Transcript Document 7442272

Disaster Prevention and
Recovery
Evan Happel, Sheena McLeod,
Colin Millison
Aeneas Case Study
Internet and Telephone of Jackson
Tennessee
May 4, 2003 400 businesses hit by a
category F4 tornado with 200 mph
winds.
11 deaths and $50 million in damages
How did their disaster recovery plan
help?
Aeneas Case Study Cont.
Backup systems
Employees worked from remote
locations.
Less than 72 hours they were back, fully
serving the customers needs.
Most people never even lost service
Planned for the worst case scenario.
How Much Do You Know?
Take out a piece of paper and pencil.
Quiz time!
See how much you know, then we will
give you the answers at the end.
Quiz
1) True or False- Disaster recovery
planning is complex and expensive?
2) Which option is not a required item
in a disaster recovery plan?
– A. Location of recovery facility
– B. Computer equipment list
– C. List of phone numbers of key people in the
company
– D. Disaster recovery testing results
(www.paeinc.com/book/paefrm.html)
Quiz Continued
3) True or False- Why should you care
about disaster prevention. There is
nothing that can be done to prevent a
disaster.
(www.paeinc.com/book/paefrm.html)
4) Reviewing of a disaster recovery plan
should take place
– A. Once
– B. Once a year
– C. Twice a year
(Total Contingency Planning for Disasters)
Quiz Continued
5) What are the three types of
disasters?
6) What percentage of business
organizations have a workable disaster
recovery plan?
(Total Contingency Planning for Disasters)
Disasters
Can fall into one of three types
• 1. Natural-Caused by a natural event
• 2. Environmental-Related to environmental
problems
• 3. Incited-Provoked and urged on
(Total Contingency Planning for Disasters)
Natural
Examples:
Flood
Earthquake
Tornado
Fire
Hurricane
(Total Contingency Planning for
Disasters)
Environmental
Examples:
Aircraft crash
Explosion
Contamination
Power
(Total Contingency Planning
for Disasters)
Incited
Examples:
Arson
Sabotage
Vandalism
(Total Contingency Planning for
Disasters)
Facts and Statistics
At least 1/4 of all businesses that close
because of disaster never reopen
(www.ibhs.org/business_prtection.com)
Current estimates put business losses as
high as several billion dollar each week to
various forms of cyber attacks (www.ready.gov)
A company loses around $1 million/hour due
to down time or idle employees (Disaster Recovery Planning)
Getting Started: Contingency
Planning
Objectives of a contingency plan
– 1)Prevent disaster from occurring
– 2)Contain the impact of a disaster if one does
happen
– 3)Provide an organized response to a disaster
– 4)Minimize disruptions to cash flow
– 5)Provide alternate ways to service customer
orders
– 6)Prevent a significant long-term loss of market
share
(Total Contingency Planning for Disasters)
Contingency Planning Basics
Continued
Knowing what to plan for
– Visit FEMA’s website and explore “are you
ready”
Impact analysis-examine four areas
– 1)The relative value of the information of
infrastructure component
– 2)The possible public fallout
– 3)The denial of business potential
– 4)The ease of attack
(Total Contingency Planning for Disasters)
Cyber Protection:
12 Step Plan
1) Use strong passwords and change
them regularly
2) Look out for e-mail attachments and
internet download modules
3) Install, maintain, and apply anti-virus
programs
4) Install firewalls
Cyber Protection Continued
5) Remove unused software and user
accounts; clean out everything on
replaced equipment
6) Establish physical access controls for
all computer equipment
7) Create backups for important files,
folders, and software
8) Keep current software updates
Cyber Protection Continued
9) Implement network security with access
controls
10) Limit access to sensitive and confidential
data
11) Establish and follow a security financial
risk management plan; maintain adequate
insurance coverage
12) Get technical expertise and outside help
when you need it
(ready.gov)
After Plan Is Created
Communicate
Reassess annually
(Total Contingency Planning for Disasters)
Recovery Planning
Practical Reasoning
– To avoid extended periods of downtime
• Idle = big $
– To avoid loss of data/information/physical goods
• Due to uncontrollable situations, such as terrorist attacks
Legal Reasoning
– Governmental agencies pass regulations and acts to ensure
companies implement a recovery plan
• IRS (cross-industry)
• Banking, Health Care, and Financial sectors
(source: Disaster Recovery Planning)
Recovery Planning:
Storage Options
Consolidated Storage
– Multiple platforms using a Storage Area Network
(SAN) to put all their data into one
centralized/secure location
– Sold at Dell.com, starting at $1000
– Also sold by Hewlett Packard,
Hitachi Data Systems,
and Data Domain
(source: Disaster Recovery Planning)
Recovery Planning:
Storage Options
Tape Storage
– Magnetic tapes/cassettes used to back up data
– Most affective when stored off-site
– Need to be checked regularly to
make sure they are storing data
properly
– Sold at Dell.com ($699 to $20,000+)
– Also at Hewlett Packard, Hitachi
Data Systems, and Data Domain
(Source: Disaster Recovery Planning)
Recovery Planning:
Storage Options
Remote Mirroring
– Saving data simultaneously in two or more
locations using a high speed Local Area
Network (LAN)
– Geographically separate to avoid
destruction a data by the same disaster
– Service provided by RADirect.com
(no prices listed)
(source: Disaster Recovery Planning)
Recovery Planning:
Storage Options
Off-site Cooperative Storage
– Sharing a warehouse or facility with another
company
• Pro: less expensive
• Con: less secure, can you trust who you are sharing
with?
