...Disaster Recovery Plan Saphia Christopher Strayer University CIS 462 Dr. Basta An IT disaster recovery plan provides step-by-step procedures for recovering disrupted systems and networks, to help them resume normal operations. The goal of these processes is to minimize any negative impacts to company operations. The IT disaster recovery process identifies critical IT systems and networks; prioritizes their recovery time objective; and delineates the steps needed to restart, reconfigure, and recover them. A comprehensive IT DR plan also includes all the relevant supplier contacts, sources of expertise for recovering disrupted systems and a logical sequence of action steps to take for a smooth recovery (Kirvan, 2009). The following Disaster Recovery Plan has been put together for the mock company which will be named ABC Technologies. The information contained in the DRP is partially real information from my current employer and other parts are made up. This is in response to my current firm’s policy against the dissemination of proprietary information. Information Technology Statement of Intent This document delineates our policies and procedures for technology disaster recovery, as well as our process-level plans for recovering critical technology platforms and the telecommunications infrastructure. This document summarizes our recommended procedures. In the event of an actual emergency situation...
Words: 2966 - Pages: 12
...Disaster Recovery Plans The headquarters of Hill Crest Corporation, a private company with $15.5 million in annual sales, is located in California. Hill Crest provides for its 150 clients an online legal software service that includes data storage and administrative activities for law offices. The company has grown rapidly since its inception 3 years ago, and its data processing department has expanded to accommodate this growth. Because Hill Crest’s president and sales personnel spend a great deal of time out of the office soliciting new clients, the planning of the IT facilities has been left to the data processing professionals. Hill Crest recently moved its headquarters into a remodeled warehouse on the outskirts of the city. While remodeling the warehouse, the architects retained much of the original structure, including the wooden-shingled exterior and exposed wooden beams throughout the interior. The minicomputer distributive processing hardware is situated in a large open area with high ceilings and skylights. The openness makes the data processing area accessible to the rest of the staff and encourages a team approach to problem solving. Before occupying the new facility, city inspectors declared the building safe; that is, it had adequate fire extinguishers, sufficient exits, and so on. In an effort to provide further protection for its large database of client information, Hill Crest instituted a tape backup procedure that automatically backs up the database...
Words: 860 - Pages: 4
...Disaster Recovery Plan: A Risk Management Strategy CIS 359 8/25/13 Professor Michelle Hansen CEO CEO CISO CISO CIO CIO IT Procurement Specialist IT Procurement Specialist IT Security Compliance Officer IT Security Compliance Officer IT Security Engineer IT Security Engineer Needs to monitor compliance with the security directives ,and overall policy to ensure IT effectiveness. Needs to monitor compliance with the security directives ,and overall policy to ensure IT effectiveness. Use results and feedback from various other sources to form a system budget enquiry that will help with financial planning Use results and feedback from various other sources to form a system budget enquiry that will help with financial planning Helps ensure the programs uptake and success. Helps ensure the programs uptake and success. Privacy Security Professional Privacy Security Professional Security Manager Security Manager Need to ensure that awareness and training requirements are established within the organization’s position and ensure that staff receives effective professional development services. Need to ensure that awareness and training requirements are established within the organization’s position and ensure that staff receives effective professional development services. Can help identify training sources, evaluate vendor based and other training sources and aid in the development of awareness and other training materials. ...
Words: 1441 - Pages: 6
...State of Oklahoma Disaster Recovery Plan Template Version 1.0 31 October 2007 TABLE OF CONTENTS DISASTER RECOVERY PLAN – DOCUMENT CHANGE CONTROL 6 EXECUTIVE SUMMARY 8 Overview 8 Recovery Statement Summary 8 Recovery Scenario #1: The Preferred Solution for a Total Data Center Loss 8 Recovery Strategies: Activities and Time Frames 9 Short-Term (2 to 3 Days): 9 Medium-Term (6 to 12 weeks): 9 Longer-Term (6 months to 2 years): 9 Recovery Scenario #2: The Strategy for Loss of a Critical System or Component 9 Summary 10 INTRODUCTION 11 INFORMATION SECURITY POLICY – DEFINITIONS & STATED REQUIREMENTS 11 8.2 Disaster Recovery Plan 11 8.3 Business Recovery Strategy 11 PLAN DISTRIBUTION 11 PLAN OBJECTIVES 11 PLAN ASSUMPTIONS 12 Definitions 12 PROCESSING ENVIRONMENT 13 Scope of Recovery 13 Environment Description 13 Essential Equipment 13 Disaster Recovery Scripts 15 RECOVERY PLAN ELEMENTS 17 1. Recovery Plan for Major Disasters 17 A. Detection and Reaction 17 B. Identifying the problem – Notifying the authorities 17 C. Establishing a Command Center 17 D. Reducing Exposure 17 2. Roles and Responsibilities 20 A. Management / Damage Assessment Team: Initial Response 21 B. Disaster Recovery Teams — Emergency Contact List 22 (AGENCY) FUNCTIONAL AREA MANAGERS 23 3. Recovery Plan for Major Disasters 24 A. Establishment of Full Recovery at Backup Site 24 B. Disaster Recovery Team Checklists 24 C. Restoration of Facilities and...
