From the course: Complete Guide to Cybersecurity: A Practical Approach
Understanding business continuity (BC)
From the course: Complete Guide to Cybersecurity: A Practical Approach
Understanding business continuity (BC)
- Let's go over business continuity. It goes without saying that the importance of business continuity is paramount for any organization. The intent of a business continuity plan is to sustain business operations while recovering from a significant disruption. Now, some disruptions or some events can be very minor, several can be catastrophic. Before we get started, let me actually define what is an event. An event can be pretty much anything. It can be a national disaster, it can be fire, a cybersecurity attack. It can also be, you know, a specific network outage and so on. So you have to be prepared and in order for you to be prepared, you have to have a plan, right? So a key part of the plan is communication, including multiple contact methodologies, backup numbers, in case a disruption of power of communications as well, right? And backup contact methodologies, not only, you know, phone number, in many cases, that includes radio communications as well. Now, many organizations will establish contact tree, basically diagrams and documentation on who to contact, escalation contacts inside and outside of the organization. Whenever an event occurs, you will contact the appropriate individuals and to start to activate that business continuity plan. And it's very important that management should always be included in the communications when appropriate. You need to have at hand critical contact numbers for your supply chain and also law enforcement or any other third parties outside of your facility, outside of your organization. It is extremely critical that you have that contact information that is up to date. If I wanted to summarize and define business continuity in a sentence, I will define it as enabling the critical aspects of your organization to function, and in some cases, perhaps at a reduced capacity. Now, this disruption can be caused by any form of disturbance, cybersecurity attack, infrastructure failures, national disasters, and most others that I mentioned earlier. Most incidents are minor and can be handled easily. And you know, in many cases with minimum impact, for example, you may require a reboot of a system, right? For that, the business continuity plan does have to be extremely detailed. However, in major incidents, which will interrupt business from an unacceptable length of time, the organization can just follow an incident plan, but you have to move forward with this business continuity, right? So that business continuity plan includes, and not only of course the overall planning, the documentation, but the preparation, the response and recovery operations, and it should include all the different stakeholders that are relevant in order to fix whatever needs to be fixed within the organization. Now, developing a business continuity plan requires a significant organizational commitment in terms of both personnel and financial resources. That's why it is extremely important that you have commitment and support from your executives. Without the proper support from your staff and your executives, a business continuity plan effort can have very little chance of success. Now, let's go over some of the most common components of a comprehensive business continuity plan. First, you have to list the team members, all the stakeholders, right? That includes multiple contact methods and backup members. Also, immediate response procedures and checklist. That includes security checklists, safety procedures, fire suppressant procedures, notification of appropriate emergency response agencies, law enforcement and so on. Also, notification systems and call trees for alerting personnel that the business continuity plan has been enacted. You have to provide guidance for management. Updates for management, in some cases, including designation of authority for specific managers and how and when to enact the plan. And lastly, different contact numbers and critical stakeholders and contacts of your supply chain, including your vendors, customers, potential, you know, external emergency providers, third-party partners, and so on. Now, to go over the business continuity in the workplace, the business continuity plan needs to be maintained somewhere where it can be accessed by the appropriate stakeholders. In modern organizations nowadays, everything is digital and in many cases in the cloud. So it is extremely important that you have some good way to store and access, and also to promote that business continuity plan. You also should have proper ways to perform a business impact analysis. And in many cases, you can do that via table topic exercises and different types of exercises before a true incident takes place. And that is extremely important for you to make sure that your business continuity plan is still relevant to today's world and that everybody knows what to do, right? All the different procedures. In some cases we call that playbooks as well. And especially whenever we go over incident response, we got to go over different types of playbooks, which are related to cybersecurity, and of course, incident response.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
