Page 1294 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1294
installed. As many parts as possible should be kept in a local parts
inventory for quick replacement; this is especially true for hard-to-find
parts that must otherwise be shipped in. After all, how many
organizations could do without telephones for three days while a
critical private branch exchange (PBX) component is en route from an
overseas location to be installed on site?
NYC Blackout
On August 14, 2003, the lights went out in New York City and in
large areas of the northeastern and midwestern United States
when a series of cascading failures caused the collapse of a major
power grid.
Fortunately, security professionals in the New York area were
ready. Many businesses had already updated their disaster
recovery plans and took steps to ensure their continued operations
in the wake of a disaster. This blackout served to test those plans,
and many organizations were able to continue operating on
alternate power sources or to transfer control seamlessly to offsite
data-processing centers.
Lessons learned during this blackout offer insight for BCP/DRP
teams around the world and include the following:
Ensure that alternate processing sites are far enough away from
your main site that they are unlikely to be affected by the same
disaster.
Remember that threats to your organization are both internal
and external. Your next disaster may come from a terrorist
attack, a building fire, or malicious code running loose on your
network. Take steps to ensure that your alternate sites are
segregated from the main facility to protect against all of these
threats.
Disasters don’t usually come with advance warning. If real-time
operations are critical to your organization, be sure that your
