The second stage of Disaster Recovery Plan (DRP) development involves conducting an operational analysis of security practices within the enterprise. An operational analysis is done early in the DRP process to identify dangerous or weak practices in the day-to-day security practices of IT that could become exploitable vulnerabilities. To assist IT departments with DR operational analysis, this tool is intended to summarize the recorded findings from the following reviews and audits:
- Physical security
- Data access
- Critical services
- Passwords and user accounts
- Backups and data storage
- Internet and e-mail use
- IT security software
Every DRP must be based on solid planning of the enterprise's security operations and a realistic assessment of existing IT processes and their potential vulnerabilities. Equally important is the ability to report this information in a coherent format.
This downloadable tool is associated with the research note, “Security Ops Holes Trip Up the Heartiest DRPs.”