PreparedAlready.com
PreparedAlready.com
OUR BLOG
3 Drills To Practice Situational
Awareness While In Your Car
Situational (or situation) awareness is a simple concept, but in practice it is far from it… While you may think that you know what’s going on around you, the fact is that your brain will best process the things that your are focused on, while at the same time consciously missing LOTS of other things that are within your visual…
To drill (practice) your situational awareness will sharpen your sensory perception, your powers of observation, and hopefully enable you to pick up more anomalies in the environment.
Under many circumstances throughout a typical day, you are bombarded by sensory data, and your brain (while dealing with sensory overload) will not alert the conscious mind of all the information that is flowing in. That, coupled with your personal experiences will tend to shape what your mind keeps and discards as important or irrelevant, the result of which will create blind spots – which can prove detrimental.
Many people will also (and often) be thinking about ‘everything else under the sun’ while absently ignoring their present vicinity as they go about their daily routines. This behavior creates quite an advantage for an opportunist while seeking their prey.
There have been many articles written here about situational awareness. But here are a few more drills to test and hone your own:
1. During your driving commute to work, pay attention (safely ) to the vehicles around you. Do you recognize any of them from the day before or from any previous commute? See how many vehicles you can pick out that travel the same route at the same time as you. During the days (years!) of my regular commuting, it was very interesting to discover over time the same vehicles that traveled much of the same route during the same time. It makes sense of course (other people commute to work during the same approximate times as you), but I found the exercise to be interesting…
2. While observing other cars on the road (safely!), look at and notice the driver. What is the driver doing? Are you able to ‘sense’ their body language? How do you feel about the way they are driving? This drill hones your awareness of observation and your instinctive ‘sense’ while in a moving environment where observation may be a bit difficult (observing out and through your own bubble and into someone else’s).
3. As you are driving, randomly pick a car and then as quickly as you can – begin any and all observations to describe the vehicle to someone else. For example if you had observed a getaway car in a crime and you were asked to describe it, what details would you be able to recall?
Overview Of A Disaster Recovery Plan
Whenever accidents, disasters and natural events interrupt day-to-day business activities, one thing can be certain: corporations lose money. The amount of money often depends on how prepared businesses are for dealing with interruptions. An up-to-date, well-planned and well-practiced disaster recovery plan often makes the difference between quickly returning to business as usual and failing for months or even years from the devastating repercussions.
Any event that interrupts business due to the loss of operational ability required for normal operations qualifies as a disaster. A disaster recovery plan is a blueprint for recovering from these events. A DRP does not seek to duplicate a business rather, its intent is to increase the chances of survival and to minimize the effects of the loss.
Disaster recovery planning is a set of tasks that must be performed. In addition, it is filled with potential hurdles that even the best intentions, most intelligent people in the organization can overlook. Regardless of whether the plan is developed using internal talent, external experts can help. Disaster recovery planning is an essential process for companies.
The basic tasks proceeding and maintaining recovery preparedness make good economical and business sense. In most cases with less effort than anticipated, disaster recovery planning can improve efficiency, reduce recurring issues and, through reduced downtimes and better managed processes, pay for itself.
Management must first understand the characteristics associated with a crisis. Any crisis has the following characteristics:
1. Surprise
2. Insufficient Information
3. Escalating Flow of Events
4. Loss of Control
5. Intense Scrutiny from Outside
6. Siege Mentality
7. Panic
8. Short-term Focus.
One strategy used to put the crisis in the proper context is to establish an order of magnitude with respect to the crisis. Crises may be categorized into one of three levels:
Level I-Low Risk
No serious injuries, minimal physical damage, no disruption to critical business operations, minimal impact on routine business activities, minimal distress to employees.
Level II-Moderate Risk
Serious (life threatening) injuries, significant number of minor injuries, minor damage to property and facilities, minor or impending disruption on critical business operations, moderate impact to routine business activities, moderate employee distress.
Level III-High Risk
Major human casualties including death, major physical damage, significant impact on critical and routine business activities, media visibility, potential customer and shareholder impact.
As part of the disaster recovery plan, an established Escalation Procedure should be tied to each of these levels so that if the situation escalates to the next level procedures are already in place.
As part of a disaster recovery plan, crisis events are defined in a slightly different manner. The least serious event could be described as a "serious incident", which involves a minor loss of data, a roof leak that drenches several shelves of replaceable books in a library or a threat from a drunken employee.
The term "emergency" is used in the event of a single casualty, a moderate fire, or substantial vandalism that compromises the security of the site.
A "major emergency" classification covers serious damage at a single site and possibly several casualties.
A "disaster" is defined as an event that is beyond the powers of first responders to prevent or control, and that results in serious damage and prolonged service disruption at several sites and possibly a number of casualties. The term "disaster" means the interruption of business due to the loss or denial of the information assets required for normal operations. It refers to a loss or interruption of the company's data processing functions or to a loss of data itself. Loss of data could result from accidental or intentional erasure or destruction of the media on which data was recorded. This loss could be caused by a variety of man-made or natural phenomena.
