In Other Words – instead of assuming a risk profile, and assess risks – assume it will happen to you (it is just a matter of time).
Now what? In fact it may be a good exercise to think about the ramifications of a failure in cybersecurity.
The idea is to create a scenario which is the worst case and play out what would happen – so that one is ready for this set of circumstances.
I know I have discussed this before – and the reason to do this exercise is to now ensure that the failure is possible.
The problem with management is one never thinks it will happen.
But in catastrophe planning one does need to think it will happen.
Example: All data is lost (ransomware, failed disk, server is stolen, etc)
Now how does one recover the data? Do you have a backup ? Did you test the backup? If you never test the backup you will see the recovery process and test process for the first time when it is important to have a baseline to go from.
It may not be wise to run the recovery process for the first time after you have an “event”
Contact us to discuss your procedures and more