Disaster Recovery

["A Barnett" <abarnett () ndirect co uk>]

All,

This is aimed at being a discussion thread rather than any type of comment.

Following the recent disasters in the US I was struck by a simple but
worrying thought with respect to the IT infrastructures. Assuming that most
if not all of the companies ( and government) involved had half decent
disaster recovery plans then they will have back up offices ready equipped.
OK this is normal and correct procedure but how well are these centres kept
up to date with respect to the latest security patches.

Example - Your disaster plan says we need X workstations and Y servers with
Z telephone / comms connections running A, B  and C software. This means you
can be up and running in the nominal 24 hours or whatever but who actually
has the responsibility to keep these systems up to date.

My point being has anybody actually checked these systems for lets say Code
Red problems ? How much risk are companies going to expose themselves to and
if there is an additional risk over and above what the sysadmins who is
going to carry the can ?

Thoughts or experiences would be appreciated to help refine my own plans.

Tony Barnett



----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/