Risk
10/30/2008
11:36 AM
Gayle Kesten
Gayle Kesten
Commentary
50%
50%

What Horror Movies Can Teach Us About Disaster Recovery

Sharks in the water. Spinning heads. Freaky clowns. Who knew those flicks we paid good money to scare the living daylights out of us, and forced us to invest in nightlights, bore lessons applicable to disaster recovery and business continuity?

Sharks in the water. Spinning heads. Freaky clowns. Who knew those flicks we paid good money to scare the living daylights out of us, and forced us to invest in nightlights, bore lessons applicable to disaster recovery and business continuity?"In fact, there are a slew of correlations between disaster planning and the frightening scenarios played out on the big screen," according to SearchCIO-Midmarket.com executive editor Kate Evans-Correia, who discussed those similarities with Pat Corcoran, global client solutions executive with IBM Global Technology and Business Continuity & Resiliency Services

Just in time for Halloween, too. Showtime:

fin Pictures, Images and PhotosJaws: Corcoran points to the stubbornness of the captain, his "I can do out there, I know what I need to do" attitude. "But he didn't know," Corcoran says. "His greed got in the way of him conducting a risk analysis of what he could face." When he met up with Jaws, he wasn't prepared for the magnitude of the situation: His boat was too small, and he didn't have right equipment. The tragedy that followed can be reality, Corcoran adds. "Sometimes in business when people look at the risks and vulnerabilities they need to worry about, they think only of common events. But you have to look at multiple possibilities, both internal and external to your organization."

The Exorcist: The movie that forever changed the way we look at pea soup underscores the importance of anticipating change, according to Corcoran. "There were a lot of changes going on throughout the whole movie," he says. "Change is something we all have to be ready for because when it does happen, it affects your risk, your vulnerability, and your level of maturity in regard to business continuity. When change takes place, you also have to ensure your business continuity and disaster recovery plans are kept current. If they had a business continuity plan in the movie, you would have never known it because they were just reacting to the moment."

Jurassic Park: At the risk of mixing movie phrases, what we have here is a failure to communicate. "They had a great idea, but they didn't really address the risks. Some people knew the high-risk areas, but they didn't communicate that properly with the right people," Corcoran say. "So when the power went out and failures occurred at the park, the risks they were trying to hide became much bigger. The result was like a domino effect because of something so simple ignored up-front."

When A Stranger Calls: Have you checked your employees? They're the most important element of business continuity should disaster strike, Corcoran says. "When certain things happen, do your people know what to do? Do they know where to go? Do you know how to reach them?" he asks. "Companies need to do a better job of knowing where their people are and having those folks know their roles and responsibilities. Another movie takeaway: The caller was inside the house. "That's the pinnacle of being scared," Corcoran says. "In business, a major vulnerability we're seeing over time is coming internally...When you're putting together a business continuity plan, you need to look at the internal organization just as much as you look outside as a risk to your company. "

POLTERGEIST Pictures, Images and PhotosPoltergeist: Poltergeists are usually associated with individuals for a short duration, Corcoran explains, "so people had certain expectations." In the movie, those stubborn spirits stuck around even after Carole Anne was saved from the light. "What you think may be a short duration could wind up being a long duration," says Corcoran, using a power outage as an example: It could last 10 minutes, or it could be a half-day event. "You have to look at every scenario and really think about how long it'll take" to fix and when you should declare a disaster, he says.

A second takeaway: Be mindful of your location. In Poltergeist, the house was built on top of a graveyard. "I was talking to a power company out west. I asked if they did any vulnerability assessments around the area. They said they did some," Corcoran recalls. "I asked, 'What about the train that goes by yourmain headquarters about 100 yards? What kinds of materials are transported?' They had no idea. 'How often does that train go through?' No idea. I said, 'What if there was a chlorine leak right after a derailment right outside your door? What would you do?' They hadn't thought it out."

Terminator: I'll be back! "When you have a disaster, like a flood, you think it'll never happen again. Don't think that way. Trust it'll be back," Corcoran says. "Or if you have an audit and the auditor sees you don't have the right programs built around business continuity, you'll fail, and they'll be back six months later." Bottom line, he says: "Expect the disaster to come back."

Alien: The movie has plenty of officers, but the characters didn't really know who to go to make decisions. "In a disaster you need to be prepared," Corcoran says. "You need to know who is in control when there's a lot of stress being put upon people. You need to know who to go to at the right time."

Think about the horror movies you've seen; what nuggets of wisdom can you glean in terms of disaster planning/recovery and business continuity? Share them below.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-7241
Published: 2014-12-19
The TSUTAYA application 5.3 and earlier for Android allows remote attackers to execute arbitrary Java methods via a crafted HTML document.

CVE-2014-7249
Published: 2014-12-19
Buffer overflow on the Allied Telesis AR440S, AR441S, AR442S, AR745, AR750S, AR750S-DP, AT-8624POE, AT-8624T/2M, AT-8648T/2SP, AT-8748XL, AT-8848, AT-9816GB, AT-9924T, AT-9924Ts, CentreCOM AR415S, CentreCOM AR450S, CentreCOM AR550S, CentreCOM AR570S, CentreCOM 8700SL, CentreCOM 8948XL, CentreCOM 992...

CVE-2014-7267
Published: 2014-12-19
Cross-site scripting (XSS) vulnerability in the output-page generator in the Ricksoft WBS Gantt-Chart add-on 7.8.1 and earlier for JIRA allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-7268.

CVE-2014-7268
Published: 2014-12-19
Cross-site scripting (XSS) vulnerability in the data-export feature in the Ricksoft WBS Gantt-Chart add-on 7.8.1 and earlier for JIRA allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-7267.

CVE-2014-8272
Published: 2014-12-19
The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57 does not properly select session ID values, which makes it easier for remote attackers to execute arbitrary commands via a brute-force attack.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.