Cover image for Disaster recovery : principles and practices
Title:
Disaster recovery : principles and practices
Personal Author:
Publication Information:
Upper Saddle River, NJ : Pearson Prentice Hall, 2006
ISBN:
9780131711273

Available:*

Library
Item Barcode
Call Number
Material Type
Item Category 1
Status
Searching...
30000010124141 HD49 W44 2006 Open Access Book Book
Searching...

On Order

Summary

Summary

For advanced information security courses on disaster recovery

 

With real world examples, this text provides an extensive introduction to disaster recovery focusing on planning the team, planning for the disaster and practicing the plan to make sure that, if ever needed, it will work.


Table of Contents

Security Series Walk-Throughp. xv
Prefacep. xvii
About the Authorsp. xxi
Acknowledgmentsp. xxii
Quality Assurancep. xxii
Chapter 1 Introduction to Disaster Recoveryp. 1
Why Disaster Recovery?p. 2
Business Functionsp. 6
Critical Support Functionsp. 6
Corporate-Level Support Functionsp. 6
What Is a Disaster?p. 6
What Kinds of Disasters Are There?p. 9
Lack of Computer Securityp. 10
Death of Key Employeesp. 10
Strikesp. 11
Accidentsp. 11
Spillsp. 12
Explosionsp. 13
Technological Breakdownsp. 13
Sabotage and Terrorismp. 15
What Are the Possible Effects of a Disaster?p. 16
Within the Organizationp. 17
External to the Organizationp. 18
What Is Business Continuity Planning?p. 19
Summaryp. 20
Test Your Skillsp. 21
Chapter 2 Preparing to Develop the Disaster Recovery Planp. 28
Why Plan?p. 29
Direct Pressurep. 30
Indirect Pressurep. 30
Establishing the Teamp. 30
Getting Management Supportp. 33
The Need for Ongoing Departmental Supportp. 34
Team Membersp. 35
Recovery Managerp. 35
Facilities Coordinatorp. 37
Technical Coordinatorp. 37
Administrative Coordinatorp. 38
Network Coordinatorp. 38
Applications Coordinatorp. 38
Computer Operations Coordinatorp. 39
DR Team Sub-Teamsp. 40
Management Teamp. 40
Business Recovery Teamp. 40
Departmental Recovery Teamp. 41
Computer Recovery Teamp. 42
Damage Assessment Teamp. 42
Security Teamp. 43
Facilities Support Teamp. 44
Administrative Support Teamp. 44
Logistics Support Teamp. 45
User Support Teamp. 45
Computer Backup Teamp. 46
Offsite Storage Teamp. 46
Software Recovery Teamp. 47
Communications Teamp. 47
Applications Teamp. 47
Computer Restoration Teamp. 48
Human Resources Teamp. 48
Marketing and Customer Relations Teamp. 48
Other Teamsp. 49
Characteristics of Team Membersp. 49
External Team Membersp. 49
Creating a Notification Directoryp. 51
Securing and Preparing Resourcesp. 51
Alphawestp. 52
Affiliated Computer Services Inc (ACS)p. 53
IBMp. 53
Team Tasksp. 54
Auditing Current Vulnerabilityp. 54
Determining What Actions to Complete Nowp. 54
Creating Recovery Teams and Test Plansp. 55
Summaryp. 55
Test Your Skillsp. 55
Chapter 3 Assessing Risk and Impactp. 61
Defining Riskp. 62
Risk Assessmentp. 62
Risk Managementp. 64
Emergency Situation or Eventp. 66
Choosing the Assessment Methodp. 71
Matching the Response to the Threatp. 72
Identifying Mission-Critical Processes and Systemsp. 72
Evaluating Critical Functionsp. 72
Setting Priorities Based on Time Horizonsp. 72
Implementing Disaster Avoidancep. 73
Avoiding Disasters through Effective Preventive Planningp. 73
Creating Contingency Plans for Unavoidable Threatsp. 74
Disaster-based Risk Assessmentp. 74
Identify Hazards or Risksp. 76
Assess and Prioritize Risksp. 79
Develop Controls and Make Risk Decisionsp. 81
Implement a Risk-Handling Plan and Controlsp. 82
Evaluate, Track, and Reportp. 82
Asset-based Risk Assessmentp. 84
Asset Assessmentp. 84
Threat Assessmentp. 85
Vulnerability Assessmentp. 89
Risk Assessmentp. 90
Controlsp. 91
The Business Impact Analysisp. 91
Business Impactp. 92
How the Assessment Worksp. 94
Octave Risk Assessmentp. 98
Phase 1 Create a Threat Profilep. 99
Phase 2 Identify Infrastructure Vulnerabilitiesp. 100
Phase 3 Develop a Security Strategyp. 101
Summaryp. 101
Test Your Skillsp. 102
Chapter 4 Prioritizing Systems and Functions for Recoveryp. 107
Identifying and Prioritizing Assets and Functionsp. 108
Identifying Critical Assetsp. 108
Identifying Functions and Processesp. 115
Prioritizing Disaster Recovery Planning Effortsp. 120
Processes or Functions that Create Assetsp. 120
Processes or Functions that Protect Assetsp. 122
Determining What to Recover Whenp. 122
Tier 1

