Planning for Disaster: Assessing Risks to Your Business Data
It’s only a matter of time before a disaster affects your business’s ability to access data. If you have a plan, you’ll be halfway down the road to recovery when disaster strikes. This article reviews the basics of disaster recovery planning.
- Assets: Generally speaking, anything that’s valuable to your organization. In the context of data disaster recovery planning, you’re interested in tracking your organization’s data assets (for example, sales data, customer records, and product designs) and data processing assets (for example, servers, workstations, and network devices).
- Vulnerabilities: Weaknesses that might allow for the failure of a control that affects the confidentiality, integrity, or availability of your data assets. For example, if your server runs an old, unpatched operating system, that’s a technical vulnerability. In addition, physical vulnerabilities may pose a risk to your data (for example, the use of a water-based fire suppression system near critical electronic equipment).
- Threats: Potential events that may actually compromise your data if a corresponding vulnerability exists. For example, a skilled hacker is a threat that may be able to exploit an unpatched operating system vulnerability. Similarly, a hurricane, a tornado, or another severe storm constitutes a threat that might exploit a leaky roof vulnerability.