Organizations use contingency planning to ensure the quickest return of information services in the event of a service disruption. A service disruption can be any event that affects the continuity of information services and may range from a human orchestrated denial of service attack to a major earthquake. From a security perspective, the contingency plan is in place to assist an organization in recovering from an incident should the primary security mechanisms fail. Since no security mechanism is foolproof, a contingency plan is a vital piece of an organization's overall security plan (Whitman & Mattord, 2009).
An overall contingency plan is made of three components: incident response, disaster recovery, and business continuity. An incident response plan focuses on identifying, responding to, and recovering from an incident. While incident response planning relates to short-term events, disaster recovery and business continuity planning deal with long-term service interruptions. The primary difference between disaster recovery and business continuity planning is that disaster recovery deals with situations where the recovery will occur on-site. A business continuity plan deals with long-term incidents that require the organization to recover to an off-site location (Whitman & Mattord, 2009).
An intrusion detection system is part of an incident response plan. Security professionals are aware that no security mechanism is without fault. Given enough time, an attack can be mounted on any system and may come from any vector. Although an intrusion detection system does not play a role in preventing an attack, it is vital component in the detection of and response to an incident. Since incidents cannot be fully avoided, it is important to detect an incident quickly and respond appropriately (Whitman & Mattord, 2009).
A disaster recovery plan may cover a larger entity, such as an organization's data center. Incidents that can escalate into disasters include power outages and vital component failures. An organization should have a plan in place to deal with the eventuality of losing their entire data center. If there are components that can fail and cripple the information systems, then a plan should be in place to recover from those failures as quickly as possibly. Additionally, the disaster recovery plan should define parameters under which recovery from an incident escalates from an on-site recover to an off-site recovery (Whitman & Mattord, 2009).
Finally, a business continuity plan defines the actions an organization should take in the most extreme circumstances. This includes incidents such as fire or criminal activity. In these extreme cases, the organization must be prepared to restore operations at an off-site location. The business continuity plan defines the vital functions necessary to restore operations and how those functions should be implemented (Whitman & Mattord, 2009).
Whitman, M. E. & Mattord, H. J. (2009). Principles of information security (3rd ed.). Boston: Thomson Course Technology.