SlideShare a Scribd company logo

Asset security and disaster recovery planning

ARC Advisory Group
ARC Advisory Group
1 of 4
Download to read offline
$VVHW 6HFXULW DQG 'LVDVWHU 5HFRYHU 3ODQQLQJ %< + /(52 ' 6/$16. 6(37(0%(5 $5 ,16,*+76 ( .(:25'6 PAP, CHAP, DRP, UPS, TEAM, Security, Disaster, Recovery, Hacker, Terrorist 6800$5 The terrorist attack on America has changed the world, heightening the need for in- creased security and disaster recovery planning. Better security saves lives and prevents damage to assets and operations. Disaster recovery planning is a systematic approach for returning to normal business operations quickly. A few simple procedures and pre- cautions can maintain a safe and profitable business. $1$/6,6 Every business requires some level of security ranging from simple protection of impor- tant information to more complex solutions for potentially dangerous assets. Step one is a better understanding of the possible threats. Currently, terrorism tops the list of im- mediate threats. Government and large installations, volatile manufacturing facilities, utilities, food processing, or any business where many lives can be endangered through terrorist acts must be on high alert. Close proximity to a high profile target significantly increases 6HFXULW 3ODQQLQJ an otherwise low security risk. Fortunately, terrorism is the • 8QGHUVWDQG VHFXULW LVVXHV least likely security threat for most businesses, although it • 3HUIRUP VHFXULW ULVN DQDOVLV must remain as a high priority for security planning and disas- • 'HWHUPLQH OHYHO RI SURWHFWLRQ QHHGHG ter recovery. More common security threats, such as hacker • ,QVWDOO SURSHU SUHYHQWLRQ DQG GHWHFWLRQ attacks on valuable information or insider sabotage (inten- • 'HYHORS FRPSUHKHQVLYH UHFRYHU SODQ tional or unintentional) can disrupt and damage your • )UHTXHQWO UHYLHZ DQG XSGDWH VWUDWHJ business. An appropriate disaster recovery plan (DRP) should exist for all threats, including software and hardware failures. %DVLF 6HFXULW 0RGHO The basic security model focuses on protection, detection, and recovery. Protecting against and detecting threats is the preferred solution. Recovery from disasters can be long, painful, and costly. The ARC basic security model covers five major areas includ- ing physical, viral, access, backup, and environmental security. @IU@SQSDT@Ã6I9ÃH6IVA68UVSDIBÃTUS6U@BD@TÃAPSÃDI9VTUS`Ã@Y@8VUDW@TÃ
6S8ÃD†vtu‡†ÃQhtrÃ!à Physical security normally means locks or constraints that prevent unauthorized access. Alarms usually signal a breach of security. Physical security is complemented by envi- ronmental security that includes detection and alarming for smoke, fire, loss of power, or other life threatening conditions. Alarms may or may not signal unauthorized access. Both physical and environmental security must be monitored closely. Fire, accident pre- vention, and response information 6HFXULW should be readily available as part of 0RGHO 3KVLFDO 9LUDO $FFHVV %DFNXS (QYLURQPHQWDO normal safety procedures. An Unin- 3URWHFWLRQ ORFNV VKLHOG SDVVZRUGV GDLO 836 terrupted Power Supply (UPS) can 'HWHFWLRQ DODUPV VFDQ WUDFH VFKHGXOHG VKXWGRZQ easily manage the loss of power and 5HFRYHU VSDUHV FOHDQ FKDQJH UHVWRUH UHVWDUW permit an orderly shutdown or automatic backup of computer files. ,QIRUPDWLRQ 6HFXULW The World Trade Center attack crippled the U.S. financial community for days. The im- pact on the world economy was limited, thanks to strong information security practices by the financial community. Routine offsite information backups permitted the recovery of most important financial data within days. Manufacturers should use many of these same information security techniques. Information on financials, client records, order entry, supply chain, production data, and other dynamic data must be backed up regu- larly and stored offsite. Never assume that your information is secure until you have verified it. The best security procedures can overlook backups, viral scans, or access pro- tection. Daily backups offer the greatest protection and should be automatically scheduled. Daily incremental or partial backups with periodic full backups are acceptable when a large amount of business data prevents full daily backups. But this approach does make the recovery process more complicated. Every company should annually test their data restore procedures. The inability to restore existing backup data is not uncommon and can easily be avoided by occasional audits and validation of procedures. Other common threats are viral attacks and unauthorized access to user accounts. Improving password protection procedures and implementing strong trace algorithms can help avoid such breaches of security. Frequent password changes, a password authentication protocol (PAP), and a challenge handshake authentication protocol (CHAP) improve access security. All businesses also should implement software shields and virus scans, which are simple to install and easy to use. Again, prevention costs far less than the recovery from a hacker or virus attack. ‹Ã! ÇÃ6S8Ã6q‰v†‚…’ÃB…‚ˆƒÃ‡ÃÃ6yyvrqÃ9…v‰rÇÃ9rquh€ÃH6Ã!!%ÃVT6ÇÃ' # ÇÃ6S8rip‚€Ã VT6ÇÃVFÇÃBr…€h’ÇÃEhƒhÃ‡ÃDqvhÃ
