As published in the Summer 2016 Issue of the Disaster Recovery Journal – Volume 29, Number 3.
One of the latest threats to organizations is something termed “ransomware”. Commonly defined as a type of malware that blocks access to an application and its data until the victim pays a predetermined amount of money. You may have read about two recent attacks, one targeting the Hollywood Presbyterian Medical Center and the other targeting MedStar. If you haven’t heard about these two attacks, perhaps you can pause for a minute and do a quick Google search to learn more. And, after you do, I have a question for you to consider:
If your organization hasn’t already prepared for this type of threat (ransomware or malware in general), who owns planning for it or preparing contingencies addressing the affected resources?
This article discusses some of the threats and risks that are currently top-of-mind for executive managers and why resilience-related thinking is so important, as well as the different roles that the business continuity professional can perform to add value. Continue reading
Risks to critical business operations due to systems outages have been, and will always be, a concern for most organizations. As a result, IT disaster recovery planning is critical to help reduce the likelihood of a system disruption, or reduce downtime if (when) a disruption does occur. So, if you’re looking for an introduction to IT disaster recovery planning, you’re in the right place!
This perspective presents how IT disaster recovery planning fits into the overall organizational Business Continuity Program; discusses common goals in developing Business Continuity and Disaster Recovery plans; and explores unique activities that must be considered when developing an IT Disaster Recovery Plan. Continue reading
Using the Business Impact Analysis to Understand Relationships Between Resources and the Business
The business impact analysis (BIA) establishes the foundation of an organization’s business continuity program by establishing business continuity requirements. As a result, a significant part of Avalution’s work involves helping organizations design and execute the BIA process. Furthermore, a well-executed BIA can deliver so much more than just a list of recovery time objectives (RTOs) and recovery point objectives (RPOs)! Continue reading
The 2016 Continuity Insights Management Conference is taking place April 18-20, 2016 at Gaylord Opryland Resort & Convention Center in Nashville, TN. We’re looking forward to another wonderful show!
We have a lot planned during CIMC 2016, and we hope you’ll join us:
Please take a look below for more details on each. We look forward to seeing you soon!
Disaster Recovery Journal Spring World 2016 is taking place March 13-16, 2016 at Disney’s Coronado Spring Resort in Orlando, FL. We’re looking forward to another amazing show with numerous educational sessions and awesome people!
We have a lot planned during DRJ Spring World, and we hope you’ll join us:
Please take a look below for more details. We look forward to seeing you soon! Continue reading
This perspective is the third in a three-part series that addresses how to develop the skills necessary for being a successful leader in a crisis, including how a team leader can set the team’s purpose and bring order to the chaos that ensues following the onset of a disruptive event. These two foundational team leader behaviors will help response and recovery team leaders elicit the best possible performance of the team (as well as themselves).
In Part 1 and Part 2 of this series, we addressed the role of the team leader, which is to create a team vision and purpose, as well as the team leader’s responsibility to manage the chaos associated with a disruptive event. In this perspective, Part 3, we review the team leader’s role in ensuring the team remains adaptable in a changing environment and how the team leader can work to pull these key factors together. Continue reading
Team leaders play a critical role in improving business continuity for their organizations but seldom receive the appropriate training to help them understand the differences between day-to-day leadership and crisis leadership following the onset of a disruptive incident.
This perspective is the second in a three-part series that addresses how to develop the skills necessary for being a successful leader in a crisis, including how a team leader can set the team’s purpose and bring order to the chaos that ensues following the onset of a disruption. These two foundational team leader behaviors will help elicit the best possible performance of the team (as well as themselves). Continue reading
How to Perform an Effective Business Continuity Strategy Identification and Selection Effort
Reader Note: This article is a continuation from Avalution’s November 2014 article titled: We just did a BIA and Risk Assessment … Now What? How to Perform an Effective Business Continuity Gap Analysis. If your organization just finished a business impact analysis (BIA) and risk assessment, but has not yet performed a gap analysis, it may be helpful to read about performing an effective gap analysis before continuing on to this article.
Once an organization understands gaps between business continuity requirements (as defined in the business impact and risk assessment) and current capabilities, management can determine which gaps they wish to address through strategy selection – either through risk mitigation or resource-specific recovery methods. Determining methods to decrease the likelihood of a disruptive incident reduces the potential that a risk will materialize, while identifying methods to respond to and recover from a disruptive incident decreases downtime and protects the organizations’ brand and financial position (among other assets). Continue reading
Faults & Fixes: Bad Training
As business continuity professionals, we tend to gravitate to the activities where we think we can deliver the most value. This often takes the form of the business impact analysis, helping management come up with strategies that minimize risk, and documenting these strategies into plans. Ensuring that a business continuity program employs effective training approaches and engages business process owners, unfortunately, often plays “second fiddle” to other activities. One only needs to browse any of the top business continuity and disaster recovery related publications to see this disparity. Searching for “business impact analysis” or “business continuity plan” yields substantially more results than “business continuity training.” Yet without effective training, all that hard work will likely either fail or not perform to desired standards during a real disruptive incident. Continue reading
Early on in the development of a business continuity program, careful, pragmatic scoping can be the difference between quick and appropriate wins and a never-ending planning effort with little capability. Organizations typically build programs due to customer and/or regulatory requirements; however, instead of taking the time to carefully scope and prioritize the business continuity effort (and provide resources accordingly), organizations often take an “all or nothing” approach to planning – plan for every “box on the org chart”, every facility, every application, and every resource. Many organizations do not realize that business continuity can, and often should, initially address an organization’s most critical/time-sensitive products and services, expanding to other parts of the organization overtime. Continue reading