Search | Directories | Reference Tools
Business Continuity Management Business Continuity Management
UW Home > UWIN > Emergency Management > Business Continuity Management >  


  

Effective 03/17/08, UWEM no longer provides support to the CERT and Business Continuity Management programs. All materials provided on this website are provided as reference only.

Data Protection

Traditionally, data protection has been at the core of business continuity. IT managers would find themselves in charge of disaster recovery, business resumption, business continuity and similar duties tasked with preserving the company's business services.

More and more, business continuity experts are seeing data protection not as the core of a continuity program, but as one aspect of several necessary efforts working together as part of a greater whole. Still, all continuity experts agree that some form of data protection is vital in our information-dependent economy.


Data protection can be summarized into the following areas:

Prevention- Those steps taken to prevent the initial loss of the data. This includes physical security, anti-virus protection (keep it current with updates!), superior employee security practices and cyber security methods such as firewalls, encryption and the like.

Mitigation- Those steps taken to limit the impact of an event on the data. This includes such steps as having a data back-up program and off-site storage of data. It may also include fire-suppression systems in a server room as well as seismically isolated server racks to limit the effect of an earthquake. ALWAYS remember to check your preparedness by testing your back-up program. Don't assume that your data has been properly backed-up. You should consider doing a restore-test of your data at least annually; if not more frequently (many companies perform quarterly or even monthly tests). There are volumes of anecdotal stories of businesses who failed because they did not verify their data back-up systems were functioning properly.

Response- Those steps that are taken to actively protect data in the middle of a disaster or other threat to the data. This may involve a person or team that is dedicated to IT security. Intrusions detection programs that automatically sever Internet connectivity to protect a system is also an example of response. Uses of alternative computing environments such as hot-sites are also part of response planning.

Recovery- Those steps taken to restore data and the business processes that data serves to a pre-event state. This may mean transitioning from an alternative computing environment to the primary one. All recovery activities should be done in an orderly manner to minimize confusion and reduce or eliminate any work-stoppage the recovery process may require.

Experts in business continuity strongly encourage small business owners to invest in contracting the services of a skilled IT security consultant. Having the right kind of IT protection and system architecture can save a lot of money in the long run. The "ounce of prevention, pound of cure" clich‚ is a truism in the data protection arena. If you already have a secured network in place, consider contracting for a security audit to show where any weaknesses in your data protection may exist.

When looking for an IT security consultant, do your homework. Ask for references; look for professional accreditation and certification in IT security. Some of the more common professional IT security certifications are below, but the list is by no means comprehensive:

  • CISSP - Certified Information System Security Professional
  • SSCP - Systems Security Certified Practitioner
  • CIW - Security Professional
  • GSE - GIAC Security Engineer
  • RSA/CSE - RSA Certified Systems Engineer
  • RSA/CA - RSA Certified Administrator
  • CCSA - Check Point Certified Security Administrator
  • CCSE - Check Point Certified Security Engineer
  • Cisco Firewall Specialist
  • Cisco VPN Specialist
  • Cisco IDS Specialist
  • CCSP - Cisco Certified Security Professional

If you are pursuing a do-it-yourself approach to IT security, it would be wise to stay informed of current security threats. One way to do this is through the CERT (Computer Emergency Response Team) Coordination center at Carnegie Mellon University (http://www.cert.org/). There you can find the most current information regarding a variety of IT security issues for all of the major computing platforms.

 

    
UWEM Business Continuity Management News
 

Business Continuity Piliot Project Nearing Completion - Participating departments in the UW Business Continuity Management Pilot Project are conducting their final table top exercises to test some of thier core planning. The exercises introduce an earthquake scenario with a variety of disruptions and then leads the groups through a facilitated discussion. After the exercise, we lead the group through a "Hot-Wash" to learn what worked, what needs improvement and how we can apply the lessons learned to the planning model. The University of Washington has identified Business Continuity Management as one of the top priorities for University preparedness and All-Hazards planning.

 

NEW Business Continuity Managment Web Site - The New Look and Feel of BCM


 

UWEM Business Continuity Management Events

<< Print This Page