6S8ÃD†vtu‡†ÃQhtrÃà RVW %HQHILW DQG 5LVN $QDOVLV Knowing your risk of various threats will help avoid unnecessary costs. A realistic as- sessment of your business, facilities, employees, information, and other assets determines your level of exposure and the appropriate security measures. If your type of business or location is subject to a natural or manmade disaster, then increased physi- cal, backup, and environmental security are appropri- 10 ate. If your production and business systems are 9 8 integrated, then additional infrastructure and net- 7 work security is required. If business information is Investment 6 5 accessed from remote or multiple company sites, then Cost 4 Expected Loss access, viral, and backup security should be en- 3 2 hanced. Implementing unneeded security is 1 expensive and wasteful. The security investment 0 1 2 3 4 5 6 7 8 9 10 11 12 should be based on the level of protection required to Level of Protection cover any potential losses. 'LVDVWHU 5HFRYHU 3ODQ Many companies go out of business after a major disaster. A good DRP is essential and must focus on minimizing downtime and lost productivity. It should identify and en- able the most cost-effective recovery, insure continuity of operations, and maintain customer satisfaction. There must also be a strong disaster recovery team with well- defined responsibilities and expectations. Both primary and alternate team members should meet regularly to develop, review, and update the DRP, since planning will play a critical role in these meetings. Because Total Enterprise Asset Management (TEAM) includes asset security for infrastructure, production, and operations, many TEAM par- ticipants should qualify as good DRP candidates. Developing a DRP starts with a model of your business to help identify critical opera- tions. The profit and loss centers should be identified, and important information flows should be mapped. Automation of important business processes such as production, financials, sales, and service will speed recovery. So will implementing fully redundant or fault tolerant environments such as disk mirroring and backup wireless communica- tions. Automation with redundancy implies consistent and repeatable processes with an existing database of recent information. A major DRP component is a recovery informational database that will support the re- covery process. Such a database should include information on employees, customers, suppliers, asset listings, and equipment specifications. Most importantly, it should con- tain all of the data needed to re-create the manufacturing process, such as process plans, ‹Ã! ÇÃ6S8Ã6q‰v†‚…’ÃB…‚ˆƒÃ‡ÃÃ6yyvrqÃ9…v‰rÇÃ9rquh€ÃH6Ã!!%ÃVT6ÇÃ' # ÇÃ6S8rip‚€Ã VT6ÇÃVFÇÃBr…€h’ÇÃEhƒhÃ‡ÃDqvhÃ
6S8ÃD†vtu‡†ÃQhtrÃ#à workflows, production schedules, parts inventories, manpower requirements, manufac- turing processes, and standards. It must be kept current, which includes periodic training of management and employees on their disaster responsibilities. Unfortunately recovery does not begin until you know what 'LVDVWHU 5HFRYHU 3ODQQLQJ is wrong. Most attacks require a detailed damage assess- • ,PSOHPHQW SUHYHQWLYH VHFXULW PHDVXUHV ment. A good measurement of a disaster’s magnitude is the • 8QGHUVWDQG GLVDVWHU ULVNV DQG REMHFWLYHV estimated time and cost to recover. Recovery times of less • ,GHQWLI '53 WHDP DQG SURFHGXUHV than a day are usually minor, but losses can still vary. For • $XWRPDWH DQG PDS FULWLFDO RSHUDWLRQV example, a loss of power or a security breach may be brief, • 'HYHORS GDPDJH DVVHVVPHQW VWUDWHJ but can hurt customer satisfaction and loose business. • 'RFXPHQW DQG VKDUH '53 ZLWK VXSSOLHUV Therefore, establish ways to assess damages, their conse- quences, and recovery procedures as part of the DRP. The recovery team must be fluent in troubleshooting existing operations and the use of alternate methods such as mobile technology. In most disasters, the level of recovery depends on the quality of backups. This includes information, personnel, materials, and facilities. A copy of the latest information is a major advantage that can be made avail- able by frequently moving mission critical data offsite. Cross training the recovery team and having backup personnel will provide the properly skilled personnel to recover op- erations. Maintain critical spares, documentation, and supplies at offsite locations. This can be at another company or in cooperation with key suppliers. Sharing the DRP with strategic suppliers is a great idea. Many suppliers can help develop an alternate facilities startup plan and support the disaster recovery with materials and qualified personnel. 5(200(1'$7,216 • The ARC security model for protection, detection, and recovery will deter many se- curity threats and reduce the time and cost for restoring normal business operations. • Disaster recovery planning is unpopular, but very important. Nobody wants to plan for a disaster, but you must do it because the consequences of being unprepared can be devastating. • Better security and a DRP should be part of every business process from customer relationship management to supply chain management. It should be an integral part of your product and asset management strategies. For further information, contact your account manager or the author at hleroy@arcweb.com. Recommended circulation: All EAS clients. ‹Ã! ÇÃ6S8Ã6q‰v†‚…’ÃB…‚ˆƒÃ‡ÃÃ6yyvrqÃ9…v‰rÇÃ9rquh€ÃH6Ã!!%ÃVT6ÇÃ' # ÇÃ6S8rip‚€Ã VT6ÇÃVFÇÃBr…€h’ÇÃEhƒhÃ‡ÃDqvhÃ

