The second stage of Disaster Recovery Plan (DRP) development involves conducting an operational analysis. An operational analysis is done early in the DRP process to identify dangerous or weak practices in the day-to-day operation of security procedures that could become exploitable vulnerabilities. To assist IT departments with DR operational analysis, this tool covers the following areas:
- Physical security
- Data access
- Critical services
- Passwords and user accounts
- Backups and data storage
- Internet and e-mail use
- IT security software
IT departments hope they never need to test their work beyond scheduled scenario tests of the plan. As such, every DRP must be based on solid planning of the enterprise's security operations, and a realistic assessment of current documentation to ensure its accuracy and completeness.
This downloadable tool is associated with the research note, “Security Ops Holes Trip Up the Heartiest DRPs.”