This document discusses building critical infrastructure for business recovery during a pandemic. It outlines key components of a business continuity plan, including staffing and skill issues, communication and technology issues. It also discusses supporting technologies that can help, such as VOIP services, web applications, and remote connectivity options. Finally, it provides considerations for implementing technologies, such as performing a needs analysis and security impact assessment.
2. Not a physical disaster
• An Influenza Pandemic impacts our people
• Proprietary knowledge is at high risk
• Our businesses are reliant on relationships
• Supporting vendors, industry & governments also
impacted
3. Recovery vs Continuity
Disaster Recovery
• Restart operations after
a disaster (Specifically IT)
Business Continuity
• Resume partially or completely
interrupted critical functions
4. “Business Recovery”
• An effective response plan considers
• A simplified combination of DRP & BCP elements
• Leveraging of communications
• Enhancement of technical infrastructure
• Mitigating loss of access to knowledge and skill
sets is critical to on-going success of business
5. Building Critical Infrastructure
• Mitigating loss of access to knowledge and skill sets is
critical to on-going success of business
• We need to build and enhance technology solutions to
maintain access to this knowledge
• Discuss issues that can be mitigated through technology
• Highlight technologies available
• Detail areas of review to ensure effective implementation
7. Pandemic Issues in our business
• Staffing & Skill Issues
• Exposure to infection
• Propagation of infection
• Availability of required skill sets
• Increased security risks
8. Pandemic Issues in our business
• Communication & Technology Issues
• Changes & Loss of Client contact
• Loss & Reduced availability of vendor technology
• Internal Technology changes increase risk
• Availability of required skill sets
• Business Continuity Support
• Central Communications Support
9. Pandemic Issues in our business
• Weak BCP plans assume:
• Access to key personnel
• Proprietary business knowledge
• Specialized technology knowledge
• Access to key technology
• Internet Availability
• Connectivity
• Applications
• Vendor Support
11. Key Components of the BCP
• Staffing & Skill Issues
• Exposure to infection
• Propagation of infection
• Availability of required skill sets
• Increased security risks
12. Staffing & Skill Issues
• Exposure to infection
• Employees exposed to through:
• Travel to infected clients & sites
• Usage of shared company vehicles
• Usage of Public transport
• Impacts employees such as:
• Sales people
• On-site support
• Executives
14. Staffing & Skill Issues
• Propagation of infection
• Employees can spread infection
• Potential external exposures are high
• Symptoms may not arise immediately
• Contamination of workplace has strong
impact
• Impacts employees such as:
• Critical Internal Support
• Technology Staff
• Management
15. Staffing & Skill Issues
• Mitigation - Propagation of infection
• Separate critical staff
• Create Work area quarantines
• Restrict employee travel where possible
• “Clean Team”
• Enabling Technologies
• Remote access to workplace
• Wireless access work areas
• Point-to-Point Video Walls
16. Staffing & Skill Issues
• Availability of required skill sets
• Key skill sets may be unavailable Management
• Care for others
• Illness
• Prior commitments to other clients
• Unwillingness to assist during pandemic
• Impacts business operations:
$
$
• Key functions halted
Information Systems Manufacturing Purchasing
• Undocumented process fails
• Unique relationships breakdown
Customer Service Mail Room
17. Staffing & Skill Issues
• Mitigation - Availability of required skill sets
• Training of additional support Management
• Documentation of current environment
• Prioritization of critical systems
• Increase review & training of required
technologies
• Contract or acquire additional staff support
$
$
• Enabling Technology
Information Systems Manufacturing Purchasing
• On-line training materials
• Network Mapping tools
Customer Service Mail Room
18. Staffing & Skill Issues
• Increased security risks
• Reduced availability of Police service
• Delayed response to after-hours break-in
• Delay for on-site incidents
• Potential Emergency service delays
• Delayed response to non-life threatening
situations
• Fire Fighting Services may be reduced
• Specialty response units may be
unavailable
19. Staffing & Skill Issues
• Mitigation - Increased security risks
• Monitor your workplace
• Physical security
• Personal security
• Environment health
• Enabling Technology
• Install Digital Video Recording solutions
• Enhance Alarm monitoring solutions
20. Key Components of the BCP
• Communication & Technology Issues
