132 3.9 Endnotes
are responsible for managing, such as VPNs and remote access devices, fire-
walls, use of encryption, intrusion detection and prevention systems, and so
on. We discussed the need to install and maintain antivirus, anti-spyware,
and anti-spam software. Preventing the theft of corporate proprietary infor-
mation and intellectual property information has become an issue that
information security managers must contend with on a more and more fre-
quent basis.
We also discussed several important security-related preventative con-
trols that can be implemented in your organization. These include restart-
ing or recovering a system, backing up data, and developing and managing
backup and recovery procedures. The importance of having offsite storage
of backup media and system documentation was emphasized. This also
includes the process of archiving information and electronic files, in the
event restoration is ever necessary. The process of recovering and restoring
data files is also something that information security managers must ensure
is outlined in policy and enforced. Next, we took a look at other types of
preventative controls besides those specific to IT, such as fire suppression
systems, cooling systems, and so on.
We discussed how you should review existing emergency procedures and
update the contact and instructional data related to them. We talked about
the need for identifying and training key personnel for handling emergency
procedures, constituting a recovery team, appointing team leaders and team
members, and identifying all external emergency service organizations and
coordinating with them as much as possible. Finally, we discussed various
premises issues that should be taken into consideration when planning risk
mitigation activities. In the next chapter, we will delve into the preparation
phase of preparing for emergencies.
3.9 Endnotes
1. Texas Department of Information Resources. Business Continu-
ity Planning Guidelines. December 2004.
Get Business Continuity and Disaster Recovery for InfoSec Managers now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
