Focusing on availability, disaster recovery, and business continuity
We need to be honest when we talk about information security; it's not always about defending against malicious hackers trying to grab our organization's precious intellectual property. In reality, many occasions you will face in your career will be surrounding an outage due to a power cut or a simple software update gone wrong, taking down a production system.
Just because these threats aren't adversarial, does not imply that they're any less real. The opposite may be true, in fact: we might face outages from non-adversarial events more often than we face malicious actors. Therefore, we need to ensure that we have effective change control policies in place and follow them, and we need to define and rehearse disaster recovery and business continuity processes in order to ensure maximum uptime.
Defining, implementing, and testing disaster recovery processes
Disaster recovery is all about...