Recommended

Risk management overview
Risk management overviewRisk management overview
Risk management overviewNaresh Rao
 
Got Your Resilience On? Reducing the Risk of Disaster with Business Continuit...
Got Your Resilience On? Reducing the Risk of Disaster with Business Continuit...Got Your Resilience On? Reducing the Risk of Disaster with Business Continuit...
Got Your Resilience On? Reducing the Risk of Disaster with Business Continuit...Healthcare Network marcus evans
 
Security and Automation: Can they work together? Can we survive if they don't?
Security and Automation: Can they work together? Can we survive if they don't?Security and Automation: Can they work together? Can we survive if they don't?
Security and Automation: Can they work together? Can we survive if they don't?Trish McGinity, CCSK
 
Cyber consequences, operational dependencies, and full scope security
Cyber consequences, operational dependencies, and full scope securityCyber consequences, operational dependencies, and full scope security
Cyber consequences, operational dependencies, and full scope securityJoe Slowik
 
INCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATIONINCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATIONSylvain Martinez
 
Guide-to-accident-investigation
Guide-to-accident-investigationGuide-to-accident-investigation
Guide-to-accident-investigationMuhammad Ali Zafar
 
Security risk
Security riskSecurity risk
Security riskRandy Tamoria
 
OFFENSIVE IDS
OFFENSIVE IDSOFFENSIVE IDS
OFFENSIVE IDSSylvain Martinez
 

Recommended

Risk management overview
Risk management overviewRisk management overview
Risk management overviewNaresh Rao
 
Got Your Resilience On? Reducing the Risk of Disaster with Business Continuit...
Got Your Resilience On? Reducing the Risk of Disaster with Business Continuit...Got Your Resilience On? Reducing the Risk of Disaster with Business Continuit...
Got Your Resilience On? Reducing the Risk of Disaster with Business Continuit...Healthcare Network marcus evans
 
Security and Automation: Can they work together? Can we survive if they don't?
Security and Automation: Can they work together? Can we survive if they don't?Security and Automation: Can they work together? Can we survive if they don't?
Security and Automation: Can they work together? Can we survive if they don't?Trish McGinity, CCSK
 
Cyber consequences, operational dependencies, and full scope security
Cyber consequences, operational dependencies, and full scope securityCyber consequences, operational dependencies, and full scope security
Cyber consequences, operational dependencies, and full scope securityJoe Slowik
 
INCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATIONINCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATIONSylvain Martinez
 
Guide-to-accident-investigation
Guide-to-accident-investigationGuide-to-accident-investigation
Guide-to-accident-investigationMuhammad Ali Zafar
 
Security risk
Security riskSecurity risk
Security riskRandy Tamoria
 
OFFENSIVE IDS
OFFENSIVE IDSOFFENSIVE IDS
OFFENSIVE IDSSylvain Martinez
 
Beyond top secret
Beyond top secretBeyond top secret
Beyond top secretgorin2008
 
Hiring Guide to the Information Security Profession
Hiring Guide to the Information Security ProfessionHiring Guide to the Information Security Profession
Hiring Guide to the Information Security Professionamiable_indian
 
Symantec_2004_AnnualReport
Symantec_2004_AnnualReportSymantec_2004_AnnualReport
Symantec_2004_AnnualReportfinance40
 
The Physical Security_&_Risk_Management_book
The Physical Security_&_Risk_Management_bookThe Physical Security_&_Risk_Management_book
The Physical Security_&_Risk_Management_bookJAMES E. McDONALD, PSNA
 
Process Safety Blind Spots: EXPOSED [Infographic]
Process Safety Blind Spots: EXPOSED [Infographic]Process Safety Blind Spots: EXPOSED [Infographic]
Process Safety Blind Spots: EXPOSED [Infographic]Darwin Jayson Mariano
 
Automated Incident Handling Using SIM
Automated Incident Handling Using SIMAutomated Incident Handling Using SIM
Automated Incident Handling Using SIMAnton Chuvakin
 
Risk Management
Risk ManagementRisk Management
Risk Managementijtsrd
 
2018-FALL-MAIN-ISOL534-22-23-COMBINED - 2018_FALL_MAIN_APPLICA.docx
2018-FALL-MAIN-ISOL534-22-23-COMBINED - 2018_FALL_MAIN_APPLICA.docx2018-FALL-MAIN-ISOL534-22-23-COMBINED - 2018_FALL_MAIN_APPLICA.docx
2018-FALL-MAIN-ISOL534-22-23-COMBINED - 2018_FALL_MAIN_APPLICA.docxvickeryr87
 
It and-cyber-module-2
It and-cyber-module-2It and-cyber-module-2
It and-cyber-module-2Marneil Sanchez
 
Dr Dev Kambhampati | Security Tenets for Life Critical Embedded Systems
Dr Dev Kambhampati | Security Tenets for Life Critical Embedded SystemsDr Dev Kambhampati | Security Tenets for Life Critical Embedded Systems
Dr Dev Kambhampati | Security Tenets for Life Critical Embedded SystemsDr Dev Kambhampati
 
Huawei Ransomware Protection Storage Solution Technical Overview Presentation...
Huawei Ransomware Protection Storage Solution Technical Overview Presentation...Huawei Ransomware Protection Storage Solution Technical Overview Presentation...
Huawei Ransomware Protection Storage Solution Technical Overview Presentation...LuisMiguelPaz5
 
How to Secure Your IaaS and PaaS Environments
How to Secure Your IaaS and PaaS EnvironmentsHow to Secure Your IaaS and PaaS Environments
How to Secure Your IaaS and PaaS EnvironmentsInfo-Tech Research Group
 
Security Information and Risk Management.pptx
Security Information and Risk Management.pptxSecurity Information and Risk Management.pptx
Security Information and Risk Management.pptxDaveCalapis3
 
Global Ransomware Client Alert
Global Ransomware Client AlertGlobal Ransomware Client Alert
Global Ransomware Client AlertRobyn Melnyk
 
Global ransomware attacks_2017_final msw_g2_sg
Global ransomware attacks_2017_final msw_g2_sgGlobal ransomware attacks_2017_final msw_g2_sg
Global ransomware attacks_2017_final msw_g2_sgChristopher R. Ward
 
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...Education & Training Boards
 
A holistic view_of_enterprise_security
A holistic view_of_enterprise_securityA holistic view_of_enterprise_security
A holistic view_of_enterprise_securityehawk01
 
Information Security
Information SecurityInformation Security
Information Securitychenpingling
 
Effective cybersecurity for small and midsize businesses
Effective cybersecurity for small and midsize businessesEffective cybersecurity for small and midsize businesses
Effective cybersecurity for small and midsize businessesShawn Tuma
 
6 Ways to Fight the Data Loss Gremlins
6 Ways to Fight the Data Loss Gremlins6 Ways to Fight the Data Loss Gremlins
6 Ways to Fight the Data Loss GremlinsIntronis MSP Solutions by Barracuda
 
Eam guide-video-2015
Eam guide-video-2015Eam guide-video-2015
Eam guide-video-2015ARC Advisory Group
 
