Information Security maga

PING: Jennifer Creger

Telecommunications circuits have failed, some remote corporate locations have suffered minor flooding, and a good portion of the neighboring major metropolitan center is several feet under water. Desperate times indeed, but the measures enacted by OmniBank technology and information security officer Jennifer Creger during Hurricane Katrina were hardly desperate. Creger's IT staff at the 12-branch community bank headquartered in Metairie, La., put a refined recovery plan in action, kept downtime to a minimum and customer records secure. Operating a remote LAN from a recently opened branch in Baton Rouge, Creger maintained a secure environment thanks to some proactive planning and some swift reactions to the changing environment around her.

What security issues surfaced once your team was displaced by Katrina?

Creger: Anytime an office is moved or converted into a temporary facility, there are going to be security issues. We followed our 100+ page disaster recovery plan that we activated the Friday before Katrina made landfall (on Monday). Twenty-four of our 226 employees are part of the recovery team that immediately moved to Baton Rouge, LA and setup shop. As time passed, more employees arrived at the temporary office in Baton Rouge. We had real challenges providing security of information systems access in light of the fact that we had many more employees than our 10 computers in the office.

While our employees maintained their job responsibilities, everyone pitched in to help in other areas. HR kept IT informed of those additional duties, so that IT could make the appropriate security system access adjustments.

Sounds like you trust your staff and other bank employees more in a crisis situation?

Creger: You have to make some adjustments to the (security) program because the top priority is customer care and recovery, and you do that within good security practices.

At first, we were in close quarters. Branch personnel, bookkeepers, human resources, lending and other functions were all handled within one office.

The IT department was definitely on top of security issues -- not to mention trouble-shooting. We had a database of system access privileges that we kept intact, but we created new groups for Katrina-response employees. They were given greater authority, for the storm response, but we know where we were pre-storm and we will be able to get back to that.

As an information security officer, how involved were you in the development and implementation of OmniBank's disaster recovery and continuity plan?

Creger: I'm on the 24-member team, and our physical security officer is on the team along with others from our IT staff. We certainly considered security. We have an audit trail for all our manual entries while systems were temporarily unavailable due to power outages.

What contingency plans worked best?

Creger: Having a plan is essential. The ability to call upon alternative resources in a crunch situation like a hurricane is impossible without advanced planning Within 24 hours of Katrina making landfall, we were able to serve our customers.

Telecommunications were, and continue to be, our biggest obstacle. Knowing our critical applications and systems was a key to success. Again, the reason we were able to respond so quickly was our advanced planning.

About the author
Michael S. Mimoso is Senior Editor of Information Security magazine.

This was first published in November 2005

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: