Cosf 322 - 1
Cosf 322 - 1
Cosf 322 - 1
F:
3.0
Pre-requisites: COSF 313: Protocols and Systems for Internet and Web Security
5 Cat 1
10 Cat2
13
Teaching and learning Strategy:
Instructional Materials/Equipment:
Computer laboratory practical, Course text, Handouts, White board, Presentation slides, Journals
Arrangements for revision and private study:
All sessions will be supported electronically. Lab technicians/Lecturers will operate an
appointment system for student consultations.
Assessment Strategy:
Continuous Assessment Tests: 20%
Assignments 10%
Total Course work 30%
End-of-semester examination 70%
Total 100%
Journals
1. Lee, W., & Fan, W. (2001). Mining system audit data: opportunities and
challenges. ACM SIGMOD Record, 30(4), 35-44.
Smaha, S. E. (1988, December). Haystack: An intrusion detection system. In Aerospace
Computer Security Applications Conference, 1988., Fourth (pp. 37-44). IEEE.
Information Security Risk Management
Information security risk management, or ISRM, is the process of managing risks associated
with the use of information technology. It involves identifying, assessing, and treating risks
to the confidentiality, integrity, and availability of an organization’s assets.
The end goal of this process is to treat risks in accordance with an organization’s overall
risk tolerance. Businesses shouldn’t expect to eliminate all risks; rather, they should seek to
identify and achieve an acceptable risk level for their organization.
1) Identification
Identify assets: What data, systems, or other assets would be considered your
organization’s For example, which assets would have the most significant impact on your
organization if their confidentiality, integrity or availability were compromised? It’s not
hard to see why the confidentiality of data like social security numbers and intellectual
property is important. But what about integrity?
Identify threats: What are some of the potential causes of assets or information becoming
compromised? For example, is your organization’s data center located in a region where
environmental threats, like floods, Are industry peers being actively targeted and hacked by
a known crime syndicate group, or government-sponsored entity? Threat modeling is an
important activity that helps add context by tying risks to known threats and the different
ways those threats can cause risks to become realized via exploiting vulnerabilities.
Identify controls: What do you already have in place to protect identified assets? A control
directly addresses an identified vulnerability or threat by either completely fixing it
(remediation) or lessening the likelihood and/or impact of a risk being realized (mitigation).
For example, if you’ve identified a risk of terminated users continuing to have access to a
specific application, then a control could be a process that automatically removes users from
that application upon their termination.
Once you have an awareness of your security risks, you can take steps to safeguard those assets.
3. Implementation
Your implementation stage includes the adoption of formal policies and data security controls.
• Validate that alerts are routed to the right resources for immediate action.
• Ensure that as applications are added or updated, there is a continuous data risk analysis.
• Network security measures should be tested regularly for effectiveness. If your
organization includes audit functions, have controls been reviewed and approved?
• Have data business owners (stakeholders) been interviewed to ensure risk management
solutions are acceptable? Are they appropriate for the associated vulnerability?
Risk = (threat x vulnerability (exploit likelihood x exploit impact) x asset value ) - security
controls
Now that you have a comprehensive view of your critical data, defined the threats, and
established controls for your security management process, how do you ensure its effectiveness?
• Are the right individuals notified of on-going threats? Is this done promptly?
• Review the alerts generated by your controls – emails, documents, graphs, etc. Who is
tracking response to warnings?
This authorization stage must examine not only who is informed, but what actions are taken, and
how quickly. When your data is at risk, the reaction time is essential to minimize data theft or
loss.
6) Treatment
Once a risk has been assessed and analyzed, an organization will need to select treatment
options:
Remediation: Implementing a control that fully or nearly fully fixes the underlying risk.
Example: You have identified a vulnerability on a server where critical assets are stored,
and you apply a patch for that vulnerability.
Mitigation: Lessening the likelihood and/or impact of the risk, but not fixing it entirely.
Example: You have identified a vulnerability on a server where critical assets are stored, but
instead of patching the vulnerability, you implement a firewall rule that only allows specific
systems to communicate with the vulnerable service on the server.
Transference: Transferring the risk to another entity so your organization can recover from
incurred costs of the risk being realized.
Example: You purchase insurance that will cover any losses that would be incurred if
vulnerable systems are exploited. (Note: this should be used to supplement risk remediation
and mitigation but not replace them altogether.)
Risk acceptance: Not fixing the risk. This is appropriate in cases where the risk is clearly
low and the time and effort it takes to fix the risk costs more than the costs that would be
incurred if the risk were to be realized.
Example: You have identified a vulnerability on a server but concluded that there is nothing
sensitive on that server; it cannot be used as an entry point to access other critical assets,
and a successful exploit of the vulnerability is very complex. As a result, you decide you do
not need to spend time and resources to fix the vulnerability.
Example: You have identified servers with operating systems (OS) that are about to reach
end-of-life and will no longer receive security patches from the OS creator. These servers
process and store both sensitive and non-sensitive data. To avoid the risk of sensitive data
being compromised, you quickly migrate that sensitive data to newer, patchable servers. The
servers continue to run and process non-sensitive data while a plan is developed to
decommission them and migrate non-sensitive data to other servers.
7. Risk Monitoring
Continuous monitoring and analysis are critical. Cyber thieves develop new methods of attacking
your network and data warehouses daily. To keep pace with this onslaught of activity, you must
revisit your reporting, alerts, and metrics regularly.
Communication
Regardless of how a risk is treated, the decision needs to be communicated within the
organization. Stakeholders need to understand the costs of treating or not treating a risk and
the rationale behind that decision. Responsibility and accountability needs to be clearly
defined and associated with individuals and teams in the organization to ensure the right
people are engaged at the right times in the process.
Defeating cybercriminals and halting internal threats is a challenging process. Bringing data
integrity and availability to your enterprise risk management is essential to your employees,
customers, and shareholders.
Creating your risk management process and take strategic steps to make data security a
fundamental part of conducting business.
Creating your risk management process and take strategic steps to make data security a
fundamental part of conducting business.
A security threat is a malicious act that aims to corrupt or steal data or disrupt an organization's
systems or the entire organization. A security event refers to an occurrence during which
company data or its network may have been exposed. And an event that results in a data or
network breach is called a security incident.
As cyber security threats continue to evolve and become more sophisticated, enterprise IT must
remain vigilant when it comes to protecting their data and networks. To do that, they first have to
understand the types of security threats they're up against.
Below are the top 10 types of information security threats that IT teams need to know about.
1. Insider threats
An insider threat occurs when individuals close to an organization who have authorized access to
its network intentionally or unintentionally misuse that access to negatively affect the
organization's critical data or systems.
Careless employees who don't comply with their organizations' business rules and policies cause
insider threats. For example, they may inadvertently email customer data to external parties,
click on phishing links in emails or share their login information with others. Contractors,
business partners and third-party vendors are the source of other insider threats.
The list of things organizations can do to minimize the risks associated with insider
threats include the following:
• limit employees' access to only the specific resources they need to do their jobs;
• train new employees and contractors on security awareness before allowing them to access
the network. Incorporate information about unintentional and malicious insider threat
awareness into regular security training;
• set up contractors and other freelancers with temporary accounts that expire on specific
dates, such as the dates their contracts end;
• implement two-factor authentication, which requires each user to provide a second piece of
identifying information in addition to a password; and
• install employee monitoring software to help reduce the risk of data breaches and the theft of
intellectual property by identifying careless, disgruntled or malicious insiders.
A computer worm is a self-replicating program that doesn't have to copy itself to a host program
or require human interaction to spread. Its main function is to infect other computers while
remaining active on the infected system. Worms often spread using parts of an operating system
that are automatic and invisible to the user. Once a worm enters a system, it immediately starts
replicating itself, infecting computers and networks that aren't adequately protected.
To reduce the risk of these types of information security threats caused by viruses or worms,
companies should install antivirus and antimalware software on all their systems and networked
devices and keep that software up to date. In addition, organizations must train users not to
download attachments or click on links in emails from unknown senders and to avoid
downloading free software from untrusted websites. Users should also be very cautious when
they use P2P file sharing services and they shouldn't click on ads, particularly ads from
unfamiliar brands and websites.
3. Botnets
• monitor network performance and activity to detect any irregular network behavior;
• keep all software up-to-date and install any necessary security patches;
• educate users not to engage in any activity that puts them at risk of bot infections or other
malware, including opening emails or messages, downloading attachments or clicking links
from unfamiliar sources; and
• implement antibotnet tools that find and block bot viruses. In addition, most firewalls and
antivirus software include basic tools to detect, prevent and remove botnets.
In a drive-by download attack, malicious code is downloaded from a website via a browser,
application or integrated operating system without a user's permission or knowledge. A user
doesn't have to click on anything to activate the download. Just accessing or browsing a website
can start a download. Cybercriminals can use drive-by downloads to inject banking Trojans, steal
and collect personal information as well as introduce exploit kits or other malware to endpoints.
