Security Risk Mitigation and Controls – Going Above and Beyond Availability Plans
According to Werner Vogels, CTO at Amazon.com, “Everything FAILS all the time.” This popular quote lends itself to logical grounds for robust availability plans.
Availability planning aims to put in place plans, processes, and actions that ensure the ability of a system or service to withstand or recover from exceptional events like an infrastructure or component failure.
When you are operating and supporting large, critical, and/or complex business functions, failure must not be treated as an exceptional event. Rather it must to be treated as an operational event; something you expect and anticipate to happen without causing major or severe disruptions to services and support available to business.
And here’s the rub that quite a few senior executives and management teams are rather somewhat oblivious of; risks of disruptions to services are not limited to infrastructure and/or application failures, they also include data security risks, information security risks, and cyber-security risks, e.t.c.
A comprehensive security architecture strategy proactively covers operational failure, disruptions, abuse, damage, threats, attacks, and denials; it goes (and should go) above and beyond a good availability plan.
Security Incident Response Policies and Security Incident Response Plan; both which must be consistent with applicable laws in relevant jurisdictions; must form integral part of your proactive comprehensive architecture, governance, and strategy.