This stage is still just talk and paper. It is a creative process to determine what proactive and reactive (preventive and recovery) options are available to present to management. After the proposals are completed, at the approval stage, management reviews this collection of proposals and, based on its vision, tolerance for risk, and the impact on the budget, it will approve the proposed components it feels will provide the best balance of protection for the enterprise within an acceptable budget.

The goal of this stage is for the security professional to develop an accurate vision of the controls that could avoid disaster and ensure that the enterprise can survive an unavoidable disaster. Present that well-developed ...