Menu
There are all sorts of “backups” that help get you out of various situations. Think of the spare tire in your trunk or the extra pieces of webbing in a climbing anchor. If you’ve ever been rock climbing, you know that it’s essential to build redundancies into your anchors, that way if one part fails, you’ve got another part as a backup.
![]()
There are various reasons for having backups. In climbing, a backup can save your life, but with data, a backup can save your business. That said, let’s step back and count down the top five reasons why businesses need a proper data backup solution.
Yet I have little doubt as to the inherent power of the Court to protect the. For great cases are called great not by reason of their real importance in shaping. Of any of these particular documents would seriously impair the national security.
Simple Recovery![]()
People are not infallible. They make mistakes, and actually, they make them quite often. Emails containing viruses are accidentally opened every day and important files are often mistakenly deleted. There’s no reason to fear these issues if you take frequent incremental snapshots of your systems. You can simply restore to a snapshot taken before the virus happened. Or you can recover the file from a time before it was deleted. It’s really easy to protect from the little things and there’s the added benefit of being ready for the big things as well.
Audits, Taxes, and Archives
Many, if not most businesses are required to keep business records for an extended period. This is either for tax purposes or because of various regulations. You might just need to look at what was going on a few years ago. It’s easy to assume that your computers have you covered just because they’ve got your last few years’ worth of information on them. But as you might know by now, having one copy is generally a huge mistake. Insuring that you’ve got an offsite backup of critical client information can really save you if something goes wrong locally. The IRS and regulatory commissions really don’t care that you had a data disaster. All it means to them is that you’re not compliant and they can fine you.
Competitive Advantage
In a previous article, we discussed the ways in which backups can actually be a competitive advantage. In the untimely event of a disaster, the first business to get back up and running will take all the business of those that aren’t back on their feet. As we’ll discuss in a moment, not having a plan can mean your doors close for good. Proper planning means that your doors stay open to those that worked with businesses that couldn’t survive data disaster.
Deadly Downtime
A 2007 University of Texas study showed that 43 percent of businesses that suffer major data loss never reopen. Many of these companies end up closing their doors for good within two years of a major data loss. And even large data loss scenarios aren’t always the result of a disaster. Human hands are very capable of destroying a business through silly mistakes or oversights. Don’t think Mother Nature is always responsible. Simply backing up data and having an effective backup and disaster recovery plan in place can help mitigate these types of threat. You can be one of the surviving businesses if you think ahead.
Doing Work Twice
The first rule of doing work is “do it right the first time.” If you suffer a minor failure and don’t have backups, you may be able to recover certain things, but you never know what those “certain things” will be. In almost any case, you’ll have a boat-load of work to redo whether it’s setting systems up all over again or recreating spreadsheets you or your employees have been working on for months. Worse yet, if you suffer a major data loss, you could feasibly end up re-doing everything you’ve ever done—that’s a situation few companies survive.
On February 12, 2014, a ceremony was held at the White House to announce the release of the National Institute of Standards and Technology (NIST) document entitled:.While the industry reaction to the newest guidance is all over the map, most cyber leaders that I spoke with greeted the voluntary framework with a collective yawn. Phrases like this were common: “It’s ok – I guess.”Or, “Not much new there for us. We need more specifics for our industry.”Also heard: “No carrot or stick.
Where are the incentives?”No doubt, several of the companies I spoke with fully support the new Framework and spoke highly of the year-long process to get to this point. Meanwhile, other business leaders were glad that government kept the Cyber Framework voluntary with words like, “I’ll listen to Washington when they get their own (federal government) act together.”Nevertheless, I believe this new approach is helpful and matters more than most people currently realize. In fact, this NIST Cybersecurity Framework will be studied at universities, governments and businesses around the world and become a part of “Cyber 101” for Information Assurance (IA) and cybersecurity training programs.No, this Cyber Framework does not uncover new cutting-edge methods for cyber defense, nor is this material for a 400-level course. However, it does create a common language and methodology with a core structure that will lead to the world understanding what is meant by: “Identify, Protect, Detect, Respond and Recover.” It also links to many excellent available resources.But before we look at specifics regarding why the Cyber Framework matters, here is some basic background on the new document as well as sample press commentary about the Framework’s benefits.BackgroundPresident Obama issued Executive Order 13636, “Improving Critical Infrastructure Cybersecurity,” on February 12, 2013.
