When the alarm went off this morning (4/27/09), the first thing I heard before I got out of bed was the NPR announcer saying, “… the U.S. is being warned to prepare for a Swine Flu epidemic.” I hit the button to shut her off, stumbled to the shower and spent most of the show considering how this relates to information security.

1. I realized that I don’t know as much about the swine flu as I should. Stephen Northcutt (of The SANS Institute) has prepared a briefing on swine flu. Get it here.
2. I realized that we may have an opportunity to exercise the disaster recovery plan. This was put into place about a year ago and we have run through some scenarios on paper tests. If people are told to stay home from work to slow the spread of swine flu, we might be forced to crank up the D.R. plan.
3. Finally, I also realized that some of the well thought-out policies might need to exceptions. As an example, we don’t like for non-company computers to connect to our protected networks. But, if staff are told to stay home, we might need to bend on this policy.

The moral to this story???

Now might be a good time to review you disaster recover and business continuity plan, specifically as it relates to pandemics.

- Dan