71. What is contingency planning and why are information security policies so important?

Contingency planning - for purposes of information security - consists of a coordinated strategy of various plans, procedures, technical measures and initiatives for ensuring the recovery of information systems, operations, and data after a disruption of services.

Additionally, comprehensive contingency planning generally involves the following administrative and strategic | operational elements:

  • Conducting prioritization activities for recovery and restore purposes of mission-critical system resources in accordance with Business Impact Analysis (BIA) strategies.
  • Performing annual risk assessments on one's overall information systems landscape.
  • Testing, reviewing, monitoring, and adhering to the plan.
  • Restoring and recovering critical system resources to alternate equipment and locations, respectively.
  • Performing alternate (i.e., manual) procedures vs. traditional automated procedures.

Contingency planning can be looked upon as a subset of the much larger, broader scope Business Continuity and Disaster Recovery Planning - a concept that more and more organizations are readily adopting in today's world of ever-increasing cyber security threats. The NIST Publication SP 800-34 | Contingency Planning Guide for Federal Information Systems, is an excellent resource for learning more about this increasingly important topic in today's heightened security world we all live in.

Information Security Polices | Essential for Contingency Planning & | Download

What's also interesting to note about contingency planning is the fundamental importance of documented, enterprise-wide operational and information security policies and procedures for today's security conscious organizations. With cyber security threats on the rise, organizations are being challenged and pushed to the limits like never before in terms of ensuring the confidentiality, integrity, and availability of one's information systems landscape.

Where to start - with industry leading information security policies and the FLANK21 set of documents available for instant download - that's where. With hundreds of professionally developed, high-quality policies, procedures, forms, checklists, templates - and