fips191_47
FIPS PUB 191
Appendix C - Contingency Planning for LANs
A computer security incident is any adverse event whereby some aspect of computer security
could be threatened: loss of data confidentiality, loss of data or system integrity, or disruption
or denial of availability. In a LAN environment the concept of a computer security incident can
be extended to all areas of the LAN (hardware, software, data, transmissions, etc.) including the
LAN itself. Contingency plans in a LAN environment should be developed so that any LAN
security incident can be handled in a timely manner, with as minimal an impact as possible on
the ability of the organization to process and transmit data. A contingency plan should consider
(1) incident response, (2) back-up operations, and (3) recovery.
1. The purpose of incident response is to mitigate the potentially serious effects of a severe LAN
security-related problem. It requires not only the capability to react to incidents, but the
resources to alert and inform the users if necessary. It requires the cooperation of all users to
ensure that incidents are reported and resolved and that future incidents are prevented
[WACK91,5]. [WACK91] is recommended as guidance in developing an incident response
capability.
2. Back-up Operations plans are prepared to ensure that essential tasks (as identified by a risk
analysis) can be completed subsequent to disruption of the LAN environment and continuing until
the LAN is sufficiently restored [NIST74,65].
3. Recovery plans are made to permit smooth, rapid restoration of the LAN environment
following interruption of LAN usage [NIST74,65]. Supporting documents should be developed
and maintained that will minimize the time required for recovery. Priority should be given to
those applications, services, etc. that are deemed critical to the functioning of the organization.
Back-up operation procedures should ensure that these critical services and applications are
available to users.
49