SlideShare une entreprise Scribd logo

Harry Regan - It's Never So Bad That It Can't Get Worse

Télécharger en tant que PPTX, PDF
C
centralohioissa

Disaster recovery, emergency response and business continuity plans are usually developed when no disaster exists. We think we’ve covered all contingencies. We think we’ve trained all the appropriate players. We’ve tested. We’ve re-tested. We think we’re ready to face whatever event there is looming out their with our name on it! The real world has a nasty habit of triggering disasters at the least opportune time, often featuring a twist that throws plans into disarray. This presentation focuses on three real-world plans, each of which with a fatal flaw. We will discuss elements that should be in a plan beyond the normal guidance from the Disaster Recovery Institute (DRI) and a set of actions that should be included in planning and preparation.

Technologie
1  sur  23
It’s Never So Bad That It Can’t Get Worse A REVIEW OF DISASTER RECOVERY AND BUSINESS CONTINUITY PLANNING IN PRACTICE HARRY REGAN VP, SECURITY CONSULTING SERVICES VALERIE THOMAS SENIOR SECURITY TECHNOLOGIST SECURICON, LLC HTTP://WWW.SECURICON.COM
Agenda • Who We Are • Things DRITellsYou • The Magic of MixingTechnology and Humans • 3Tales from the Field o Clouds of 9/11 o What if they threw a disaster and nobody came? o Financial Services andY2K • ScarTissue and Recommendations • Conclusions and Q&A
Who are we? • Securicon is a 13+ year old security consultancy in security programs and engineering, both cyber and physical. • Broad base of experience in the integration of human and social issues into the implementation and impact on security • Enterprise-level experience in developing COOP and BCP plans.
The Magic of Mixing Technology and Humans • Technology makes the world work • Humans make the world weird • Business Continuity happens at the intersection of people and technology– with one or more emergencies thrown into the mix. • Plans may be concise and logical, but human behavior is not as predictable as we’d like. • “When the first shot is fired, battle plans go out the window” -- George Patton
Reality… • We’re going to examine three actual case studies from three different industries. • All three companies involved had a good Business Continuity Plan • All three had a major failure then the disaster really arrived
Things DRI Tells You… Key Objectives… • Safety is #1 priority in a emergency/disaster • Keep the business operating and revenue flowing • Maintain basic communications (e-mail, phone) • Suck it up! Don’t give customers a reason to worry (Web site up, services available and shipping with minimal disruptions) • Maintain billing and accounting
More Things DRI TellsYou… • Your DR/BCP plan should have strategies for… • Emergency Response and Operations Contingencies • Actionable and detailed Business Continuity Plans at a situational and granular Level • Training and Awareness – for everyone, but especially for key staff involved in the plan • Maintaining andTesting DR and Business Continuity Plans and Operability – and really do it! • Public Relations and Crisis Communications • Coordination with Public Authorities
3 tales from the field • Clouds of September 11 o Hurricane Gabrielle hits Florida • What if the threw a disaster and nobody came? o Great plan, now where’s the staff? • Financial Services andY2K o Y2K Plan used for 9/11 – successfully!
Clouds of September 11 • September 9, 2001 –Tropical Storm Gabrielle forms off the west coast of Florida in the Gulf of Mexico. • September 11, 2001 – Hurricane Gabrielle threatens western Florida coast. • A manufacturing company in central Florida, already experiencing flooding in their facility and data center from heavy rain, decides to declare a disaster and exercise their DR contract with IBM • Scheduled DR site – Sterling Forest, NY • The request “could not be accommodated”
Clouds of September 11 • There really was no formal plan. They had backup tapes on site. They had arranged for specific equipment at the DR site • The company assumed they could just “swap over” to the DR site. Assumed they could just show up with the tapes, but never tested • Lessons learned o With an untested plan, it was really iffy that they could successfully exercise the DR plan o With a 3rd party DR contract, you may be able to get your money back if you “can’t be accommodated”! o Yes, their data center flooded…
What if the threw a disaster and nobody came? • Picture rolling New England hills, nestling a quaint little mill town. In this town is a manufacturing company that makes specialty products for the medical industry • “Shelter in Place” is a strategy some companies adopt– that’s the approach this company chose – backups and redundant equipment maintained on site. • The data center featured a natural gas generator tied to the city gas lines, so as long as they had fuel, they had power • The network featured divergent carriers with failover • They engineered their systems to be all remotely administered and operated so there was little need for staff to be onsite – but functions had to be manually attended. Robust, tested remote access processes.
What if the threw a disaster and nobody came? • In reviewing their DR/BCP documents, it struck me that they had a a very exacting “Bob will do X, Frank will doY” approach. Sooner or later, they said, they’d cross train folks. • In May of 2006, the area experienced severe flooding. Telecommunications were out, roads impassable, residents evacuated from the area. • The systems were up! No one was available to do anything with them, but they were up! • Discovered many processes someone had to be on site for (e.g. IT did not control the phone system or the PACS)
Financial Services andY2K • Large globally recognized financial services firm with heavy transactional network traffic. • Primary data center in southern New England, about an hour out of NYC • Backup data center 150 miles south. • Standing hotel accommodations for operations teams near both data centers • Situational BCP built with input from each business unit. Tested, tested, tested. • Identification of positions that needed to be on-site (the rest would work from home)
Financial Services andY2K • Monthly live test of failover from primary to backup. Well understood system and network for financial services. Business systems were lower priority. • NYC staff in 1 Liberty Plaza,Times Square and on Whitehall Street • If staff had to be displaced, they would go to one of several locations or be issued laptops to work from home • Y2K – Nothing Happened • But then there was 9/11
Financial Services andY2K • On 9/11 the first plane hit before market open– so the decision was made not to open the market until we knew what was really happening • As events unfolded, activated disaster plan o Liberty Plaza andWhitehall staff evacuated toTimes Square (until SouthTower collapse) o Network transferred to Backup Site without incident • Returned to normal operation by 9/17 • Long-term displacement of workstaff
Financial Services andY2K • On one level, the DR/BCP was successful. o Almost seamless transition to backup (turned out not to be necessary) o Market systems staff was on-site, in place and ready for normal operations when the disaster occurred o Corporate systems staff generally was in transit or about to leave home, but in DC – another 9/11 target site o Market systems were ready for scheduled market open at 10AM, but decision was made to keep the market closed. o There were staff injuries, but no reported fatalities
Financial Services andY2K • Problems with the BCP o No plan for loosing Manhattan o Evacuation plan assumed navigable streets, availability of public transportation o Severe and lasting workforce displacement o IT not ready for influx of teleworkers • One element of dumb luck o AT&T NYC Switch Center was destroyed in theWTC collapse o The company used MCI for telephone and network service
Scar Tissue and Recommendations • Recurring drills are important. Annual drills are simply not frequent enough. Test it, darn it! • Still doing weekly/monthly backups with incrementals? You should rethink your backup strategy. • Practice bare-metal restores. Even with great planning and preparation, odds are good you’ll have to do one or more and they take time. • Transactional systems love to have journal problems. Understand how to identify problems early and quickly and how to resolve them. • If you’re using a 3rd party backup site, expect equipment problems. Plan for it.
Scar Tissue and Recommendations • Understand what disasters are facing your disaster recovery sites! • Understand the logistics of getting the right people to the right place in different kinds of disasters! • See if you can arrange to have your restoration media transmitted to the DR site. (Throwing the backup media in the van with the DR away team may make the disaster even worse) • Maintain the equipment for the DR site! It won’t help you if the DR hardware can’t run the current mission critical applications!
Scar Tissue and Recommendations • Cross train DR/BCP teams onALL roles. DRI recommends backups roles and backups to backups. But you won’t know for sure who reports for duty until the disaster. “When the first shot is fired, battle plans go out the window.” General George Patton
What this “Granular” stuff? • It’s rare that a disaster/emergency will unfurl on your terms. The key to survival is flexibility o Be ready for a “half disaster” o Also be ready for multiple, simultaneous disasters o Finally, be ready for key staff unavailability • Situational planning is important o Have plans built for the most likely disaster scenarios o To the extend possible, compartmentalize o Also have a OCISD Strategy OCISD = “Oh crud! It’s something different!”
Conclusions and Q&A If you take nothing else away from this presentation, remember: #1 Test. Refine. Repeat. #2 Be flexible. It probably won’t happen like you think it will #3 When it does happen, you’ll find out which pieces you didn’t test enough.
Harry.Regan@securicon.com

