CISM

Course
Time
8 hours 39 minutes
Difficulty
Intermediate
CEU/CPE
9

Video Transcription

00:04
after looking at the different sub plants. The next thing that we want to address is who is responsible for what? So we're gonna take a look at roles and responsibilities. Now we know that the ultimate responsibility is gonna rest with senior executive management. Theirjob is ultimately to be on board, to provide support,
00:22
to make sure that the right things happen at the right times to make sure the plans were
00:27
tested and ultimately to provide funding. And resource is as necessary to make sure that this plan gets done and that it gets done well on then also, to make sure it gets tested and renewed
00:39
so big things. Their job is to set the business continuity policy. We'll talk about this policy in just a few minutes, but we will not move forward without a B C P policy. And essentially, that policy is in writing senior management's commitment to support and to fund
00:58
this project, and this is very much a project, so
01:00
we would not move forward without a DCP policy from senior management that will give us the direction in the support that we need.
01:08
Theirjob also is gonna be to help us prioritize critical business functions in a little while. When we talk about recovery, we're gonna find that we have to recover. Recover those most critical elements first, well on Lee. Senior management can truly define what's most critical, and they make those decisions and we get sign off.
01:27
They are responsible for funding and supplying. Resource is, too,
01:33
the business continuity plan. They provide the oversight. And as I mentioned, they're responsible for ensuring that the BCP is tested and they reviewed the test results and make changes is necessary also to make sure not only is it tested, but that it's maintained as time goes. By
01:51
now, functional management wants senior management has determined the functional pieces and and identified what's most critical. Then it's up the functional management to make that work. So whereas, for instance, senior management, Lee say, well, our Web presence has to be up 24 7
02:09
Then it's functional management's job to make that happen and also to test and make sure okay, we have fail over cluster and the fail over works we can restore from back up here. The various elements of redundancy that we have so really senior management's responsible for saying what we want to accomplish. Functional management's figuring out how it's gonna happen,
02:30
the steering committee, the BCP steering committee. And you can assume unless they tell you something different, that you are the head of the BCP steering committee. They could call it different things. The BCP team. They could call you the project manager or the B C P Coordinator,
02:47
but ultimately it's your job to lead the team
02:52
that's developing the business continuity plan and the first and probably the most important thing that your responsibility is to conduct a B i A. A business impact analysis, and it's just what it says. Let me figure out what impact there is to the business for the loss of each of these elements.
03:10
How much will my company be impacted
03:14
if we lose our Web presence? If we lose our phone systems? If we lose this, that or the other. Okay, we're gonna spend some time. There really is one of the most important documents in the entire BCT.
03:24
All right, um, the BCP committee should be made of it. Cross functional team shouldn't just be a bunch of I t people in a room because we know that the organization is much more than just information technology. So I can I can answer any question you want about I t and Daven systems. Now this.
03:44
But I can't tell you what has to happen to make payroll work
03:47
or what they do in the production of sales in. So we need a cross functional team on the B C T committee
03:54
now also named and senior Management should name these rolls. By the way, we should have a rescue recovery and salvage team
04:03
Rescue team is what it sounds like. We're dealing with the immediacy of the desert of Thea disaster. We're gonna crash the server rooms, kill all the power to the server room. We're going to help people evacuate the building. Were to do. There's immediate things
04:18
now recovery. The recovery team's gonna be about getting the most critical. Service is
04:26
back up and running first. Okay, we've identified Ah, Server A must be up within 10 minutes. It's that recovery team that's gonna work on getting surgery back up.
04:38
Now the salvage team is recut. It was responsible for something called reconstitution, which means they're gonna bring us back to a state of normalcy. So the assumption is
04:48
we've already gone through recovery. Were working an off site facility. Everything's going okay, but we're ready to move back, either to our original facility or to a new one.
05:00
Reconstitution involves restoring the least critical service's first. You know, we do the most critical in recovering because we're down. Nothing's working. Let's get those things that will make or break us back up online as quickly as we came.
05:14
But with reconstitution, we take our time, and I don't look at the most critical stuff up because what if the original facility isn't fully restored?
05:21
What if we have problems? So I'm gonna restore the least critical service is first in reconstitution.
05:30
Now management should develop the teams. Every member should understand what their role is and what the plan as a whole understand their responsibilities and what each department is responsible for. Things that we cannot forget, probably the one that's most important here, who will talk to the media.
05:48
It should not necessarily be senior management. Senior management is not always skilled
05:55
in the matters of dealing with the media, and you can find somebody gets out there and puts their foot in their mouth, right? So we want to make sure that the person who talks to the media
06:05
eyes, somebody that skilled and trained could be the CEO. And a lot of companies think, Well, I'm gonna put the CEO out there because that shows the public that we're concerned about this.
06:15
Um, I don't know if any of you guys remember the BP oil spill. I'm hope I'm trusting that you do. Um, Tony Hayward was the voice in the face of BP. He was the CEO at the time. It could be argued that he did a less than stellar job representing BP.
06:32
There were several things that were attributed to him, having said,
06:36
like, um, nobody's been affected by this more than me. I haven't slept in three days.
06:43
You know, when you're CEO comes out and says something like that. Remember, there were 11 people who died millions of gallons of oil dumped into the gulf. You know, it was a huge wide scale tragedy, and because somebody's not skilled in dealing with the media and they get out there and they stick their foot in the mouth,
07:00
that can affect the stocks that can affect the business as a whole.
07:03
You know, BP is still paying for that loss. They're not able to bid on certain contracts. So it's kind of one of those things that
07:14
excuse me, might initially seemed like a good idea to get the CEO out there.
07:18
My best advice is the person that talks to the media. Is somebody in PR
07:24
in legal? In HR, Somebody skilled and the CEO should be standing behind them, clenching their hands, looking serious, looking worried, nodding at the appropriate times. But they shouldn't. I tell you the truth. Every time I heard Tony Hayward was gonna be on TV, I went got myself. Well, bag of popcorn
07:42
got out on the couch because I was just waiting to see what this guy was going to say next.
07:46
And there were all sorts of verbal miscues from VP from VP. One of the senior vice president said something like, um,
07:54
listen, you know, you can't get shrimp in places other than the Gulf of Mexico.
08:00
Well, you can. But that's not really what you want to say when you're trying to reshoot, reassure an entire section of the population. Um,
08:07
I think it was Tony Hayward. Don't quote me on that, but I think he also said something about BP being committed to standing behind the little people
08:18
moving forward. And I know I'm a little people. I get that. You just don't have to tell me that. You know, there are all sorts of makes. It was it was just a public relations nightmare. And if you ever want some fun, Google B P's reaction to a coffee spill.
08:35
Ah, there's about a three minute little video that's that's quite amusing after somebody knocked over a cup of coffee and a BP boardroom, the myriad of things that they go through to try to clean up that spills pretty good.
08:46
S o. You know what my policy is always? If there's a YouTube video made mocking you, or if you show up on Jon Stewart's, The Daily Show is probably not been really successful campaign in the PR world for you

Up Next

CISM

Cybrary's Certified Information Security Manager (CISM) course is a great fit for IT professionals looking to move up in their organization and advance their careers and/or current CISMs looking to learn about the latest trends in the IT industry.

Instructed By

Instructor Profile Image
Kelly Handerhan
Senior Instructor