One of the best ways a company can prevent drive-by download attacks is to regularly update
and patch systems with the latest versions of software, applications, browsers, and operating
systems. Users should also be warned to stay away from insecure websites. Installing security
software that actively scans websites can help protect endpoints from drive-by downloads.
5. Phishing attacks
Phishing attacks are a type of information security threat that employs social engineering to trick
users into breaking normal security practices and giving up confidential information, including
names, addresses, login credentials, Social Security numbers, credit card information and other
financial information. In most cases, hackers send out fake emails that look as if they're coming
from legitimate sources, such as financial institutions, eBay, PayPal -- and even friends and
colleagues.
In phishing attacks, hackers attempt to get users to take some recommended action, such as
clicking on links in emails that take them to fraudulent websites that ask for personal information
or install malware on their devices. Opening attachments in emails can also install malware on
users' devices that are designed to harvest sensitive information, send out emails to their contacts
or provide remote access to their devices.
Enterprises should train users not to download attachments or click on links in emails from
unknown senders and avoid downloading free software from untrusted websites.
• Implement technology to monitor networks visually and know how much bandwidth a site
uses on average. DDoS attacks offer visual clues so administrators who understand the
normal behaviors of their networks will be better able to catch these attacks.
• Ensure servers have the capacity to handle heavy traffic spikes and the necessary mitigation
tools necessary to address security problems.
• Update and patch firewalls and network security programs.
• Set up protocols outlining the steps to take in the event of a DDoS attack occurring.
7. Ransomware
In a ransomware attack, the victim's computer is locked, typically by encryption, which keeps the
victim from using the device or data that's stored on it. To regain access to the device or data, the
victim has to pay the hacker a ransom, typically in a virtual currency such as Bitcoin.
Ransomware can be spread via malicious email attachments, infected software apps, infected
external storage devices and compromised websites.
Preventing ransomware
To protect against ransomware attacks, users should regularly back up their computing devices
and update all software, including antivirus software. Users should avoid clicking on links in
emails or opening email attachments from unknown sources. Victims should do everything
possible to avoid paying ransom. Organizations should also couple a traditional firewall that
blocks unauthorized access to computers or networks with a program that filters web content and
focuses on sites that may introduce malware. In addition, limit the data a cybercriminal can
access by segregating the network into distinct zones, each of which requires different
credentials.
8. Exploit kits
An exploit kit is a programming tool that enables a person without any experience writing
software code to create, customize and distribute malware. Exploit kits are known by a variety of
names, including infection kit, crimeware kit, DIY attack kit and malware toolkit. Cybercriminals
use these toolkits to attack system vulnerabilities to distribute malware or engage in other
malicious activities, such as stealing corporate data, launching denial of service attacks or
building botnets.
Detecting anomalies in outbound data may be the best way for system administrators to
determine if their networks have been targeted.
• extensive use of backdoor Trojan horse malware, a method that enables APTs to maintain
access;
• odd database activity, such as a sudden increase in database operations involving massive
amounts of data; and
• the presence of unusual data files, possibly indicating that data that has been bundled into
files to assist in the exfiltration process.
To combat this type of information security threat, an organization should also deploy a
software, hardware or cloud firewall to guard against APT attacks. Organizations can also use
a web application firewall to detect and prevent attacks coming from web applications by
inspecting HTTP traffic.
10. Malvertising
Malvertising is a technique cybercriminals use to inject malicious code into legitimate online
advertising networks and web pages. This code typically redirects users to malicious websites or
installs malware on their computers or mobile devices. Users' machines may get infected even if
they don't click on anything to start the download. Cybercriminals may use malvertising to
deploy a variety of moneymaking malware, including cryptomining scripts, ransomware and
banking Trojans.
Some of the websites of well-known companies, including Spotify, The New York Times and
the London Stock Exchange, have inadvertently displayed malicious ads, putting users at risk.
Preventing malvertising
To prevent malvertising, ad networks should add validation; this reduces the chances a user
could be compromised. Validation could include: Vetting prospective customers by requiring
legal business paperwork; two-factor authentication; scanning potential ads for malicious content
before publishing an ad; or possibly converting Flash ads to animated gifs or other types of
content.
To mitigate malvertising attacks, web hosts should periodically check their websites from an
unpatched system and monitor that system to detect any malicious activity. The web hosts should
disable any malicious ads.