Recommandé

Harry Regan - Disaster Recovery and Business Continuity - "It's never so bad ...
Harry Regan - Disaster Recovery and Business Continuity - "It's never so bad ...Harry Regan - Disaster Recovery and Business Continuity - "It's never so bad ...
Harry Regan - Disaster Recovery and Business Continuity - "It's never so bad ...centralohioissa
 
Event Presentation: Cyber Security for Industrial Control Systems
Event Presentation: Cyber Security for Industrial Control SystemsEvent Presentation: Cyber Security for Industrial Control Systems
Event Presentation: Cyber Security for Industrial Control SystemsInfonaligy
 
Professional incident response
Professional incident responseProfessional incident response
Professional incident responseBrooks Garrett
 
Art Hathaway - Artificial Intelligence - Real Threat Prevention
Art Hathaway - Artificial Intelligence - Real Threat PreventionArt Hathaway - Artificial Intelligence - Real Threat Prevention
Art Hathaway - Artificial Intelligence - Real Threat Preventioncentralohioissa
 
IT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and ToolsIT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and ToolsAndrew S. Baker (ASB)
 
Webinar: Be Cyber Smart – Stories from the Trenches
Webinar: Be Cyber Smart – Stories from the TrenchesWebinar: Be Cyber Smart – Stories from the Trenches
Webinar: Be Cyber Smart – Stories from the TrenchesWithum
 
Bright talk running a cloud - final
Bright talk running a cloud - finalBright talk running a cloud - final
Bright talk running a cloud - finalAndrew White
 
Top 12 Threats to Enterprise
Top 12 Threats to EnterpriseTop 12 Threats to Enterprise
Top 12 Threats to EnterpriseArgyle Executive Forum
 

Recommandé

Harry Regan - Disaster Recovery and Business Continuity - "It's never so bad ...
Harry Regan - Disaster Recovery and Business Continuity - "It's never so bad ...Harry Regan - Disaster Recovery and Business Continuity - "It's never so bad ...
Harry Regan - Disaster Recovery and Business Continuity - "It's never so bad ...centralohioissa
 
Event Presentation: Cyber Security for Industrial Control Systems
Event Presentation: Cyber Security for Industrial Control SystemsEvent Presentation: Cyber Security for Industrial Control Systems
Event Presentation: Cyber Security for Industrial Control SystemsInfonaligy
 
Professional incident response
Professional incident responseProfessional incident response
Professional incident responseBrooks Garrett
 
Art Hathaway - Artificial Intelligence - Real Threat Prevention
Art Hathaway - Artificial Intelligence - Real Threat PreventionArt Hathaway - Artificial Intelligence - Real Threat Prevention
Art Hathaway - Artificial Intelligence - Real Threat Preventioncentralohioissa
 
IT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and ToolsIT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and ToolsAndrew S. Baker (ASB)
 
Webinar: Be Cyber Smart – Stories from the Trenches
Webinar: Be Cyber Smart – Stories from the TrenchesWebinar: Be Cyber Smart – Stories from the Trenches
Webinar: Be Cyber Smart – Stories from the TrenchesWithum
 
Bright talk running a cloud - final
Bright talk running a cloud - finalBright talk running a cloud - final
Bright talk running a cloud - finalAndrew White
 
