Data Processing and Communications Security During Recovery and Repair

Many organizations assign resources to primary security controls and contingency planning, but few plan beyond the initial recovery process. Computer systems and communications networks are most vulnerable to breaches in security during backup and disaster recovery activities, in particular. This chapter discusses both the backup of security systems and security procedures during backup and recovery. Backup and recovery often necessitate the use of more vulnerable public communications networks, rather than more secure, private data communications networks so that exposures have to be anticipated and the preventative actions taken. The efficiency and effectiveness of the recovery process can be compromised if the same security measures designed to protect the systems and networks under normal operation are implemented during recovery. Repair and reconstruction often proceeds without the diligence and concentration afforded the recovery process; however, major dangers can result from such relaxation.