The Implementation of the backup strategy

The backup strategy can be your biggest defense in case of a cyber-attack. Establishing a good strategy to perform the data protection process is an essential part of an effective risk management program and even more so when our infrastructure is based on virtualized environments, with a process of constant data replication.

The design of the strategy will depend on the size of the organization and the amount of data generated by the company operation. As part of the strategy, we must consider both the process that is executed to obtain the backup and the process of restoring the data. To design an effective strategy, we must focus primarily and with a thorough evaluation of the planning, implementation, and management of testing procedures. For this we must consider primary the following:

1. The criticality of the business process and the applications that support them

2. The objectives of the organization, especially the availability requirements

3. Cost and security

4. Restrictions on hardware, personnel, space to store data, available backup media and their physical security.

 If backup services are managed by third parties, agreements must be implemented to guarantee the continuity of operations within the company in the event of an adverse event materializing. In this scenario, it is important that information systems staff should work closely with the external entity to ensure that the requirements of the company are being met as agreed.

If you like this post, you can follow me at pampaostarsagent.blogspot.com

Thanks for Sharing!

El diseño de la estrategia de respaldo

La estrategia de respaldo puede ser su mayor defensa en caso de un ciberataque. El establecer una buena estrategia para realizar el proceso de resguardo de datos forma parte esencial de un programa efectivo de manejo de riesgos y aún más cuando nuestra infraestructura está basada en ambientes virtualizados, con un proceso de réplicas de datos constantes.

El diseño de la estrategia dependerá del tamaño del entorno informático y la cantidad de datos generados por la operación. Como parte de la estrategia debemos tener en cuenta tanto el proceso que se ejecuta para obtener la copia de seguridad como el proceso de la restauración de los datos. Para diseñar una estrategia efectiva debemos enfocarnos principalmente y con una evaluación minuciosa de la planeación, implementación y gestión de las pruebas de restauracion de datos. Para ello debemos tener en cuenta lo siguiente:

1.  La criticidad del proceso de negocio a resguardar y las aplicaciones que los respaldan

2.  Los objetivos de la organización, especialmente los requisitos de disponibilidad

3.  El Costo y la seguridad

4. Las restricciones en hardware, personal, espacio para almacenar los datos, los medios de respaldo disponibles y su seguridad física.

En caso de que los servicios de respaldo sean administrados por terceros, se deberán implementar acuerdos contractuales que garanticen la continuidad de las operaciones dentro de la empresa en caso de materializarse un evento adverso. En este escenario es importante que el personal de sistemas de información deba trabajar de cerca con la entidad externa para asegurarse que los requerimientos de la empresa se estén cumpliendo según acordados.

Una vez estalecida la estrategia debemos asegurarnos que el personal  asigando a monitorear el proceso de respaldo, este debidamente capacitado para ejecutar esta tarea.  En estos momentos donde el cibercriminal esta en constante evolucion, la capacitacion del personal en los procesos que son criticos para nuestra empresa sean convertido en una tarea esencial dentro de nuestra empresa.  "Recuerde que la mejor defensa para  una empresa es contar con un personal debidamente capacitado."  

The Power in Wrong Hands

A few days ago, I had an exchange of opinions with my husband about the problems we are facing worldwide. My husband was clinging to his idea that the root of conflicts between nations is the cause of the religious idea that divides humanity, an argument with which I disagree in its entirety. In my opinion, it is not the religion that divides the humanity, it’s the insatiable thirst for power of some human beings, who often use means such as religion, need beliefs, political ideas, and even the fear in order to achieve their goals. On occasion, I have heard the people saying, "Give power to a man and you will see his true face" or "Power and money corrupt a man".

I am inclined by the idea that the person does not change, he just let’s flow all the inside feelings without fear of losing his position. Does not the Snake wait for the right moment to attack? The same is a man waiting to be granted the power to teach his true intentions. The thirst for power and unreasonable acquisition is what has led the human being to forget about the things that are most important in life, friendship, love, nature, family and especially the opportunity we have every day to live full of hopes and possibilities of forging a better tomorrow.