Information Driven Enterprise for the Connected World
Information Driven Enterprise for the Connected WorldInformation Driven Enterprise for the Connected World
Information Driven Enterprise for the Connected WorldARC Advisory Group
 

More Related Content

Similar to Asset security and disaster recovery planning

Beyond top secret
Beyond top secretBeyond top secret
Beyond top secretgorin2008
 
Hiring Guide to the Information Security Profession
Hiring Guide to the Information Security ProfessionHiring Guide to the Information Security Profession
Hiring Guide to the Information Security Professionamiable_indian
 
Symantec_2004_AnnualReport
Symantec_2004_AnnualReportSymantec_2004_AnnualReport
Symantec_2004_AnnualReportfinance40
 
The Physical Security_&_Risk_Management_book
The Physical Security_&_Risk_Management_bookThe Physical Security_&_Risk_Management_book
The Physical Security_&_Risk_Management_bookJAMES E. McDONALD, PSNA
 
Process Safety Blind Spots: EXPOSED [Infographic]
Process Safety Blind Spots: EXPOSED [Infographic]Process Safety Blind Spots: EXPOSED [Infographic]
Process Safety Blind Spots: EXPOSED [Infographic]Darwin Jayson Mariano
 
Automated Incident Handling Using SIM
Automated Incident Handling Using SIMAutomated Incident Handling Using SIM
Automated Incident Handling Using SIMAnton Chuvakin
 
Risk Management
Risk ManagementRisk Management
Risk Managementijtsrd
 
2018-FALL-MAIN-ISOL534-22-23-COMBINED - 2018_FALL_MAIN_APPLICA.docx
2018-FALL-MAIN-ISOL534-22-23-COMBINED - 2018_FALL_MAIN_APPLICA.docx2018-FALL-MAIN-ISOL534-22-23-COMBINED - 2018_FALL_MAIN_APPLICA.docx
2018-FALL-MAIN-ISOL534-22-23-COMBINED - 2018_FALL_MAIN_APPLICA.docxvickeryr87
 
Dr Dev Kambhampati | Security Tenets for Life Critical Embedded Systems
Dr Dev Kambhampati | Security Tenets for Life Critical Embedded SystemsDr Dev Kambhampati | Security Tenets for Life Critical Embedded Systems
Dr Dev Kambhampati | Security Tenets for Life Critical Embedded SystemsDr Dev Kambhampati
 
Huawei Ransomware Protection Storage Solution Technical Overview Presentation...
Huawei Ransomware Protection Storage Solution Technical Overview Presentation...Huawei Ransomware Protection Storage Solution Technical Overview Presentation...
Huawei Ransomware Protection Storage Solution Technical Overview Presentation...LuisMiguelPaz5
 
How to Secure Your IaaS and PaaS Environments
How to Secure Your IaaS and PaaS EnvironmentsHow to Secure Your IaaS and PaaS Environments
How to Secure Your IaaS and PaaS EnvironmentsInfo-Tech Research Group
 
Security Information and Risk Management.pptx
Security Information and Risk Management.pptxSecurity Information and Risk Management.pptx
Security Information and Risk Management.pptxDaveCalapis3
 
Global Ransomware Client Alert
Global Ransomware Client AlertGlobal Ransomware Client Alert
Global Ransomware Client AlertRobyn Melnyk
 
Global ransomware attacks_2017_final msw_g2_sg
Global ransomware attacks_2017_final msw_g2_sgGlobal ransomware attacks_2017_final msw_g2_sg
Global ransomware attacks_2017_final msw_g2_sgChristopher R. Ward
 
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...Education & Training Boards
 
A holistic view_of_enterprise_security
A holistic view_of_enterprise_securityA holistic view_of_enterprise_security
A holistic view_of_enterprise_securityehawk01
 
Information Security
Information SecurityInformation Security
Information Securitychenpingling
 
Effective cybersecurity for small and midsize businesses
Effective cybersecurity for small and midsize businessesEffective cybersecurity for small and midsize businesses
Effective cybersecurity for small and midsize businessesShawn Tuma
 

Similar to Asset security and disaster recovery planning (20)

Beyond top secret
Beyond top secretBeyond top secret
Beyond top secret
 
Hiring Guide to the Information Security Profession
Hiring Guide to the Information Security ProfessionHiring Guide to the Information Security Profession
Hiring Guide to the Information Security Profession
 
Symantec_2004_AnnualReport
Symantec_2004_AnnualReportSymantec_2004_AnnualReport
Symantec_2004_AnnualReport
 
The Physical Security_&_Risk_Management_book
The Physical Security_&_Risk_Management_bookThe Physical Security_&_Risk_Management_book
The Physical Security_&_Risk_Management_book
 
Process Safety Blind Spots: EXPOSED [Infographic]
Process Safety Blind Spots: EXPOSED [Infographic]Process Safety Blind Spots: EXPOSED [Infographic]
Process Safety Blind Spots: EXPOSED [Infographic]
 
Automated Incident Handling Using SIM
Automated Incident Handling Using SIMAutomated Incident Handling Using SIM
Automated Incident Handling Using SIM
 
Risk Management
Risk ManagementRisk Management
Risk Management
 
2018-FALL-MAIN-ISOL534-22-23-COMBINED - 2018_FALL_MAIN_APPLICA.docx
2018-FALL-MAIN-ISOL534-22-23-COMBINED - 2018_FALL_MAIN_APPLICA.docx2018-FALL-MAIN-ISOL534-22-23-COMBINED - 2018_FALL_MAIN_APPLICA.docx
2018-FALL-MAIN-ISOL534-22-23-COMBINED - 2018_FALL_MAIN_APPLICA.docx
 
It and-cyber-module-2
It and-cyber-module-2It and-cyber-module-2
It and-cyber-module-2
 
Dr Dev Kambhampati | Security Tenets for Life Critical Embedded Systems
Dr Dev Kambhampati | Security Tenets for Life Critical Embedded SystemsDr Dev Kambhampati | Security Tenets for Life Critical Embedded Systems
Dr Dev Kambhampati | Security Tenets for Life Critical Embedded Systems
 
Huawei Ransomware Protection Storage Solution Technical Overview Presentation...
Huawei Ransomware Protection Storage Solution Technical Overview Presentation...Huawei Ransomware Protection Storage Solution Technical Overview Presentation...
Huawei Ransomware Protection Storage Solution Technical Overview Presentation...
 
