near a flood plain and even variables such as whether the data center is near an exterior wall, should all be considered carefully, not on broad computing guidelines.

For more on how to craft a disaster plan:
- Check out this CIO Magazine article

ALSO NOTED: CIOs taking precautions; Building an incident response plan;

Wed, 16 May 2007 20:01:38 -0400

> Some CIOs taking budgeting precautions for possible downturn. Blog

> Five tips for building an incident response plan. Article

> Report: Almost one-third of all software is illegal. Article

> The Gen Y security threat. Article

> Project managers' priorities conflict with business. Article

And Finally… Are you misusing the CIO title? Blog

Picking up the pieces after a data breach

Mon, 07 May 2007 20:01:38 -0400

The way that you follow up in the immediate aftermath of a crisis can affect not only how the event is perceived, but also how successfully you'll avoid trouble in the future. As CIO, you can't leave crisis management to other executives; you need to both lead the IT work and play a key role in the business's efforts to cope with the aftermath. First, put your existing incident response plan into action. Hopefully, that plan lays out your business responses, your key contacts, and your public and regulatory obligations. Reach out quickly to the non-technical people who can help you, including human resources staffers, public relations people and legal staffers. You also might need the CFO to authorize emergency spending, accountants to track spending for insurance claims, or operations people to work overtime to make adjustments as IT gets everything back up and running. Once you identify the problem, dig deeper through a root-cause analysis. Look around at the environment and ask what other scenarios or situations could happen. Also, examine why the crisis wasn't averted in the first place by your early-warning processes and systems. And communicate with all stakeholders, connect with affected colleagues, support your overworked staff, push through the changes that will prevent a repeat incident, and hold a postmortem.

Learn more about recovering from a crisis:
- read the article at ComputerWorld

ALSO:
- read this on how honesty and openness can limit data breach damage
- and this on recovering from a cyber-attack

Recovering from a cyber attack

Thu, 19 Apr 2007 20:01:38 -0400

Even though it might have been devastating to your systems, employee morale and customer confidence, if your company is hit by a cyber attack, how you approach your recovery can make all of the difference. First, don't panic. Instead, focus your energy on taking back control of your network and protecting the business from loss. This is important because rash, random decisions could be irreversible, and could actually help the attacker. Secondly, seek guidance from legal counsel, business managers, human resources, public relations and the IT department. Third, make an investigative plan that includes points of contact, identification of the assets you most want to protect, business goals, and the detailed technical steps you plan to use to reclaim your compromised network. Your response plan should be provide guidance and structure around your actual response to minimize mistakes and costly downtime. This involves investigating the incidence, making a remediation plan, remediating the incident, and following up on the remediation plan to make sure it was implemented properly. And keep your goal right in front of you. Don't continue to spin your wheels on investigative steps, such as trying to identify the attacker, if it does not further your primary goals. Afterwards, fine-tune your response policy for future incidences.

Read more about recovering from a cyber attack:
- read the article at Optimize

Survey: Disaster Recovery Plans put on backburner

Tue, 03 Apr 2007 20:01:38 -0400

Perhaps it's spring fever, but CIOs are not taking the time necessary to put business continuity plans in place. Hewlett-Packard recently polled 564 IT decision makers at large and mid-sized companies on their business continuity plans. Surprisingly, some 55 percent said their companies couldn't agree on a technology solution, while 49 percent said that they just didn't have enough time in the day. With a record number of hurricanes predicted for the eastern shore this year, CIOs would be smart to start their planning early.

For more on Disaster planning:
- see this article at CIO

IT expertise hard to come by in New Orleans

Wed, 30 Aug 2006 20:01:38 -0400

With the advent of the one-year anniversary of hurricane Katrina, it's clear that New Orleans's technology industry is still reeling from the disaster's impact. As one solutions provider relates, finding and retaining good IT people has been a constant battle though his business, which handles disaster planning solutions, has spiked tremendously in the wake of the natural disaster.

For more on forging ahead with business in New Orleans:
- read this story at CRN

PLUS: How companies are forging ahead in disaster recovery planning. Article

NJ budget crisis puts IT into disaster reaction mode

Thu, 06 Jul 2006 20:01:38 -0400

When the budget impasse forced New Jersey to shut down its government this past week, the state's tech unit, which numbered nearly a 1,000 staffers, kept running on the shoulders of just under a 100 workers that the CIO was allowed to keep in place during the crisis. As New Jersey's CTO Adel Ebeid relates, the emergency situation forced IT to turn to contingency and disaster planning with the first step identifying what needed to keep running and what tech aspects his department could turn off. Describing IT as the "umbilical cord for government operations," Ebeid says that while the budget crisis proved challenging, he's looking forward to reviewing what needs to be improved to be even better prepared next time something so unexpected takes place.

For more on NJ's IT situation:
- take a look at this article at Computerworld