To reduce the risk of malvertising attacks, enterprise security teams should be sure to keep
software and patches up to date as well as install network antimalware tools.
Information Technology risk
Information technology or IT risk is basically any threat to your business data, critical systems
and business processes. It is the risk associated with the use, ownership, operation, involvement,
influence and adoption of IT within an organisation. IT risks have the potential to damage
business value and often come from poor management of processes and events.
Categories of IT risks
IT risk spans a range of business-critical areas, such as:
In its guidance, the National Cyber Security Centre (NCSC) provides a clear explanation of why
IT risk management matters.
IT risks should be carefully assessed and measured. This is where an IT risk assessment comes
in - a process of identifying security risks and evaluating the threat they pose. Once risks are
identified and assessed, you will manage them through a comprehensive IT risk management
process.
• Physical threats - resulting from physical access or damage to IT resources such as the
servers. These could include theft, damage from fire or flood, or unauthorised access to
confidential data by an employee or outsider.
• Electronic threats - aiming to compromise your business information - eg a hacker
could get access to your website, your IT system could become infected by a computer
virus, or you could fall victim to a fraudulent email or website. These are often of a
criminal nature.
• Technical failures - such as software bugs, a computer crash or the complete failure of a
computer component. A technical failure can be catastrophic if, for example, you cannot
retrieve data on a failed hard drive and no backup copy is available.
• Infrastructure failures - such as the loss of your internet connection can interrupt your
business - eg you could miss an important purchase order.
• Human error - is a major threat - eg someone might accidentally delete important data, or
fail to follow security procedures properly.
How to manage IT risks
Managing various types of IT risks begins with identifying exactly:
There are two prevailing methodologies for assessing the different types of IT risk: quantitative
and qualitative risk analysis.
• single loss expectancy - costs you would incur if the incident occurs once
• annual rate of occurrence - how many times a year you can expect this risk to occur
• annual loss expectancy - the total risk value over the course of a year
Find a formula to calculate annualised loss expectancy.
These monetary results could help you avoid spending too much time and money on reducing
negligible risks. For example, if a threat is unlikely to happen or costs little or nothing to remedy,
it probably presents a low risk to your business.
However, if a threat to your key IT systems is likely to happen, and could be expensive to fix or
likely to affect your business adversely, you should consider it high risk.
You may want to use this risk information to carry out a cost/benefit analysis to determine what
level of investment would make risk treatment worthwhile.
TASK
Examples of potential IT risks include security breaches, data loss or theft, cyber attacks, system
failures and natural disasters. Anything that could affect the confidentiality, integrity and
availability of your systems and assets could be considered an IT risk.
1. Identify risks
Determine the nature of risks and how they relate to your business. Take a look at the different
types of IT risk.
2. Assess risks
Determine how serious each risk is to your business and prioritise them. Carry out an IT risk
assessment.
3. Mitigate risks
Put in place preventive measures to reduce the likelihood of the risk occurring and limit its
impact. Find solutions in our IT risk management checklist.
IT risk controls
As part of your risk management, try to reduce the likelihood of risks affecting your business in
the first place. Put in place measures to protect your systems and data from all known threats.
• Review the information you hold and share. Make sure that you comply with data
protection legislation, and think about what needs to be on public or shared systems.
Where possible, remove sensitive information.
• Install and maintain security controls, such as firewalls, anti-virus software and processes
that help prevent intrusion and protect your business online.
• Implement security policies and procedures such as internet and email usage policies, and
train staff.
• Use a third-party IT provider if you lack in-house skills. Often, they can provide their
own security expertise. See how to choose an IT supplier for your business.
If you can't remove or reduce risks to an acceptable level, you may be able to take action to
lessen the impact of potential incidents.
Mitigate IT risks
To mitigate IT risks, you should consider:
• setting procedures for detecting problems (eg a virus infecting your system), possibly
with the help of cyber security breach detection tools
• getting cyber insurance against the costs of security breaches
The Risk Management Framework is a template and guideline used by companies to identify,
eliminate and minimize risks
This is probably the most important principle of risk management – make sure you’re ahead of
the game by completing your risk assessment before the project commences.
Identify the cause of a potential risk and design preventative measures and a response if it was to
occur. After risks have been identified and sourced, risk needs to be measured.
Ensure your risk management plan ties in with your organization’s overall goals and objectives.
If a risk that you have flagged, does end up occurring how will it impact the organization,
financially and reputation
4. Involve stakeholders
When you’re planning for risk, it’s important to call on the expertise of those who will be
involved in the project (e.g team members, contractors), as well as experts within your
organisation that can provide you with advice for planning for risk (e.g senior managers).