Top 12 Threats to Enterprise
Top 12 Threats to EnterpriseTop 12 Threats to Enterprise
Top 12 Threats to EnterpriseArgyle Executive Forum
 
Top Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your BusinessTop Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your BusinessNicholas Davis
 
Business-Critical Backup: Preparing for a Disaster
Business-Critical Backup: Preparing for a DisasterBusiness-Critical Backup: Preparing for a Disaster
Business-Critical Backup: Preparing for a DisasterNetWize
 
Runtime Protection in the Real World
Runtime Protection in the Real WorldRuntime Protection in the Real World
Runtime Protection in the Real WorldBrooks Garrett
 
Brighttalk getting back on track - final
Brighttalk getting back on track - finalBrighttalk getting back on track - final
Brighttalk getting back on track - finalAndrew White
 
Cybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceCybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceEnergySec
 
Data Breach Crisis Control – How to Communicate When You’re in the Hot Seat
Data Breach Crisis Control – How to Communicate When You’re in the Hot SeatData Breach Crisis Control – How to Communicate When You’re in the Hot Seat
Data Breach Crisis Control – How to Communicate When You’re in the Hot SeatResilient Systems
 
Jeffrey Sweet - Third Party Risk Governance - Why? and How?
Jeffrey Sweet - Third Party Risk Governance - Why? and How?Jeffrey Sweet - Third Party Risk Governance - Why? and How?
Jeffrey Sweet - Third Party Risk Governance - Why? and How?centralohioissa
 
Brighttalk converged infrastructure and it operations management - final
Brighttalk converged infrastructure and it operations management - finalBrighttalk converged infrastructure and it operations management - final
Brighttalk converged infrastructure and it operations management - finalAndrew White
 
NESCO Town Hall Workforce Development Presentation
NESCO Town Hall Workforce Development PresentationNESCO Town Hall Workforce Development Presentation
NESCO Town Hall Workforce Development PresentationEnergySec
 
#MCN2014 - Risk Management, Security, and Getting Things Done: Creating Win-W...
#MCN2014 - Risk Management, Security, and Getting Things Done: Creating Win-W...#MCN2014 - Risk Management, Security, and Getting Things Done: Creating Win-W...
#MCN2014 - Risk Management, Security, and Getting Things Done: Creating Win-W...Jane Alexander
 
"We're all in this together" - educating users on the importance of cyber sec...
"We're all in this together" - educating users on the importance of cyber sec..."We're all in this together" - educating users on the importance of cyber sec...
"We're all in this together" - educating users on the importance of cyber sec...Jisc
 
Cloud Computing Legal for Pennsylvania Bar Association
Cloud Computing Legal for Pennsylvania Bar AssociationCloud Computing Legal for Pennsylvania Bar Association
Cloud Computing Legal for Pennsylvania Bar AssociationAmy Larrimore
 
Lisa Guess - Embracing the Cloud
Lisa Guess - Embracing the CloudLisa Guess - Embracing the Cloud
Lisa Guess - Embracing the Cloudcentralohioissa
 
Deral Heiland - Fail Now So I Don't Fail Later
Deral Heiland - Fail Now So I Don't Fail LaterDeral Heiland - Fail Now So I Don't Fail Later
Deral Heiland - Fail Now So I Don't Fail Latercentralohioissa
 
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...Symantec
 
ISM and its impact on Government Project Delivery
ISM and its impact on Government Project DeliveryISM and its impact on Government Project Delivery
ISM and its impact on Government Project DeliveryKevin Landale
 
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection FrameworkAlex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Frameworkcentralohioissa
 
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...centralohioissa
 
Advanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective ResponsesAdvanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective ResponsesNetIQ
 
Co3's Annual Review & Predictions Webinar
Co3's Annual Review & Predictions WebinarCo3's Annual Review & Predictions Webinar
Co3's Annual Review & Predictions WebinarResilient Systems
 
Business continuity at_northrop_grumman
Business continuity at_northrop_grummanBusiness continuity at_northrop_grumman
Business continuity at_northrop_grummanAnshuman Jaiswal
 
DR luncheon presentation
DR luncheon presentationDR luncheon presentation
DR luncheon presentationseishi1
 

Contenu connexe

Tendances

Top Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your BusinessTop Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your BusinessNicholas Davis
 
Business-Critical Backup: Preparing for a Disaster
Business-Critical Backup: Preparing for a DisasterBusiness-Critical Backup: Preparing for a Disaster
Business-Critical Backup: Preparing for a DisasterNetWize
 
Runtime Protection in the Real World
Runtime Protection in the Real WorldRuntime Protection in the Real World
Runtime Protection in the Real WorldBrooks Garrett
 
Brighttalk getting back on track - final
Brighttalk getting back on track - finalBrighttalk getting back on track - final
Brighttalk getting back on track - finalAndrew White
 
Cybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceCybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceEnergySec
 
Data Breach Crisis Control – How to Communicate When You’re in the Hot Seat
Data Breach Crisis Control – How to Communicate When You’re in the Hot SeatData Breach Crisis Control – How to Communicate When You’re in the Hot Seat
Data Breach Crisis Control – How to Communicate When You’re in the Hot SeatResilient Systems
 
Jeffrey Sweet - Third Party Risk Governance - Why? and How?
Jeffrey Sweet - Third Party Risk Governance - Why? and How?Jeffrey Sweet - Third Party Risk Governance - Why? and How?
Jeffrey Sweet - Third Party Risk Governance - Why? and How?centralohioissa
 
Brighttalk converged infrastructure and it operations management - final
Brighttalk converged infrastructure and it operations management - finalBrighttalk converged infrastructure and it operations management - final
Brighttalk converged infrastructure and it operations management - finalAndrew White
 
