1.  What severe security failures have occurred at your company? 
2. What was the cost incurred to the business from their occurrence?  
3. What plans and/or actions did the business take prior to the failure? Should more could have been done to prevent it from occurring.  

 

I will be answering all your questions based on the my past and present experiences as I am working as an IT administrator for both public and private organization.

What severe security failures have occurred at your company? 

• When I was working on a private university, we have experience a critical system failure where the university website and our student portal application (a web application were students check for their student registration, grades, financial accounts and etc.) were hacked and potential number of records were compromised. The reason for the breach was the weak security configuration place by the previous developer and poor backup controls in placed.

What was the cost incurred to the business from their occurrence?  

• The security failure cost the university a huge capital IT investment since the network infrastructure, servers, firewalls, storage options and the website and application itself were re-developed taking into account the previous problems encountered. The website and student portal are now cloud hosted and data-mirroring is applied with regular backups for both on-site and the cloud.

What plans and/or actions did the business take prior to the failure? Should more could have been done to prevent it from occurring.  

• There were no concrete data / disaster recovery and business continuity plans in place before the breach occurred. The university should have crafted a business continuity plan that would help them reduce the effect of the security failure.

I will be outlining the key factors that have been done by the university to mitigate the risks and possible re-occurrence of the security failure. This is the crafting of Business continuity plan.

Business continuity Plan - it is the process of creating systems, data recovery and disaster recovery plans that will be used to deal with potential threats to the company, this an addition to prevention plans.

The key elements of a business continuity plan are:

·       Identification of Critical Functions - you should focus on the crucial operations of your business and implement drastic measures to protect these assets and ensure their survivability.

·       Development of Disaster Recovery Plan - this where the Disaster Recovery Plan is very important in ensuring the continuity of operation and availability of Data backups in case disasters occurred.

·       Testing your Business Continuity Plan - make sure all aspects of your BCP are tested starting from Data Backup Plan down to your Disaster Recovery plans to ensure the overall success of your Business Continuity Plan

·       Formation of dedicate Business Continuity Plan Team - You should consider forming a dedicated team that will handle all aspects of your BCP plan, this gives members of your organization a clear overview who will be persons to contact to in-case of emergencies.