安全性评价:

企业灾难恢复

灾难恢复的企业图标

几乎所有商界人士都会告诉你, 有一个计划是成功的绝对必要条件. 但, 有些人可能没有意识到业务连续性/灾难恢复(BCDR)计划也很重要. 这就是为什么mg官方游戏中心要看一下灾难恢复策略的一些基础知识,以及mg官方游戏中心MG游戏登录网页作为mg官方游戏中心业务服务部门的一部分提供的援助!

让mg官方游戏中心开始吧.

BCP和DRP哪个先出现?

一般来说, business continuity planning (BCP) occurs prior to disaster recovery planning (DRP). That is because a disaster recovery plan is only one component of a business continuity plan. Business continuity plan sets the foundation for disaster recovery planning. 除了灾难恢复计划外,BCP还包括:

  • 复工计划

  • 乘员应急计划

  • 营运计划的连续性

  • 事件管理计划 

什么是灾难恢复?

Disaster recovery refers to the aftermath of major human or natural events, 灾难, 紧急情况, 和灾难. 在业务特定的上下文中, 灾难恢复涉及组织维护或重建关键任务IT基础设施(如工具)的工作, 通信, 和更多的. 

过去几年最突出的灾难恢复例子之一可能是COVID-19大流行. 因为公司关闭了他们的办公室, 员工遭遇封锁, 世界经济受到了冲击, many institutions were left trying to determine how they would move forward. 

  • 他们会永远关闭吗? 

  • 他们会裁员吗? 

  • 他们能改变自己的商业模式吗? 

  • 他们重返办公室的计划是什么? 

  • 他们如何优化在家工作? 

在所有这些问题之后, the need for disaster recovery procedures and business continuity planning became quite clear. 

有多少种类型的灾难恢复?

一般来说, 灾难恢复主要有三种类型:自然恢复, 物理, 和技术为基础. While all three can impact your business, the most likely to occur is a technology-based incident. 这就是为什么信息安全的业务连续性和灾难恢复计划如此重要的部分原因,但稍后会详细介绍. 首先让mg官方游戏中心看看每种灾难类型.

自然灾害图标

自然灾害

这些是龙卷风、火灾、洪水、飓风等. 然而, it is important to note that they don’t always have to be area-wide weather events. 例如, 建筑物着火是一种自然灾害, 即使它只影响到你的办公楼,对其他地方没有影响. 同样,mg官方游戏中心之前提到的大流行, 或者是CEO的去世, 也属于这一类吗.

物理灾难图标

物理灾难

物理灾难包括断电或断电等一般基础设施故障. It can also include building problems like a burst pipe, HVAC failures, or a collapsed roof. Break-ins and 物理 security breaches also fall under this category.

基于技术的灾难图标

基于技术的灾害

基于技术的灾难列表可能相当长. 它可能包括勒索软件和恶意软件攻击, 服务器故障, 第三方云问题, 数据和安全漏洞, 数据丢失, 钓鱼式攻击, network infrastructure failure and major internet service provider outages.

什么是灾难恢复计划?

灾难恢复计划是一组流程, 步骤, 以及公司可以用来在灾难发生后继续业务运营和恢复IT基础设施的工具. 灾难恢复计划的主要目的是解释为了继续业务运营而需要采取的全面和一致的行动. 一般, disaster recovery plan 步骤 include actions that need to occur before, 在, 在一次事故之后. 

What Are Five Major Elements of a Typical Disaster Recovery Plan?

There are several elements that go into a successful disaster recovery plan. They include but are not limited to the following disaster recovery plan checklist 步骤:

  1. 创建灾难恢复团队- This team is responsible for creating, implementing, and revising a disaster recovery plan. Each member of the team is also be assigned specific responsibilities. It is also a good idea to provide the team’s contact information to the company at large. 灾难恢复计划应该列出针对某些类型的问题应该联系哪些团队成员. 

  2. 识别和评估风险- 灾难恢复团队和计划的一个关键职责是识别组织的潜在灾难风险. This includes evaluating all three types of disasters listed earlier in the article. 

  3. Determination of critical processes, tools, resources, and documents — 灾难恢复团队和公司中的其他关键利益相关者需要聚集在一起,确定哪些资源和工具对业务运营至关重要, 灾后. 在灾难恢复计划的上下文中, 这应侧重于短期生存能力和生存能力. 这可能意味着分析现金流和收入, as opposed to long-term solutions that focus on returning the business to full function. One example of a critical process would be maintaining payroll.

  4. 标准化场外和备份程序 -这些步骤应该表明需要备份的内容, 当, 多长时间, 在什么地方?, 是谁干的, 以及如何保护他们. All of the factors deemed critical in part three should be backed up. You will definitely want to include updated financial documents, 员工信息, 纳税记录, 客户和供应商列表等等. 如果原始物理位置受到威胁,所有被认为是关键的内容也应该备份到异地位置.  

  5. 测试和维护灾难恢复计划 —It’s important to understand that disaster recovery and preparedness is a continual process. 风险总是在演变,就像你的业务一样. The recovery plan needs to be tested regularly in order to evaluate its effectiveness. If appropriate, you can make changes or revisions to the plan after testing. 另外, 某些行业,如医疗和银行组织,需要测试协议,以保持符合其理事机构的要求. 

为什么灾难恢复对企业很重要?

