Page 767 - StudyBook.pdf
P. 767
Operational and Organizational Security: Policies and Disaster Recovery• Chapter 12 751
Education and Documentation
Educating users is the primary method of promoting user awareness, and
improving the skills and abilities of employees. By teaching users how and
why certain activities need to be performed, they are generally more
willing and better able to perform those tasks.
Communication is vital to understanding the issues users are facing when
incidents occur, and getting information to the parties that need it.
Educating users is the primary method of promoting user awareness and
improving the skills and abilities of employees.
Documentation about the system architecture should be created to
provide information on the system, its layout and design, and any of the
subsystems used to create it.
Change documentation can provide valuable information, which can be
used when troubleshooting problems and upgrading systems.
Logs record events that have occurred. Operating systems commonly
provide various logs that record such events as startups, shutdowns, security
issues, and other actions or occurrences.
Inventories provide a record of devices and software making up a network.
Classification is a scheme that allows members of an organization to
understand the importance of information, and therefore, be less likely to
leak sensitive information.
v Documentation should be used to record when the retention date for data
and documents expires, and how they are destroyed when this date is
reached.
Disaster Recovery
A disaster recovery plan identifies potential threats to an organization, and
provides procedures relating to how to recover from them.
Backing up data is a fundamental part of any disaster recovery plan and
business continuity.When data is backed up, it is copied to a type of media
that can be stored in a separate location.
www.syngress.com
