Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Management
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Proximity of DR Sites & U.S. City Hazards

from [Fred Cohen] Network Security [Permanent Link]
Subject: Re: Proximity of DR Sites & U.S. City Hazards
Date: Thu, 2 Mar 2006 18:43:01 -0800
No standard other than those used for nuclear attacks, etc. as far as I am aware. Under our "Security Decisions 2006" book: "Backup facility distance: How far should I go" (page 64-65 we assert different conditions for:

no distance
at least 5 miles
in another city
at least 250 miles
on another continent

This depends on a combination of the nature of the enterprise and the events covered by the DR/BC plan.

The things like fault lines, etc. is a complex collection of data from different sources normally undertaken as part of specific client studies for each location. We do this for clients in some assessments, but there doesn't seem to be a big call for it on a commercial basis. It costs about $25K per location and we need to know a fair bit about the issues at the location to identify the things to look for. In a flood zone may not matter for a multi-story building with facilities on floors above flood levels assuming other conditions are also true - as an example.

FC

On Feb 26, 2006, at 6:51 AM, lists@infostruct.net wrote:

Do you know of a standard that defines the distance between a business and
its DR site? From what I recall, the minimum distance should be 50/200
miles, not accounting for hazards.

I have already checked ISO 17799 and thought this might be an easy answer
for those of you dedicated to DR/BCP.

I am also looking for a definitive resource that lists hazards in major
U.S. cities (e.g. fault lines, hurricane zones, etc.).

Thanks for your time and consideration. I appreciate it.

Kind regards,

Gideon

Gideon T. Rasmussen
CISSP, CISA, CISM, SCSA
Charlotte, NC
gideon@infostruct.net

http://www.ussecurityawareness.org
http://groups.yahoo.com/group/gideons-infosec-list


--------------------------------------------------------------------
mail2web - Check your email from the web at
http://mail2web.com/ .




-- This communication is confidential to the parties it is intended to serve --
Security Posture securityposture.com tel/fax
University of New Haven unhca.com 925-454-0171
Fred Cohen & Associates all.net 572 Leona Drive
ASP Press asp-press.com Livermore, CA 94550


[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Security Dashboard, Fred Cohen
Next by Date:  Re: Security Dashboard, Fred Cohen
Previous by Thread:  Proximity of DR Sites & U.S. City Hazards, lists@infostruct.net
Next by Thread:  Re: Proximity of DR Sites & U.S. City Hazards, Packet Man
Indexes:  [Date] [Thread] [Top] [All Lists]