Biomedical Engineering Reference
In-Depth Information
structural damage from a fire or flood resulting in
the shifting or collapse of a building.
Second, the repair process usually involves
persons (e.g., contractors, electricians, vendors'
technicians) who are not familiar with normal,
daily operations. The probability of security
breaches and abusive or damaging actions
increases because of these individuals. A conflict
frequently arises between the urgency in repairing
damage and the need to plan and control the repair
and reconstruction process carefully. Because
many types of damage are difficult to predict,
setting up contingency plans is impractical or infea-
sible for any but the most likely incidents. For
example, most facilities have procedures for fire
prevention and control and for personnel evac-
uation. Planning for repairs following a fire is
often done only after an event when the extent
of the damage is known. Much confusion can be
eliminated, however, if some simple procedures
are followed, such as keeping an up-to-date list
of names and telephone numbers for all relevant
vendors, contractors, suppliers, and employees. On
the other hand, preparation for repair and recon-
struction for very rare events, such as a chemical
spill, might be handled after the event rather than
planned in advance. Basic contingency arrange-
ments, such as ensuring that a full set of floor plans
and equipment and network layouts is stored at
another location, should be made.
A reasonable procedure is to make prelimi-
nary plans for repairing damage caused by the
most likely events, but planning for repairing
improbable types of damage does not make sense.
Even less justifiable is planning for reconstruc-
tion before the event, although names and tele-
phone numbers of contractors and related services
should be retained on site. However, special secu-
rity procedures should be followed during the
repair process.
Recommended Course of Action
Risks to computer system and network integrity—
through security breaches, misuse, and damage—
are amplified considerably after such abuses occur,
when the IT and communications environment is
in a vulnerable state. Therefore, guarding against
further abuses is especially important during the
recovery and repair phases following the initial
problem. The first line of defense is to ensure
that there are fall-back procedures and resources
in the event that the primary security system is
damaged or otherwise compromised. This helps
prevent subsequent breaches. If damage to the
computer systems and communications networks
occurs despite all precautions, and a recovery and
repair process is initiated, security controls, based
on those outlined in Table F.2, should be imple-
mented during the recovery and repair process.