NESCO Town Hall Workforce Development Presentation
NESCO Town Hall Workforce Development PresentationNESCO Town Hall Workforce Development Presentation
NESCO Town Hall Workforce Development PresentationEnergySec
 
#MCN2014 - Risk Management, Security, and Getting Things Done: Creating Win-W...
#MCN2014 - Risk Management, Security, and Getting Things Done: Creating Win-W...#MCN2014 - Risk Management, Security, and Getting Things Done: Creating Win-W...
#MCN2014 - Risk Management, Security, and Getting Things Done: Creating Win-W...Jane Alexander
 
"We're all in this together" - educating users on the importance of cyber sec...
"We're all in this together" - educating users on the importance of cyber sec..."We're all in this together" - educating users on the importance of cyber sec...
"We're all in this together" - educating users on the importance of cyber sec...Jisc
 
Cloud Computing Legal for Pennsylvania Bar Association
Cloud Computing Legal for Pennsylvania Bar AssociationCloud Computing Legal for Pennsylvania Bar Association
Cloud Computing Legal for Pennsylvania Bar AssociationAmy Larrimore
 
Lisa Guess - Embracing the Cloud
Lisa Guess - Embracing the CloudLisa Guess - Embracing the Cloud
Lisa Guess - Embracing the Cloudcentralohioissa
 
Deral Heiland - Fail Now So I Don't Fail Later
Deral Heiland - Fail Now So I Don't Fail LaterDeral Heiland - Fail Now So I Don't Fail Later
Deral Heiland - Fail Now So I Don't Fail Latercentralohioissa
 
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...Symantec
 
ISM and its impact on Government Project Delivery
ISM and its impact on Government Project DeliveryISM and its impact on Government Project Delivery
ISM and its impact on Government Project DeliveryKevin Landale
 
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection FrameworkAlex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Frameworkcentralohioissa
 
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...centralohioissa
 
Advanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective ResponsesAdvanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective ResponsesNetIQ
 
Co3's Annual Review & Predictions Webinar
Co3's Annual Review & Predictions WebinarCo3's Annual Review & Predictions Webinar
Co3's Annual Review & Predictions WebinarResilient Systems
 

Tendances (20)

Top Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your BusinessTop Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your Business
 
Business-Critical Backup: Preparing for a Disaster
Business-Critical Backup: Preparing for a DisasterBusiness-Critical Backup: Preparing for a Disaster
Business-Critical Backup: Preparing for a Disaster
 
Runtime Protection in the Real World
Runtime Protection in the Real WorldRuntime Protection in the Real World
Runtime Protection in the Real World
 
Brighttalk getting back on track - final
Brighttalk getting back on track - finalBrighttalk getting back on track - final
Brighttalk getting back on track - final
 
Cybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceCybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond Compliance
 
Data Breach Crisis Control – How to Communicate When You’re in the Hot Seat
Data Breach Crisis Control – How to Communicate When You’re in the Hot SeatData Breach Crisis Control – How to Communicate When You’re in the Hot Seat
Data Breach Crisis Control – How to Communicate When You’re in the Hot Seat
 
Jeffrey Sweet - Third Party Risk Governance - Why? and How?
Jeffrey Sweet - Third Party Risk Governance - Why? and How?Jeffrey Sweet - Third Party Risk Governance - Why? and How?
Jeffrey Sweet - Third Party Risk Governance - Why? and How?
 
Brighttalk converged infrastructure and it operations management - final
Brighttalk converged infrastructure and it operations management - finalBrighttalk converged infrastructure and it operations management - final
Brighttalk converged infrastructure and it operations management - final
 
NESCO Town Hall Workforce Development Presentation
NESCO Town Hall Workforce Development PresentationNESCO Town Hall Workforce Development Presentation
NESCO Town Hall Workforce Development Presentation
 
#MCN2014 - Risk Management, Security, and Getting Things Done: Creating Win-W...
#MCN2014 - Risk Management, Security, and Getting Things Done: Creating Win-W...#MCN2014 - Risk Management, Security, and Getting Things Done: Creating Win-W...
#MCN2014 - Risk Management, Security, and Getting Things Done: Creating Win-W...
 
"We're all in this together" - educating users on the importance of cyber sec...
"We're all in this together" - educating users on the importance of cyber sec..."We're all in this together" - educating users on the importance of cyber sec...
"We're all in this together" - educating users on the importance of cyber sec...
 
Cloud Computing Legal for Pennsylvania Bar Association
Cloud Computing Legal for Pennsylvania Bar AssociationCloud Computing Legal for Pennsylvania Bar Association
Cloud Computing Legal for Pennsylvania Bar Association
 
Lisa Guess - Embracing the Cloud
Lisa Guess - Embracing the CloudLisa Guess - Embracing the Cloud
Lisa Guess - Embracing the Cloud
 
Deral Heiland - Fail Now So I Don't Fail Later
Deral Heiland - Fail Now So I Don't Fail LaterDeral Heiland - Fail Now So I Don't Fail Later
Deral Heiland - Fail Now So I Don't Fail Later
 
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
 
ISM and its impact on Government Project Delivery
ISM and its impact on Government Project DeliveryISM and its impact on Government Project Delivery
ISM and its impact on Government Project Delivery
 
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection FrameworkAlex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
 
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
 
Advanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective ResponsesAdvanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective Responses
 
Co3's Annual Review & Predictions Webinar
Co3's Annual Review & Predictions WebinarCo3's Annual Review & Predictions Webinar
Co3's Annual Review & Predictions Webinar
 

Similaire à Harry Regan - It's Never So Bad That It Can't Get Worse

Business continuity at_northrop_grumman
Business continuity at_northrop_grummanBusiness continuity at_northrop_grumman
Business continuity at_northrop_grummanAnshuman Jaiswal
 
DR luncheon presentation
DR luncheon presentationDR luncheon presentation
DR luncheon presentationseishi1
 
