Leave a comment

18 months and No Reports of Zombie Attacks

by John Kulas, Bridge360 Software Security Analyst

This month of November marks the 18-month anniversary of the warning by the Centers for Disease Control and Prevention (better known as the CDC) that everyone should be prepared for a zombie apocalypse. Apparently everyone is well prepared, and the zombies must know this because the zombies have not shown themselves.

All silliness aside, there really is a serious point about to this post, and that is to talk about Business Continuity Planning (“BCP”), which addresses how to continue your business operation during and after a disaster. I’d even add “before a disaster,” because sometimes there is fair warning in advance of an impending disaster, like the recent Hurricane Sandy event.

In the past, people used to focus on Disaster Recovery (“DR”); however if all the focus is on recovering from the disaster, then there probably is no planning done for how to continue serving customers during or just prior to the disaster. In fact, in the business world the term “disaster” is being replaced by a more accurate term: “business continuity disruption event.”

In the event of a business continuity disruption event, if your competitors recover faster than you, or perhaps they are not even affected by whatever disrupted your business, then your customers may go to your competitors for service while your business is not operating. In that case, what happens when your business resumes operation? If there are no customers wanting your services, then your business fails.

With the focus now on BCP, and with DR now a subtopic of BCP, your business can put measures in place to continue serving customers before, during and after a business continuity disruption event. Your level of service during a disruption event may not be as spectacular as usual, but you are sufficiently meeting customers’ needs; meanwhile your business can work on recovering (DR) to normal business operating speed and capacity.

The zombie theme is not entirely silly for training purposes. A security company (the Halo Corporation)’s annual counter-terrorism conference (October 29 – November 2), usually attended by hundreds of Marines, Navy special ops, soldiers, police, firefighters and others (at a $1,000 entrance fee), is utilizing the CDC’s zombie theme. The watchdog organization “Project on Government Oversight” has said they do not see this as frivolous government spending, and they agree with CDC’s point about a zombie scenario being a useful teaching mechanism.

A well constructed BCP is not focused on a particular type of disaster. A well constructed BCP is flexible enough to address any type of disaster. There are three general categories of business continuity disruption events: loss of buildings, loss of personnel, and loss of technology. I’ll discuss more about those in later posts.