Computerworld - The best defense against cyberterrorism is a good offense, says Kevin Nixon, chief security officer at Exodus. That means getting buy-in from management, assessing risk, and overseeing security and risk management processes, authentication, auditing, physical security and user security policies. But you still need a response plan. He suggests the following:
Gather the Facts: Interview business unit managers to learn about key corporate services and information that must remain available in an emergency. Remember mundane things like the number of pencils needed should the accounting system go down.
Set up a team: Typical teams include the vice president, executive communications manager, IT manager and legal counsel.
Establish a reporting plan: Typically, the IT manager reports to the internal disaster recovery team. But there are also outside organizations with which the IT manager needs to cross-coordinate. These may include the IT manager at an energy company, and the Washington-based National Infrastructure Protection Center (www.nipc.gov). Reporting-structure plans should include items like diagrams or lists showing whom a call goes to if the primary point of contact is unavailable, and the chain of command.
Rehearse: Practice once a year on a grand scale and more frequently at the departmental level.
Read more about Security in Computerworld's Security Topic Center.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
