CSO

Swatting incidents can cause business interruption or embarrassment for executives. For example, swatters can call in a fire, bomb, or other type of incident with impunity which would cause building evacuation. Disgruntled employees, shareholders, or activists might spoof one or more home phone numbers of key executives to call in non-existent heinous crimes in progress at their residences, prompting a response by police--and local news teams.

Today, cybercriminals are using pop-up sites and infecting servers owned by reputable organizations. When we react to these threats, they will find some other way to get to our data and systems. Knee-jerk responses often result in dumping the old-but-reliable. Reacting intelligently to new attack methods means augmenting existing controls or replacing them with new controls which meet both old and new challenges.

It is easy to omit continuity event containment planning when designing a technology-based business solution. Here is an example of how a simple oversight caused a critical process to fail at hundreds of satellite locations.

The only way to mitigate risk associated with business continuity events is to prepare. It's unreasonable to believe events will never happen, that all business processes will continue to operate flawlessly. Planning, training, and continuous improvements to response and recovery efforts comprise the most important difference between a business which successfully moves past an event and one seriously damaged.

In this post of the Business Continuity Event Management (BCEM) series, we continue event response and recovery planning with a transition from incident response to recovery operations.

A strategy built on unachievable assumptions results in incident response and recovery plans with little or no chance of success.

This week, I’m once again delaying the next installment in the business continuity event management series to discuss what I believe is one of the most valuable free solutions for identifying

When a business continuity event (BCE) is detected, the first impulse is to jump and fix it as soon as possible. In many cases, this might work fine. However, the few times the jump-and-fix approach might actually cause more damage should be enough justification to pause first to analyze the event and notify stakeholders. In this post I continue my examination of BCE response by moving from detection to preliminary analysis and containment.

FUD is never a good reason to meet with a vendor, enter into a pilot, or ask for a bigger budget. The informed manager is less easily swayed by tales of impending doom, and makes decisions which support a well-defined strategy.

Building an incident response team (IRT) is a good first step along the path toward effective business continuity event (BCE) management. But the team needs a plan to follow when an event occurs. A documented plan, institutionalized through regular IRT training, enables quick response to service or product delivery failures, mitigating business impact to levels acceptable to management and customers.