Threat Level: green Handler on Duty: Remco Verhoef

SANS ISC: Disaster Preparedness - Are We Shaken or Stirred? - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Disaster Preparedness - Are We Shaken or Stirred?

Yesterday's earthquake (centered in Virginia), along with Monday night's earthquake (centered in Colorado), got me to thinking about disaster preparedness (again).

Lots of IT groups would like to do more in the area of BCP (Business Continuity Planning), but can't get budget due to a management philosophy of "disasters happen elsewhere".   For many of my clients in this situation, these earthquakes are nice "wedge" to demonstrate that disasters do in fact happen close to home - everyone had a bit of a pause today when the buildings, and us inside them, swayed back and forth for a minute.

If you have a good DR (Disaster Recovery Plan) at work, now might be a good time to dust it off to make sure everything still works, while this is still fresh in everyone's mind.  Make sure that your plan truly reflects the needs of your organization.  The IT side of DR is relatively simple - a second location, some servers, replication (often SAN or virtualization based), and you're getting there.  Oh - and failing back to the production site is important (and often overlooked) as well.  

I've seen DR plans go down in flames, where the IT group comes through 100%, all the backup servers are running, but for one reason or another, the company can't do business.  Think things like - where does my main 1-800 telephone number go?  How will we ship?  How will we receive?  There are hundreds of non-IT details that go into a working organization and should go into a good BCP strategy.

Don't neglect DR planning at home as well, there are lots of good references on how to kit your house out for common disasters, but I particularly like the CDC guide on surviving the Zombie Apocalypse ( http://blogs.cdc.gov/publichealthmatters/2011/05/preparedness-101-zombie-apocalypse/ ).  If you can survive that, I'm thinking you're good for anything.

The whole DR topic is seeing real interest due to recent events - please, use our comment form and let us know if the recent earthquakes have shaken things up in your organization, if you are now stirred to consider changes in Disaster Preparedness at work or at home?

http://earthquake-report.com/2011/08/22/earthquakes-list-august-23-2011/

http://earthquake-report.com/2011/08/23/very-strong-and-dangerous-earthquake-rattles-virginia/

http://earthquake-report.com/2011/08/22/earthquakes-list-august-22-2011/
http://earthquake-report.com/2011/08/23/unusually-strong-earthquake-in-colorado-new-mexico-united-states/

===============

Rob VandenBrink Metafore

Rob VandenBrink

489 Posts
ISC Handler
The earthquake was in Virginia, not Vermont.
Laurie

1 Posts
Fixed, thanks for that !
Rob VandenBrink

489 Posts
ISC Handler
It always surprises me that people don’t know what to do during earthquake and they usually start to run outside.

Here is the standard guidance from FEMA and it is well-documented that it is the safest practice…

Source: http://www.fema.gov/hazard/earthquake/eq_during.shtm

The basic premise when one is indoors is to Shelter-In-Place using the DROP, COVER, and HOLD (DCH) technique until the quake subsides.

Unfortunately, most people immediately run for the exits - the worst possible option in an earthquake.

When I returned home from work and asked my children about the earthquake they reminded me their grade-school drills in Seattle prepared them to follow the recommended DCH best practice.

Too bad, Mommy forgot the drill and bolted for the door. I was thankful nobody was injured.

Skid

3 Posts
And it isn't only earthquakes, Hurricane Irene is headed for the Carolinas and should make landfall in the next couple of days.
Jim

402 Posts
ISC Handler
Although it's not directly related to a BCP per se, I'd recommend that insurance policy reviews be performed on a semi-regular basis as well with a healthy eye towards risk management.

As a friend near the epicenter found out, most standard homeowners policies along the East Coast don't t cover earthquake damage without an explicit rider. Friends who work in the insurance industry also pointed out that most policies don't cover flood damage to include any damage cause by ruptured underground pipes or septic systems.

I imagine that business owners may find similar holes in their policies that cover equipment and facilities.
Angela

3 Posts

Sign Up for Free or Log In to start participating in the conversation!