Loss of data could also refer to a loss of integrity or reliability either in the dataset (or database) itself, or in the means by which data is transported, manipulated or presented for use. Corruption of programs and networks could interrupt the normal schedule for processing and reporting data, wreaking as much havoc within a company as would the loss of the data itself.
The above conception of disaster may suggest that only a major calamity - a terrorist bombing, an earthquake, or even a war - would qualify as a disaster. Most people might imagine in a smoking data centre rather than an accidental hard disk erasure at the small business office down the block. In either case, if the result is an unacceptable interruption of normal business operations, the event could be classified as a disaster. Disasters are relative and contextual.
Simply stated: A disaster is an occurrence that disrupts the functioning of the organization resulting in loss of data, loss of personnel, loss of business or loss of time:
Organization of the Disaster Recovery Plan
A written and tested disaster recovery program can determine whether or not your business fully resumes operations after a catastrophe. A sound program is actually a collection of specific action plans:
1. A disaster avoidance plan to reduce or limit risks.
2. An emergency response plan to ensure quick response to incidents.
3. A recovery plan to guide the firm in resuming vital business functions.
4. A business continuation plan to fully restore all business activities to normal.
Disaster avoidanceis the cornerstone of any disaster recovery plan. The first step in creating an avoidance plan is to analyze the potential hazards/risks and how well you are protected against them. This step should be accomplished during a risk/business impact analysis. The next step is to develop procedures for protecting those vulnerable assets/processes that are identified.
Even the best avoidance plan cannot prevent every disaster. When a serious incident occurs, a company must have an emergency response plan. The focuses of this plan should be the personnel and tasks necessary to immediately mitigate damage to people and company assets. After ensuring the human safety for employees, visitors, and the public, the plan should also address public relations and advertising strategies to let your clients know that you are still in business and where they can reach you.
If the emergency escalates to the disaster level, a comprehensive disaster recovery plan must be ready to implement. This plan should contain two main sections that address the specific action plans for:
1. recovering critical business functions, and
2. restoring the business to pre-disaster conditions.
The scope of the disaster will also have an impact on the business' recovery. Regional disasters could affect others with whom you do business including clients, vendors or emergency personnel. The plan should consider the possibility of competing for resources. Developing a comprehensive disaster recovery program that incorporates the four action plans takes foresight and commitment. But if catastrophe strikes, an effective written disaster recovery plan will provide a smooth, speedy return to business instead of diminished customer confidence, loss of clients and ultimately, failure.
The objectives of a disaster recovery plan are four-fold:
1. To limit the extent of the damage and to prevent the escalation of a disaster
2. To prevent personal injury to the company personnel as well as the general public
3. To prevent physical damage to company property, and
4. To minimize a disaster's economic impact on the business.
With properly organized plan documents, it should be able to look at the disaster recovery plan's table of contents for an overview of plan functions. The reason for this is simple: Most plans are compiled as sets of procedures that are developed to accommodate recovery strategies.
Body of the Disaster Recovery Plan
The complexity of a disaster recovery plan is directly related to the size of the organization.
For very small firms the development of the coordination and recovery procedures may include all employees. For other larger companies, it may be necessary to assign functional business areas the full responsibility for developing and maintaining their section of the DRP. After all, it will be the recovery team for the functional business area that will be responsible for recovering the operation.
If each functional business area is responsible for developing its own disaster recovery plan, a central control area should also be established. This area should be responsible for coordinating the development effort, training the line planners, recruiting from within line operation and managing scarce resources.
As for the business resumption planners, each major area of the organization should make resources available, usually part-time resources (at least half time) familiar with the areas for which they would develop plans. Having planners from the areas for which they would develop plans is important in two ways. Much of the success in getting resumption plans developed in a timely fashion comes from the relationship that the planners have with the areas. Not only are the planners familiar with the areas, which gives them knowledge of the people and resources, but the areas are familiar with them. With this relationship already established, the development of the plans goes much more smoothly and quickly.
If the scope of the project is still quite large, the disaster recovery plan development efforts should initially focus on three critical areas:
1. The first is the development of an Incident Management Plan and the Incident Management Team.
2. Then, recovery procedures should be addressed.
3. And finally, an infrastructure within the organization should be created to support any disaster recovery effort, i.e., replacement staff, key supplies, etc.
General Issues to consider:
The Disaster Recovery Plan
Creating a business continuity plan is far from a trivial exercise.
Risk Analysis
Risk analysis is inextricably linked with disaster recovery. Assessment of the risks which may lead to disaster is essential in the determination of what controls are appropriate to the situation.
Disaster Recovery Audit
How do you ensure that your disaster recovery plan meets your actual needs? How do you know that it will all work? Do you audit it, and if so, how?
Equally fundamentally, do you know what your resource/service dependencies are and what their time criticalities are? What of your actual everyday contingency practices - do they measure up?
