Are there any specific aspects of your Business Continuity Plan (BCP) that you believe need updating following the CrowdStrike Windows outage?
Sort By:
Oldest
Director of IT in Transportation2 months ago
Yes, a couple of things...1) Develop experience in your teams with the FEMA Incident Command System (ICS). There is free online training for it. Very useful framework for managing incidents including information systems ones. When an event happens, senior management appoints an incident commander who is familiar with using that system, and it expedites getting the right things done and communicated well.
2) With all of your vendors who bring in change to your organization (most do), try to have a way of vetting it with a small subset, or delaying its adoption until more of the world has tried it, if you can. Vendors who automatically push changes to all your devices (especially if they have weaker QA or process control) should be required to provide you ways of testing before you accept..
Chief Information Technology Officer in IT Services2 months ago
Update communication protocols to include alternative channels for notifying employees and stakeholders during an outage.
This of course introduces new risks (some assets carry vulnerabilities longer) so this is best achieved with a segmented network - the mission-critical assets get updated later but are behind another firewall to protect them.