Title:
Disaster recovery : principles and practices
Personal Author:
Publication Information:
Upper Saddle River, NJ : Pearson Prentice Hall, 2006
ISBN:
9780131711273
Available:*
Library | Item Barcode | Call Number | Material Type | Item Category 1 | Status |
---|---|---|---|---|---|
Searching... | 30000010124141 | HD49 W44 2006 | Open Access Book | Book | Searching... |
On Order
Summary
Summary
For advanced information security courses on disaster recovery
With real world examples, this text provides an extensive introduction to disaster recovery focusing on planning the team, planning for the disaster and practicing the plan to make sure that, if ever needed, it will work.Table of Contents
Security Series Walk-Through | p. xv |
Preface | p. xvii |
About the Authors | p. xxi |
Acknowledgments | p. xxii |
Quality Assurance | p. xxii |
Chapter 1 Introduction to Disaster Recovery | p. 1 |
Why Disaster Recovery? | p. 2 |
Business Functions | p. 6 |
Critical Support Functions | p. 6 |
Corporate-Level Support Functions | p. 6 |
What Is a Disaster? | p. 6 |
What Kinds of Disasters Are There? | p. 9 |
Lack of Computer Security | p. 10 |
Death of Key Employees | p. 10 |
Strikes | p. 11 |
Accidents | p. 11 |
Spills | p. 12 |
Explosions | p. 13 |
Technological Breakdowns | p. 13 |
Sabotage and Terrorism | p. 15 |
What Are the Possible Effects of a Disaster? | p. 16 |
Within the Organization | p. 17 |
External to the Organization | p. 18 |
What Is Business Continuity Planning? | p. 19 |
Summary | p. 20 |
Test Your Skills | p. 21 |
Chapter 2 Preparing to Develop the Disaster Recovery Plan | p. 28 |
Why Plan? | p. 29 |
Direct Pressure | p. 30 |
Indirect Pressure | p. 30 |
Establishing the Team | p. 30 |
Getting Management Support | p. 33 |
The Need for Ongoing Departmental Support | p. 34 |
Team Members | p. 35 |
Recovery Manager | p. 35 |
Facilities Coordinator | p. 37 |
Technical Coordinator | p. 37 |
Administrative Coordinator | p. 38 |
Network Coordinator | p. 38 |
Applications Coordinator | p. 38 |
Computer Operations Coordinator | p. 39 |
DR Team Sub-Teams | p. 40 |
Management Team | p. 40 |
Business Recovery Team | p. 40 |
Departmental Recovery Team | p. 41 |
Computer Recovery Team | p. 42 |
Damage Assessment Team | p. 42 |
Security Team | p. 43 |
Facilities Support Team | p. 44 |
Administrative Support Team | p. 44 |
Logistics Support Team | p. 45 |
User Support Team | p. 45 |
Computer Backup Team | p. 46 |
Offsite Storage Team | p. 46 |
Software Recovery Team | p. 47 |
Communications Team | p. 47 |
Applications Team | p. 47 |
Computer Restoration Team | p. 48 |
Human Resources Team | p. 48 |
Marketing and Customer Relations Team | p. 48 |
Other Teams | p. 49 |
Characteristics of Team Members | p. 49 |
External Team Members | p. 49 |
Creating a Notification Directory | p. 51 |
Securing and Preparing Resources | p. 51 |
Alphawest | p. 52 |
Affiliated Computer Services Inc (ACS) | p. 53 |
IBM | p. 53 |
Team Tasks | p. 54 |
Auditing Current Vulnerability | p. 54 |
Determining What Actions to Complete Now | p. 54 |
Creating Recovery Teams and Test Plans | p. 55 |
Summary | p. 55 |
Test Your Skills | p. 55 |
Chapter 3 Assessing Risk and Impact | p. 61 |
Defining Risk | p. 62 |
Risk Assessment | p. 62 |
Risk Management | p. 64 |
Emergency Situation or Event | p. 66 |
Choosing the Assessment Method | p. 71 |
Matching the Response to the Threat | p. 72 |
Identifying Mission-Critical Processes and Systems | p. 72 |
Evaluating Critical Functions | p. 72 |
Setting Priorities Based on Time Horizons | p. 72 |
Implementing Disaster Avoidance | p. 73 |
Avoiding Disasters through Effective Preventive Planning | p. 73 |
Creating Contingency Plans for Unavoidable Threats | p. 74 |
Disaster-based Risk Assessment | p. 74 |
Identify Hazards or Risks | p. 76 |
Assess and Prioritize Risks | p. 79 |
Develop Controls and Make Risk Decisions | p. 81 |
Implement a Risk-Handling Plan and Controls | p. 82 |
Evaluate, Track, and Report | p. 82 |
Asset-based Risk Assessment | p. 84 |
Asset Assessment | p. 84 |
Threat Assessment | p. 85 |
Vulnerability Assessment | p. 89 |
Risk Assessment | p. 90 |
Controls | p. 91 |
The Business Impact Analysis | p. 91 |
Business Impact | p. 92 |
How the Assessment Works | p. 94 |
Octave Risk Assessment | p. 98 |
Phase 1 Create a Threat Profile | p. 99 |
Phase 2 Identify Infrastructure Vulnerabilities | p. 100 |
Phase 3 Develop a Security Strategy | p. 101 |
Summary | p. 101 |
Test Your Skills | p. 102 |
