“Thanks for Recovering….Now I can Hack You!”
Why do disaster recovery (DR) exercises fail? Is it a lack of planning or a lack of testing? Both of these would cause an exercise to fail, but is this really a failure? If a DR team member learns something from the exercise, or if the documentation is updated with new knowledge, then it could be debated that the exercise was a success. However, if the data is restored successfully, the exercise has an even greater chance at being an epic failure.
Charles Greene is currently a Senior Information Security Analyst responsible for identity and access management. He has more than 25 years of experience in various technology sectors. Greene holds a bachelor’s degree in information systems from Virginia Commonwealth University and a master’s degree in disaster sciences from the University of Richmond. He has held various certifications from equipment vendors, and he currently holds the GIAC Security Leadership certification as well as the CISSP (pending credentials). Greene also serves as a SANS mentor of the MGT-512 security leadership course and the GIAC Advisory Board.