Are We Willing to Take That Risk?: 10 Questions Every Executive Should Ask About Business Continuity
By Michael Croy and Diane J. Laux
()
About this ebook
"It is becoming increasingly evident that the knowledge of disaster recovery efforts must be accessible to far more than the (IT) experts Achieving success can only be found through the collective effort of a united public, its leaders and organizations."
- Barack Obama, United States Senator
"Progressive organizations with sound leadership now include business continuity and enterprise risk management as key parts of meeting stakeholder expectations and achieving organizational strategic objectives."
- Michael G. Oxley, Vice Chairman, NASDAQ
Michael Croy, an expert in risk assessment and disaster recovery, helps leaders understand what is needed to sustain business today. Through real-life examples, you'll understand what could affect your company-lost data, pandemics, terror threats-and by implementing plans for when something does happen, you're doing everything possible to ensure that employees still have jobs, customers are served, and stakeholders continue to support the company.
Take the first step in proactively managing your company in good times and bad and ask yourself, Are We Willing to Take That Risk?
Michael Croy
Michael Croy is director of business continuity solutions at Forsythe Technology. He has more than twenty-five years of experience in building, developing, and implementing disaster recovery and business continuity programs. He lives in suburban Chicago with his wife, Maria.
Related to Are We Willing to Take That Risk?
Related ebooks
Smiling Security: The Cybersecurity Manager's Road to Success Rating: 0 out of 5 stars0 ratingsMetrics and Methods for Security Risk Management Rating: 0 out of 5 stars0 ratingsButterworths Financial Services Compliance Manual Rating: 0 out of 5 stars0 ratingsIT Security Concepts: 1, #1 Rating: 5 out of 5 stars5/5Information Security Program Management A Complete Guide - 2019 Edition Rating: 0 out of 5 stars0 ratingsSecurity Management Program A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsSecurity And Risk Management Tools A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsCyber Security Resilience A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsCyber Hygiene A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsSecurity Information and Event Management SIEM A Complete Guide Rating: 0 out of 5 stars0 ratingsInformation Security Best Practices: 205 Basic Rules Rating: 0 out of 5 stars0 ratingsInsider Threat Prevention A Complete Guide - 2019 Edition Rating: 0 out of 5 stars0 ratingsInformation Security Science: Measuring the Vulnerability to Data Compromises Rating: 0 out of 5 stars0 ratingsVulnerability And Patch Management A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsRisks Classification A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsFight Fire with Fire: Proactive Cybersecurity Strategies for Today's Leaders Rating: 0 out of 5 stars0 ratingsTechnology Risk And Cybersecurity A Complete Guide - 2019 Edition Rating: 0 out of 5 stars0 ratingsOperational Resilience A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsBeyond The Spreadsheet: A Practical Guide To Understanding Your Risks Rating: 0 out of 5 stars0 ratingsThe Chartered Cyber Security Officer Rating: 5 out of 5 stars5/5Maximizing Project Value: A Project Manager's Guide Rating: 0 out of 5 stars0 ratingsThreat modelling Second Edition Rating: 1 out of 5 stars1/5Operational Resilience Complete Self-Assessment Guide Rating: 0 out of 5 stars0 ratingsThe Risk Free SME Rating: 3 out of 5 stars3/5CC Certified in Cybersecurity The Complete ISC2 Certification Study Guide Rating: 0 out of 5 stars0 ratingsCyber Security Awareness A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsSecurity Monitoring A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsFedRAMP Compliance A Clear and Concise Reference Rating: 0 out of 5 stars0 ratingsEasy Steps to Managing Cybersecurity Rating: 0 out of 5 stars0 ratingsSecurity Vulnerability Threat Assessments A Complete Guide - 2019 Edition Rating: 0 out of 5 stars0 ratings
Business For You
The Intelligent Investor, Rev. Ed: The Definitive Book on Value Investing Rating: 4 out of 5 stars4/5Emotional Intelligence: Exploring the Most Powerful Intelligence Ever Discovered Rating: 5 out of 5 stars5/5The Book of Beautiful Questions: The Powerful Questions That Will Help You Decide, Create, Connect, and Lead Rating: 4 out of 5 stars4/5Your Next Five Moves: Master the Art of Business Strategy Rating: 5 out of 5 stars5/5The Richest Man in Babylon: The most inspiring book on wealth ever written Rating: 5 out of 5 stars5/5Becoming Bulletproof: Protect Yourself, Read People, Influence Situations, and Live Fearlessly Rating: 4 out of 5 stars4/5Robert's Rules Of Order Rating: 5 out of 5 stars5/5Financial Words You Should Know: Over 1,000 Essential Investment, Accounting, Real Estate, and Tax Words Rating: 4 out of 5 stars4/5Grant Writing For Dummies Rating: 5 out of 5 stars5/5Lying Rating: 4 out of 5 stars4/5Collaborating with