Yes, I can address that question for you. Normal contingency plans for banking mainframes require a hot site to come up on. Companies like Comdisco and Sunguard will also have contingency services for client/server hotsites and cold sites. You get what you pay for. In almost all cases, you bring up the operating system config you have backed up. Recovery procedures in a disaster of the magnitute of last week require backups sent from remote storage sites. For a mainframe, these are usually on tape, but for client server are, in my shop, on CD-ROM. The only way you could install a virus or trojan is if you already had one and then backed it up. Jim Miller, CISA, CDP VP & IS Audit Mgr First American Bank Texas Bryan, Texas 77805-8100 979/361-6515 979/777-9546 millerjat_private ******************************************************************************************* Here follows an electronic signature. To verify, contact me for a public key * ? ;]ã 2,·gE*2O 4w *~*e68k Ì--ó «ç à€nP íÏ!U ß Ì*€ -°vsr@A; ******************************************************************************************** CONFIDENTIALITY NOTICE: This e-mail and any attachments thereto may contain information which is privileged and confidential, and is intended for the sole use of the recipient(s) named above. Any use of the information contained herein (including, but not limited to, total or partial reproduction, communication or distribution in any form) by persons other than the designated recipient(s) is strictly prohibited. If you have received this e-mail in error, please notify the sender either by telephone or by e-mail and delete the material from any computer. Thank you for your cooperation. =========================================================== "Everything should be as simple as possible, but no simpler" - Albert Einstein "D'oh !!" - Bart Simpson ============================================================== >>> "A Barnett" <abarnettat_private> 09/13/01 07:03PM >>> All, This is aimed at being a discussion thread rather than any type of comment. Following the recent disasters in the US I was struck by a simple but worrying thought with respect to the IT infrastructures. Assuming that most if not all of the companies ( and government) involved had half decent disaster recovery plans then they will have back up offices ready equipped. OK this is normal and correct procedure but how well are these centres kept up to date with respect to the latest security patches. Example - Your disaster plan says we need X workstations and Y servers with Z telephone / comms connections running A, B and C software. This means you can be up and running in the nominal 24 hours or whatever but who actually has the responsibility to keep these systems up to date. My point being has anybody actually checked these systems for lets say Code Red problems ? How much risk are companies going to expose themselves to and if there is an additional risk over and above what the sysadmins who is going to carry the can ? Thoughts or experiences would be appreciated to help refine my own plans. Tony Barnett ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Mon Sep 17 2001 - 11:10:21 PDT