Disaster recovery is now a normal part of business operations. However, before the year 2000, disaster recovery was a “nice to have” addition to a business. Then, the “Y2K” bug became the impetus that brought disaster recovery to the forefront of business preparedness. Next, in 2001, the rise of terrorism brought new attention to the need for businesses to prepare for disasters. As time progressed, incidents such as the blackout of 2003 that shut down the northeastern United States for a day, made many recognize that disaster recovery centers could not be on the same power grid, let alone at the same geographic location.
Reflecting on those times, it is interesting that the biggest threats to businesses from a cybersecurity perspective were all based on computer virus mitigation and other disruptors such as the SQL-Slammer worm. The world of cybersecurity was still young.
In recent years, cybercrime has increased, changing the entire approach to how business is conducted. Disaster recovery remains an important part of any business plan, but it is executed only in the direst of circumstances. The new threat landscape has caused a shift in focus to incident response. Unlike the static nature of a disaster recovery structure, incident response is a fluid, real-time construction that requires a different set of disciplines.
There are specific phases of incident response. The National Institute of Standards and Technologies (NIST) has outlined the steps in its phases incident response