the Enemy: How to Work with People You Don’t Agree with or Like or Trust Rating: 4 out of 5 stars4/5How to Get Ideas Rating: 5 out of 5 stars5/5Tools Of Titans: The Tactics, Routines, and Habits of Billionaires, Icons, and World-Class Performers Rating: 4 out of 5 stars4/5Confessions of an Economic Hit Man, 3rd Edition Rating: 5 out of 5 stars5/5Crucial Conversations: Tools for Talking When Stakes are High, Third Edition Rating: 4 out of 5 stars4/5Crucial Conversations Tools for Talking When Stakes Are High, Second Edition Rating: 4 out of 5 stars4/5Good to Great: Why Some Companies Make the Leap...And Others Don't Rating: 4 out of 5 stars4/5Robert's Rules of Order: The Original Manual for Assembly Rules, Business Etiquette, and Conduct Rating: 4 out of 5 stars4/5Ask for More: 10 Questions to Negotiate Anything Rating: 4 out of 5 stars4/5High Conflict: Why We Get Trapped and How We Get Out Rating: 4 out of 5 stars4/5Law of Connection: Lesson 10 from The 21 Irrefutable Laws of Leadership Rating: 4 out of 5 stars4/5Just Listen: Discover the Secret to Getting Through to Absolutely Anyone Rating: 4 out of 5 stars4/5The Catalyst: How to Change Anyone's Mind Rating: 4 out of 5 stars4/5Summary of J.L. Collins's The Simple Path to Wealth Rating: 5 out of 5 stars5/5Buy, Rehab, Rent, Refinance, Repeat: The BRRRR Rental Property Investment Strategy Made Simple Rating: 5 out of 5 stars5/5Summary of Eve Rodsky's Fair Play Rating: 2 out of 5 stars2/5
Reviews for Are We Willing to Take That Risk?
0 ratings0 reviews
Book preview
Are We Willing to Take That Risk? - Michael Croy
Copyright © 2008 by Michael Croy and Diane J. Laux
All rights reserved. No part of this book may be used or reproduced by any means, graphic, electronic, or mechanical, including photocopying, recording, taping or by any information storage retrieval system without the written permission of the publisher except in the case of brief quotations embodied in critical articles and reviews.
The identifying details of some of the companies and individuals in this book have been changed. Neither the authors nor the publisher shall be liable or responsible for any loss or damage allegedly arising as a consequence of your use or application of any information or suggestions in this book.
iUniverse
1663 Liberty Drive
Bloomington, IN 47403
www.iuniverse.com
1-800-Authors (1-800-288-4677)
The views expressed in this work are solely those of the authors and do not necessarily reflect the views of the publisher, and the publisher hereby disclaims any responsibility for them.
ISBN: 978-0-595-52406-8 (pbk)
ISBN: 978-0-595-51655-1(cloth)
ISBN: 978-0-595-62460-7 (ebk)
Contents
Acknowledgments
Introduction
Question One
Crisis Du Jour
The Cost of Lost
Bad News and Good News
Question Two
Disaster Recovery ≠ Business Continuity
Assessing Your Plans
Understanding What’s Covered
Question Three
Scenario Planning
Minding the Supply Chain
Determining the Potential Business Impact
Question Four
Separating What’s Real
from What’s Make Believe
Validating the Strategies
Partnering With the Public Sector
Question Five
Considering People, Places, and Things
Putting People First
Question Six
The New Regulatory Era
Addressing Fiscal and Fiduciary Responsibilities
Question Seven
Identifying Where Risks Reside
Accepting, Assigning, and Mitigating Risks
Question Eight
Communications and Reputation Management
Expectations and Personal History
Business Unit Expectations
Versus IT Capabilities
Question Nine
The Business Context of IT
Optimizing Existing Infrastructure
The Newest Technology Isn’t the Only Answer
Question Ten
Appendix
About the Authors
To the highlight of my life,
my wonderful wife, Maria
Acknowledgments
There are far too many people to thank for their help in writing this book, but I’m going to try.
Diane Laux has been a dream to work with. I hope the feeling was mutual, but considering she knows where the skeletons are buried, I tried not to give her too much #&%@!
Thanks to the Forsythe marketing department, which has assisted every step of the way; my wonderful team of business continuity and disaster recovery professionals who work tirelessly to provide business with plans to prevent something nasty from happening and to save them if it does; and to Bill Brennan, president and CEO of Forsythe who offered initial encouragement along the lines of Hey, Mike, when are you going to write a book?
and then supported me throughout the process.
Thanks to all of the contributors to this book, from John Jackson to Scott Smith and especially to my dear friend David Nolan. Without David’s years of encouragement in this business, none of this would have happened.
Most importantly, I thank Maria, my sweet, loving wife of all these years. She put up with a lot and was always there for me. And my beautiful daughters, Melissa Reams and Megan Melendez, who have given me joy every day of their lives. Their husbands, Andy Reams and Rick Melendez, who are the men a father would wish for his daughters. Of course my wonderful grandchildren, Benjamin, Eagan, Eliza Jane and our newest grandbaby, Callum James … Papa loves you, too.