How to Secure Your IaaS and PaaS Environments
How to Secure Your IaaS and PaaS EnvironmentsHow to Secure Your IaaS and PaaS Environments
How to Secure Your IaaS and PaaS Environments
 
Security Information and Risk Management.pptx
Security Information and Risk Management.pptxSecurity Information and Risk Management.pptx
Security Information and Risk Management.pptx
 
Global Ransomware Client Alert
Global Ransomware Client AlertGlobal Ransomware Client Alert
Global Ransomware Client Alert
 
Global ransomware attacks_2017_final msw_g2_sg
Global ransomware attacks_2017_final msw_g2_sgGlobal ransomware attacks_2017_final msw_g2_sg
Global ransomware attacks_2017_final msw_g2_sg
 
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...
 
A holistic view_of_enterprise_security
A holistic view_of_enterprise_securityA holistic view_of_enterprise_security
A holistic view_of_enterprise_security
 
Information Security
Information SecurityInformation Security
Information Security
 
Effective cybersecurity for small and midsize businesses
Effective cybersecurity for small and midsize businessesEffective cybersecurity for small and midsize businesses
Effective cybersecurity for small and midsize businesses
 
6 Ways to Fight the Data Loss Gremlins
6 Ways to Fight the Data Loss Gremlins6 Ways to Fight the Data Loss Gremlins
6 Ways to Fight the Data Loss Gremlins
 

More from ARC Advisory Group

Information Driven Enterprise for the Connected World
Information Driven Enterprise for the Connected WorldInformation Driven Enterprise for the Connected World
Information Driven Enterprise for the Connected WorldARC Advisory Group
 
Stork Presentation on Migration (Willem Hazenberg)
Stork Presentation on Migration (Willem Hazenberg)Stork Presentation on Migration (Willem Hazenberg)
Stork Presentation on Migration (Willem Hazenberg)ARC Advisory Group
 
Asset Information Management (AIM) Presentation @ ARC's 2011 Industry Forum
Asset Information Management (AIM) Presentation @ ARC's 2011 Industry ForumAsset Information Management (AIM) Presentation @ ARC's 2011 Industry Forum
Asset Information Management (AIM) Presentation @ ARC's 2011 Industry ForumARC Advisory Group
 
Three market trends drive collaborative value networks to the next level
Three market trends drive collaborative value networks to the next levelThree market trends drive collaborative value networks to the next level
Three market trends drive collaborative value networks to the next levelARC Advisory Group
 
Mobile Technologies and Supply Chain @ ARC's 2011 Industry Forum
Mobile Technologies and Supply Chain @ ARC's 2011 Industry Forum Mobile Technologies and Supply Chain @ ARC's 2011 Industry Forum
Mobile Technologies and Supply Chain @ ARC's 2011 Industry Forum ARC Advisory Group
 
Enterprise Mobility - Current Practices and Future Plans for Mobility Systems...
Enterprise Mobility - Current Practices and Future Plans for Mobility Systems...Enterprise Mobility - Current Practices and Future Plans for Mobility Systems...
Enterprise Mobility - Current Practices and Future Plans for Mobility Systems...ARC Advisory Group
 
Energy Management Strategies for Operational Excellence @ ARC's 2011 Industry...
Energy Management Strategies for Operational Excellence @ ARC's 2011 Industry...Energy Management Strategies for Operational Excellence @ ARC's 2011 Industry...
Energy Management Strategies for Operational Excellence @ ARC's 2011 Industry...ARC Advisory Group
 
Energy Management and the Evolution of Intelligent Motor Control and Drives @...
Energy Management and the Evolution of Intelligent Motor Control and Drives @...Energy Management and the Evolution of Intelligent Motor Control and Drives @...
Energy Management and the Evolution of Intelligent Motor Control and Drives @...ARC Advisory Group
 
Driving Innovation, Sustainability and Performance @ ARC's 2011 Industry Forum
Driving Innovation, Sustainability and Performance @ ARC's 2011 Industry Forum Driving Innovation, Sustainability and Performance @ ARC's 2011 Industry Forum
Driving Innovation, Sustainability and Performance @ ARC's 2011 Industry Forum ARC Advisory Group
 
Anti-counterfeiting and Brand Protection (ABP) Workshop @ ARC's 2011 Industry...
Anti-counterfeiting and Brand Protection (ABP) Workshop @ ARC's 2011 Industry...Anti-counterfeiting and Brand Protection (ABP) Workshop @ ARC's 2011 Industry...
Anti-counterfeiting and Brand Protection (ABP) Workshop @ ARC's 2011 Industry...ARC Advisory Group
 
Strategies for Asset Performance Management @ ARC's 2011 Industry Forum
Strategies for Asset Performance Management @ ARC's 2011 Industry Forum Strategies for Asset Performance Management @ ARC's 2011 Industry Forum
Strategies for Asset Performance Management @ ARC's 2011 Industry Forum ARC Advisory Group
 
Current Automation Purchasing Strategies Fall Short
Current Automation Purchasing Strategies Fall ShortCurrent Automation Purchasing Strategies Fall Short
Current Automation Purchasing Strategies Fall ShortARC Advisory Group
 
