Reddit  Del.icio.us  Stumble Upon  Facebook  Bookmark
Facebook Follow

Disaster Recovery Plan Template
Security Manual Template

Newsletter HomePrior Newsletter

In This Issue
  • Why Recovery and Business Continuity Plans Fail
  • Data Breach Notification Processes are Costly
  • Security Policies and Procedures

Why Recovery and Business Continuity Plans Fail


Over 60% of all plans have significant errors in the documented plan

Most businesses never suffer a catastrophic data loss. For those that do, whether caused by hardware failure, natural disaster, fire/flood, employee malice…..it can be devastating. More than 50% of businesses suffering a catastrophic loss of data never recover.

You've made the decision to create a business disaster recovery plan to make sure you can get back up and running quickly in the event of a disaster. But actually creating and implementing that plan is a whole other story.

The disaster recovery (DR) vision is a scenario in which all disasters are withstood; using a well-crafted plan, operations are transferred to a remote facility to get the organization back on-line within recovery time objective (RTO) and recovery point objective (RPO) targets. But this is pure fantasy for most companies. The reality is that if a disaster should occur, nothing short of Herculean efforts by the IT staff would be required to have the slightest chance of getting back on-line in any reasonable period of time, much less the targeted RTO.

Many disaster recovery (DR) plans end up being a documentation exercise and never rise above the day-to-day priorities of the business. Those that make it to the DR testing phases often encounter problems that if not properly addressed leave a bad mark on the whole DR processes. In a survey of 253 enterprises that had to activate their recovery plans Janco has identified the reasons why recovery is not successful.

Recovery Failures

The most common issue and occurring in 62% of all recovery plans are errors in the plan itself. This is often due to the plan not being kept up to date (47%) and the unavailability or inaccurate passwords (34%).

Additional reasons for failures are:

  • Insufficient backup power - 22%
  • Communications not in place - 18%
  • Personnel not trained - 17%
  • System priorities not identified - 14%
  • Recovery not documented - 13%
  • Event not identified - 12%

    order   Download

Data Breach Notification Processes Are Costly

The needs for regulatory compliance requirements have not slowed down...

California passes a new data breach notification law

Businesses, government agencies, and educational institutions reported 50 percent more data breaches in this year than last, exposing the personal records of at least 35.7 million Americans.

The financial consequences of such breaches can be severe. Many organizations lose customers and revenue because of the violation of trust incurred from a breach. Due to the growing number of state privacy laws, most breaches require that those whose information is compromised must be notified. Most organizations now pay for credit monitoring services for several years for all those impacted by a breach – these services typically cost about $100 per person per year. And in some cases, organizations are subject to fines for revealing personal information.

A new bill in California's (SB-24) updates current data breach notification laws by requiring organizations to include in the breach notification letters the specifics of the security incident and advice on steps customers should take. The bill also includes provisions mandating that if the security breach affected 500 or more people, the organization must submit a copy of the letter to the state attorney general's office. The bill was signed into law Aug. 31 by Governer Jerry Brown and will take effect on Jan. 1, 2012.

The breach notification letters must include information such as the type of personal information exposed, a description of what happened, time of the breach, and toll-free telephone numbers and addresses of major credit reporting agencies in California, according to the new law. The original law did not specify what information had to be included in the letters. The new law also requires the letters to be sent "in the most expedient time possible and without unreasonable delay."

Read On...                   Order Now...

Detailed and Customizable for Your Business

Security ProceduresThe IT Security Manual Template  provides all the essential sections of a complete security manual and walks you through the creation of each step. Detailed language addressing a variety of topics is included in a 230-page Microsoft Word document which you can modify as much or as little as you need to fit your business requirements. This instant download includes sections on critical topics like:

  • Risk analysis
  • Staff member roles
  • Physical security
  • Facility design, construction and operations
  • Media and documentation
  • Data and software security
  • Network security
  • Internet and IT contingency planning
  • Insurance
  • Outsourced services
  • Waiver procedures
  • Incident reporting procedures
  • Access control guidelines

Includes Supplemental Assessment Material

To help you assess factors affecting your IT security, the IT Security Manual Template comes with the Business & IT Impact Questionnaire, a Word document that helps you gather essential security-related information from across your organization. You'll also receive the Threat & Vulnerability Assessment Tool, a Microsoft Excel workbook you can use to define and compare dangers that could impair your business operations.

Read on...                                    Order Now...

Comes in Standard - Premium - Gold Editions

Not only can you get the template in easily modifiable Microsoft WORD but you can get full multi-page job descriptions when you order the Premium or Gold Editions.  Read on...