New statistics* shows disaster recovery (DR) is getting more attention, and more upper level execs become involved with DR issues. Ideally, each company should have an emergency plan in case of power/system failure, loss of access, outside attack, sabotage or else – called DRP (disaster recovery plan) or even DRRP (disaster response and recovery plan). DRP is only a part of risk management practices which ensure emergency preparedness and risk reduction and include such initiatives as regular data backups, stocking recovery software, archiving, etc. – these activities are reflected in PMI and NIST standards.
In my previous post I suggested several variants of computer security translated by different laws. Now I’d like to get to ciphers…again viewed by law.
Most laws define security obligations as reasonable, appropriate, suitable, necessary, adequate etc. without giving more precise directives to follow. Is it good or bad? And what should be known about these standards?