Basics
Business Continuity and Disaster Recovery Planning: The Basics
Good business continuity plans will keep your company up and running through interruptions of any kind: power failures, IT system crashes, natural disasters, supply chain problems and more.
Some of this sounds like overkill for my company. Isn't it a bit much?
The elaborate machinations that USAA went through in developing and testing its contingency plans might strike the average CSO (or CEO, anyway) as being over the top. And for some businesses, that's absolutely true. After all, HazMat training and an evacuation plan for 20,000 employees is not a necessity for every company.
Like many security issues, continuity planning comes down to basic risk management: How much risk can your company tolerate, and how much is it willing to spend to mitigate various risks?
In planning for the unexpected, companies have to weigh the risk versus the cost of creating such a contingency plan. That's a trade-off that Pete Hugdahl, USAA's assistant vice president of security, frequently confronts. "It gets really difficult when the cost factor comes into play," he said. "Are we going to spend $100,000 to fence in the property? How do we know if it's worth it?"
And—make no mistake—there is no absolute answer. Whether you spend the money or accept the risk is an executive decision, and it should be an informed decision. Half-hearted disaster recovery planning (in light of the 2005 hurricane season, 9/11, the Northeast blackout of 2003, and so on) is a failure to perform due diligence.
This document was compiled from articles published in CSOand CIO magazines. Contributing writers include Scott Berinato, Kathleen Carr, Daintry Duffy, Michael Goldberg, and Sarah Scalet.
Last updated 4/30/2008
Further Reading
More in-depth case studies in disaster recovery and business continuity planning:
A Pandemic PlannerAdvice for businesses from security and continuity advisory services.
Podcast: Anticipating Avian Flu
Write People into the Plot
Business continuity plans only work if they take employee needs into account.
Interview: The Optimistic Pessimist
Mike Hager escaped from the World Trade Center and got OppenheimerFunds up and running again in less than five hours. Now he faces another challenge: keeping America interested in business continuity planning.
Lessons from a Disaster
Short and sweet, 10 things one practitioner learned after downtime caused by Nimda.
Disaster Recovery: Practice Makes Perfect (from CSO Magazine)
As one of the nation's largest insurance companies, USAA is in the business of managing risk. So it makes sense that-when faced with a disaster-the company knows how to respond.
CareGroup: All Systems Down (from CIO)
Lessons learned from a major information systems outage.
Wall Street: Staying Power (from CIO)
In the weeks and months after 9/11, three CIOs working next door to the World Trade Center found they had to be strong leaders to get their companies back online. Now back in the city, they don't make business continuity plans. They live them.
Data Center Directions Virtual Conference
Attend this free, 100% online event exploring tools and techniques for making your data center deliver for today and tomorrow.
The Surest Path to Effective and Efficient Compliance
In this webcast, we explore why and how — with best practices, practical tips and solutions that work — to ease your compliance challenge.
- The Surest Path to Effective and Efficient Compliance
- Make Compliance Regulations an Ally Not an Enemy
- Protecting Sensitive and Confidential Information with Endpoint Security
- Endpoint Security: Compliance at the Endpoint
- Revolutionizing Endpoint Security with a Single Agent
- Data Protection: Challenges for the Traveling User
- File Integrity Monitoring: Secure Your Virtual and Physical IT Environments
- IT Service Management: Metrics That Matter
- Optimizing Infrastructure Control
- Bridge Two Worlds. Unify Your Enterprise Applications & SaaS.
- Unlock the Power of Device ID to Combat Online Fraud and Abuse
- Network Security Services: Outsourcing considerations for maximizing network protection
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Executive Seminar on Application Security
-
January 29, 2009New York, New YorkRegister now »
-
February 25, 2009San Francisco, CaliforniaRegister now »
(ISC)2 members can earn up to 6 CPE Credits
Reference priority code ONLINE and attend this program as our guest — that's a $295 savings!
