Home > Articles > Cisco Network Technology > Security > Policy, Personnel, and Equipment as Security Enablers

Policy, Personnel, and Equipment as Security Enablers

Chapter Description

Policy plays an integral role in security effectiveness. Educating users on their responsibility to enhance security can have a twofold effect: It ensures that deployed equipment can perform tasks with greater effectiveness, and it creates an environment that encourages and supports individual responsibility.

Securing the Future: Business Continuity Planning

Crises will inevitably occur. Whether they are physical, such as an earthquake or a terrorist attack, or cyber, such as a distributed denial of service (DDoS), preparedness is the key to effectively managing a crisis. The difference between falling victim to an event and working through a highly challenging time is planning.

A comprehensive continuity plan is essential in maintaining or restoring business operability. A hospital or public utility, as an example, would require a plan to maintain operations during a crisis. Conversely, a sporting goods distributor might decide to concentrate on a plan that restores its operability after a crisis has passed. The potential lost revenue might not justify the expense of a costly program that attempts to maintain operability regardless of challenges. A hospital or utility would not have a choice.

Continuity plans should consider the following items:

  • Knowing the parameters of a given situation that could warrant the use of the plan

  • Having a detailed inventory of standby systems, including the length of time required for each one to be fully operational

  • Determining what would constitute the completion of a critical period and a return to normal operations

  • Selecting an appropriate leader(s) to manage the crisis. While separate leaders could exist for technology and business requirements, one overall leader must be chosen

  • Knowing the actions that need to be performed and the persons (or job functions—see next bullet) responsible for performing them

  • Assigning job functions rather than specific people to specific continuity tasks so that if a person leaves a firm, the new occupant of the job function is the replacement for the continuity task

  • Assigning specific reporting sites if an alarm is sounded

  • Ensuring that users know the sites and are confident in their assignments, particularly if the continuity site is in another physical location

  • Using the expertise of individuals, particularly the IT staff

  • Formally testing the plan, rooting out all weaknesses

  • Defining the amount of time needed to bring the continuity plan online

  • Most importantly, keeping the continuity plan current, both in its practice and content

Continuity plans are similar to term life insurance policies: One plans for the worst but hopes never to realize the policy's payoff. A detailed and workable plan to maintain operations during trying times can allow a sense of confidence that is only achievable through comprehensive contingency planning.

9. Ensuring a Successful Security Policy Approach | Next Section Previous Section