RECOVERY PLANNING

The use of a backup facility usually means both extra expense and degraded performance. Therefore, give some thought to recovery by developing and maintaining supporting documents that minimize the time required for recovery. Furthermore, the AIS staff will be hard pressed by backup operations. If others can handle recovery, the workload on the AIS staff will be reduced during the emergency and the process will undoubtedly be carried out more effectively and economically. Recovery from total destruction requires the following tasks be completed:

Locate and obtain possession of enough floor space to house the AIS facility with a live-load capacity as required by the AIS hardware and suitably located with respect to users and AIS staff spaces.

Perform required modifications for needed partitions, raised floor, electric power distribution, air conditioning, communications, security, fire safety, and any other special requirements.

Procure and install AIS hardware.

Procure needed supplies, office equipment and furniture, tape storage racks, decollators, and so forth.

Verify that all needed hardware, equipment, and materials are on hand and in good working order. Then transfer operations from the backup site to the reconstituted AIS facility.

If the necessary documents have been prepared and stored offsite before the emergency, it should be possible for all but the last tasks to be completely

reconstructed with minimum effort. Figure 4-14 shows a simplified step diagram of a normal reconstruction effort.

COOP TESTING

Because emergencies do not occur often, it is difficult to assure adequacy and proficiency of personnel and plans without regular training and testing. Therefore, it is important to plan and budget for both. The availability of needed backup files may be tested by attempting to repeat a particular task using onsite hardware but drawing everything else from the offsite location. Experience demonstrates the value of such tests in validating backup provisions; it is not uncommon to discover gross deficiencies despite the most careful planning. Compatibility with the offsite facility should be verified regularly by running one or more actual tasks. A number of AIS facilities conduct such tests as a part of an overall inspection.

Figure 4-14.-Simplified diagram of an AIS facility

Similar tests of procedures for fire fighting, loss control, evacuation, bomb threat, and other emergencies will give assurance that plans are adequate and workable. At the same time. they provide an opportunity for training AIS personnel. Each test should have a specific objective. A team should be assembled to prepare a scenario for the test, to control and observe the test, and to evaluate the results. This evaluation provides guidance for modifications to emergency plans and for additional training. The important point is to be sure the emergency plans do, in fact, contribute to the security of the AIS facility.

SECURITY INSPECTIONS

The final element of the AIS security program for every naval AIS facility should be a review or inspection process. The inspection should be an independent and objective examination of the information system and its use (including organizational components) and including the following checks:

Checks to determine the adequacy of controls, levels of risks, exposures, and compliance with standards and procedures; and

Checks to determine the adequacy and effectiveness of system controls versus dishonesty, inefficiency, and security vulnerabilities.

The words independent and objective imply the inspection complements normal management inspections, visibility, and reporting systems and is neither a part of, nor a substitute for, any level of management.

What can an inspection be expected to accomplish? First, it evaluates security controls for the AIS facility. Second, it provides each level of management an opportunity to improve and update its security program. Third, it provides the impetus to keep workers and management from becoming complacent. Fourth, if done effectively, it tends to uncover areas of vulnerability. Remember, risks change, and new threats arise as systems mature.

Major factors to consider in determining the frequency of internal inspections include the frequency of external inspections, the rate of change of the AIS, the amount and adequacy of controls, the threats that face the facility, the results of previous inspections, and the directions of higher authority. Inspection activity, direction, and implementation are usually at the discretion of the commanding officer of the command with jurisdiction over the AIS facility.