Page 764 - StudyBook.pdf
P. 764

748    Chapter 12 • Operational and Organizational Security: Policies and Disaster Recovery

             arise. Disasters can also occur in the form of employee’s accidentally or maliciously
             deleting data, intrusions of the system by hackers, viruses and malicious programs
             that damage data, and other events that cause downtime or damage. Because prepa-
             ration for disaster recovery begins long before a disaster actually occurs, the plan
             addresses such issues as proper methods for backing up data, offsite storage, and
             alternate sites for restoring systems to their previous state.
                 A disaster recovery plan is incorporated into a business continuity plan, which
             identifies key functions of an organization and the threats that most likely endanger
             them, and creates processes and procedures that ensure these functions will not be
             interrupted long after an incident. In addition to the disaster recovery plan, the
             business continuity plan may also incorporate a business recovery plan that
             addresses how business functions will resume at an alternate site, and a business
             resumption plan that addresses how critical systems and key functions of the busi-
             ness will be maintained.A contingency plan may also be included to outline the
             actions that can be performed to restore normal business activities after a disaster.
             Together, they provide a proactive approach to dealing with incidents before they
             occur.


             Exam Objectives Fast Track



             Policies and Procedures


                   Policies address concerns and identify risks, while procedures provide
                      guidance on how these issues are to be addressed.

                   Physical security is the application of preventative measures,
                      countermeasures, and physical barriers that are designed to prevent
                      unauthorized individuals from accessing facilities, areas, or assets of a
                      company.

                   Restricted access policies are used to control access to systems, data, and
                      facilities.
                   Workstation security policies are designed to address security issues related
                      to any computer that is connected to a network (inclusive of desktop and
                      laptop computers) and utilizes network resources.








          www.syngress.com
   759   760   761   762   763   764   765   766   767   768   769