With more money and attention being paid to IT since Sept. 11, many in the government are looking to businesses for lessons learned. Such was the case for the hundreds of government IT representatives attending a Homeland Security Conference this week in Washington.

Though Nasdaq had to shut down for five days after the terrorist attacks last fall, it wasn't because the electronic stock market's extensive network failed. In fact, VP of telecommunications Doug Moore told conference attendees that the exchange's IT infrastructure never missed a beat. That's because the company has had in place disaster-recovery and business-continuity plans since the mid-1980s.

Every server on Nasdaq's network has multiple power plugs hooked up to separate power grids. The network has multiple uninterruptible power supply systems and electric power is backed by generators. There's also a backup facility in Rockville, Md., that houses mirrored applications and data. "There is no single point of failure," Moore said. "Nasdaq's systems and networks continued to operate even though trading was suspended."

Not everyone needs such a high-priced, intense business-continuity plan. "When you see share volumes of 1 trillion a day, and the huge amount of dollars brought to bear on the Nasdaq system, it's critical," said one attendee who asked not to be identified. "But the Department of Defense at large has a much broader business base than the transaction of securities," said the attendee, who focuses on information assurance at the Defense Department. For example, the highest level of disaster recovery is required when it comes to securing nuclear command centers. "But you don't need that for systems that report on research of cranberry bogs," he said.

Leo Colborne, VP of global technology support at EMC Corp., said government and businesses need to change the way they think when it comes to data accessibility. Most importantly, organizations need to protect their people. Then they need to protect their information. "Servers can be replaced. Information cannot," he said.

In order to establish best practices for data accessibility, organizations need to consider the time it takes to recover the data and which data is mission critical, Colborne said.

Day two of the conference, sponsored by the Armed Forces Communications and Electronics Association, will conclude Thursday. Topics include IT security and funding.