Just this weekend I see in the news that in the State of Virginia where some misfit called the organization KKK, were participants in a manifestation of violence and intolerance forged by separatist and discriminatory comments. These kinds of situations are what I was mentioning about when I was talking with my husband about the conflict between nations. It is so beautiful to enjoy the diversity that the world offers us. Learn from different cultures and beliefs, be integrated into a new modality. The world needs more people who are integrators like the governor of Virginia and less separatist like this community. I urge you to integrate and see how similar we can be within our different worlds. That the sense of power is just that an ideology, a feeling, that we are much more than a group or culture. We are what unites the world!

It fills me with much joy to know that we have people like the president of Virginia. There we could see the importance of knowing our roots and inculcating them through our generations and of visualizing the world as what is the place where we all have rights to feel part and not be discriminated against.

Here I Share the Words of the Virginia Governor!

https://twitter.com/UniNoticias/status/896546707948924928

If You like this post, you can Follow me to share more post like this with you! Have a Nice Day!

The Cybersecurity Search

I am part of a generation that has lived the evolution of technology year after year. I've been a part of every breakthrough, from the text messaging device called "beeper" to the DynaTAC 8000X mobile phone that at that time only the wealthy class could have one of these. Like many of my generation, I am passionate about everything related to technology, but I must admit that the most that captures my interest is related to security and risk events in technological resources. I spend my free time reading articles, books and / or reports on the latest incidents or events that have tested the security measures implemented by companies, through attacks perpetrated by cybercriminals.

It is interesting to evaluate each event, to look for the root cause, the security measures that the cyber-criminal broke, what security measures were implemented to mitigate the cyber-attack and compare them with the measures that I would implemented if were my case. I take more focus on the lessons learned by each event and the peculiarities of each event, since each company has its own structure. As an inveterate lover of the subject I must confess that there is not an absolute security, that there is always a risk to which our company will always be exposed. The difference lies in how prepared your staff and the company are to face an adverse event. The exposure is always there, The result of whether it affects us and how much it affects us, is determined with the measures we implement, the strategies we establish and the continuous evaluation of their progress.

                       If You like this post, you can Follow me to share more post like this with you!

Information Technology Risk Management

The need to constantly evaluate the security measures implemented in our mechanized operational processes arises from constant change in technology and the incursion of new techniques for cyber crimes that put our operation at risk. It is important to have the right equipment to carry out, these and other evaluations, which provide us with the necessary information to protect us from any adverse events.

That is why, with each update and / or integration of a new program, it is recommended that the company conduct a risk assessment. The scope of the risk analysis will depend on the needs of the company, this can be a strategic, operational, financial and / or Compliance. In the attached image, I share a general model of risk assessment:

Legislation to protect assets from cybercrime

The availability of technological resources in your company, to streamline the processes brings with it some legal responsibility, in order to protect the assets of your company. In the past years, legislation that has been deemed necessary to provide your company with tools to protect your assets from cyber criminals has been developed.

These laws and/or regulations also require your company to implement certain security measures within your business structure so that you can mitigate, respond and in the event, protect yourself from legal action by third parties in case you are a victim of the Adverse event.

The questions we must ask ourselves today:

•  Is my strategy to manage the risk associated with technological resources alienated with my current business model?
•   I’m in compliance with the regulations established in my industry?
•  How prepared am I in case an adverse event affects me?

Always expect the best, preparing for the worst.

If You like this post, you can Follow me to share more post like this with you! Have a Nice Day!

The properly documentation of the Incident Procedures

Sometimes we forget to properly document the adverse events that arise in our operation and only focus on the resolution of this event. Proper documentation of incidents and lessons learned is of the utmost importance within the effective management of our resources.

This provides us with the necessary information to prevent the occurrence of another similar event that may jeopardize the proper functioning of our technological resources. At the same time, it can help us in evaluating the response procedures to an unexpected event within the operations.

It is so important the strategy used to mitigate the mishaps of an adverse event, as the solution of the suspicious events. Since depending on the strategy used defines the success or failure of the recovery of our systems.  If the personnel do not know the events or movements that lead to the failure of the effective recovery of the system, will not know how to correct these errors in a next time and the same would happen if you did not know why this adverse event was generated. Proper documentation of these events and their analysis is recommended.

                           If You like this post, you can Follow me to share more post like this with you!