Many enterprises keep a single plan on file for handling two of their most dreaded events: disaster recovery and security recovery. It may streamline company policy to hold just one plan for handling these two types of crises, but they tend to carry different requirements and it is worth the time and investment to create a plan for each distinct scenario.
What’s similar: There are some similarities in the broad processes of what happens in disaster recovery and security recovery. Both begin with attempting to minimize the impact of the event, followed by procedures for recovery and a run of testing for a return to production. Both are generally followed by a lessons-learned exercise to better prepare for a similar event in the future.
Past these high-level similarities, the approach for disaster recovery is quite different from that used in a security recovery scenario.
Disaster recovery and security recovery have a different immediate focus. When a natural disaster hits, the primary concern is business continuity, while a security breach prioritizes protecting information assets. While a security breach requires a careful analysis of the cause, disaster recovery involves no such search.
Disaster recovery happens in public. Managing a security breach is a stealthy process. While a disaster recovery event tends to announce updates and send an email out to key stakeholders and board members, a security breach is kept more private. Disaster recovery involves an all-hands-on-deck approach with the goal of rapidly resuming business processes, whereas security is all about looking forward to what needs to be done to prevent the loss of more data.
Anticipating the problem is different. While a team could potentially have some warning of a natural disaster in the event of a tornado, wildfire, or hurricane, a security breach will come with no warning. While each weather event is unique, cyberattacks change almost by the minute and teams will struggle to have any anticipation of a breach.
Combining the procedures can result in a cumbersome document. The combination of disaster recovery and security recovery plans into a single document can create contradictory or overly explanatory instructions for handling each situation. It’s far better to have a customized plan for each type of scenario, along with a regular review of procedures to accommodate changes in enterprise technology.
While an enterprise may have separate teams developing plans for disaster recovery and security recovery, they may each benefit from testing the other team’s plan to identify gaps and weak spots where additional policies may be warranted.
At One Connect, our high standard of customer service is met through solid partnerships in which we function as an extension of the customer’s business operation. Contact us to discuss your disaster recovery and security recovery plans further.