Continuing on yesterday theme of emergency preparedness, I think that we should have started one step back in time.  As we discussed yesterday, you really need to start your Continuity of Operations (COOP) planning by sitting down with your team and a yellow pad and asking, “What if…” a whole lot.  How exactly do you define an information technology (IT) emergency and what will your pre-planned actions consist of?  As opposed to Continuity of Action (COOP) plans, I call this topic Information Technology Emergency Action Plans (ITAP).

computerVirus

Here is a started list of scenarios that I consider to be an IT emergency.  Yours may be different:

  • A virus attacks
  • A Trojan horse is detected
  • An unauthorized user accesses your system
  • An unauthorized piece of hardware gets connected and accesses services
  • Unexpected data loss
  • Unexplained data infiltration or exodus
  • Unauthorized remote access
  • Lack of qualified operators
  • Lack of qualified technicians
  • Unexpected firewall or intrusion detection settings detected/found
  • Physical loss of critical equipment
  • Lack of physical access to critical hardware
  • Loss of power
  • Loss of secured access to server administration (ex. lost password)

My thought for the day, is that it will be far too late when one of the above occurs to be thinking about what to do about it.  For example,  will you shut down your entire network if a virus is found?  What about if huge chunks of proprietary data is leaving to an unknown location or user?  Do you shutdown if your information assurance team gets snowed in?  When someone hacks into your network through social engineering, do you immediately do a forced password change even if it means that your Chief Executive Officer won’t be able to get to his email on vacation?  If you find that a Blackberry has been lost, do you automatically wipe it remotely?  Do you disable the associated email accounts? 

You not only need to have pre-planned your team’s responses, but have cleared them with management and informed your customers and stakeholders of the potential disruptions.  How do you plan to execute your communications with those same people when your normal means are suspect or not available.  Also, who exactly has permission to take your decided upon actions?  Only the Chief Information Officer. any system administrator, or any technician?  And don’t forget coming up with a succession plan that covers yourself!

As opposed to Continuity of Action (COOP) plans, I call this topic Information Technology Emergency Action Plans (ITAP).

Please share your thoughts on this topic with us.  I am especially interested in how this subject is viewed by small businesses as opposed to huge IT enterprises.  How does it differ between public and private sectors?  Share below.

That is my Information Technology Thought of the Day (ITTOD) for November 18, 2009  by Scott Coughlin.

Be Sociable, Share!

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.