Bringing Our Expertise to Your Business
System Infrastructure Innovators
(914) 723-6253
info@si-innovators.com
Data Loss Prevention and Cybersecurity Assessment Service
Data Loss Prevention and Cybersecurity Assessment Service
But First! A Brief Overview of Business Resilience
Introduction
For many years the terms Disaster Recovery and Business Continuity have been interchanged with each other or have simply been confused as to what each really meant. Recently, the overarching term Business Resilience has been used to successfully address the entire scope operational readiness, availability, cybersecurity, incident recovery, and business continuity in response to being prepared to respond to business interruptions or Incidents. A business interruption or Incident can be defined as any unusual circumstance which interrupts the ability of your clients or staff to get access the tools, applications, and information, systems that support your business operations.
To provide sharper focus and preparedness in this area, we have divided up the process of addressing Business Resilience into three separate areas:
- Data Loss Prevention and Cybersecurity Risk Assessment
– The assessment reviews the processes and procedures that are employed to successfully backup and protect the business-critical data/information in your enterprise. It provides focus for the organization to understand their most critical systems and data, current baseline controls and gaps, and data categories. It also draws upon the business impact analysis to determine the impacts to the business of a cyber incident or other catastrophic business interruption. The assessment provides a basis for itemizing, quantifying, and ranking security risks based on their potential impact to the organization. The assessment also includes the review of the enforcement of policies such as change management that require creating or modifying backup groups as applications go into production. It also reviews the decommissioning process of backup groups as applications are sunset.
- Incident Recovery
– The assessment reviews the processes and procedures that are employed to restore the enterprise to normal day-to-day operations after an interruption of service due to a defined (or in some cases undefined) Incident. It is important to note that in some cases if fail over to a recovery site is warranted, there may be an opportunity to fail back to the primary site. The assessment will review contingencies that should have been made for a fail back option.
- Business Continuity
– The assessment reviews the processes and procedures that pertain to the continuation of your business operations when your staff cannot work at their normal place of business or the applications they use are not available. This is setting Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs). Here is the basic question: If your office building lost power at 5am and was going to be closed for the day:
- How would you notify your staff?
- Where would they go to do their work?
- Would they have the tools/resources necessary to accomplish their work?
- What work could they accomplish from their alternate location?
- How effective could they be and for how long?
- And most important, would your staff know what to do?
Of course it would also complicate the matter if your server room or data center was also in the same building.
By separating out these three areas of Business Resilience, it also becomes apparent that the skills, and in many cases, the tools employed to perform the various tasks in each of these areas are different. Hence, we believe that assessing them and addressing them separately provides an excellent way to bring a sharper, and in many cases, a unique focus to each area.
Overview of Data Loss Prevention and Cybersecurity Risk Assessment
We feel it is so important to better understand how this assessment fits to an overall Business Resilience plan. This assessment covers the first of the three areas, Data Loss Prevention and Cybersecurity. The scope actually gets a bit broad, because before you backup and protect your data, you need to know what data you have, how important it is to your organization, how often it is updated, how much you might be willing to lose if an Incident occurs, and how quickly you need to have the application and data back after an Incident occurs.
The assessment is performed by using a detailed interview preparation document that will guide you and your team to gather information about your environment and your preparedness for an Incident. Don’t be daunted by the list below.
Here is an interesting point – If you and your team have difficulty gathering this information, your company is probably at a greater risk than you know. Some of the information you will be asked to gather will be:
- Current State of your inventory
- Quantity of kinds of hardware, Physical Servers, SANs, File Servers, etc.
- Quantity of virtual devices
- Operating environments
- Applications
- Data Bases
- Cloud usage
- Regulatory Requirements
- Business Impact Analysis
- Operational and Incident Recovery Backup Procedures
- Cybersecurity Risk Assessment
- Corporate Records Management and Regulatory Records Management Retention
- Governance
If your business is interrupted by a cyber-attack, severe weather, an electrical outage, or any other kind of situation where your applications and data are no longer accessible by your clients or staff, it would be good to know that your business has done the proper planning and has taken the proper actions to minimize that impact and is able to restore normal service levels as soon as possible. Conducting a Data Loss Prevention and Cybersecurity Assessment is a good start to protecting your business from a crippling incident.
Contact us
to discuss how we can help with this very important assessment of your information technology assets and your readiness to respond to a business interruption.