简单地说, 灾难恢复准备可以帮助企业在灾难中幸存下来,并为他们需要采取的最重要步骤制定可操作的计划. Think of it like the safety demonstration a flight attendant gives you just before taking off. 他们告诉你:

  • 如何戴上氧气面罩 

  • 在帮助别人之前先做好自己的事

  • 如何使用座椅作为漂浮装置

  • 出口在哪里

While everyone on the plane is hoping this information will never be used, the fact of the matter is that it’s better to know it and not need it than vice versa. The same applies to disaster recovery planning for businesses. 除了维持公司运转, there are several other reasons to create a disaster recovery plan.

  1. 数据丢失: 数据丢失总是有害的, but if your business does not have a disaster recovery plan already in place, 您将面临永久数据丢失的风险. This includes information that is vital to customer satisfaction as well as company operations. 拥有并遵循灾难恢复计划可以帮助确保在外部设备甚至云存储上进行数据备份.

  2. 人类的错误: 人都会犯错. This one isn’t breaking news, but is just as pertinent now, if not more so, than ever before. 事实上,顶尖的研究人员 斯坦福和IBM suggest that anywhere from 88-95% of security breaches are caused by human error. 这些天, 网络钓鱼阴谋和诈骗电子邮件意味着任何意外点击都可能导致勒索软件攻击或数据泄露. 更不用说,一个小小的疏忽就可能导致安全风险,使任何企业陷入混乱. 有了灾难恢复计划, data backups will come in handy 当 mistakes inevitably do happen. 

  3. 客户Re-Acquisition: Customer acquisition and customer retention can be pricey yet fruitful endeavors, but customer re-acquisition is almost certainly going to be more expensive. 例如, it can be difficult to earn a customer’s trust in the first place, 但一旦你这么做了,就会产生忠诚度. 然而, 失去信任的那一刻, 这将是非常困难的, 耗费时间, 而且要拿回来也很贵. 解决这个问题的最佳方法是积极主动地防止数据丢失或安全漏洞等问题. 这些都可以在灾难恢复计划中考虑到. 

  4. 声誉: 类似于信任, 建立声誉可能需要数周时间, 个月, 甚至需要几年的时间来发展, 但只是瞬间的污点. 除了失去现有客户, a damaged reputation can also prevent you from acquiring potential new customers. +, 比如社交媒体, any unhappy stakeholders can wield word of mouth pretty effectively. 虽然灾难恢复计划不能保证你的声誉在灾难性事件发生后不会受到任何影响, they can help mitigate the risk by ensuring you follow the right 步骤 after the fact.

  5. 成本: 当灾难来袭时,代价可能是昂贵的. If you aren’t prepared for it, you can bet that it gets even more expensive. The cost downtime plus recovery expense can range from several thousand to 每小时几百万美元

  6. 合规: Aside from all the intrinsic benefits to disaster recovery planning, another kicker is that certain industries are required to do it. 特别是, 医疗保健或金融等受监管的行业在测试和实施灾难恢复计划方面有严格的要求.

灾难恢复计划流程时间表

用莫泽评估您的灾难恢复准备!

当涉及到灾难恢复计划时 莫泽 mg官方游戏中心总是喜欢问:“你准备好面对灾难了吗?? 你确定吗??,因为坦率地说,风险太高,不能不问两次.

莫泽可以帮助您的组织进行两种类型的灾难恢复演习,以确保您的组织准备好管理意外情况. 

莫泽提供了以下练习:

  1. 桌面

    桌面是一种角色扮演练习,允许组织开始测试其现有的灾难恢复和业务连续性文档. 这第一步允许对实际事件中采取的行动和措施进行非侵入性的排练. 

    这个练习是有益的,因为它允许团队成员经历一个模拟的事件,并识别过程和计划中的潜在差距. 这项工作以互动方式进行,鼓励跨部门沟通和参与.  

    This exercise does have a few drawbacks in that it can be time-consuming for the employees involved. 当场景展开时,该练习需要完整的文档,并由具有指导和管理该练习经验的专业人员指导. 

  2. 演练/模拟

    A walk-through/simulation test builds on the 桌面 Exercise. 它提供了执行公司范围的测试事件的机会,以测试桌面的更新,并确定这个更密集的练习所确定的新差距. 

    The benefit of a walk-through/simulation test is that it provides a real-life, 动手紧急环境进行测试. 测试与场景相关的所有计划, and the practice can lead to the identification of gaps or oversights. The outcome is updated documentation and a staff further trained in responding to an incident. 

    这种练习的缺点是需要在时间和精力上进行大量的投资, 设置, 并进行如此大规模的测试. 

与莫泽一起制定灾难恢复计划

At 莫泽, we pride ourselves on being more than a third-party tester. mg官方游戏中心是一个真正的合作伙伴,与您的团队合作,找到最好的解决方案,以满足您的需求. mg官方游戏中心不是来推卸责任或控制局面的. mg官方游戏中心只是作为您的灾难恢复团队的延伸,以确保您为任何事情做好准备. 

mg官方游戏中心的行动报告将强调潜在的补救措施和建议,以指导您朝着正确的方向前进. 如果你在做完报告后决定继续和莫泽合作, mg官方游戏中心有几个即插即用的灾难恢复计划示例(如勒索软件或内部恶意行为者). Alternatively we can work with you to create custom plans to meet your unique needs. 

With so much on the line, you literally cannot afford to be unprepared 当 disaster strikes. mg官方游戏中心 今天开始.

企业灾难恢复白皮书封面预览版

请关注本系列的下一篇文章:

网络保险评估

随着网络事件的不断增加, 越来越明显的是,网络安全是最关键的商业服务之一. 以确保稳健和全面的保护, 企业必须定期审核现有的数字安全基础设施,并采取购买网络保险等保护措施. 

Employee working on her computer to protecting her company from cyber incidents