How Will You Respond to an Incident?

According to an August 2010 survey in InformationWeek magazine, 17 percent of those surveyed did not have a disaster-recovery plan. Businesses often cite that they do not have a plan for various reasons, such as lack of resources, or they find it too difficult. Other reasons given by these businesses include the fact that they were “not sure where to start,” “we're too small,” or “we have backups.” You should have a disaster-recovery plan no matter what size your business is. If you're a very small company, then, clearly, formulating a disaster-recovery plan should be easy.

Of course, the types of potential disasters vary with different businesses. For example, you may feel that you are immune from natural disasters because your data center is safely tucked away far from you. You may want to rethink that view. For example, you may think that earthquakes only occur on the West Coast, but you may be surprised to discover that, according to the U.S. Small Business Administration, earthquakes have also occurred in Mississippi, Missouri, Arkansas, Illinois, Tennessee, and South Carolina. Consider the impact to you if your data center were hit by an earthquake.

Chapter 6 works through how to put together an entire disaster-recovery plan. However, in the context of this discussion on assessing your security risks, let's take a look at some important preliminary questions you should answer.

Does Your Plan Exist?

“Does your plan exist?” is a simple “yes” ...

Get CMS Security Handbook: The Comprehensive Guide for WordPress®, Joomla!®, Drupal™, and Plone® now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.