Speaker Leonardo Ovídio de Melo Ferreira ,
Designation: CISO at Brazilian Institution
Topic: Do you know the key difference between DR and BC?
Date of Webinar: 21st Apr, 2020
Time and Location: 11:30 am Brazil time / 08:00 pm IST/ 03:30 pm BST
Leonardo comes with more than 16 years of experience in Information Security and IT Governance for both national and international companies, belonging to insurance, telecommunication, energy, and reinsurance sectors. With graduation in Information Technology and MBA in Information Security and Audit System, Leonardo Ovídio has been a part of various strategic projects involving information security, cyber risks, data privacy, IT governance, and business continuity plan. He has been through an extension course from Harvard and Brigham Young Universities, where he shared national and international speeches on security posture and cyber risks. Currently, he is the CISO at a Brazilian Reinsurance Company.
The companies need to be prepared for unexpected disasters or crises that might occur anytime and anywhere to be able to continue the business. With this in mind, a disaster recovery concept after the crisis should be a part of the business continuity strategy.
Many might misunderstand the concept of a Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP). The key lies in knowing which plan should be implemented when. The purpose of the business continuity plan is to provide ways to keep business operations flowing with as little impact as possible. On the other hand, the Disaster Recovery Plan focuses on how the companies return to normal operations without getting affected and with the proper controls in place.
With COVID-19, many companies put the BCP to work, making many decisions that involved business, technology, process, and people. Most companies now provide remote access to their employees to keep the company going. However, some BCPs consider 25% or more people working focused on critical areas. The business continuity strategy must consider an approach to measure the cyber maturity in both business continuity and disaster recovery plans to keep the same level of maturity and mitigate the probability of cyber incidents in these moments.
Business continuity covers the entire organization with a robust communication approach, mainly with board members, while Disaster Recovery focuses on the IT infrastructure and processes.
One of the challenges is to keep the BCP plan updated following the dynamism of the business and new technologies. An important concept to consider with new business applications is a BCP/DRP by design model.
*Examples, analysis, views and opinion shared by the speakers are personal and not endorsed by EC-Council or their respective employer(s)