Principles of incident response and disaster recovery

Home Blog Uncategorized Principles of incident response and disaster recovery

Principles of incident response and disaster recovery

Presented By


Presented To



Principles of incident response and disaster recovery


Other means of dealing with security threats and incident response existed long before the introduction of computer technology. People used to respond to unexpected incidents that were capable of affecting organizations or a nation at large. Irrespective of the nature of the event, it is always advisable to prepare and respond to an incident that has a negative effect to people. The use of disaster recovery and incident response technologies assists organizations in preparing for unexpected events. Most organizations fail in preparing for incident respond and disaster recovery while conducting their daily businesses. These organizations are not well prepared to offer significance respond to disasters and security incidences. Information security principal takes control of the security information available in a nation or an organization (Federal Information Processing Standard 199; Denning 3-4). Threats to information security are of many forms. Some common these threats found in day-to-day life include: the act of human error, intellectual property, deliberate acts of trespass, software/cyber attacks, forces of nature, technological obsolescence, technical hardware/software failure, and theft (Lewis 2002)

Using incident response and disaster recovery has various steps that should be followed in an effort to address security issues in a country. Understanding the key components in the information technology topic assists in reducing the complexity of the subject for easier elaboration, even by the illiterate people. Information security technology uses of security protection elements that include systems and hardware. The elements use, store, and transmit information necessary for responding to different security threats. (Whitman & Mattord 150-157). The following diagram shows a presentation for the incident response and disaster discovery plan.

Figure 1: incident response and disaster recovery planning diagram

Contingency plan to disaster recovery and incident response

The incident planning and preparation phase is the most critical stage in creating a security response program. This stage combines all the elements in order to prevent any possible instance of an incident occurring, and makes the system ready to respond to any threat. If proper planning of an incident and a disaster recovery method fails, the contingency approaches to disaster controls and response might be ineffective. The disaster recovery and incident response technologies contingency plan makes use of 7 steps. These are:

Developing a contingency plan policy statement

Conducting the Business Impact Analysis

Identifying preventive controls measures for reducing the effects of system disruptions.

Developing recovery strategies

Developing an Information Technology (IT) plan

Conducting plan testing and training.

Maintaining the plan.

The contingency planning policy is established by the executive management that defines the scope of security operations at hand. The planning and preparation phase brings together all the elements aimed at preventing an incident. On the other hand, the planning phase makes the system ready in responding to any event that is likely to occur (ITS Policy Library 1-5; Wright 2001). Form figures 1, several blocks are included in the planning phase. The incident response and disaster recovery plan should consist of responsible teams made of experts in the fields of technology, security, and human psychology. The team number differs with the size of the organization, or the value of assets protected. The team responsibilities include: preventing cyber threats and vulnerabilities; incident prevention, information gathering and analysis; and developing the organizational security policies and procedures in regard to disaster recovery.

Setting policies and procedures is an essential aspect in every organization or government. The responsible teams discuss and weigh different options, while at the same time testing the appropriate approach towards incident response and prevention. The policies should be clearly written and detailed, and tested before implementation. These incident response policies should establish a direct incident response and disaster recovery system capable of responding to all possible threats. In addition, the incident response plan should contain the following key sections. The overview, goals and objectives section defines the expected results, and aims for developing the system. The incident description section classifies the different types of IT incidences likely to bring threats. Other sections include incident notification, incident analysis, communications, and forensics (Nelson, Amelia & Christopher 54-61).

After the planning and preparation phase, the incident response and planning phase follows. This phase brings together all elements for the prevention of any unseen incident, or preparing the system for any future threats that might occur. On this stage, several building blocks are included. These are the organization of the response team, defining communications between the internal and external parties, and reporting the necessary findings to the top security personnel. Developing a perfect technical and managerial personnel respond to an incident in an organization takes a lot of resources. A lot of training is required for the response team in order to equip them with the necessary mitigation measures. It is recommended that, the response team be trained in advance to avoid time wastage in case an incident occurs as the team looks for the best prevention measures. In addition, it minimizes the number of decisions made while the attack is in progress because this might accelerate the amount of damage made (Byres, Leversage & Kube 5-8).

