Incident Response Plan
Disaster Classification
A DR plan can classify disasters in a number of ways. The most common method of disaster classification The process of examining an adverse event or incident and determining whether it constitutes an actual disaster. is to evaluate the amount of damage caused by an incident. Many disasters begin as incidents, and only when they reach a specified threshold are they escalated from incident to disaster. A denial-of-service attack that affects a single system for a short time may be an incident, but when it escalates to affect an entire organization for a much longer period of time, it may be reclassified as a disaster. Who makes this classification? It is most commonly done by a senior IT or InfoSec manager working closely with the CSIRT and DR team leads. When the CSIRT reports that an incident or collection of incidents has begun to exceed their capability to respond, they may request that the incident(s) be reclassified as a disaster in order for the organization to better handle the expected damage or loss. These types of disasters are commonly referred to as slow-onset disasters Disasters that occur over time and gradually degrade the capacity of an organization to withstand their effects. Examples include droughts, famines, environmental degradation, desertification, deforestation, and pest infestation. , as they occur over time and gradually degrade the capacity of an organization to withstand their effects. Hazards that cause these disaster conditions typically include natural causes such as droughts, famines, environmental degradation, desertification, deforestation, and pest infestation and man-made causes such as malware, hackers, disgruntled employees, and service provider issues.
Usually, disasters that strike quickly are instantly classified as disasters. These disasters are commonly referred to as rapid-onset disasters Disasters that occur suddenly, with little warning, taking people’s lives and destroying the means of production. Examples include earthquakes, floods, storm winds, tornadoes, and mud flows. , as they occur suddenly with little warning, taking people’s lives and destroying the means of production. Rapid-onset disasters may be caused by natural effects like earthquakes, floods, storm winds, tornadoes, and mud flows, or by man-made effects like massively distributed denial-of-service attacks or acts of terrorism, including cyberterrorism or hacktivism and acts of war. Interestingly, fire is an example of an incident that can either escalate to disaster or begin as one (in the event of an explosion, for example). Fire can be categorized as a natural disaster when caused by a lightning strike or as man-made.
Table 10-3 presents a list of natural disasters, their effects, and recommendations for mitigation.
Table 10-3. Natural Disasters and Their Effects on Information Systems
| Natural Disaster | Effects and Mitigation |
|---|---|
| Fire | Damages the building housing the computing equipment that constitutes all or part of the information system. Also encompasses smoke damage from the fire and water damage from sprinkler systems or firefighters. Can usually be mitigated with fire casualty insurance or business interruption insurance. |
| Flood | Can cause direct damage to all or part of the information system or to the building that houses all or part of the information system. May also disrupt operations by interrupting access to the buildings that house all or part of the information system. Can sometimes be mitigated with flood insurance or business interruption insurance. |
| Earthquake | Can cause direct damage to all or part of the information system or, more often, to the building that houses it. May also disrupt operations by interrupting access to the buildings that house all or part of the information system. Can sometimes be mitigated with specific casualty insurance or business interruption insurance but is usually a specific and separate policy. |
| Lightning | Can directly damage all or part of the information system or its power distribution components. Can also cause fires or other damage to the building that houses all or part of the information system. May also disrupt operations by interrupting access to the buildings that house all or part of the information system as well as the routine delivery of electrical power. Can usually be mitigated with multipurpose casualty insurance or business interruption insurance. |
| Landslide or mudslide | Can damage all or part of the information system or, more likely, the building that houses it. May also disrupt operations by interrupting access to the buildings that house all or part of the information system as well as the routine delivery of electrical power. Can sometimes be mitigated with casualty insurance or business interruption insurance. |
| Tornado or severe windstorm | Can directly damage all or part of the information system or, more likely, the building that houses it. May also disrupt operations by interrupting access to the buildings that house all or part of the information system as well as the routine delivery of electrical power. Can sometimes be mitigated with casualty insurance or business interruption insurance. |
| Hurricane or typhoon | Can directly damage all or part of the information system or, more likely, the building that houses it. Organizations located in coastal or low-lying areas may experience flooding. May also disrupt operations by interrupting access to the buildings that house all or part of the information system as well as the routine delivery of electrical power. Can sometimes be mitigated with casualty insurance or business interruption insurance. |
| Tsunami | Can directly damage all or part of the information system or, more likely, the building that houses it. Organizations located in coastal areas may experience tsunamis. May also cause disruption to operations by interrupting access or electrical power to the buildings that house all or part of the information system. Can sometimes be mitigated with casualty insurance or business interruption insurance. |
| Electrostatic discharge (ESD) | Can be costly or dangerous when it ignites flammable mixtures and damages costly electronic components. Static electricity can draw dust into clean-room environments or cause products to stick together. The cost of servicing ESD-damaged electronic devices and interruptions can range from a few cents to millions of dollars for critical systems. Loss of production time in information processing due to the effects of ESD is significant. While not usually viewed as a threat, ESD can disrupt information systems and is not usually an insurable loss unless covered by business interruption insurance. ESD can be mitigated with special static discharge equipment and by managing HVAC temperature and humidity levels. |
| Dust contamination | Can shorten the life of information systems or cause unplanned downtime. Can usually be mitigated with an effective HVAC filtration system and simple procedures, such as efficient housekeeping, placing tacky floor mats at entrances, and prohibiting the use of paper and cardboard in the data center. |
- Settings
- Reading LanguageAmerican English - Female - Selected American English - Male Australian English British English
- Read on Hover
- Enlarge Text
- Text Mode
- Page Mask
- Download mp3
- Help