If you are responsible for disaster recovery (DR) planning in your organization, you not only have to prepare recovery procedures, but you also have to think of all the ways a disaster can occur so that you can try to prevent them.
Obviously, there's not much you can do about weather-related events or a massive blackout, but if you're not lucky enough to have a security specialist on your staff, you do have to make sure your network doesn't have gaping holes in it.
Your organization becomes a greater target for threats the larger it is. Or, if your organization isn't that large, but it is a "rich" target in other respects, you have to expect malicious attacks. The type of threat I'm talking about is one against your digital assets; this can be anything from a hacker claiming that they have already stolen confidential information, to a former employee alleging that a Trojan horse is already in your environment and could be triggered at any time.
Of course, just because someone makes a threat doesn't mean that it is real. This is where you need to make sure you've got all your bases covered. You will either have to prove to management that the threat isn't credible from a technical perspective, or be ready to document just how much exposure there could be due to a gap in your data protection systems.
This is a bit more complex than it sounds, especially if you are, indeed, about to discover a hole in your security net. Let's first take a look at what happens if all is well. You're going to have to prove this, beyond any shadow of a doubt. That means testing all security systems by all reasonable means to ensure that there's no way you can find that someone could have gotten in. One way to offset this laborious task is to invest in preemptive tools that help you conduct penetration testing and vulnerability assessments. You can start by researching products such as:
If you've really done your homework, you can report back that everything is safe, and that the threat is bogus.
However, if you find a gap, you'll have to completely document it right away. You should also immediately patch it if you can, to prevent future hackers from getting in through the same door. Your responsibilities don't end there. You will need to go in through that same security hole and find all possible points of data that could have been compromised. While this is going to be an embarrassing procedure, it is critical that you perform these activities as quickly and effectively as possible.
TechRepublic provides some downloads to help assess and respond to threats methodically:
- Intrusion detection checklist: Six stages of handling attacks
- Cisco explains threats to enterprise network security
- Risk Identification - Free Chapter Download
- Seven key types of security auditing
- Article compilation: You've been hacked
Until the scope of the potential damage is discovered, you cannot begin to repair it. It's best to be prepared, but when confronted with a threat, you must act quickly and decisively, no matter what the cause or potential for damage.
Mike Talon is an IT consultant and freelance journalist with several years of experience in disaster recovery and high availability technologies.