Business Continuity Planning (IT Security Cookbook)
Continuity of important business processes shall be guaranteed through disaster planning and information classification.
1.Availability of computerised information
Business processes which could affect Business Continuity require high availability. The owner of these processes, should define the availability required and ensure that the IT staff implement it1).
Systems may require some form of hardware, service or system redundancy. See the system requirements for the availability classes and the Mechanisms chapter.
- If a serious attack or disaster occurs:
- The Firecall team should take charge.
- The concerned machine should be disconnected from the network.
- Document every single action taken, events, evidence found (with time & date).
- Analyse the system: what files changed? What programs/accounts were added or modified? If modifications are found, check for these modifications on similar systems.
- Notify administrators, management and law enforcement authorities as required.
- If you discuss details of the attack with anyone via email, use encrypted email with signatures.
- Report the incident to a CERT/FIRST if necessary.