• Changes & Loss of Client contact
• Status & Availability of Staff
• Loss & Reduced availability of vendor technology
• Internal Technology changes increase risk
21. Communication & Technology Issues
• Changes & Loss of Client contact
• Client availability may change
• Personal issues
• Hours of operation / Staggered starts
• Change in staffing levels / Responsibilities
• Suspension or discontinuation of business
• Impacts business by:
• Loss of sales
Management
• Poor delivery of goods & services
• Poor customer service Marketing
• Loss of client relationships
$
$
22. Communication & Technology Issues
• Mitigation - Changes & Loss of
Client contact
• Enhance client communications
• Actively probe changes in client PBX
contact Phone System
VOIP
Phone System
• Enabling Technologies
• Maintain longer hours of availability
• Establish web enabled client contact
• Implement PBX / VOIP phone
solutions
Customer Service
• Implement toll-free line(s)
23. Communication & Technology Issues
• Status & Availability of Staff
• Internal staff availability will change
• Staggered starts
• Requirements to care for others
• Unforeseen personal delays
• Absenteeism due to fear / uncertainty
• Impacts business by:
• Reducing productivity
• Delaying internal decision making
• Preventing innovations
24. Communication & Technology Issues
• Mitigation - Status & Availability of Staff
• Create accountability for employee
status
• Employees update status regularly
• Use accepted company methods
• Create maintainable skills inventory
• Enabling Technology
• Implement central “SharePoint” for
staff
25. Communication & Technology Issues
• Lost availability of vendor technology
• Changes in services will occur
• Vendor staff levels and support may lower
• Availability of provided services may lower
(Supplies, Internet / Tech or BCP)
• Vendor may suspend or stop business Management
• Impacts business by: Marketing
• Slowing or stopping Supply Chain
$
$
• Potentially lowers output quality
• Causes internal delays
26. Communication & Technology Issues
• Mitigation – Lost availability
of vendor technology
• Review current SLAs
• Implement redundant
services where possible
• Create “worst-case scenario”
technology plans
Vendor Vendor
• Enabling Technology
• Implement backup point-to-
point wireless
• Create “sneakernet”
solutions where possible
27. Communication & Technology Issues
• Internal Technology changes Database
increase risk
• “On-the-fly” changes may
Financial
cause harm
• New staff may create unknown
security risks
• Maintenance of current environment
Applications
may reduce
• Potentially Impacts Business: VOIP
Phone System
• Confidentiality PBX
Phone System
• Availability
• Integrity
28. Communication & Technology Issues
• Mitigation - Internal Technology Database
changes increase risk
Financial
• Review the following
• Systems & Facility Access Policy
• Audit procedures
• System Maintenance Polices Applications
• Enabling Technology VOIP
Phone System
• Implement maintainable security PBX
Phone System
policies
• Increase environment logging &
monitoring
29. Key Components of the BCP
• Business Continuity Support
• Central Communications Support
• “Virtual War Room”
• Combination of all technologies
• Requires additional security measures
31. Supporting Technologies
• Supporting technologies available
• Communication
• Web Applications
• Extended Access (Network & Desktop)
• Network Enhancements
• Physical Security
• Policy & Training
32. Supporting Technologies
• VOIP Services
• Phone Service
• Video Conferencing
• Pros
• Use almost anywhere with internet
• Flexibility in installation
(Phone or Computer)
• Cons
• Needs power & internet
• Hardware / software to maintain
42. Technology Considerations
• Before implementing any technology…
• Perform needs analysis
• Load & capability analysis
• Security impact analysis
• Conduct pilot rollout
43. Technology Considerations
• After implementing a technology…
• Complete security validation
• Create awareness of installed technologies
• Document Service Level Agreements (SLAs)
44. “Business Recovery”
• Mitigating loss of access
to knowledge and skill sets
is critical to on-going success of business
• Good plans will:
• Facilitate & maintain access to key personnel
• Proprietary business knowledge
• Specialized technology knowledge
• Facilitate & Maintain access to key technology
• Internet Availability
• Connectivity
• Applications
• Vendor Support
45. “Business Recovery”
• An effective plan considers
• A simplified combination of DRP & BCP elements
• Leveraging of communications
• Enhancement of technical infrastructure
46. Thank You
Michael Legary,
CSA, CISSP, CISM, CISA, CCSA, CPP,
GCIH, PCI-QSA
Founder, Chief Innovation Officer
Seccuris Inc.
Direct: 204-255-4490
Main: 204-255-4136
Fax: 204-942-6705