: Locked Down, Planning For the Worst"> Prior to Sept. 11, 2001, Steve Randich, CIO at Nasdaq, felt he had an exceptionally strong IT security plan in place. After 9/11, Randich is still confident his information security plan is state-of-the art. Whats changed is Randichs approach to physical security of the Nasdaqs two data centers in Connecticut and Maryland. "From a physical standpoint we have made substantive changes," said Randich. "The access is far, far more restricted. "Weve put in finger print access control systems, we now use armed guards at our data centers, we have thorough inspections of vehicles entering the parameter areas of the data center and it has 24-by-7 manned guard houses and a parameter concrete wall around the two data centers.""Both data centers have this level of security," said Randich. "We also have 360-degree perimeter surveillance with cameras and guards that walk around the inside and out." As an extra level of security and comfort one data center has become a training facility for the Connecticut State Police canine bomb sniffing unit. A number of the security changes made at the data centers were in the works prior to 9/11. After, they were expanded or accelerated. "Theyre going to stay up for the foreseeable future," said Randich, who also worked with the Securities and Exchange Commission to get Nasdaqs contingency plans approved. New York-based Nasdaqs disaster recovery plans have increased as well. When a threat is received, there are now three stages of alerts. Stage three means Randich moves the operation from Connecticut to Maryland. Stage one and two are preparedness stages to do that. Nasdaq conducted 30 tests during the last year to make sure the fail over to its backup data center works. "There are always some people who say an event cant happen," said MasterCards Till. "I teach this topic on the outside and one of the questions I get is, someones management comes back and says that this stuff isnt going to happen. We take this stuff [disaster recovery planning] very seriously. Sept. 11 has heightened the awareness in the organization and the anxiety level within the organization." Related Stories:
Rebuilding for Tomorrow
Focus on Identity, Vigilance
In addition, Randich deployed X-Ray machines to scan all packages and electronic devices coming into the data centers. Both data centers have limited access, with a single entrance and exit, and all visitors cars are manually inspected.