Disaster Recovery on a Dime!
Disaster Recovery on a Dime!Disaster Recovery on a Dime!
Disaster Recovery on a Dime!Daniel Hanttula
 
It's Snow Joke; Protecting your Business from Acts of God, Mother Nature and ...
It's Snow Joke; Protecting your Business from Acts of God, Mother Nature and ...It's Snow Joke; Protecting your Business from Acts of God, Mother Nature and ...
It's Snow Joke; Protecting your Business from Acts of God, Mother Nature and ...jdixonbrash
 
Bcp coop training taxpayer services 1-15-09
Bcp coop training taxpayer services 1-15-09Bcp coop training taxpayer services 1-15-09
Bcp coop training taxpayer services 1-15-09Richard Turner
 
Business continuity
Business continuityBusiness continuity
Business continuityAlka Mehar
 
Mastering disaster e book Telehouse
Mastering disaster e book TelehouseMastering disaster e book Telehouse
Mastering disaster e book TelehouseTelehouse
 
Varrow Madness 2014 DR Presentation
Varrow Madness 2014 DR PresentationVarrow Madness 2014 DR Presentation
Varrow Madness 2014 DR PresentationAndrew Miller
 
Best Practices for Proactive Disaster Recovery and Business Continuity
Best Practices for Proactive Disaster Recovery and Business ContinuityBest Practices for Proactive Disaster Recovery and Business Continuity
Best Practices for Proactive Disaster Recovery and Business ContinuityReadWrite
 
Disaster recovery and WiFi hacking
Disaster recovery and WiFi hackingDisaster recovery and WiFi hacking
Disaster recovery and WiFi hackingAbeera Naeem
 
Disaster Recovery Planning PowerPoint Presentation Slides
Disaster Recovery Planning PowerPoint Presentation SlidesDisaster Recovery Planning PowerPoint Presentation Slides
Disaster Recovery Planning PowerPoint Presentation SlidesSlideTeam
 
Mastering disaster a data center checklist
Mastering disaster a data center checklistMastering disaster a data center checklist
Mastering disaster a data center checklistChris Wick
 
Disaster Recovery Planning Powerpoint Presentation Slides
Disaster Recovery Planning Powerpoint Presentation SlidesDisaster Recovery Planning Powerpoint Presentation Slides
Disaster Recovery Planning Powerpoint Presentation SlidesSlideTeam
 
Siegel - keynote presentation, 18 may 2013
Siegel - keynote presentation, 18 may 2013Siegel - keynote presentation, 18 may 2013
Siegel - keynote presentation, 18 may 2013NeilSiegelslideshare
 
Dr Steve Goldman's Top Ten Business Continuity Predictions / Trends for 2014
Dr Steve Goldman's Top Ten Business Continuity Predictions / Trends for 2014Dr Steve Goldman's Top Ten Business Continuity Predictions / Trends for 2014
Dr Steve Goldman's Top Ten Business Continuity Predictions / Trends for 2014xMatters Inc
 
Aipm conference 2013 the reality of measuring 21st century leadership and t...
Aipm conference 2013 the reality of measuring 21st century leadership and t...Aipm conference 2013 the reality of measuring 21st century leadership and t...
Aipm conference 2013 the reality of measuring 21st century leadership and t...Ian Sharpe
 
smAlbany 2013 gn bdr pp
smAlbany 2013 gn bdr ppsmAlbany 2013 gn bdr pp
smAlbany 2013 gn bdr ppLiberteks
 
Chapter 13 heragu
Chapter 13 heraguChapter 13 heragu
Chapter 13 heraguAjit Kumar
 
Innovations™ Magazine July - September 2013
Innovations™ Magazine July - September 2013Innovations™ Magazine July - September 2013
Innovations™ Magazine July - September 2013T.D. Williamson
 
Cloud Computing and Intelligent Systems: Two Fields at a Crossroads
Cloud Computing and Intelligent Systems: Two Fields at a CrossroadsCloud Computing and Intelligent Systems: Two Fields at a Crossroads
Cloud Computing and Intelligent Systems: Two Fields at a CrossroadsJeffrey Wallace
 

Similaire à Harry Regan - It's Never So Bad That It Can't Get Worse (20)

Business continuity at_northrop_grumman
Business continuity at_northrop_grummanBusiness continuity at_northrop_grumman
Business continuity at_northrop_grumman
 
DR luncheon presentation
DR luncheon presentationDR luncheon presentation
DR luncheon presentation
 
Disaster Recovery on a Dime!
Disaster Recovery on a Dime!Disaster Recovery on a Dime!
Disaster Recovery on a Dime!
 
It's Snow Joke; Protecting your Business from Acts of God, Mother Nature and ...
It's Snow Joke; Protecting your Business from Acts of God, Mother Nature and ...It's Snow Joke; Protecting your Business from Acts of God, Mother Nature and ...
It's Snow Joke; Protecting your Business from Acts of God, Mother Nature and ...
 
Bcp coop training taxpayer services 1-15-09
Bcp coop training taxpayer services 1-15-09Bcp coop training taxpayer services 1-15-09
Bcp coop training taxpayer services 1-15-09
 
Business continuity
Business continuityBusiness continuity
Business continuity
 
Mastering disaster e book Telehouse
Mastering disaster e book TelehouseMastering disaster e book Telehouse
Mastering disaster e book Telehouse
 
Varrow Madness 2014 DR Presentation
Varrow Madness 2014 DR PresentationVarrow Madness 2014 DR Presentation
Varrow Madness 2014 DR Presentation
 
Best Practices for Proactive Disaster Recovery and Business Continuity
Best Practices for Proactive Disaster Recovery and Business ContinuityBest Practices for Proactive Disaster Recovery and Business Continuity
Best Practices for Proactive Disaster Recovery and Business Continuity
 
