Security Ripcord

There, I said it.  If you are developing an Incident Response Plan, Business Continuity Plan, Disaster Recovery Plan, or any other important plan for that matter, you should consider utilizing some type of development life cycle.  In the title I refer to SDLC which could stand for Software or System Development Life Cycle depending on who you are.  But for this let’s go with System Development Life Cycle (SDLC).

Now I am not going to map this all out for you.  There are plenty of resources out there and, frankly, I am just too tired right now.  But I will tell you that each of these aforementioned plans require that your organization defines your requirements, designs a solution, develops the solution, implements what you have, tests everything, and then maintains the plan.  Of course you do not have to follow the traditional waterfall method as I have just described, but it is definitely a good place to start.  Actually, plans such as these would probably be better fitted by some type of group development strategy such as SCRUM.  This will allow you to identify the key personnel (Subject Matter Experts), managers (stake holders), and end-users (and anybody else that can provide positive input) and use them to define the requirements for success and then allow the team to determine how to best achieve the stated requirements.

Where did all of this come from?  Well, Hurricane Ike is in the Gulf of Mexico and it was originally headed straight for Corpus Christi.  Once the possibility of landfall here in CC was announce the town exploded with activity, including my house.  Food, water, clean yard, clean garage, board up the windows.  All of these things became last minute necessities that took the better part of a day to accomplish nearly completely.  What I learned from this all is that you might have a good plan, or inherited a good plan, but if you do not continue with testing and maintenance then the plan is going to fail.  A couple of personnal examples:  water filtering resources ran out of water, a run on plywood and particle board made many people wait for empending shipments to arrive, plywood coverings and their fastening locations warped over time making them hard or impossible to utilize, and more.  Small potatoes to a business but what about server power, alternate sites (are the buildings even still there?), backup management, location of personnel and their families, etc.  When was the last time that you have tested all of these?  Are your critical assets still the same?  What happens when you are backing everything up and you realize you have a security incident D’oh, two plans for follow simultaniously!!  Do you have the resources for that?

Using an SDLC will help you manage these plans better and insure that when you do need them, they work.  Good luck.

Go forth and do good things,

Don C. Weber

(NOTE: Slightly updated from the original.  I was very tired when I originally wrote this and I just wanted to add a few more clarifying points and examples.)

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported.

You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.