Re: Disaster Recovery

["Jim Miller" <MillerJ () fabtexas com>]

Yes, I can address that question for you.
Normal contingency plans for banking mainframes require a hot site to come up on.  Companies like Comdisco and Sunguard 
will also have contingency services for client/server hotsites and cold sites.  You get what you pay for.  In almost 
all cases, you bring up the operating system config you have backed up.

Recovery procedures in a disaster of the magnitute of last week require backups sent from remote storage sites.  For a 
mainframe, these are usually on tape, but for client server are, in my shop, on CD-ROM.  The only way you could install 
a virus or trojan is if you already had one and then backed it up.


Jim Miller, CISA, CDP
VP & IS Audit Mgr
First American Bank Texas
Bryan, Texas   77805-8100
979/361-6515
979/777-9546
millerj () fabssb com

*******************************************************************************************
Here follows an electronic signature.  To verify, contact me for a public key
* ?   ;]ã 2,·gE*2O  4w *~*e68k Ì--ó  «ç à€nP  íÏ!U ß Ì*€ -°vsr@A;
********************************************************************************************
CONFIDENTIALITY NOTICE:  This e-mail and any attachments thereto may contain
information which is privileged and confidential, and is intended for the
sole use of the recipient(s) named above.  Any use of the information
contained herein (including, but not limited to, total or partial
reproduction, communication or distribution in any form) by persons other
than the designated recipient(s) is strictly prohibited.  If you have
received this e-mail in error, please notify the sender either by telephone
or by e-mail and delete the material from any computer.  Thank you for your
cooperation.
===========================================================
"Everything should be as simple as possible, 
   but no simpler" - Albert Einstein

"D'oh !!" - Bart Simpson
==============================================================


> > > "A Barnett" <abarnett () ndirect co uk> 09/13/01 07:03PM >>>
All,

This is aimed at being a discussion thread rather than any type of comment.

Following the recent disasters in the US I was struck by a simple but
worrying thought with respect to the IT infrastructures. Assuming that most
if not all of the companies ( and government) involved had half decent
disaster recovery plans then they will have back up offices ready equipped.
OK this is normal and correct procedure but how well are these centres kept
up to date with respect to the latest security patches.

Example - Your disaster plan says we need X workstations and Y servers with
Z telephone / comms connections running A, B  and C software. This means you
can be up and running in the nominal 24 hours or whatever but who actually
has the responsibility to keep these systems up to date.

My point being has anybody actually checked these systems for lets say Code
Red problems ? How much risk are companies going to expose themselves to and
if there is an additional risk over and above what the sysadmins who is
going to carry the can ?

Thoughts or experiences would be appreciated to help refine my own plans.

Tony Barnett



----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/ 



----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/