Its an unfortunate truism of IT life that there is a strong correlation between purse strings being loosened for security spending and the immediacy of the most recent security incident. Theres nothing like a good hacking or virus infection to make senior management budget a bit more for preventative efforts. Similarly, our obvious greater awareness of the suddenness with which a terrorist can wipe out our entire technical operation has put senior management throughout the world in arguably its most receptive state ever to hear about the wisdom of sound business continuity planning.
However, as more attention is paid to being able to rebound from a disaster that would have been unimaginable before Sept. 11, its important to keep in mind that business continuity planning runs a wide spectrum of disasters, and we should resist the current urge to focus solely on total site destruction. For example, a good business continuity plan should account for virus scenarios that could leave much of your organization without PC or network use for days. Know what steps youll take, for instance, immediately after a virus infestation becomes apparent and what youll do to cleanse the organization in the viruss wake, update virus signature files companywide and allow employees to get back to work.
Likewise, intrusion response should be a part of all business continuity plans. The first few minutes and hours after an intrusion occurs are pivotal, and youll need a road map that tells you how to preserve evidence and when to take systems offline.
Denial-of-service attacks are picked up by most intrusion detection systems, but they do nothing to help you fully respond. Have procedures in place that help you decide in advance what a measured response to such an attack would look like. Good planning will help you decide in advance how to balance security with core business functionality.
Finally, dont forget about hardware failure. Proactively determine what servers are most vital to your organizations core business and have a plan in place that lets you quickly recover if mission-critical hardware suddenly goes bad.
Dont let the word "disaster" fool you. Whether its called disaster recovery or business continuity, it means being prepared for all facets of business interruption, not just Armageddon.