IT Baseline Protection Manual - The Information Warfare Site

Safeguard Catalogue - Communications Remarks
____________________________________________________________________ .........................................
S 6.11 Development of a post-incident recovery plan
Initiation responsibility: Head of IT Section; IT Security Management;
staff responsible for the individual IT
applications
Implementation responsibility: Head of IT Section; staff responsible for
emergency preparedness (contingency
planning); administrator
In order to ensure correct restart after failure of an IT system, the following
information should be documented (see example in S 6.3 Development of an
Emergency Procedure Manual, Part C).
- Repurchase opportunities, e.g. the use of a test computer for interactive
communication or replacement procurement (c.f. S 6.14 Replacement
procurement plan),
- internal/external alternatives for IT applications should be listed (c.f. S 6.6
Study of internally and externally available alternatives);
- data transmission supply (c.f. S 6.10 Contingency plans for breakdown of
data transmission) for emergency operation in order to guarantee the
minimum data transmission required,
- IT applications in reduced IT operations (c.f. S 6.5 Definition of "restricted
IT operation"),
- system start-up of the IT components and inclusion into the IT system,
- In order to meet the availability requirements (cf. S 6.1 Development of a
survey of availability requirements) of the various IT applications, a
sequence for restart of the IT applications must be laid down.
The steps required for restarting an IT application should be shown in the
Contingency Manual (c.f. example in S 6.3 Development of an Emerngency
Procedure Manual, Part D). Such steps include, for example:
- set-up and installation of the required hardware components;
- Loading of the system software
- installation of the application software;
- provision of the necessary data, including configuration files;
- Restarting
Auditable logging of the restart must be ensured.
The feasibility of the post-incident recovery plan is to be checked by
emergency preparedness exercises (for both internally and externally available
alternatives). When carrying out such tests, particular attention must be given
to the exclusive use of the software and data held in internal or external
backup archives.
Depending on the size of the used IT applications, restart can be very timeconsuming.
The times required by the restarting steps can be ascertained with
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000