access controls Additionally alternate location antivirus software application assets attack audit backup BCP coordinator best practices buffer overflow Business Continuity Plan business impact analysis CBFs CHAPTER CIRT plan compliance configuration consider costs countermeasure create critical business functions database server determine Disaster Recovery Plan document e-mail server effect employees encrypted ensure evaluate example failover cluster firewall goal hardware helps HIPAA identify implement important installed internal Internet intrusion detection system loss malware Microsoft mission-critical NIST occurs organization outage password PCI DSS percent perform personnel POAM primary priority procedures protect Protocol purchase recommendations reduce response risk assessment risk management plan Risk Mitigation Plan scope seven domains specific SQL injection steps threats and vulnerabilities traffic typical IT infrastructure update users vulnerability assessment Web farm Web server