Disaster recovery and WiFi hacking
Disaster recovery and WiFi hackingDisaster recovery and WiFi hacking
Disaster recovery and WiFi hacking
 
Disaster Recovery Planning PowerPoint Presentation Slides
Disaster Recovery Planning PowerPoint Presentation SlidesDisaster Recovery Planning PowerPoint Presentation Slides
Disaster Recovery Planning PowerPoint Presentation Slides
 
Mastering disaster a data center checklist
Mastering disaster a data center checklistMastering disaster a data center checklist
Mastering disaster a data center checklist
 
Disaster Recovery Planning Powerpoint Presentation Slides
Disaster Recovery Planning Powerpoint Presentation SlidesDisaster Recovery Planning Powerpoint Presentation Slides
Disaster Recovery Planning Powerpoint Presentation Slides
 
Siegel - keynote presentation, 18 may 2013
Siegel - keynote presentation, 18 may 2013Siegel - keynote presentation, 18 may 2013
Siegel - keynote presentation, 18 may 2013
 
Dr Steve Goldman's Top Ten Business Continuity Predictions / Trends for 2014
Dr Steve Goldman's Top Ten Business Continuity Predictions / Trends for 2014Dr Steve Goldman's Top Ten Business Continuity Predictions / Trends for 2014
Dr Steve Goldman's Top Ten Business Continuity Predictions / Trends for 2014
 
Aipm conference 2013 the reality of measuring 21st century leadership and t...
Aipm conference 2013 the reality of measuring 21st century leadership and t...Aipm conference 2013 the reality of measuring 21st century leadership and t...
Aipm conference 2013 the reality of measuring 21st century leadership and t...
 
smAlbany 2013 gn bdr pp
smAlbany 2013 gn bdr ppsmAlbany 2013 gn bdr pp
smAlbany 2013 gn bdr pp
 
Chapter 13 heragu
Chapter 13 heraguChapter 13 heragu
Chapter 13 heragu
 
Innovations™ Magazine July - September 2013
Innovations™ Magazine July - September 2013Innovations™ Magazine July - September 2013
Innovations™ Magazine July - September 2013
 
Cloud Computing and Intelligent Systems: Two Fields at a Crossroads
Cloud Computing and Intelligent Systems: Two Fields at a CrossroadsCloud Computing and Intelligent Systems: Two Fields at a Crossroads
Cloud Computing and Intelligent Systems: Two Fields at a Crossroads
 

Plus de centralohioissa

Mike Spaulding - Building an Application Security Program
Mike Spaulding - Building an Application Security ProgramMike Spaulding - Building an Application Security Program
Mike Spaulding - Building an Application Security Programcentralohioissa
 
Jake Williams - Navigating the FDA Recommendations on Medical Device Security...
Jake Williams - Navigating the FDA Recommendations on Medical Device Security...Jake Williams - Navigating the FDA Recommendations on Medical Device Security...
Jake Williams - Navigating the FDA Recommendations on Medical Device Security...centralohioissa
 
Bob West - Educating the Board of Directors
Bob West - Educating the Board of DirectorsBob West - Educating the Board of Directors
Bob West - Educating the Board of Directorscentralohioissa
 
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
Mark Villinski - Top 10 Tips for Educating Employees about CybersecurityMark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecuritycentralohioissa
 
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access SystemsValerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systemscentralohioissa
 
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016centralohioissa
 
Tre Smith - From Decision to Implementation: Who's On First?
Tre Smith - From Decision to Implementation: Who's On First?Tre Smith - From Decision to Implementation: Who's On First?
Tre Smith - From Decision to Implementation: Who's On First?centralohioissa
 
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the WarGary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the Warcentralohioissa
 
Sean Whalen - How to Hack a Hospital
Sean Whalen - How to Hack a HospitalSean Whalen - How to Hack a Hospital
Sean Whalen - How to Hack a Hospitalcentralohioissa
 
Robert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software DesignRobert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software Designcentralohioissa
 
Rafeeq Rehman - Breaking the Phishing Attack Chain
Rafeeq Rehman - Breaking the Phishing Attack ChainRafeeq Rehman - Breaking the Phishing Attack Chain
Rafeeq Rehman - Breaking the Phishing Attack Chaincentralohioissa
 
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDNOliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDNcentralohioissa
 
Jack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security MetricsJack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security Metricscentralohioissa
 
Michael Woolard - Gamify Awareness Training: Failure to engage is failure to ...
Michael Woolard - Gamify Awareness Training: Failure to engage is failure to ...Michael Woolard - Gamify Awareness Training: Failure to engage is failure to ...
Michael Woolard - Gamify Awareness Training: Failure to engage is failure to ...centralohioissa
 
Ruben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security InitiativesRuben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security Initiativescentralohioissa
 
Ed McCabe - Putting the Intelligence back in Threat Intelligence
Ed McCabe - Putting the Intelligence back in Threat IntelligenceEd McCabe - Putting the Intelligence back in Threat Intelligence
Ed McCabe - Putting the Intelligence back in Threat Intelligencecentralohioissa
 
Ofer Maor - Security Automation in the SDLC - Real World Cases
Ofer Maor - Security Automation in the SDLC - Real World CasesOfer Maor - Security Automation in the SDLC - Real World Cases
Ofer Maor - Security Automation in the SDLC - Real World Casescentralohioissa
 
Jim Libersky: Cyber Security - Super Bowl 50
Jim Libersky: Cyber Security - Super Bowl 50Jim Libersky: Cyber Security - Super Bowl 50
Jim Libersky: Cyber Security - Super Bowl 50centralohioissa
 
Jim Wojno: Incident Response - No Pain, No Gain!
Jim Wojno: Incident Response - No Pain, No Gain!Jim Wojno: Incident Response - No Pain, No Gain!
Jim Wojno: Incident Response - No Pain, No Gain!centralohioissa
 
Jason Samide - State of Security & 2016 Predictions
Jason Samide - State of Security & 2016 PredictionsJason Samide - State of Security & 2016 Predictions
Jason Samide - State of Security & 2016 Predictionscentralohioissa
 

Plus de centralohioissa (20)

Mike Spaulding - Building an Application Security Program
Mike Spaulding - Building an Application Security ProgramMike Spaulding - Building an Application Security Program
Mike Spaulding - Building an Application Security Program
 
Jake Williams - Navigating the FDA Recommendations on Medical Device Security...
Jake Williams - Navigating the FDA Recommendations on Medical Device Security...Jake Williams - Navigating the FDA Recommendations on Medical Device Security...
Jake Williams - Navigating the FDA Recommendations on Medical Device Security...
 
