1. IT Security Monitoring & Performance Monitoring
2. Response Plan
In the case of a cybersecurity event:
- How are we to identify the threat
- Isolate the intruder
- Eject the intruder
- Continue to operate as a business
In the case of physical system failures, like a critical server failure, a non-functional internet connection, or a natural disaster destroying a location:
- What are your single points of failure?
- Can you design failover options in those systems?
- Can you design redundancy options, i.e., have two internet service providers with separate pathways into your facilities?
- Do you need a physically separate site to transfer over to? If so, how quickly do you need to get it back up, (Hot: real-time failover, Warm: live in 24 hours, Cold: live in a week or more)?
If these options are not available, how long will it take the emergency teams to arrive, and do they have what they need to respond?
In all situations, you should specify a communication plan:
- Who needs to be notified?
- When do they need to be notified?
- Where is help going to come from, how do we reach them?
Have you built an Incident Response Plan that Operations deserves?
Is Operational Technology represented in your organization’s Incident Response Plan?