2. Charlie should begin to list out his thoughts on potential disasters so when it does come time to have the meeting, he already has a list of things to talk about.
Natural disaster: Fire, Flood, Earthquake, Tornado, etc.
Do we have backups of all of our information?
What does our backup testing look like? How often is it tested?
What employee safety measures are in place?
Do we have the necessary shelter/prevention systems in place to be able to handle a disaster?
External attack: Break in security system, physical security breach
What is the current state of our protection system?
How often do we test our own system for flaws?
Do we have up to date definitions or software?
Do we have physical data protections in place?
Internal Attack: Employee dishonesty, unintentional breach
Do we have an access level system setup? (Similar to a Need to Know hierarchy in the government)
How often do we train, or send out reminders about employee security responsibility?
What does our hiring and screening process look like, how do we weed out undesirable personalities/liabilities?
General Systems Failure: Server crash, hardware failure, software…