While the risk management plan may be owned by one individual such as the project manager or
change manager, it should be operated with transparency and visibility. Everyone should know
the role they play in mitigating risk and responsibilities should be clear and inclusive throughout
the risk management process.
Once you have identified the risks and made a risk management plan or strategy, it’s important
not to have a set and forget mentality. During each step in the process, all risks should be
evaluated and any interventions or preventative measures should be implemented if needed.
Once a project has been completed, review how your risk management plan went and whether
there was any room for improvement. Always strive to adapt to how you manage risk and take
these learnings with you to your next project.
The National Institute of Standards and Technology (NIST) RMF framework is broken
The NIST Risk Management Framework (RMF) provides a comprehensive, flexible, repeatable,
and measurable 7-step process that any organization can use to manage information security and
privacy risk for organizations and systems and links to a suite of NIST standards and guidelines
to support implementation of risk management programs
The NIST Framework helps businesses of all sizes better understand, manage, and reduce their
risk and protect their networks and data. The Framework is voluntary. It gives your business an
outline of best practices to help you decide where to focus your time and money for protection.
COBIT (Control Objectives for Information and Related Technology) helps organization’s meet
business challenges in regulatory compliance, risk management and aligning IT strategy with
organizational goals. COBIT 5, the latest iteration of the framework, was released in 2012
COBIT 5 principles
COBIT 5 is based on five principles that are essential for the effective management and
governance of enterprise IT:
These five principles enable an organisation to build a holistic framework for the governance and
management of IT that is built on seven ‘enablers’:
Enablers are factors that, individually and collectively, influence whether something will work—
in this case, governance and management over enterprise IT. Enablers are driven by the goals
cascade, whereby higher-level IT-related goals define what the different enablers should
achieve.
1. People, policies and frameworks
2. Processes
3. Organisational structures
4. Culture, ethics and behaviour
5. Information
6. Services, infrastructure and applications
7. People, skills and competencies
Together, the principles and enablers allow an organisation to align its IT investments with its
objectives to realise the value of those investments.
Benefits of COBIT
Risk IT is a set of proven, real-world practices that helps enterprises achieve their goals, seize
opportunities and seek greater returns with less risk. It works at the intersection of business and
IT and allows enterprises to manage and even capitalize on risk in the pursuit of their objectives.
The Risk IT Framework provides a set of guiding principles and supporting practices for
enterprise management, combined to deliver a comprehensive process model for governing and
managing IT risk.
The framework is divided into the following three domains, each of which contains three
processes:
• Risk Governance:
o Establish and maintain a common risk view
o Integrate with enterprise risk management and
o Make risk-aware business decisions
• Risk Evaluation:
o Collect data
o Analyze risk
o Maintain risk profile
• Risk Response:
o Articulate risk
o Manage risk
o React to events]
The Risk IT Framework fills the gap between generic risk management frameworks and detailed
(primarily security-related) IT risk management frameworks.
It provides an end-to-end comprehensive view of all risks related to the use of IT and a similarly
thorough treatment of risk management, from the tone and culture at the top to operational
issues.
CONTINGENCY PLAN
A contingency plan is sometimes referred to as "Plan B" or a backup plan because it can also be
used as an alternative action if expected results fail to materialize. Contingency planning is a
component of business continuity (BC), disaster recovery (DR) and risk management.
Contingency planning standards include a framework and structure for plan design and
development. The plan structure is a repeatable format that simplifies the development of
contingency and other plans. steps include
1. Contingency planning policy statement. This policy provides the outline and authorization
to develop a contingency plan.
2. Business impact analysis. BIA identifies and prioritizes the systems that are important to an
organization's business functions.
3. Preventive controls. Proactive measures that prevent system outages and disruptions can
ensure system availability and reduce costs related to contingency measures and lifecycle.
5. Contingency plan. This is the action plan. It contains the guidance and procedures for
dealing with a damaged or unavailable system. These detailed plans are tailored to the
system's security impact level and recovery requirements.
6. Testing, training and exercises. Plan testing validates recovery capabilities, training
prepares recovery personnel for plan activation and exercising the plan identifies planning
gaps. Combined, these activities improve plan effectiveness and overall organization
preparedness.
7. Plan maintenance. The plan should be updated regularly to remain current with system
enhancements and organizational changes.