(source: Disaster Recovery Planning)
Recovery Planning:
Storage Options
Off-site Commercial Storage
– Moving-and-Storage Facilities (tangible files)
• U-Haul $45 to $130 per month
• Also offered by Secure Storage and Shurgard
– Data and Records Storage (digital files)
• US Data Trust; $119 to $2,763 per month
– depends on level of service, amount of storage
• Service providers: Iron Mountain, Global Data Vault,
Sure West, and Recall
(source: Disaster Recovery
Planning)
Off-Site Commercial Storage
Guidelines (6)
Reputation
– How long have they been doing business?
– check with Better Business Bureau
– Reputation with other companies
Security
– Should be as good or better than the
security at your facilities
(source: Disaster Recovery Planning)
Off-Site Commercial Storage
Guidelines
3.Media Management
– all magnetic media in same location
– Separation between competitors
4.Environmental Factors
– Weather proof
– Fire suppression
– Temperature/atmosphere control
(source: Disaster Recovery Planning)
Off-Site Commercial Storage
Guidelines
5. Transportation
– Is it safe in transit from your business to
theirs? (i.e. weather, damage, theft)
6. Fees
– Are the fees for service more than it costs
to deal with the data on your own?
(source: Disaster Recovery Planning)
Quiz Answers
1) False-does not have to be expensive.
Best way to keep costs down is to apply
KISS “keep it simple stupid”
2) D-Disaster Recovery Results are not
needed in the plan but are nice to have.
If you do test the plan use the results to
modify the plan and correct problem
areas.
(www.paeinc.com/book/paefrm.html)
Quiz Answers Continued
3) False-Disaster planning can prevent some
potential disasters. Many computer disasters
are caused by the facility itself. With proper
planning these problem areas can be
corrected before they become a disaster.
(www.paeinc.com/book/paefrm.html)
4) B-Review of disaster recovery plan should
take place once a year. (Total Contingency Planning for Disasters)
Quiz Answers Continued
5) Three types of disasters are natural,
environmental, and incited.
6) Less than 25% of businesses have a
workable disaster recovery plan.
(Total Contingency Planning for Disasters)
References
www.Ready.gov
www.FEMA.gov
www.FEMA.gov/kids
Myers, Kenneth. (1993) Total Contingency Planning For
Disasters; John Wiley and Sons Publ.,Canada
www.ibhs.org/business_protection
www.sba.gov
www.paeinc.com/book/paefrm.html
Toigo, Jon William. (1996) Disaster Recovery Planning;
Harris, Steve. (1992) PC Recovery and Disaster Prevention
Britt, Phillip. (2005) Taking Steps for Disaster Recovery;
Information Today, Vol 21, Issue 34, 83.
References Continued
Bowen, Ted Smalley. (1999) Planning for Recovery; Infoworld,
Vol 21, Issues 34, 83.
Greenberg, Eric (2002) Managing Risk; PC Magazine, Vol 21,
Issue 1, 66-68
Tennant, Roy. (2001) Coping with Disasters; Library Journal, Vol
26, Issue 19, 26-28
Rogers, James and Jack Smith. (2001) Advantages and
Challenges of Implementing ASP’s; Plant Engineering, Vol 55,
Issue 10, 61
Stead, Eleanor and Clive Smallman. (1999) Understanding
Business Failure; Learning and Unlearning from Industrial
Crises; Journal of Contingencies and Crisis Management, Vol 7,
Issue 1, 1.