Disaster recovery vs. security recovery plans: Why you need separate strategies

Many enterprises blend their disaster recovery and security recovery plans into a single, neat, easy-to-sip package. But does this approach make sense?

Not really, say a variety of disaster and security recovery experts, including Marko Bourne, who leads Booz Allen’s emergency management, disaster assistance and mission assurance practice. “Security and disaster plans are related, but not always the same thing,” he observes.

The objectives in disaster recovery and security recovery plans are inherently different and, at times, conflicting, explains Inigo Merino, former senior vice president of Deutsche Bank’s corporate security and business continuity unit and currently CEO of cyber threat detection firm Cienaga Systems. “The most obvious difference is that disaster recovery is about business continuity, whereas information security is about information asset protection,” he notes. “The less evident aspect is that security incident response often requires detailed root cause analysis, evidence collection, preservation and a coordinated and–often–stealthy response.”

To read this article in full or to leave a comment, please click here

Read more: Disaster recovery vs. security recovery plans: Why you need separate strategies

Story added 24. August 2017, content source with full text you can find at link above.