Is it a smart business practice to mix your disaster recovery efforts in with your security recovery plans? It might on the surface seem to be efficient and effective to plan both together, but each area needs an individual strategy to be successful.
While plans for security and disaster recovery have similarities, each plan is inherently different and potentially conflicting. Disaster recovery at its essence is about making sure the business can continue on. Security recovery is more focused on information asset protection.
Security incident response often requires evidence collection, a quick and quiet response, and detailed root cause analysis. These are operations that require some degree of delicacy, whereas business continuity plans are quite public and demand participation across the enterprise.
Another difference between disaster recovery and security recovery is that in the disaster plan, you’re looking at preserving data quality first, with business processing coming second. In the security plan, you have more of a focus on protective control rather than worrying about what you’ve lost.
It might seem convenient to lump both plans together due to their seeming similarities, including procedures to recover from an event, test, and return to business as usual. They also have a common element of learning what compromised the system. However, that’s just a “scratch the surface” view. When looking deeper, you see that disaster recovery is focused on recovering IT operations, while security recovery is more about preventing IT interruptions.
When you focus on a security recovery plan, you’re invested in dropping what you’re doing, observing what is happening, learning everything you can about it, then taking steps to correct the situation. This is different from a disaster recovery plan, where you would never have to collect evidence.
Another big reason for keeping these plans separate is that when you combine them, you draw a lot of attention from the public. Because there is an investigation aspect to security recovery, you don’t want everything public, especially if you’re collecting evidence regarding a network breach.
At ACR Solutions, we focus on evolving within the telecom industry. We have a unique ability to keep tabs on new services that can be of benefit to our clients. Contact us today to discuss how we can better position your organization.