As stated in the NIST Cybersecurity Framework introduction:“It is the Policy of the United States to enhance the security and resilience of the Nation’s critical infrastructure and to maintain a cyber environment that encourages efficiency, innovation, and economic prosperity while promoting safety, security, business confidentiality, privacy, and civil liberties.” In enacting this policy, the Executive Order calls for the development of a voluntary risk-based Cybersecurity Framework – a set of industry standards and best practices to help organizations manage cybersecurity risks. The resulting Framework, created through collaboration between government and the private sector, uses a common language to address and manage cybersecurity risk in a cost-effective way based on business needs without placing additional regulatory requirements on businesses.' Whitehouse.gov issued launch. Here is an excerpt:'The Framework gathers existing global standards and practices to help organizations understand, communicate, and manage their cyber risks.
For organizations that don’t know where to start, the Framework provides a road map. For organizations with more advanced cybersecurity, the Framework offers a way to better communicate with their CEOs and with suppliers about management of cyber risks. Organizations outside the United States may also wish use the Framework to support their own cybersecurity efforts.' Mixed Press ReactionThere is wide disparity in the articles and press releases that have emerged for and against the new NIST Framework:PC World on how the new Framework can help secure US enterprises.The State of Virginia:'Just hours after the White House officially released the National Cybersecurity Framework, Virginia Gov.
Terry McAuliffe announced the commonwealth will adopt it into its existing risk framework.' Companies like and the work that went into preparing the document, while using the opportunity to remind the world that they take cyberthreats seriously.' Verizon has long focused on protecting the security and privacy of our customers, as well as protecting our networks. All businesses – large and small – need to keep their cybersecurity defenses updated to respond to continually evolving cyberthreats, but not all businesses have the tools or resources to do so.
We applaud the administration for bringing together a wide range of stakeholders to create this cyber framework, which provides a useful tool for companies as they consider the right mix of cyberdefenses to protect themselves and their customers.' My friends over at in January 2014, citing mixed reviews throughout the industry.But other reviews were even less positive:Computerworld led with this article: - Larry Clinton from the Internet Security Alliance (ISA) said more testing is needed to understand what implementation of the framework really means.Allan Pallor from SANS went further. In, he said:“Ooops. The White House is about to step in cyber doo doo. Rather than allowing the impotent and irrelevant 'Cyber Framework' to quietly fade away, Michael Daniel, the White House Cyber Coordinator, plans tohighlight it as an illustration of Obama Administration leadership.
The Framework is the kind of non-effective guidance that led to the Administration's cyber leadership failures documented by Senator Coburn earlier this week.' On Friday of this week, Mike Assante was a bit kinder in their Valentine Day's SANS newsletter:“I applauded the President's action and prioritization of the series of problems we identify with cyber threats and I appreciate that NIST called out the need to address operational technology (specifically automation and ICS) alongside of traditional information technology. At this stage we should have taken the opportunity to explain the real 'what' (nature of cyber threats) and the practical 'how' to enhance our collective cybersecurity posture.My View – Five Reasons Why the Cyber Framework Truly Matters1) The first reason that this Cyber Framework matters is that it comes from NIST - after a year of hard work and several reviews from the public and private sector. NIST has a long track record of setting good standards and roadmaps that federal, state and local government use extensively - from 800-53 to the many other great resources available at their. Obviously, this Framework has the backing of the White House and federal agencies, as well as many key players in the private sector – who reached more than a few compromises to produce the final document.2) The Cyber Framework also offers a common language that can be used across industries as well as best practice options and processes for industry and government. The diagram below shows some of those relationships.Figure 1: Framework Core Structure3) While many criticize the Framework for being voluntary, the Cyber Framework offers the basis for future incentives and penalties that will likely be coming from the White House. It was industry that let government officials know that they didn’t want new regulations or compliance mandates, although this approach may still lead to some of that down the road.
Regardless, this will be the beginning of the cyber “Yellow Brick Road” for many companies that are late to the journey. Others that are further along can use this model to strengthen defenses.4) The focus on risk management through Framework implementation tiers offers a helpful model for organizations to gauge progress. As described in the plan: “The Framework Implementation Tiers provide context on how an organization views cybersecurity risk and the processes in place to manage that risk. The Tiers range from Partial (Tier 1) to Adaptive (Tier 4) and describe an increasing degree of rigor and sophistication in cybersecurity risk management practices and the extent to which cybersecurity risk management is informed by business needs and is integrated into an organization’s overall risk management practices.”Tiers do not represent maturity levels. Progression to higher tiers is encouraged when such a change would reduce cybersecurity risk and be cost effective.5) The Framework offers a continuous improvement process. Cybersecurity is evolving and not a one-time destination. The helpful diagrams describe the roles of various decisions required from the organization at different levels.
Chief Security Officer & Chief Strategist at Security Mentor Inc.Daniel J.
![]() Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
March 2023
Categories |