Simulation Training Reinforces Security, Business Continuity

Sunday, August 05, 2012

Stacey Holleran

145dfdfe39f987b240313956a81652d1

Businesses today, no matter their size, depend upon information technology to deliver their products and services to market.

IT is fundamental to business operations; its sudden failure can wreak havoc on the organization’s supply chain, financial systems, internal and external communication channels, and more.           

If your organization were to experience a serious disruption in network connectivity due to a weather event, a fire or even a cyber attack, how quickly could it resume standard business operations? Which people, processes and technologies would be involved in the recovery efforts?

RoundtableDiscussion_StaceyH080312_InfosecIslandThose who have analyzed these questions on behalf of their organization know that it takes meticulous documentation of assets and procedures, as well as universal employee awareness and training, to successfully execute a disaster recovery plan following a disruptive event.

Should a natural or man-made disaster occur, would your organization be thoroughly prepared to overcome the technical obstacles?

How can you be sure nothing has been overlooked?

Mind Your InfoSec

Information security is a major consideration when evaluating an organization’s risk for prolonged business disruption. Security holes put information networks in a compromising position, leaving the door open for intruders.

If a cyber criminal gained access to your sensitive data and systems, how would you identify the nature and scope of the exploit to regain control? Is there anything you can do now to reduce the severity of a potential network breach or mitigate it altogether?                                

Gage Your Preparedness

Disaster simulations, also known as “dry runs,” provide a tangible way to test your organization’s preparedness by walking through recovery plans in real time. All key organizational players should be involved to maximize the benefits of this activity. The simulation should also include a facilitator—preferably an outside expert who can provide the advantage of an external perspective toward your business continuity efforts.

Gaging your business continuity plan’s real-world applicability through an organized simulation will reinforce organizational readiness for the unknown. Now is a great time to investigate simulation training opportunities, because September is National Preparedness Month, a time when many InfoSec-related associations sponsor events to enrich their local community as well as American business at large.

I would like to personally invite you to one such event: On Tuesday, Sept. 11, the Technology Association of Georgia Information Security (TAG InfoSec) Society is sponsoring “The 2012 Cyber Attack and Business Continuity Simulation.”

This full-day, live role play event takes place in Atlanta and features some of the top C-level executives, senior managers and security practitioners in North America. These industry leaders will be working through a network outage in real time, giving themselves and event participants an in-depth look into the action steps of disaster recovery.

Simulation events serve as an important resource for information security professionals and other organizational leaders concerned with secure systems and business continuity. I encourage you to seek out applicable opportunities in your area.

Stacey Holleran is Sr. Public Relations Manager for ControlScan, a provider of Payment Card Industry (PCI) Compliance and Security services headquartered in Atlanta, Georgia. 

Possibly Related Articles:
5870
Security Training
Information Security
Enterprise Security Risk Management Security Awareness Disaster Recovery Incident Response Training Business Continuity Resilience
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.