CPM Identified as RPM Engine at ARC Forum
CPM Identified as RPM Engine at ARC ForumCPM Identified as RPM Engine at ARC Forum
CPM Identified as RPM Engine at ARC ForumARC Advisory Group
 
Controls to CPM Connection: Are We There?
Controls to CPM Connection: Are We There?Controls to CPM Connection: Are We There?
Controls to CPM Connection: Are We There?ARC Advisory Group
 
Conoco on Path to Reliability Centered Loop Management: Enhancing ROA on the Way
Conoco on Path to Reliability Centered Loop Management: Enhancing ROA on the WayConoco on Path to Reliability Centered Loop Management: Enhancing ROA on the Way
Conoco on Path to Reliability Centered Loop Management: Enhancing ROA on the WayARC Advisory Group
 
Component Based Solutions Well Aligned with Needs of Service Logistics Providers
Component Based Solutions Well Aligned with Needs of Service Logistics ProvidersComponent Based Solutions Well Aligned with Needs of Service Logistics Providers
Component Based Solutions Well Aligned with Needs of Service Logistics ProvidersARC Advisory Group
 
Combined Fluid Power and Mechatronic Technology Optimizes Solutions
Combined Fluid Power and Mechatronic Technology Optimizes SolutionsCombined Fluid Power and Mechatronic Technology Optimizes Solutions
Combined Fluid Power and Mechatronic Technology Optimizes SolutionsARC Advisory Group
 
Collaborative Asset Lifecycle Management Vision and Strategies
Collaborative Asset Lifecycle Management Vision and StrategiesCollaborative Asset Lifecycle Management Vision and Strategies
Collaborative Asset Lifecycle Management Vision and StrategiesARC Advisory Group
 
Closing the Gap on Digital Manufacturing
Closing the Gap on Digital ManufacturingClosing the Gap on Digital Manufacturing
Closing the Gap on Digital ManufacturingARC Advisory Group
 

More from ARC Advisory Group (20)

Eam guide-video-2015
Eam guide-video-2015Eam guide-video-2015
Eam guide-video-2015
 
Information Driven Enterprise for the Connected World
Information Driven Enterprise for the Connected WorldInformation Driven Enterprise for the Connected World
Information Driven Enterprise for the Connected World
 
Stork Presentation on Migration (Willem Hazenberg)
Stork Presentation on Migration (Willem Hazenberg)Stork Presentation on Migration (Willem Hazenberg)
Stork Presentation on Migration (Willem Hazenberg)
 
Asset Information Management (AIM) Presentation @ ARC's 2011 Industry Forum
Asset Information Management (AIM) Presentation @ ARC's 2011 Industry ForumAsset Information Management (AIM) Presentation @ ARC's 2011 Industry Forum
Asset Information Management (AIM) Presentation @ ARC's 2011 Industry Forum
 
Three market trends drive collaborative value networks to the next level
Three market trends drive collaborative value networks to the next levelThree market trends drive collaborative value networks to the next level
Three market trends drive collaborative value networks to the next level
 
Mobile Technologies and Supply Chain @ ARC's 2011 Industry Forum
Mobile Technologies and Supply Chain @ ARC's 2011 Industry Forum Mobile Technologies and Supply Chain @ ARC's 2011 Industry Forum
Mobile Technologies and Supply Chain @ ARC's 2011 Industry Forum
 
Enterprise Mobility - Current Practices and Future Plans for Mobility Systems...
Enterprise Mobility - Current Practices and Future Plans for Mobility Systems...Enterprise Mobility - Current Practices and Future Plans for Mobility Systems...
Enterprise Mobility - Current Practices and Future Plans for Mobility Systems...
 
Energy Management Strategies for Operational Excellence @ ARC's 2011 Industry...
Energy Management Strategies for Operational Excellence @ ARC's 2011 Industry...Energy Management Strategies for Operational Excellence @ ARC's 2011 Industry...
Energy Management Strategies for Operational Excellence @ ARC's 2011 Industry...
 
Energy Management and the Evolution of Intelligent Motor Control and Drives @...
Energy Management and the Evolution of Intelligent Motor Control and Drives @...Energy Management and the Evolution of Intelligent Motor Control and Drives @...
Energy Management and the Evolution of Intelligent Motor Control and Drives @...
 
Driving Innovation, Sustainability and Performance @ ARC's 2011 Industry Forum
Driving Innovation, Sustainability and Performance @ ARC's 2011 Industry Forum Driving Innovation, Sustainability and Performance @ ARC's 2011 Industry Forum
Driving Innovation, Sustainability and Performance @ ARC's 2011 Industry Forum
 
Anti-counterfeiting and Brand Protection (ABP) Workshop @ ARC's 2011 Industry...
Anti-counterfeiting and Brand Protection (ABP) Workshop @ ARC's 2011 Industry...Anti-counterfeiting and Brand Protection (ABP) Workshop @ ARC's 2011 Industry...
Anti-counterfeiting and Brand Protection (ABP) Workshop @ ARC's 2011 Industry...
 
Strategies for Asset Performance Management @ ARC's 2011 Industry Forum
Strategies for Asset Performance Management @ ARC's 2011 Industry Forum Strategies for Asset Performance Management @ ARC's 2011 Industry Forum
Strategies for Asset Performance Management @ ARC's 2011 Industry Forum
 
Current Automation Purchasing Strategies Fall Short
Current Automation Purchasing Strategies Fall ShortCurrent Automation Purchasing Strategies Fall Short
Current Automation Purchasing Strategies Fall Short
 
CPM Identified as RPM Engine at ARC Forum
CPM Identified as RPM Engine at ARC ForumCPM Identified as RPM Engine at ARC Forum
CPM Identified as RPM Engine at ARC Forum
 
Controls to CPM Connection: Are We There?
Controls to CPM Connection: Are We There?Controls to CPM Connection: Are We There?
Controls to CPM Connection: Are We There?
 
