Computer Security Considerations in Disaster Recovery Planning

The successful implementation of a disaster recovery plan is contingent upon the effectiveness of its design. This paper focuses on specific computer security considerations to be included in disaster planning and recovery strategies. The scope of this discussion will include the following: Neglecting to implement the proper computer security considerations into disaster recovery planning can make an already critical situation spiral into one that suffers considerable setbacks. For example, following a significant service interruption, network operations may have the proper work instruction to follow for the four-hour vendor replacement program, or for the restoration of file servers from the Exabite Octopus. However, after rebuilding the first several workstations, someone restores an old system file from an unauthorized backup and introduces a Sasser variant that may have been exhaustively dealt with once before. By neglecting to include the proper mitigating factors, the disaster recovery plan has already proven inadequate in regard to secure recovery.