In accordance with current domestic and international standards, the following activities are also
recommended for contingency plan development:
• Risk assessment. This step examines internal and external risks, threats and vulnerabilities
to the organization and its technology infrastructure. It also looks at the likelihood of
reoccurrence, the severity and potential impact to the organization, as well as the financial
and operational effects. Best practice contingency planning includes performing a BIA
and risk assessment to identify key risks and preventive measures and strategies to deal with
them.
• Awareness training. Information about contingency plans and the other plan types is
disseminated to employees, company leaders, customers and external stakeholders.
• Review and auditing. This ensures that the plan is examined periodically to check its
consistency with current business and technology practices, as well as the accuracy of
contact data. Periodic audits ensure alignment with relevant controls, standards and
applicable regulations.
• Continuous improvement. Regularly revisiting the plan can help ensure that it meets the
operational needs of the organization.
The terms business continuity and business contingency are often used interchangeably.
However, they differ in the following ways.
Business contingency. A business contingency plan is activated soon after the initial event
occurs and the IR team has made its initial assessments and determinations. The contingency
plan is used to get specific team members involved in mitigation efforts. These people make
short-term decisions regarding how the incident can be managed and resolved.
When a disruptive or negative event occurs, contingency plans provide a structure for
assessment and actions to recover from such unexpected events.
The faster the recovery, the less potential there is for damage to occur to the
organization and its employees. Speed in recovery also helps maintain a company's
financial status, competitive position and reputation.
Disaster Recovery
2. Risk evaluation: Assess potential hazards that put your organization at risk. Depending
on the type of event, strategize what measures and resources will be needed to resume
business. For example, in the event of a cyber attack, what data protection measures will
the recovery team have in place to respond?
3. Business-critical asset identification: A good disaster recovery plan includes
documentation of which systems, applications, data, and other resources are most critical
for business continuity, as well as the necessary steps to recover data.
4. Backups: Determine what needs backup (or to be relocated), who should perform
backups, and how backups will be implemented. Include a recovery point objective
(RPO) that states the frequency of backups and a recovery time objective (RTO) that
defines the maximum amount of downtime allowable after a disaster.
5. Testing and optimization: The recovery team should continually test and update its
strategy to address ever-evolving threats and business needs. By continually ensuring that
a company is ready to face the worst-case scenarios in disaster situations, it can
successfully navigate such challenges. In planning how to respond to a cyber-attack
Whether creating a disaster recovery strategy from scratch or improving an existing plan,
assembling the right collaborative team of experts is a critical first step.
It starts with tapping IT specialists and other key individuals to provide leadership over the
following key areas in the event of a disaster:
• Crisis management: This leadership role commences recovery plans, coordinates efforts
throughout the recovery process, and resolves problems or delays that emerge.
• Business continuity: The expert overseeing this ensures that the recovery plan aligns
with the company’s business needs, based on the business impact analysis.
• Impact assessment and recovery: The team responsible for this area of recovery has
technical expertise in IT infrastructure including servers, storage, databases and
networks.
• IT applications: This role monitors which application activities should be implemented
based on a restorative plan. Tasks include application integrations, application settings
and configuration, and data consistency.
While not necessarily part of the IT department, the following roles should also be assigned to
any disaster recovery plan:
• Executive management: The executive team will need to approve the strategy, policies
and budget related to the disaster recovery plan, plus provide input if obstacles arise.
• Critical business units: A representative from each business unit will ideally provide
feedback on disaster recovery planning so that their specific concerns are addressed.
Disaster recovery relies on having a solid plan to get critical applications and infrastructure up
and running after an outage—ideally within minutes.
• Preventive: Ensuring your systems are as secure and reliable as possible, using tools and
techniques to prevent a disaster from occurring in the first place. This may include backing up
critical data or continuously monitoring environments for configuration errors and compliance
violations.
• Detective: For rapid recovery, you’ll need to know when a response is necessary. These
measures focus on detecting or discovering unwanted events as they happen in real time.
• Corrective: These measures are aimed at planning for potential DR scenarios, ensuring backup
operations to reduce impact, and putting recovery procedures into action to restore data and
systems quickly when the time comes.
No organization can afford to ignore disaster recovery. The two most important benefits of
having a disaster plan in place, including effective DR software, are:
• Cost savings: Planning for potential disruptive events can save businesses hundreds of
thousands of dollars and even mean the difference between a company surviving a
natural disaster or folding.
• Faster recovery: Depending on the disaster recovery strategy and the types of disaster
recovery tools used, businesses can get up and running much faster after a disaster, or
even continue operations as if nothing had happened.