Disaster Recovery and Planning
Being Proactive Can Save You Millions
Every business should consider having a well-defined Disaster Avoidance Plan that complements and improves on its disaster recovery strategy. Proper development and implementation of both a plan and strategy will minimize downtime and ultimately improves business operations.
Documenting a plan for disaster avoidance and disaster recovery should occur simultaneously, since both complement each other. Plans are complete once both disaster avoidance and disaster recovery are documented and approved by management personnel including IT, facilities and executive management.
It's very common for disaster avoidance and disaster recovery not to be top priority for small businesses running without an IT department. In fact, many small businesses may have little or no emergency planning for data loss or know how to respond to a catastrophic disaster.
The reality is data interruptions or server crashes could doom a thriving or developing business, especially those conducting a large share of business online. These businesses need to be guaranteed they are up and running at least 99.75% of the time. The more time a business is down, the more the bottom line suffers. This can be a challenging situation when businesses have real-time requests, all their information stored online and bills to pay.
Obviously, guarding against business downtime resulting from any type of catastrophic event is of utmost importance to any business. This is where disaster planning can eliminate unforeseen events. RAID 5 server configurations are an excellent server build strategy to consider during the planning phase of business operations. When set up correctly, RAID 5 can detect errors while the server is running and correct them without any data loss or downtime. This is critical in meeting the goal of 99.75% uptime.
Despite this, disasters can still occur where the server is physically removed or destroyed as a result of theft, fire, flood, tornado or hurricane. Proactive planning for these rare occurrences ensures top-level management knows its staff is anticipating occurrences before they happen and eliminating what-ifs associated with catastrophic and unforeseen events.
This is where redundancy and off-site backup storage come into play. The thinking behind off-site storage is that while the primary site may be physically damaged, the remote site containing the backed-up files will stay intact. Logically, the remote site must be physically located away from the primary site. Should the need arise, the backup files can be transferred over to a server, and the business will continue operating.
Keeping downtime to a minimum is one primary objective of disaster recovery.
Exactly what a business needs in terms of off-site backup depends on the type and size of the business. Larger businesses with mission-critical data systems may have hot or cold sites.
A hot site provides the highest level of remote data storage security possible. Not only does the remote site serve as a mirrored backup site, but it is also an exact replica of the primary business location.
A hot site has all the equipment necessary for continuing business operations without missing a beat should the primary business location go down.
A cold site usually involves leasing remote office space to move into in the event of a catastrophic event. The business will need to install equipment, hardware and software to resurrect operations. A cold site will have the actual space needed to continue operations, but a time lapse will occur in order to actually get the business up and running. A cold site is an affordable option for small businesses that have limited staff and can survive from little or no data access for a period of one to seven days.
Should a hot or cold site not be a viable option, there are companies that also offer offsite remote storage for a monthly or annual fee.
Oftentimes, these companies provide a full-service contract to include daily backups during off-hours and email confirmation of the backup to designated employees. The vast majority of these services offered are done via the Internet using secure file encryption.
By using these providers, small business owners and even personal computer users can back up their systems online and recover critical files should the need arise. In order to use one of these services, a broadband Internet connection to the online business is required and considering the volume of data to be backed up will influence cost. These online backup options are affordable and should be implemented to create a third tier back up for your "high value" digital assets.
The benefits of having a three-tiered backup are truly realized when the need occurs. Ultimately, plans must be made for both disaster avoidance and recovery.
Should the need arise and a disaster plan has been fully implemented, it is not a significant problem responding to a data loss.
Conversely, should a disaster happen, catastrophic data loss under this situation could prove doom to the future of your business. With simple planning and implementation, all the gloom and doom can be avoided. Also, communication to vendors and your clients that you have a multi-tiered backup solution adds value to your company.
Here is a simple checklist to determine what actions you should take when planning for disaster avoidance:
1. What is our current disaster recovery strategy? Objectively review the current disaster recovery plan in place. Make it a priority to implement one as soon as possible.
2. How is data being backed up and replicated offsite? Determine exactly how data backups are currently being performed onsite and remotely.
3. Does your business need a higher level of data backup? Determine whether your business could benefit from setting up a RAID 5 or 6 server configuration. Check your backups daily.
4. Are data backups being stored offsite in the event of a catastrophic event? If not, then consider the risks involved of not having access to critical files and how long your company could survive without them.
5. Does your business need a hot site, cold site or simply online remote backup of mission-critical files?
The larger a business is, the more likely it is dependent operating with zero downtime. Explore your options and objectively consider what would happen to your business if you lost access to all your data for one, two, three or seven days. Statistically, if you are down for more than one or two weeks your chance of recovering is slim.
Ultimately, plans must be made for disaster avoidance and recovery at every business. Should the need arise, and a comprehensive disaster plan has been fully implemented, usually it's no problem responding to data-loss and accelerating the recovery process.
With simple planning and implementation of the plan, all the gloom and doom can be avoided.