Conoco on Path to Reliability Centered Loop Management: Enhancing ROA on the Way
Conoco on Path to Reliability Centered Loop Management: Enhancing ROA on the WayConoco on Path to Reliability Centered Loop Management: Enhancing ROA on the Way
Conoco on Path to Reliability Centered Loop Management: Enhancing ROA on the Way
 
Component Based Solutions Well Aligned with Needs of Service Logistics Providers
Component Based Solutions Well Aligned with Needs of Service Logistics ProvidersComponent Based Solutions Well Aligned with Needs of Service Logistics Providers
Component Based Solutions Well Aligned with Needs of Service Logistics Providers
 
Combined Fluid Power and Mechatronic Technology Optimizes Solutions
Combined Fluid Power and Mechatronic Technology Optimizes SolutionsCombined Fluid Power and Mechatronic Technology Optimizes Solutions
Combined Fluid Power and Mechatronic Technology Optimizes Solutions
 
Collaborative Asset Lifecycle Management Vision and Strategies
Collaborative Asset Lifecycle Management Vision and StrategiesCollaborative Asset Lifecycle Management Vision and Strategies
Collaborative Asset Lifecycle Management Vision and Strategies
 
Closing the Gap on Digital Manufacturing
Closing the Gap on Digital ManufacturingClosing the Gap on Digital Manufacturing
Closing the Gap on Digital Manufacturing
 

