Page 1290 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1290

to help you analyze your organization’s vulnerabilities when preparing
               a business continuity plan and disaster recovery plan.



               Fires
               Earlier in the chapter, we explained how some regions of the world are

               susceptible to wildfires during the warm season, and these types of
               fires can be described as natural disasters. Many smaller-scale fires
               result from human action—be it carelessness, faulty electrical wiring,
               improper fire protection practices, or other reasons. Studies from the
               Insurance Information Institute indicate that there are at least 1,000

               building fires in the United States every day. If such a fire strikes your
               organization, do you have the proper preventive measures in place to
               quickly contain it? If the fire destroys your facilities, how quickly does
               your disaster recovery plan allow you to resume operations elsewhere?


               Acts of Terrorism

               Since the terrorist attacks on September 11, 2001, businesses are
               increasingly concerned about risks posed by terrorist threats. These
               attacks caused many small businesses to fail because they did not have

               business continuity/disaster recovery plans in place that were
               adequate to ensure their continued viability. Many larger businesses
               experienced significant losses that caused severe long-term damage.
               The Insurance Information Institute issued a study one year after the
               attacks that estimated the total damage from the attacks in New York
               City at $40 billion (yes, that’s with a b again!).




                             General business insurance may not properly cover an

                  organization against acts of terrorism. In years past, most policies
                  either covered acts of terrorism or didn’t mention them explicitly.
                  After suffering catastrophic terrorism-related losses, many
                  insurance companies responded by amending policies to exclude

                  losses from terrorist activity. Policy riders and endorsements are
                  sometimes available but often at extremely high cost. If your
                  business continuity or disaster recovery plan includes insurance as
                  a means of financial recovery (as it probably should!), you’d be well
   1285   1286   1287   1288   1289   1290   1291   1292   1293   1294   1295