The second stage of Disaster Recovery Plan (DRP) development involves conducting an operational analysis of security practices within the enterprise. An operational analysis is done early in the DRP process to identify dangerous or weak practices in the day-to-day security practices of IT that could become exploitable vulnerabilities. To assist IT departments with the operational analysis, this research note covers the following topics:
- Identifying security-related areas slated for operational analysis.
- Summarizing key findings.
- Creating a comprehensive report.
IT departments hope they never need to test their work beyond scheduled scenario tests of the plan. As such, every DRP must be based upon solid planning of the enterprise's security operations and a realistic assessment of vulnerabilities.