Page 1283 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1283
The Nature of Disaster
Disaster recovery planning brings order to the chaos that surrounds
the interruption of an organization’s normal activities. By its very
nature, a disaster recovery plan is designed to cover situations where
tensions are already high and cooler heads may not naturally prevail.
Picture the circumstances in which you might find it necessary to
implement DRP measures—a hurricane destroys your main operations
facility; a fire devastates your main processing center; terrorist activity
closes off access to a major metropolitan area. Any event that stops,
prevents, or interrupts an organization’s ability to perform its work
tasks (or threatens to do so) is considered a disaster. The moment that
information technology (IT) becomes unable to support mission-
critical processes is the moment DRP kicks in to manage the
restoration and recovery procedures.
A disaster recovery plan should be set up so that it can almost run on
autopilot. The DRP should also be designed to reduce decision-making
activities during a disaster as much as possible. Essential personnel
should be well trained in their duties and responsibilities in the wake
of a disaster and also know the steps they need to take to get the
organization up and running as soon as possible. We’ll begin by
analyzing some of the possible disasters that might strike your
organization and the particular threats that they pose. Many of these
are mentioned in Chapter 3, but we’ll now explore them in further
detail.
To plan for natural and unnatural disasters in the workplace, you must
first understand their various forms, as explained in the following
sections.
Natural Disasters
Natural disasters reflect the occasional fury of our habitat—violent
occurrences that result from changes in the earth’s surface or
atmosphere that are beyond human control. In some cases, such as
hurricanes, scientists have developed sophisticated predictive models
