Spring World 2018

Conference & Exhibit

Attend The #1 BC/DR Event!

Winter Journal

Volume 30, Issue 4

Full Contents Now Available!

Tuesday, 05 September 2017 15:09

Why You Should Separate Your IT Security and Disaster Recovery Plans

Many organizations consolidate their disaster recovery and IT security recovery plans into one package without asking if this approach makes sense.

Security and disaster plans are related but they are not the same, and at MHA Consulting, we advise against combining them.

How Disaster Recovery and IT Security Recovery Plans Differ

DR and IT security recovery plans appear to be very similar. Both plans include a procedure to minimize the impact of an event. They also have procedures to recover from the event and return to production, and will likely have a process to minimize the possibility of a similar event occurring again. Yet, beyond that, disaster and IT security recovery plans are fundamentally different.

The core difference between these plans is that disaster recovery is about business continuity, while IT security is about information protection. Therefore, disaster recovery plans tend to be actionable while security plans tend to be more validation and configuration driven. Part of the recovery tasks performed to make applications or environments available include the necessary security architecture and settings.