Testing the Plan

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *

Already have an account? Sign In »

14 hours 39 minutes
Video Transcription
now, of course, we just mentioned that it's important. It's essential that you test your plan. No matter how brilliant your plans are,
go ahead and test him.
So when we look at testing the business continuity plans and you know, we've gotta have some assurance that the plan is accurate and complete, So when we talk about testing, that's exactly what we're doing. We're looking at the plan for accuracy and completeness
when we're running drills or conducting exercises.
That's about improving employee response. But tests are examining the plan. Now we've got five types of tests, and again different sources may give you four types of tests, you know, or maybe you slightly different wording. The bottom line is we generally start out with a test
that may not give us a great idea of whether or not we're gonna be successful, but it doesn't bring much risk in.
So we're start out with the checklist test, which basically means I've got a checklist. I pass around to divisional leaders and say, Did I think of everything?
Yep, yep, Up. We forgot this.
It doesn't really matter from a risk standpoint, very low risk.
But again, you can't really tell if something's gonna work based on the checklist.
So the next thing I do is I bring all of those division heads that filled out my checklist into an office and we sit around the table and we discuss That's a table top test.
Be careful, because this is also called a structured walk through. And if you were to tell me, walk through. I think about going through the motions. Right. And that's not what's happening here. This is still purely paper based. Were sitting around the table. As a matter of fact, I I call it my head of structure. Talk through.
Okay, then we go through simulation test and with simulation testing. This is where we actually go through the motions. Right? We're going to test. Cannot access the H Vac system to turn it off. Did I include strategies for helping our folks with physical challenges
to evacuate the building?
Right. Did I think of everything? Is it accurate? Can it be carried out
now? All of these are very low risk, right? So even with the simulation, the simulation goes wrong. It doesn't matter, right? We look to that simulation to tell us how to improve.
But once we move into parallel testing or full on eruption testing, here's where we get risky.
So with the parallel test, we're going to have a portion off the actual processing happening at the off site facility.
So if I'm unable to bring up that offsite facility and have it fully functional, that I run the risk of losing processes right transactions,
so that could be risky. We only want to do a small portion at the off site facility.
But the real risk comes with full interruption testing. Shut down the main site, bring up the offsite facility. All processing happens there a lot of times that maybe over a weekend Friday, I shut the original facility. Monday morning. We stopped to start operations at the new facility.
Right? You don't remember? I don't remember. Don't forget tests are essential. They verify the plan for accuracy and completeness, whereas drills would improve employee response. The reason we conduct all of these tests, drills, exercises.
The purpose is to improve. The purpose is never to see what didn't work,
although sometimes we do see what didn't work. The purpose is to improve
Up Next