p. 123

Tier 2

p. 124

Tier 3

p. 125

Conducting Dependency Analysisp. 126
Defining Disaster Declaration Threshold Criteriap. 127
Summaryp. 130
Test Your Skillsp. 131
Chapter 5 Identify Data Storage and Recovery Sitesp. 136
Data Backupp. 137
How to Back Up Your Datap. 137
When to Back Up Your Datap. 138
How Often to Back Up Your Datap. 139
Where to Store Backupsp. 140
Information as an Assetp. 142
Recovery Site Alternativesp. 145
Functionp. 145
Written Agreementsp. 150
Alternative Site Selection Criteriap. 154
Number of Sites Availablep. 154
Distance from Sitep. 155
Facilitiesp. 155
Costp. 157
Contractp. 158
Designing Recovery Solutionsp. 158
Establishing a Disaster Recovery Sitep. 159
Selecting Backup and Restoration Strategiesp. 161
Storage Backup and Recovery Toolsp. 164
Restoring Communications and Recovering Usersp. 167
Summaryp. 170
Test Your Skillsp. 171
Chapter 6 Developing Plans, Procedures, and Relationshipsp. 177
What Documents Will You Need?p. 178
Collecting Contact Informationp. 180
Computer Vendorp. 180
Suppliersp. 181
Emergency Servicesp. 181
Customersp. 182
Key DR Personnelp. 182
Management for the Organizationp. 183
Evaluating Your Support Toolsp. 183
Peoplep. 183
Suppliesp. 183
Proof That Your Vendors Are Planningp. 184
Emergency Operations Centerp. 184
Creating Backupsp. 185
Full Backupsp. 185
Incremental Backupsp. 186
Backing Up the Mirrorp. 187
Creating the Recovery Planp. 190
Capturing the Planning Output in the DR Planp. 190
Upstream Relationshipsp. 195
Vendor Emergenciesp. 196
Vendor Handoffsp. 198
Hardware Supportp. 198
Software Supportp. 200
Downstream Relationshipsp. 201
Service Level Agreements with Customersp. 201
Directing the Disaster Recovering Teamp. 201
Team Actions Following a Disaster or After a Drillp. 202
Summaryp. 203
Test Your Skillsp. 204
Chapter 7 Developing Procedures for Special Circumstancesp. 211
Emergencies During the Emergencyp. 212
Support Contractsp. 213
Disaster Recovery Contractsp. 214
Preparationsp. 215
Identifying the Gaps in Your Recovery Plansp. 215
Backupsp. 216
Testingp. 217
Systemsp. 217
Peoplep. 218
Identifying Disaster Recovery Risksp. 219
Locationp. 219
Situationp. 219
Systemsp. 220
Summaryp. 221
Test Your Skillsp. 221
Chapter 8 Testing the Disaster Recovery Planp. 226
Rehearsing the DR Planp. 226
Reasons for Testing the Disaster Recovery Planp. 227
Considering the Impact of Testing on the Organization's Activitiesp. 228
Developing Testing Criteria and Proceduresp. 229
Using a Step-By-Step Process to Test the Planp. 231
Developing Test Scenarios and Using Test Results Effectivelyp. 234
Maintaining the DR Planp. 235
Applying Change Control: Why and Howp. 236
Ensuring Normal Developments Are Accounted for in the DR Planp. 237
Scheduling Regular Reviewsp. 238
Managing and Documenting the Recoveryp. 238
Identifying Stakeholdersp. 239
Defining Clear Goals at the Startp. 239
Reportingp. 240
Summaryp. 240
Test Your Skillsp. 240
Chapter 9 Continued Assessment of Needs, Threats, and Solutionsp. 245
What to Do After the Disaster Recovery Testp. 245
What Was Learned?p. 246
What Will Be Done Differentlyp. 248
Threat Determination in Systemp. 249
Threat Classificationp. 249
SWOT (Strengths, Weaknesses, Opportunities, Threats)p. 255
Solution Determinationp. 258
Damagep. 258
Reproduciblep. 258
Exploitablep. 258
Users/Systems Affectedp. 259
Discoverablep. 259
Summaryp. 259
Test Your Skillsp. 260
Appendix A Sample Disaster Recovery Planp. 265
Appendix B Checklist Testing Sample Documents280
Glossaryp. 286
Referencesp. 289
Indexp. 290