A disaster recovery (DR) plan is a formal document created by an organization that contains detailed instructions on how to respond to unplanned incidents such as natural disasters, power outages, cyber attacks and any other disruptive events. The plan contains strategies on minimizing the effects of a disaster, so an organization will continue to operate – or quickly resume key operations. Show Disruptions can lead to lost revenue, brand damage and dissatisfied customers. And, the longer the recovery time, the greater the adverse business impact. Therefore, a good disaster recovery plan should enable rapid recovery from disruptions, regardless of the source of the disruption. Support business continuity with cloud disaster recovery within minutes of an outage with Disaster recovery as a service (DRaaS) Explore DRaaS A DR plan is more focused than a business continuity plan and does not necessarily cover all contingencies for business processes, assets, human resources and business partners. A successful DR solution typically addresses all types of operation disruption and not just the major natural or man-made disasters that make a location unavailable. Disruptions can include power outages, telephone system outages, temporary loss of access to a facility due to bomb threats, a "possible fire" or a low-impact non-destructive fire, flood or other event. A DR plan should be organized by type of disaster and location. It must contain scripts (instructions) that can be implemented by anyone. Before the 1970s, most organizations only had to concern themselves with making copies of their paper-based records. Disaster recovery planning gained prominence during the 1970s as businesses began to rely more heavily on computer-based operations. At that time, most systems were batch-oriented mainframes. Another offsite mainframe could be loaded from backup tapes, pending recovery of the primary site. In 1983 the U.S. government mandated that national banks must have a testable backup plan. Many other industries followed as they understood the significant financial losses associated with long-term outages. By the 2000s businesses had become even more dependent on digital online services. With the introduction of big data, cloud, mobile and social media, companies had to cope with capturing and storing massive amounts of data at an exponential rate. DR plans had to become much more complex to account for much larger amounts of data storage from a myriad of devices. The advent of cloud computing in the 2010s helped to alleviate this disaster recovery complexity by allowing organizations to outsource their disaster recovery plans and solutions, also known as disaster recovery as a service (DRaaS). Another current trend that emphasizes the importance of a detailed disaster recovery plan is the increasing sophistication of cyberattacks. Industry statistics show that many attacks stay undetected for well over 200 days. With so much time to hide in a network, attackers can plant malware that finds its way into the backup sets – infecting even recovery data. Attacks may stay dormant for weeks or months, allowing malware to propagate throughout the system. Even after an attack is detected, it can be extremely difficult to remove malware that is so prevalent throughout an organization. Every second counts: Rapid recovery for package delivery Business disruption due to a cyber attack can have a devastating impact on an organization. For instance, cyber outage at a package delivery company can disrupt operations across its supply chain, leading to financial and reputational loss. And in today’s digitally-dependent world, every second of that disruption counts. Definition:1/ Accroding to Baltzan, Business Driven Information System 2ed Disasters such as power outages, floods, and even harmful hacking strike business everyday. Organization must develop a disaster recovery plan to prepare for such occurrences. A disaster recovery plan is a detailed process for recovering information or an IT system in the event of a catastrophic disaster such as a fire or flood. Spending on disaster recovery is rising worldwide among financial institutions. 2/ According to About.com Disaster recovery is the process in which a business or organization implements a disaster recovery plan that allows it to continue to function after a catastrophic event.. Also Known As: business continuity More Definition at Wikipedia.org Disaster recovery is the process, policies and procedures related to preparing for recovery or continuation of technology infrastructure critical to an organization after a natural or human-induceddisaster. Disaster recovery planning is a subset of a larger process known as business continuity planning and should include planning for resumption of applications, data, hardware, communications (such as networking) and other IT infrastructure. A business continuity plan (BCP) includes planning for non-IT related aspects such as key personnel, facilities, crisis communication and reputation protection, and should refer to the disaster recovery plan (DRP) for IT related infrastructure recovery / continuity. This article focuses on disaster recovery planning as related to IT infrastructure. Classification of DisastersDisaster can be classified in two broad categories. Viz, 1) Natural disasters- Preventing a natural disaster is very difficult, but it is possible to take precautions to avoid losses. These disasters include flood, fire, earthquake, hurricane, smog, etc 2) Man made disasters- These disasters are major reasons for failure. Human error and intervention may be intentional or unintentional which Security HolesSecurity holes are the vulnerabilities in computing hardware or software. It provides indirect invitation to malicious brains to work on it and exploit it. It is achieved through flaws in network software which allows unintended control within the network. Components of network such as PCs and router hold these holes through their operating systems. Technical details of any systems should not be made public abundantly unless required. Once such holes are discovered, information about it should be immediately passed to security professional responsible for it. On the other hand such information is also passed quickly to hacker who might want to intercept into the network. Security professional should always work to heal such holes to eliminate possible attack. General steps to follow while creating BCP/DRP1. Identify the scope and boundaries of business continuity plan. First step enables us to define scope of BCP. It provides an idea for limitations and boundaries of plan. It also includes audit and risk analysis reports for institution’s assets. 2. Conduct a business impact analysis (BIA). Business impact analysis is study and assessment of financial losses to institution resulting from destructive event as unavailability of important business services. 3. Sell the concept of BCP to upper management and obtain organizational and financial commitment. Convincing senior management to approve BCP/DRP is key task. It is very important for security professional to get approval for plan from upper management to bring it to effect. 4. Each department will need to understand its role in plan and support to maintain it. In case of disaster, each department has to be prepared for the action. To recover and to protect the critical systems each department has to understand the plan follows it accordingly. It is also important to maintain and help in creation of plan for each individual department. 5. The BCP project team must implement the plan. After approval from upper management plan should be maintained and implemented. Implementation team should follow the guidelines procedures in plan. 6. NIST tool set can be used for doing BCP. National Institute of standards and Technologies has published tools which can help in creating BCP..... Control measures in recovery planControl measures are steps or mechanisms that can reduce or
eliminate computer security threats. Different types of measures can be
included in BCP/DRP Types of measures: 1. Preventive measures - These controls are aimed at preventing an event from occurring. 2. Detective measures - These controls are aimed at detecting or discovering unwanted events. 3. Corrective measures - These controls are aimed at correcting or restoring the system after disaster or event. These controls should be always documented and tested regularly. StrategiesPrior to selecting a disaster recovery strategy, a disaster recovery planner should refer to their organization's business continuity plan which should indicate the key metrics of recovery point objectiverecovery time objective (RTO) for various business processes (such as the process to run payroll, generate an order, etc). The metrics specified for the business processes must then be mapped to the underlying IT systems and infrastructure that support those processes. (RPO) and Once the RTO and RPO metrics have been mapped to IT infrastructure, the DR planner can determine the most suitable recovery strategy for each system. An important note here however is that the business ultimately sets the IT budget and therefore the RTO and RPO metrics need to fit with the available budget. While most business unit heads would like zero data loss and zero time loss, the cost associated with that level of protection may make the desired high availability solutions impractical. The following is a list of the most common strategies for data protection.
In many cases, an organization may elect to use an outsourced disaster recovery provider to provide a stand-by site and systems rather than using their own remote facilities. In addition to preparing for the need to recover systems, organizations must also implement precautionary measures with an objective of preventing a disaster in the first place. These may include some of the following:
|
What is a detailed process for recovering information or a system in the event of a catastrophic disaster?
Pos Terkait
Copyright © 2024 membukakan Inc.
