Tactical Advice

Know the Difference Between Disaster Management vs. Incident Management

Hope for the best, but prepare for the worst.
This story appears in the June 2007 issue of BizTech Magazine.

The terms “incident response” and “disaster recovery” both refer to an organization’s handling of computer or network threats after a disastrous event. But implementing these responses never has to happen if a company plans for such possibilities before they occur. Preemptive measures can head off major debilitation, including legal ramifications, financial losses and even simply the tarnishing of a company’s good name.

“A disaster is thought of like a heart attack,” says Ken M. Shaurette, CISSP. “Disaster management could be thought of as the medicine or exercise program that your doctor has to keep you alive until you can recover from the heart attack. Incident management is all the symptoms that you might [have had] for several months before the heart attack.” Shaurette is also a certified information systems auditor and a certified information security manager.

While specific preventions and remedies vary among industries, for most networked entities, planning includes being ready for threats such as viruses, hack attacks, denial-of-service attacks (malware outbreaks in general), unauthorized access (including employee abuse of information systems), industrial espionage and even hoaxes or scams. 

“Networks and systems often stay up and keep working, with the exception of a host or two if it needs to be forensically examined,” says Kevin Beaver, CISSP, of Principle Logic, with regard to incidents. He regards disasters, on the other hand, as “all-out show stoppers” with networks down, Internet access unavailable and buildings being evacuated.

“It’s important to differentiate between the two,” says Beaver. “They’re both serious but typically require completely different mind-sets as well as separately documented plans and response procedures.”

Secure Physical Space

Planning means taking precautions, and starting from the ground up is a good idea. For example, storage media (disks, finger drives, paper documents and so on) should be maintained in reinforced cases or boxes so as to avoid water damage from flooding. (Whenever possible, paper documents should be transferred to digital media, which take up less space and pose less of a fire hazard.) Often overlooked, but equally dangerous, are furniture and fixtures that are not secured properly. Desks, filing cabinets and all tall furniture should be secured to walls or the ground so they’ll be less likely to topple over. Often, routine examination and maintenance of electrical and other wiring can prevent simple network and telephone disconnects.

After the Incident

After an incident has occurred — despite your organization’s preventive measures or from a lack thereof — some action must be taken. According to Simon Heron of Network Box, incident management means “being able to identify, analyze and correct issues.” This requires monitoring to identify systems that have moved out of normal operating parameters, determining whether the source of the incident can be understood and then taking action.

An example: Your network fails as a result of overheating. “System temperatures might increase, but this could be because the air conditioning has failed — a real-life example,” says Heron. “The corrective action: Get the engineers in.” Most of the time, correcting shortcomings where they’re identified is not only the response to and management of an incident but also becomes the prevention of another similar incident.

Whether your organization is able to devote large amounts of resources (in both financial capital and work hours) or your budget allows for only rudimentary preparation, planning ahead will pay off. Many businesses ignore arguments urging the need for incident planning, but rarely, if ever, do those organizations ignore an incident once their systems have been breached. Rather than succumb and go out of business, they’re able to devote capital to repairing the damage afteran incident, which is often costly. Instead, they could have avoided repair had they applied even a portion of those funds to preventive planning.  

Douglas Schweitzer, A+, Network+, iNet+, CIW, is an Internet security specialist and author of several information security books.

Sign up for our e-newsletter


Heartbleed: What Should Your... |
One of the biggest security vulnerabilities has almost every user and every industry...
Why Businesses Need a Next-G... |
Devices investigate patterns that could indicate malicious activity.
Review: HP TippingPoint S105... |
Next-generation firewall can easily replace a stand-alone intrusion prevention system....


The New Backup Utility Proce... |
Just getting used to the Windows 8 workflow? Prepare for a change.
How to Perform Traditional W... |
With previous versions going unused, Microsoft radically reimagined the backup utility in...
5 Easy Ways to Build a Bette... |
While large enterprises have the resources of an entire IT department behind them, these...

Infrastructure Optimization

Businesses Must Step Careful... |
Slow and steady wins the race as businesses migrate IT operations to service providers,...
Why Cloud Security Is More E... |
Cloud protection services enable companies to keep up with security threats while...
Ensure Uptime Is in Your Dat... |
Power and cooling solutions support disaster recovery and create cost savings and...


Securing the Internet of Thi... |
As excitement around the connected-device future grows, technology vendors seek ways to...
How to Maximize WAN Bandwidt... |
Understand six common problems that plague wide area networks — and how to address them.
Linksys Makes a Comeback in... |
The networking vendor introduced several new Smart Switch products at Interop this week.

Mobile & Wireless

Mobility: A Foundational Pie... |
Other technologies rely on mobile computing, which has the power to change lives, Lextech...
Now that Office for iPad Is... |
After waiting awhile for Microsoft’s productivity suite to arrive, professionals who use...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.

Hardware & Software

Review: HP TippingPoint S105... |
Next-generation firewall can easily replace a stand-alone intrusion prevention system....
New Challenges in Software M... |
IT trends such as cloud, virtualization and BYOD pose serious hurdles for software...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.