Then, it will be time to move forward and be proactive, analyzing internal and external factors, in the hope of leveraging strengths and opportunities, mitigating weaknesses and threats. Be sure to perform the following tasks:
consider emerging technology opportunities;
map your future;
document your ideal IT situation.
For a more accurate analysis you can take our IT Infrastructure Assessment. With it you will have a report with a diagnosis of how your infrastructure is doing and recommendations for an Ideal scenario.
Business Continuity and Disaster Recovery
A very important concept that we have to work on in a strategic IT planning are the recovery actions, called the Business Continuity and Disaster Recovery Plan (BCDR). In case of any occurrence, it is necessary to have a plan outlined to predict how much your business accepts to lose data and how long it must have recovered from a critical systems failure.
Do you already have a Disaster Recovery plan?
Recovery Time Objective or Recovery Time Objective. Generally speaking, it is the time that your operation tolerates being off the air, that is, what is the tolerable time for your systems to return to production and your company to be active again, technologically speaking.
How long can you stand still?
That is the question that you have to answer. Let's say your RTO is 24 hours, that means your operation can go without a system for a whole day. For this purpose, let's say that there was a system update causing an accidental shutdown, but the damage was minimal and its operation should return to normal within 8 hours. In this case, that's fine, as its operation tolerates up to 24 hours without a system. Now, let's say that you caught a ransomware that destabilized the entire IT area and that its operation would only resume its operation again in 48 hours.
In this case, it would no longer be acceptable, as it goes beyond the maximum stipulated downtime. In fact, I recommend that you take a look at our information security content, as attacks on small and medium-sized businesses are increasingly active.
Recovery Point Objective or Recovery Point Objective. Again, in a very simplistic way, it is the loss of data or transactions that you would endure.
The role of a Cyber Security Consultant is focused on protection, but this can cover many different facets. Ultimately, working this role (either full-time or on a freelance basis) involves executing strategic services related to the client’s cyber security.
How much can I lose?
Most companies have a backup strategy (everyone should have a good strategy, but that's life!).