To American business, thank you for the years of education, enlightenment and enrichment you have allowed me to share with you. Please remain vigilant, remain prepared, and remain resilient.
+When written in Chinese the word crisis is composed of two characters. One represents danger and the other represents opportunity.
- John F. Kennedy
Introduction
I am not a disaster monger.
As a child, I distinctly recall my momma telling me that little boys who played with matches would wet the bed, thus ending my brief-lived fascination with fire. But when I began my career, I found myself drawn to the knowledge that by thinking about what could affect my company—a fire, a flood, a strike—and putting some plans in place in the event something did happen, I knew our employees would still have jobs, our customers could still get product, our shareholders would still support the company stock.
In the early 1970s, I started as a production scheduler with Stewart-Warner Corporation, a manufacturer of automobile gauges and oil additives. I’d procure products, piece parts, really, and just write down what I needed on a slip of paper, give it to an order entry clerk and it went to the great computer in the sky. Everyone was amazed we were doing this cool computer stuff. The problem was that the software was prone to major glitches. Folks would load a stack of punch cards and pray they didn’t shoot back out in a buff-colored rainbow across the room.
I knew those glitches couldn’t be allowed to interrupt the manufacturing process, so when everything was entered into the computer, we made a hardcopy of the orders and an intern ran around the company getting signatures and approvals and such. It was sort of a backup plan, okay? Plus it gave a kid a job and helped pay his way through college. He probably runs a software company somewhere now.
When I started at computer peripherals manufacturer, Storage Technology Corporation (StorageTek) in the 1980s, Jesse Aweida was heading the company. I remember my first portable
computer there was the size of a sewing machine. It took both hands to pick up and carry the thing. You took the cover off and connected it to any phone line and you could download a gigantic amount of data. 500K. In an hour. Now I can look at spreadsheets that size on my cell phone.
From there I joined Network Systems Corporation, and their high-speed channel extension products really pulled me into disaster recovery. A company could run their mainframe computer in Poughkeepsie, and using channel extension put a remote tape drive in Piscataway that the mainframe could drive. It was unheard of and was a natural application for disaster recovery. At Network Systems I also got my first look at this crazy idea called the Internet and worked with Charley Kline, who was in information technology at the University of Illinois. Folks like Charley, Doug Comer, author and professor at Purdue, and Jeff Case, with the University of Tennessee-Knoxville were the visionaries behind what the Internet could do for business.
In the 1990s when I went to Comdisco, by far the leader in the disaster recovery and business continuity industry, I had the chance to work with a cadre of brilliant thinkers like David Nolan, John Jackson, Vic Fricas and Bob Sibik. When I started really thinking about business continuity futures and where this industry could go, David Nolan was the first person I conceptually started picking up ideas from. Probably on a dare, Nolan put me in charge of creating a global trading floor recovery practice. I also learned a tremendous amount working at the side of Bob Cassiliano, the most knowledgeable person in trading floor recovery, then and now.
And then I landed at Forsythe, where I continue today. Here, I’m yet again surrounded by RSPs (Really Smart People). This group is focused on how to make technology work for you, maximize your technology investment, and give you the language and the knowledge for truly addressing your company’s risk.
In this book, drawing upon my 25 years of experiences in and out of the business world, I hope to establish a foundation for your business continuity considerations. Each chapter represents one of 10 questions, keystones really, for business leaders to use in exploring their organizations’ risk and continuity underpinnings.
Each chapter will provide context for the questions, and will close with summary thoughts and follow-up questions. I hope you’ll come away knowing that you have a crucial role in ensuring your organization’s future, requiring you to take the right risks and ask the right questions.
So if this book raises more questions than answers, then I’ve done my job.
The rest is on you.
These are the times that try men’s souls.
- Thomas Paine
Question One
What’s the Worst That Can Happen?
Weekends were made for sleeping in, kids’ soccer games, and network upgrades. In hundreds of places, all over the world, weekends bring engineers and technicians together to perform the computer equivalent of a 50,000-mile tune-up or add some racy new model to the data center ranks.
Your company’s data center may be hidden in the basement of your building or situated time zones away. You may have one data center; you may have four. But this mind-blowing, pulsing, whirring, sophisticated, data-jammed, compilation of old and new technology is similar to a delicate little snowflake. No two are alike.
Another quirk about data centers: between all the electrical equipment housed within and the miles of electrical cables housed beneath, like snowflakes, they’ll melt if not cooled properly.
Precision cooling systems protect the equipment; fire suppression systems protect the whole data center. Halon was king of fire suppression agents before we learned it also suppressed the ozone layer. Today we often use water and clean agent gas, though some halon systems are still around.
On one particular weekend of upgrades in the 1980s, a halon system protected the computer rooms of a leader in the oil and gas industry. Not that it mattered; because a new piece of equipment was