Biomedical Engineering Reference
In-Depth Information
be provided in case the electronic systems are
disabled.
Communications Security
. Backup communi-
cations networks should be armed with secu-
rity controls. Securing of backup networks is
often more difficult than for primary networks,
because backup communications lines are often
public. Communications backup procedures should
accommodate the need to inform users of
new changes in dial-up procedures, encryption
keys, and communications log-on procedures,
when appropriate, and other necessary contact
information.
Securing data over public communications
carriers can include encryption, error detection
codes, positive Acknowledgment, or echoplexing.
These methods verify message integrity but do
not control access. The retention of encryption
capability is an issue particularly during the
recovery process because it means making the
required encryption keys available at multiple loca-
tions and ensuring that the mechanisms are in
place to transfer host or client locations without
compromising the security effected by encryp-
tion.
Logical Access Controls
. It is imperative either
to update access passwords and procedures on the
backup copies of the system or to have a means of
informing users of their backup passwords in case
the backup system is activated. Backup passwords
should be distributed in the same secure manner as
primary passwords. In addition, the security soft-
ware for the backup system must be continually
updated. It would compound a disaster if, after a
successful move to a backup site, users were unable
to gain access to the system because the secu-
rity software was not compatible with the primary
system or had not been updated to reflect changes
in the primary systems and networks.
In summary, specific security measures to ensure
continuing system integrity should be appended to
every recovery procedure.
measures designed to protect the systems and
networks under normal operation are imple-
mented during recovery. Security measures must
be designed specifically for contingency situations.
These security controls must allow for the unusual
and urgent requirements of a recovery environment
yet still offer protection during a very vulnerable
situation.
The most fundamental and significant aspects
of security during the recovery phase are that
security controls appropriate in normal situations
do not work best during disaster recovery and
that special provision must be made in the secu-
rity procedures to account for such differences.
As a simple example, many data centers do
not allow system programmers to gain physical
access to the computers and prevent applica-
tions programmers from having access to produc-
tion systems. However, during a disaster, a
programmer may be critical to effecting a specific
recovery. The security procedures must allow for
certain individuals to have, in emergency situa-
tions, controlled privileged access that may not
be available to them under normal operating
conditions.
Security During Repair and Correction
Frequently, when a disaster has passed and the risk
to systems and networks has been reduced, there
is a tendency to relax security and repair proce-
dures. Repair and reconstruction often proceeds
without the diligence and concentration afforded
the recovery process; however, major dangers can
result from such relaxation.
First, if another damaging event occurs before
the completion of the repair and correction process,
the organization may be left without backup or
primary systems and networks. Whereas it is
improbable that two independent, damaging events
will occur in rapid succession, the repair process
itself can pose added risk (e.g., welding or high-
voltage electrical repair work can increase the
risk of fire or further electrical outages). Also,
some events have anticipated potential subsequent
effects, such as aftershocks from an earthquake or
Special Security Provisions
The efficiency and effectiveness of the recovery
process can be compromised if the same security