Bob West - Educating the Board of Directors
Bob West - Educating the Board of DirectorsBob West - Educating the Board of Directors
Bob West - Educating the Board of Directors
 
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
Mark Villinski - Top 10 Tips for Educating Employees about CybersecurityMark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
 
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access SystemsValerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
 
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
 
Tre Smith - From Decision to Implementation: Who's On First?
Tre Smith - From Decision to Implementation: Who's On First?Tre Smith - From Decision to Implementation: Who's On First?
Tre Smith - From Decision to Implementation: Who's On First?
 
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the WarGary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
 
Sean Whalen - How to Hack a Hospital
Sean Whalen - How to Hack a HospitalSean Whalen - How to Hack a Hospital
Sean Whalen - How to Hack a Hospital
 
Robert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software DesignRobert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software Design
 
Rafeeq Rehman - Breaking the Phishing Attack Chain
Rafeeq Rehman - Breaking the Phishing Attack ChainRafeeq Rehman - Breaking the Phishing Attack Chain
Rafeeq Rehman - Breaking the Phishing Attack Chain
 
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDNOliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN
 
Jack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security MetricsJack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security Metrics
 
Michael Woolard - Gamify Awareness Training: Failure to engage is failure to ...
Michael Woolard - Gamify Awareness Training: Failure to engage is failure to ...Michael Woolard - Gamify Awareness Training: Failure to engage is failure to ...
Michael Woolard - Gamify Awareness Training: Failure to engage is failure to ...
 
Ruben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security InitiativesRuben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security Initiatives
 
Ed McCabe - Putting the Intelligence back in Threat Intelligence
Ed McCabe - Putting the Intelligence back in Threat IntelligenceEd McCabe - Putting the Intelligence back in Threat Intelligence
Ed McCabe - Putting the Intelligence back in Threat Intelligence
 
Ofer Maor - Security Automation in the SDLC - Real World Cases
Ofer Maor - Security Automation in the SDLC - Real World CasesOfer Maor - Security Automation in the SDLC - Real World Cases
Ofer Maor - Security Automation in the SDLC - Real World Cases
 
Jim Libersky: Cyber Security - Super Bowl 50
Jim Libersky: Cyber Security - Super Bowl 50Jim Libersky: Cyber Security - Super Bowl 50
Jim Libersky: Cyber Security - Super Bowl 50
 
Jim Wojno: Incident Response - No Pain, No Gain!
Jim Wojno: Incident Response - No Pain, No Gain!Jim Wojno: Incident Response - No Pain, No Gain!
Jim Wojno: Incident Response - No Pain, No Gain!
 
Jason Samide - State of Security & 2016 Predictions
Jason Samide - State of Security & 2016 PredictionsJason Samide - State of Security & 2016 Predictions
Jason Samide - State of Security & 2016 Predictions
 

Dernier

Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 

Dernier (20)

Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 

Harry Regan - It's Never So Bad That It Can't Get Worse

  • 1. It’s Never So Bad That It Can’t Get Worse A REVIEW OF DISASTER RECOVERY AND BUSINESS CONTINUITY PLANNING IN PRACTICE HARRY REGAN VP, SECURITY CONSULTING SERVICES VALERIE THOMAS SENIOR SECURITY TECHNOLOGIST SECURICON, LLC HTTP://WWW.SECURICON.COM
  • 2. Agenda • Who We Are • Things DRITellsYou • The Magic of MixingTechnology and Humans • 3Tales from the Field o Clouds of 9/11 o What if they threw a disaster and nobody came? o Financial Services andY2K • ScarTissue and Recommendations • Conclusions and Q&A
  • 3. Who are we? • Securicon is a 13+ year old security consultancy in security programs and engineering, both cyber and physical. • Broad base of experience in the integration of human and social issues into the implementation and impact on security • Enterprise-level experience in developing COOP and BCP plans.
  • 4. The Magic of Mixing Technology and Humans • Technology makes the world work • Humans make the world weird • Business Continuity happens at the intersection of people and technology– with one or more emergencies thrown into the mix. • Plans may be concise and logical, but human behavior is not as predictable as we’d like. • “When the first shot is fired, battle plans go out the window” -- George Patton
  • 5. Reality… • We’re going to examine three actual case studies from three different industries. • All three companies involved had a good Business Continuity Plan • All three had a major failure then the disaster really arrived
  • 6. Things DRI Tells You… Key Objectives… • Safety is #1 priority in a emergency/disaster • Keep the business operating and revenue flowing • Maintain basic communications (e-mail, phone) • Suck it up! Don’t give customers a reason to worry (Web site up, services available and shipping with minimal disruptions) • Maintain billing and accounting
  • 7. More Things DRI TellsYou… • Your DR/BCP plan should have strategies for… • Emergency Response and Operations Contingencies • Actionable and detailed Business Continuity Plans at a situational and granular Level • Training and Awareness – for everyone, but especially for key staff involved in the plan • Maintaining andTesting DR and Business Continuity Plans and Operability – and really do it! • Public Relations and Crisis Communications • Coordination with Public Authorities
  • 8. 3 tales from the field • Clouds of September 11 o Hurricane Gabrielle hits Florida • What if the threw a disaster and nobody came? o Great plan, now where’s the staff? • Financial Services andY2K o Y2K Plan used for 9/11 – successfully!
  • 9. Clouds of September 11 • September 9, 2001 –Tropical Storm Gabrielle forms off the west coast of Florida in the Gulf of Mexico. • September 11, 2001 – Hurricane Gabrielle threatens western Florida coast. • A manufacturing company in central Florida, already experiencing flooding in their facility and data center from heavy rain, decides to declare a disaster and exercise their DR contract with IBM • Scheduled DR site – Sterling Forest, NY • The request “could not be accommodated”
  • 10. Clouds of September 11 • There really was no formal plan. They had backup tapes on site. They had arranged for specific equipment at the DR site • The company assumed they could just “swap over” to the DR site. Assumed they could just show up with the tapes, but never tested • Lessons learned o With an untested plan, it was really iffy that they could successfully exercise the DR plan o With a 3rd party DR contract, you may be able to get your money back if you “can’t be accommodated”! o Yes, their data center flooded…
  • 11. What if the threw a disaster and nobody came? • Picture rolling New England hills, nestling a quaint little mill town. In this town is a manufacturing company that makes specialty products for the medical industry • “Shelter in Place” is a strategy some companies adopt– that’s the approach this company chose – backups and redundant equipment maintained on site. • The data center featured a natural gas generator tied to the city gas lines, so as long as they had fuel, they had power • The network featured divergent carriers with failover • They engineered their systems to be all remotely administered and operated so there was little need for staff to be onsite – but functions had to be manually attended. Robust, tested remote access processes.
  • 12. What if the threw a disaster and nobody came? • In reviewing their DR/BCP documents, it struck me that they had a a very exacting “Bob will do X, Frank will doY” approach. Sooner or later, they said, they’d cross train folks. • In May of 2006, the area experienced severe flooding. Telecommunications were out, roads impassable, residents evacuated from the area. • The systems were up! No one was available to do anything with them, but they were up! • Discovered many processes someone had to be on site for (e.g. IT did not control the phone system or the PACS)
  • 13. Financial Services andY2K • Large globally recognized financial services firm with heavy transactional network traffic. • Primary data center in southern New England, about an hour out of NYC • Backup data center 150 miles south. • Standing hotel accommodations for operations teams near both data centers • Situational BCP built with input from each business unit. Tested, tested, tested. • Identification of positions that needed to be on-site (the rest would work from home)
  • 14. Financial Services andY2K • Monthly live test of failover from primary to backup. Well understood system and network for financial services. Business systems were lower priority. • NYC staff in 1 Liberty Plaza,Times Square and on Whitehall Street • If staff had to be displaced, they would go to one of several locations or be issued laptops to work from home • Y2K – Nothing Happened • But then there was 9/11
  • 15. Financial Services andY2K • On 9/11 the first plane hit before market open– so the decision was made not to open the market until we knew what was really happening • As events unfolded, activated disaster plan o Liberty Plaza andWhitehall staff evacuated toTimes Square (until SouthTower collapse) o Network transferred to Backup Site without incident • Returned to normal operation by 9/17 • Long-term displacement of workstaff
  • 16. Financial Services andY2K • On one level, the DR/BCP was successful. o Almost seamless transition to backup (turned out not to be necessary) o Market systems staff was on-site, in place and ready for normal operations when the disaster occurred o Corporate systems staff generally was in transit or about to leave home, but in DC – another 9/11 target site o Market systems were ready for scheduled market open at 10AM, but decision was made to keep the market closed. o There were staff injuries, but no reported fatalities
  • 17. Financial Services andY2K • Problems with the BCP o No plan for loosing Manhattan o Evacuation plan assumed navigable streets, availability of public transportation o Severe and lasting workforce displacement o IT not ready for influx of teleworkers • One element of dumb luck o AT&T NYC Switch Center was destroyed in theWTC collapse o The company used MCI for telephone and network service
  • 18. Scar Tissue and Recommendations • Recurring drills are important. Annual drills are simply not frequent enough. Test it, darn it! • Still doing weekly/monthly backups with incrementals? You should rethink your backup strategy. • Practice bare-metal restores. Even with great planning and preparation, odds are good you’ll have to do one or more and they take time. • Transactional systems love to have journal problems. Understand how to identify problems early and quickly and how to resolve them. • If you’re using a 3rd party backup site, expect equipment problems. Plan for it.
  • 19. Scar Tissue and Recommendations • Understand what disasters are facing your disaster recovery sites! • Understand the logistics of getting the right people to the right place in different kinds of disasters! • See if you can arrange to have your restoration media transmitted to the DR site. (Throwing the backup media in the van with the DR away team may make the disaster even worse) • Maintain the equipment for the DR site! It won’t help you if the DR hardware can’t run the current mission critical applications!
  • 20. Scar Tissue and Recommendations • Cross train DR/BCP teams onALL roles. DRI recommends backups roles and backups to backups. But you won’t know for sure who reports for duty until the disaster. “When the first shot is fired, battle plans go out the window.” General George Patton
  • 21. What this “Granular” stuff? • It’s rare that a disaster/emergency will unfurl on your terms. The key to survival is flexibility o Be ready for a “half disaster” o Also be ready for multiple, simultaneous disasters o Finally, be ready for key staff unavailability • Situational planning is important o Have plans built for the most likely disaster scenarios o To the extend possible, compartmentalize o Also have a OCISD Strategy OCISD = “Oh crud! It’s something different!”
  • 22. Conclusions and Q&A If you take nothing else away from this presentation, remember: #1 Test. Refine. Repeat. #2 Be flexible. It probably won’t happen like you think it will #3 When it does happen, you’ll find out which pieces you didn’t test enough.

Notes de l'éditeur

  1. V
  2. H
  3. V&H