All, This is aimed at being a discussion thread rather than any type of comment. Following the recent disasters in the US I was struck by a simple but worrying thought with respect to the IT infrastructures. Assuming that most if not all of the companies ( and government) involved had half decent disaster recovery plans then they will have back up offices ready equipped. OK this is normal and correct procedure but how well are these centres kept up to date with respect to the latest security patches. Example - Your disaster plan says we need X workstations and Y servers with Z telephone / comms connections running A, B and C software. This means you can be up and running in the nominal 24 hours or whatever but who actually has the responsibility to keep these systems up to date. My point being has anybody actually checked these systems for lets say Code Red problems ? How much risk are companies going to expose themselves to and if there is an additional risk over and above what the sysadmins who is going to carry the can ? Thoughts or experiences would be appreciated to help refine my own plans. Tony Barnett ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Fri Sep 14 2001 - 12:13:55 PDT