Asset security and disaster recovery planning

  • 1. $VVHW 6HFXULW DQG 'LVDVWHU 5HFRYHU 3ODQQLQJ %< + /(52 ' 6/$16. 6(37(0%(5 $5 ,16,*+76 ( .(:25'6 PAP, CHAP, DRP, UPS, TEAM, Security, Disaster, Recovery, Hacker, Terrorist 6800$5 The terrorist attack on America has changed the world, heightening the need for in- creased security and disaster recovery planning. Better security saves lives and prevents damage to assets and operations. Disaster recovery planning is a systematic approach for returning to normal business operations quickly. A few simple procedures and pre- cautions can maintain a safe and profitable business. $1$/6,6 Every business requires some level of security ranging from simple protection of impor- tant information to more complex solutions for potentially dangerous assets. Step one is a better understanding of the possible threats. Currently, terrorism tops the list of im- mediate threats. Government and large installations, volatile manufacturing facilities, utilities, food processing, or any business where many lives can be endangered through terrorist acts must be on high alert. Close proximity to a high profile target significantly increases 6HFXULW 3ODQQLQJ an otherwise low security risk. Fortunately, terrorism is the • 8QGHUVWDQG VHFXULW LVVXHV least likely security threat for most businesses, although it • 3HUIRUP VHFXULW ULVN DQDOVLV must remain as a high priority for security planning and disas- • 'HWHUPLQH OHYHO RI SURWHFWLRQ QHHGHG ter recovery. More common security threats, such as hacker • ,QVWDOO SURSHU SUHYHQWLRQ DQG GHWHFWLRQ attacks on valuable information or insider sabotage (inten- • 'HYHORS FRPSUHKHQVLYH UHFRYHU SODQ tional or unintentional) can disrupt and damage your • )UHTXHQWO UHYLHZ DQG XSGDWH VWUDWHJ business. An appropriate disaster recovery plan (DRP) should exist for all threats, including software and hardware failures. %DVLF 6HFXULW 0RGHO The basic security model focuses on protection, detection, and recovery. Protecting against and detecting threats is the preferred solution. Recovery from disasters can be long, painful, and costly. The ARC basic security model covers five major areas includ- ing physical, viral, access, backup, and environmental security. @IU@SQSDT@Ã6I9ÃH6IVA68UVSDIBÃTUS6U@BD@TÃAPSÃDI9VTUS`Ã@Y@8VUDW@TÃ
  • 2. 6S8ÃD†vtu‡†ÃQhtrÃ!à Physical security normally means locks or constraints that prevent unauthorized access. Alarms usually signal a breach of security. Physical security is complemented by envi- ronmental security that includes detection and alarming for smoke, fire, loss of power, or other life threatening conditions. Alarms may or may not signal unauthorized access. Both physical and environmental security must be monitored closely. Fire, accident pre- vention, and response information 6HFXULW should be readily available as part of 0RGHO 3KVLFDO 9LUDO $FFHVV %DFNXS (QYLURQPHQWDO normal safety procedures. An Unin- 3URWHFWLRQ ORFNV VKLHOG SDVVZRUGV GDLO 836 terrupted Power Supply (UPS) can 'HWHFWLRQ DODUPV VFDQ WUDFH VFKHGXOHG VKXWGRZQ easily manage the loss of power and 5HFRYHU VSDUHV FOHDQ FKDQJH UHVWRUH UHVWDUW permit an orderly shutdown or automatic backup of computer files. ,QIRUPDWLRQ 6HFXULW The World Trade Center attack crippled the U.S. financial community for days. The im- pact on the world economy was limited, thanks to strong information security practices by the financial community. Routine offsite information backups permitted the recovery of most important financial data within days. Manufacturers should use many of these same information security techniques. Information on financials, client records, order entry, supply chain, production data, and other dynamic data must be backed up regu- larly and stored offsite. Never assume that your information is secure until you have verified it. The best security procedures can overlook backups, viral scans, or access pro- tection. Daily backups offer the greatest protection and should be automatically scheduled. Daily incremental or partial backups with periodic full backups are acceptable when a large amount of business data prevents full daily backups. But this approach does make the recovery process more complicated. Every company should annually test their data restore procedures. The inability to restore existing backup data is not uncommon and can easily be avoided by occasional audits and validation of procedures. Other common threats are viral attacks and unauthorized access to user accounts. Improving password protection procedures and implementing strong trace algorithms can help avoid such breaches of security. Frequent password changes, a password authentication protocol (PAP), and a challenge handshake authentication protocol (CHAP) improve access security. All businesses also should implement software shields and virus scans, which are simple to install and easy to use. Again, prevention costs far less than the recovery from a hacker or virus attack. ‹Ã! ÇÃ6S8Ã6q‰v†‚…’ÃB…‚ˆƒÃ‡ÃÃ6yyvrqÃ9…v‰rÇÃ9rquh€ÃH6Ã!!%ÃVT6ÇÃ' # ÇÃ6S8rip‚€Ã VT6ÇÃVFÇÃBr…€h’ÇÃEhƒhÃ‡ÃDqvhÃ
  • 3. 6S8ÃD†vtu‡†ÃQhtrÃà RVW %HQHILW DQG 5LVN $QDOVLV Knowing your risk of various threats will help avoid unnecessary costs. A realistic as- sessment of your business, facilities, employees, information, and other assets determines your level of exposure and the appropriate security measures. If your type of business or location is subject to a natural or manmade disaster, then increased physi- cal, backup, and environmental security are appropri- 10 ate. If your production and business systems are 9 8 integrated, then additional infrastructure and net- 7 work security is required. If business information is Investment 6 5 accessed from remote or multiple company sites, then Cost 4 Expected Loss access, viral, and backup security should be en- 3 2 hanced. Implementing unneeded security is 1 expensive and wasteful. The security investment 0 1 2 3 4 5 6 7 8 9 10 11 12 should be based on the level of protection required to Level of Protection cover any potential losses. 'LVDVWHU 5HFRYHU 3ODQ Many companies go out of business after a major disaster. A good DRP is essential and must focus on minimizing downtime and lost productivity. It should identify and en- able the most cost-effective recovery, insure continuity of operations, and maintain customer satisfaction. There must also be a strong disaster recovery team with well- defined responsibilities and expectations. Both primary and alternate team members should meet regularly to develop, review, and update the DRP, since planning will play a critical role in these meetings. Because Total Enterprise Asset Management (TEAM) includes asset security for infrastructure, production, and operations, many TEAM par- ticipants should qualify as good DRP candidates. Developing a DRP starts with a model of your business to help identify critical opera- tions. The profit and loss centers should be identified, and important information flows should be mapped. Automation of important business processes such as production, financials, sales, and service will speed recovery. So will implementing fully redundant or fault tolerant environments such as disk mirroring and backup wireless communica- tions. Automation with redundancy implies consistent and repeatable processes with an existing database of recent information. A major DRP component is a recovery informational database that will support the re- covery process. Such a database should include information on employees, customers, suppliers, asset listings, and equipment specifications. Most importantly, it should con- tain all of the data needed to re-create the manufacturing process, such as process plans, ‹Ã! ÇÃ6S8Ã6q‰v†‚…’ÃB…‚ˆƒÃ‡ÃÃ6yyvrqÃ9…v‰rÇÃ9rquh€ÃH6Ã!!%ÃVT6ÇÃ' # ÇÃ6S8rip‚€Ã VT6ÇÃVFÇÃBr…€h’ÇÃEhƒhÃ‡ÃDqvhÃ
  • 4. 6S8ÃD†vtu‡†ÃQhtrÃ#à workflows, production schedules, parts inventories, manpower requirements, manufac- turing processes, and standards. It must be kept current, which includes periodic training of management and employees on their disaster responsibilities. Unfortunately recovery does not begin until you know what 'LVDVWHU 5HFRYHU 3ODQQLQJ is wrong. Most attacks require a detailed damage assess- • ,PSOHPHQW SUHYHQWLYH VHFXULW PHDVXUHV ment. A good measurement of a disaster’s magnitude is the • 8QGHUVWDQG GLVDVWHU ULVNV DQG REMHFWLYHV estimated time and cost to recover. Recovery times of less • ,GHQWLI '53 WHDP DQG SURFHGXUHV than a day are usually minor, but losses can still vary. For • $XWRPDWH DQG PDS FULWLFDO RSHUDWLRQV example, a loss of power or a security breach may be brief, • 'HYHORS GDPDJH DVVHVVPHQW VWUDWHJ but can hurt customer satisfaction and loose business. • 'RFXPHQW DQG VKDUH '53 ZLWK VXSSOLHUV Therefore, establish ways to assess damages, their conse- quences, and recovery procedures as part of the DRP. The recovery team must be fluent in troubleshooting existing operations and the use of alternate methods such as mobile technology. In most disasters, the level of recovery depends on the quality of backups. This includes information, personnel, materials, and facilities. A copy of the latest information is a major advantage that can be made avail- able by frequently moving mission critical data offsite. Cross training the recovery team and having backup personnel will provide the properly skilled personnel to recover op- erations. Maintain critical spares, documentation, and supplies at offsite locations. This can be at another company or in cooperation with key suppliers. Sharing the DRP with strategic suppliers is a great idea. Many suppliers can help develop an alternate facilities startup plan and support the disaster recovery with materials and qualified personnel. 5(200(1'$7,216 • The ARC security model for protection, detection, and recovery will deter many se- curity threats and reduce the time and cost for restoring normal business operations. • Disaster recovery planning is unpopular, but very important. Nobody wants to plan for a disaster, but you must do it because the consequences of being unprepared can be devastating. • Better security and a DRP should be part of every business process from customer relationship management to supply chain management. It should be an integral part of your product and asset management strategies. For further information, contact your account manager or the author at hleroy@arcweb.com. Recommended circulation: All EAS clients. ‹Ã! ÇÃ6S8Ã6q‰v†‚…’ÃB…‚ˆƒÃ‡ÃÃ6yyvrqÃ9…v‰rÇÃ9rquh€ÃH6Ã!!%ÃVT6ÇÃ' # ÇÃ6S8rip‚€Ã VT6ÇÃVFÇÃBr…€h’ÇÃEhƒhÃ‡ÃDqvhÃ