In the present, various computer networking systems are used capable of connecting more than two computers. These are LANs, MANs, and WANs. LANs stands for Local Area Networking and connects computers in a single building. LANs enables security personnel to monitor any threats occurring in a specific part of the building and respond accordingly. In addition, the person at the control room can monitor different users in regard to the login details, areas accessed. The system uses high speed networks making it more efficient making use of typical buses or rings (Mitchel 2012).

MANs stand for Metropolitan Area networks, and generally cover towns and cities. Police use this technology in towns and cities severances. Different cameras are connected to computers where an individual could monitor the operations taking place around the town. This system prevents crimes related to ATM thefts, pick pocketing, shoplifting, and car-jacking. This technology was developed in 1980s and uses optical fibers, and cables to transfer information. The messages delivered through this system are fast and efficient. The system would have been most appropriate in determining the main cause of September 11 plane crash (Mitchel 2012).

The WANs, Wide Area Networks, cover extremely large areas like states, countries, and continents. Google Earth employs this system since it covers the whole earth giving information from different regions. The circuits are connected by routers capable of gathering information from all round the universe and delivering it to a central location. These systems are very useful in preventing disasters and incidences. Satellites are another example of WANs that gives information regarding the weather (Mitchel 2012).

The use of disaster recovery and incident response technologies today

Patch management is a very effective program in incident response and prevention. First, patch management prevents incidents from occurring. Second patch management responds to vulnerabilities and prevents incidences from reoccurring in the future. All incident response and disaster recovery systems should contain patch management program. While selecting the patch management program, the following factors should be considered. The computer operating system should be compatible with the software. The patch should be original and contain the security mark. Moreover, the patches should be tested before installed to check their efficiency and operational values. Testing should occur in a realistic situation to determine any missing element, incomplete or inaccurate systems (Verma, Huang, and Sood 2010).


Before developing a full incident response and disaster recovery system, there should be efforts made to fix the source of the threat. This includes getting rid of any suspected object, or individual capable of causing a threat, or replacement of vulnerable materials to threats. The use of incident response and disaster recovery technologies has assisted many people. Moreover, organizations safe millions of money from potential threats associated with Information Technology insecurity. The steps provided in table one provides an overview of how an organization should go about responding and preventing disasters and incidences. From the discussion, the following actions are emphasized (Bogart and Guenther 12). First, people should learn from experience in preventing incidences occurring in an organization. Second, an effective response plan should be devised for preparation for any potential incident, made of well described policies and procedures. Thirdly, in case of an incident, a clear assessment of the necessary technological mitigation measures should be used and necessary protective measures used in safeguarding the attacked system. The use of incident response and disaster recovery methods is an essential aspect that every government or sate should incorporate in order to safeguard their properties from potential threats (Denning 12).

Works cited

Byres, E., Leversage, D. & Kube, N. Technical Article: Security incidences and trends in

SCADA and process industries, 2007.

Bogart, K. and Guenther, M. Risk Assessment, Disaster Recovery, Data Backups, Data

Classification and Incident Reporting. The University of Arizona: Information Security Office, 2002.

Denning, E. D. Information Technology and Security. Georgetown University Press, 2003.

Denning, E. D. Information Welfare and Security, Addisson-Wesley, 1999

ITS Policy Library. Information technology Disaster Recovery Policy. Weill Cornell Medical

College, n.d. Retrieved from: Information Processing Standard. Standards for security categorization of federal

Information and information systems, 2004. Retrieved from:, A. J. Assessing the Risks of Cyberterrorism, Cyber War and other cyber

Threats. Center for Strategic and International Studies, 2002. Retrieved from;, B. Introduction to Network Types (LAN, WAN and Other Area Networks), 2012.

Retrieved from:, B., Amelia P., & Christopher S. Guide to computer forensics andinvestigations. 4th ed.

Boston, MA: Course Technology Cengage Learning, 2010. Print.

Verma, N. Huang, Y and Sood, A. Proactively Managing Security Risk, 2010. Retrieved from: IFIP World Computer Congress Workshop. IFIP World Computer Congress.

Montreal, Quebec, Canada, 2002.

Whiteman, E. M. & Mattord, J. H. Principles of incident response and disaster recovery.

Boston, Mass.: Thomson Course Technology, 2007. Print

Wright, E. Timothy. How to design a useful incident response policy, 2001. Retrieved from:

Academic Research Pro