Memorandum to the Board of Directors
- It is common knowledge that in the business world, disasters are inevitable. In my capacity as the company’s Chief Information Officer, I would like to comment on a number of areas that require immediate attention in terms of security. The considerations and recommendations highlighted in the memo are in the best interest of the company and its wellbeing. I would like to draw attention on some view areas of security and recommend relevant DRBC practices/ procedures that have been developed by the cyber security arm of the company.
- DRBCP is comprised of a host of factors including emergency response procedures, business recovery and return to normal procedures. Incident management is a coordinated practice at the corporate level that is dependent on round the clock reporting line and quick assessment and escalation for severity. Business continuity planning is best practices tailored by an organization to ensure the delivery of services and resume normal operations after an incident. Finally, disaster recovery mechanisms are the mechanisms and procedures that an organization engages in while trying to restore the complete functioning of the technical environment including software and tools for meeting production applications to their previous states. In a case of a data center disaster, critical workload need to be restored at the disaster recovery sites considering minimum disruption of services to guarantee data integrity, availability and confidentiality.
- DRBCP is comprised of a host of factors including emergency response procedures, business recovery and return to normal procedures. Incomplete DRBCP implies that the above mentioned activities cannot be handled according to a defined standard in case of an incident.
- DRBC should detail recovery time objectives and recovery point objectives for mission critical business operations such that, under an emergency, there is established timeframe to gauge the success of the recovery and business continuity process.
- Business needs and threats keep on evolving over time. A DRBCP customization should takes a period of up to a year in maximum. Constant risk evaluation should be conducted to ensure that the policy is up to date to accommodate dynamic business needs.
- DRBC policy is an influential document that must be availed to all employees and participants in a company. The lack of distribution and awareness of the policy tends to compromise its adherence. It is difficult for employees to adhere to what they do not know.
- The policy must be published in the company website as well as avail it in all other communication boards and bulletins in the shortest time possible to increase awareness and improve the level of adherence.
- Finally, teaching programs on the use of DRBCP needs to be rolled out immediately with special focus on the technical staff involved in disaster recovery and business continuity procedures.
- The Cybersecurity Division beliefs that the implementation of the above measures are to the best of interest and are in line with its mission of providing the management with tools and advice on all aspects of security. The department welcomes all questions and communication through the contacts below.
Call 7948253-74525 or email
Thank in advance
Regards
CIO
