Saturday, June 27, 2015

Business Continuity Plan versus Disaster Recovery Plan, or should they co-exist?

Disaster recovery and business continuity planning are processes aim for organizations to be prepare for that one disruptive event that can take them out of business, even temporarily. In the context of this assay, it is related to event that can affect the IT systems, be it passive infrastructure (i.e caballing) or systems.

Often, when an organization deals with this subject they often discuss "DRP vs BCP", Disaster recovery or business continuity planning, what’s important, and what can be more cost effective. Most organizations that I'm familiar with takes the approach of " business continuity first, we will deal with the disaster when it will happen". That is why IT organization replicate their servers to a location name "DRP". You have live copy of the content, but will you be able to access it?
Should it was decided to replicate the content of the IT servers to secondary and tertiary sits (someone said cloud?) to allow smooth contingency. It is nice to have them available, but think of the ability to use them.

True story. Some day at 1999, arrived to the office early in the morning, just to find out that the northern wing of the management building was on fire. The first floor was burnt out to the ground (literally the floor fell down on to the ground floor). Unfortunately the Backbone switch was in that floor. Using the infrastructure on the south wing to connect the building back to the working campus network, people were able to return to their desks the following morning.

Having "hot and active" multiple datacenters, that is contingency plan. Having redundant "cold and passive" infrastructure, that is disaster recovery plan.

(Written as part of the Coursera based seminar "Cybersecurity and Its Ten Domains")

Monday, June 1, 2015

So I was invited to lecture at InfoSec2015

So I was invited to lecture at InfoSec2015 in Israel, the 16th annual event of the security industry in Israel. I was talking about the expectations from the service provider to adopt security tools and technics to protect it assets (international links for example) and at the same time to gain some profits, using the security aspects as the new growing engine.
The presentation was already shared (here) then I referred to an article on "People and Commuters" the magazine that organized the event. Apparently someone actually listen to what I have said before, during & after the event and took notes (here, in Hebrew). Therefore for my non Hebrew readers here is a translation of some highlights:

Is security a luxury or a basic consumer product? What about the security of the communications infrastructure provider? These questions were raised by Mr. Roee Besser, Technical Manager for EMEA and APAC at Allot Communications, at InfoSec 2015, held recently.According to Besser, "network monitoring, information security, content filtering and preventing attacks - all these are necessary and have become part of the DNA for Service providers, to allow customers faster and smoother access to the internet" (with DDOS Mitigation platforms).Another area that is gaining momentum, he said, is data security as a service. "Many of those who provide cloud services also provide data security in the cloud. In this way they give a security added value to subscribers."

Monday, May 25, 2015

InfoSec vs CyberSec: same-same but different

Information security and Cybersecurity are often mistaken used as synonymous where actually they don’t.  
To be more focused, Cybersecurity is a subset of information security.
While Information security deals with protection of information from unauthorized access, use, disruption, modification or destruction, regardless of whether the information is stored, the Cybersecurity defines the technologies and processes to protect networks, computers, programs and data from attack, damage or unauthorized access.

In a nut shell, Information security defines what is needed to protected and Cybersecurity defines ways the pathways to this content will be secured.