Chapter 4 Prioritizing Systems and Functions for Recovery | p. 107 |
Identifying and Prioritizing Assets and Functions | p. 108 |
Identifying Critical Assets | p. 108 |
Identifying Functions and Processes | p. 115 |
Prioritizing Disaster Recovery Planning Efforts | p. 120 |
Processes or Functions that Create Assets | p. 120 |
Processes or Functions that Protect Assets | p. 122 |
Determining What to Recover When | p. 122 |
Tier 1 p. 123 | |
Tier 2 p. 124 | |
Tier 3 p. 125 | |
Conducting Dependency Analysis | p. 126 |
Defining Disaster Declaration Threshold Criteria | p. 127 |
Summary | p. 130 |
Test Your Skills | p. 131 |
Chapter 5 Identify Data Storage and Recovery Sites | p. 136 |
Data Backup | p. 137 |
How to Back Up Your Data | p. 137 |
When to Back Up Your Data | p. 138 |
How Often to Back Up Your Data | p. 139 |
Where to Store Backups | p. 140 |
Information as an Asset | p. 142 |
Recovery Site Alternatives | p. 145 |
Function | p. 145 |
Written Agreements | p. 150 |
Alternative Site Selection Criteria | p. 154 |
Number of Sites Available | p. 154 |
Distance from Site | p. 155 |
Facilities | p. 155 |
Cost | p. 157 |
Contract | p. 158 |
Designing Recovery Solutions | p. 158 |
Establishing a Disaster Recovery Site | p. 159 |
Selecting Backup and Restoration Strategies | p. 161 |
Storage Backup and Recovery Tools | p. 164 |
Restoring Communications and Recovering Users | p. 167 |
Summary | p. 170 |
Test Your Skills | p. 171 |
Chapter 6 Developing Plans, Procedures, and Relationships | p. 177 |
What Documents Will You Need? | p. 178 |
Collecting Contact Information | p. 180 |
Computer Vendor | p. 180 |
Suppliers | p. 181 |
Emergency Services | p. 181 |
Customers | p. 182 |
Key DR Personnel | p. 182 |
Management for the Organization | p. 183 |
Evaluating Your Support Tools | p. 183 |
People | p. 183 |
Supplies | p. 183 |
Proof That Your Vendors Are Planning | p. 184 |
Emergency Operations Center | p. 184 |
Creating Backups | p. 185 |
Full Backups | p. 185 |
Incremental Backups | p. 186 |
Backing Up the Mirror | p. 187 |
Creating the Recovery Plan | p. 190 |
Capturing the Planning Output in the DR Plan | p. 190 |
Upstream Relationships | p. 195 |
Vendor Emergencies | p. 196 |
Vendor Handoffs | p. 198 |
Hardware Support | p. 198 |
Software Support | p. 200 |
Downstream Relationships | p. 201 |
Service Level Agreements with Customers | p. 201 |
Directing the Disaster Recovering Team | p. 201 |
Team Actions Following a Disaster or After a Drill | p. 202 |
Summary | p. 203 |
Test Your Skills | p. 204 |
Chapter 7 Developing Procedures for Special Circumstances | p. 211 |
Emergencies During the Emergency | p. 212 |
Support Contracts | p. 213 |
Disaster Recovery Contracts | p. 214 |
Preparations | p. 215 |
Identifying the Gaps in Your Recovery Plans | p. 215 |
Backups | p. 216 |
Testing | p. 217 |
Systems | p. 217 |
People | p. 218 |
Identifying Disaster Recovery Risks | p. 219 |
Location | p. 219 |
Situation | p. 219 |
Systems | p. 220 |
Summary | p. 221 |
Test Your Skills | p. 221 |
Chapter 8 Testing the Disaster Recovery Plan | p. 226 |
Rehearsing the DR Plan | p. 226 |
Reasons for Testing the Disaster Recovery Plan | p. 227 |
Considering the Impact of Testing on the Organization's Activities | p. 228 |
Developing Testing Criteria and Procedures | p. 229 |
Using a Step-By-Step Process to Test the Plan | p. 231 |
Developing Test Scenarios and Using Test Results Effectively | p. 234 |
Maintaining the DR Plan | p. 235 |
Applying Change Control: Why and How | p. 236 |
Ensuring Normal Developments Are Accounted for in the DR Plan | p. 237 |
Scheduling Regular Reviews | p. 238 |
Managing and Documenting the Recovery | p. 238 |
Identifying Stakeholders | p. 239 |
Defining Clear Goals at the Start | p. 239 |
Reporting | p. 240 |
Summary | p. 240 |
Test Your Skills | p. 240 |
Chapter 9 Continued Assessment of Needs, Threats, and Solutions | p. 245 |
What to Do After the Disaster Recovery Test | p. 245 |
What Was Learned? | p. 246 |
What Will Be Done Differently | p. 248 |
Threat Determination in System | p. 249 |
Threat Classification | p. 249 |
SWOT (Strengths, Weaknesses, Opportunities, Threats) | p. 255 |
Solution Determination | p. 258 |
Damage | p. 258 |
Reproducible | p. 258 |
Exploitable | p. 258 |
Users/Systems Affected | p. 259 |
Discoverable | p. 259 |
Summary | p. 259 |
Test Your Skills | p. 260 |
Appendix A Sample Disaster Recovery Plan | p. 265 |
Appendix B Checklist Testing Sample Documents280 | |
Glossary | p. 286 |
References | p. 289 |
Index | p. 290 |