Emergency exercises – an important element of DENIC's security and operational concept
Security on the Internet is constantly becoming more essential. But attacks are getting more frequent and versatile. We must be prepared for such situations. To be able to remedy resulting failures swiftly, we carry out emergency exercises every year.
To start with, we regularly subject all critical business processes to a so-called business impact analysis. We define the tolerable potential data loss, the availability that must be ensured and the recovery times we have to observe. On this basis, we draft emergency plans for recovering services following an emergency or disaster. Emergency exercises therefore are an essential component of our Business Continuity Management.
Sometimes, emergency exercises come as a surprise, others are announced in advance. But what precisely happens during an emergency exercise? In any case, it is important to be able to tackle an emergency scenario under real conditions. This year, for example, our technical teams practised rebuilding new infrastructure components after an attack or tested a disaster recovery scenario.
After every exercise, we have "lessons learned" session, where we identify items we should improve or additionally take into consideration in the future. These may include technical measures, equipment or communication, especially in stressful situations.
Meeting Normative Requirements
Regular emergency exercises for all technical teams at least once a year are a matter of course at DENIC. Last but not least, they are one of the prerequisites for meeting the high requirements of our management system , which is certified according to the international standard ISO/IEC 22301 (BCMS). It is another building block for DENIC in assuming responsibility for a secure Internet by providing secure and resilient systems.