Words: 17396 - Pages: 70
...Disaster Recovery Plan Kawa, Tonderai B. Fanshawe College INFO- 6027-02 Security Planning Defined Recovery Process: To insure the continuation of business at Sunnylake and secure accesses to the electronic medical records (EMRs) and insure a continued business through a disaster recovery plan that will be initiated with group 5 members. The plan has considered the Sunnylake hackers who have caused an access denied on EMRs so the DRP that is going to be implemented and will include management procedures and technology procedures to insure an on-time recovery. So the crisis being faced is hacked EMRs so doctors and nurses are at risk of medication errors and drug interactions, what was the most efficient method has becomes less reliable. Moverover if the recovery time takes longer there is little hope of reverting to EMRs. Some patients are receiving the wrong prescription due to a poor adjustment to the tedious and robust situation. Infrastructure (replace): Attempts for system restore, contemplating to pay ransom demanded by extortionist. Use of paper records as means of keeping patient and medication records and patients’ confidential information and doing filing as alternative means of record keeping. Whilst the hospital workstations being the major points of data entry. People (retain): The proactive participants and their role at Sunnylake; George Knudsen - (Chief of staff)...
Words: 933 - Pages: 4
...Associate Level Material Appendix D Disaster Recovery Plan Student Name: Casey DeCesare University of Phoenix IT/244 Intro to IT Security Instructor’s Name: Scott Sabo Date: 4/27/14 Disaster Recovery Plan Due in Week Three: For your selected scenario, describe the key elements of the Disaster Recovery Plan to be used in case of a disaster and the plan for testing the DRP. 1 Risk Assessment 1 Critical business processes List the mission-critical business systems and services that must be protected by the DRP. The mission-critical business systems and services that must be protected by this DRP are: Payroll, Human Resource Data, POS backup media, and Web Servers and their services. 2 Internal, external, and environmental risks Briefly discuss the internal, external, and environmental risks, which might be likely to affect the business and result in loss of the facility, loss of life, or loss of assets. Threats could include weather, fire or chemical, earth movement, structural failure, energy, biological, or human. Examples of internal risks that may affect business are unauthorized access by individuals who are employed by the company, and those who aren’t employed by the company but still have access to individual store’s computer systems, applications, or areas where the servers and backup media are located. Other external and environmental...
Words: 638 - Pages: 3
...mirror sites. Triangular architecture: WTC – Rochelle Park – London. The significant loss of lives made recovery from this event especially difficult. Sources (moving forward): http://www.baselinemag.com/c/a/Business-Intelligence/Pop-Culture/ From day one, Rochelle Park was seen as a concurrent system, not a disaster-recovery site. The shift was driven by eSpeed's role as the largest player in electronic bond-trading, which meant uninterrupted service was an imperative. The nondescript building in a blue-collar town was perfect—a former telecom facility across from another telecom building. Systems alternated between the trade center and the mirror site, with particular products (e.g., zero coupon bonds) running live for a month at one location and then switching to the other; about half of the company's approximately 40 products were live at each location at any given time. "In that sense we had run our disaster-recovery tests the day before," says Noviello. The mirror site and the World Trade Center were connected by a high-speed optical line, over which eSpeed linked the storage area networks at each site. Sybase data-replication software mirrored critical databases between the sites. Half of the company's Microsoft Exchange e-mail servers were also located full-time in Rochelle Park. Some DRPs are approved and put in place with the awareness that the plan itself will not work, only for audit purposes. On Wednesday, Cantor Chairman and CEO Howard Lutnick told...
Words: 2816 - Pages: 12
...Disaster Recovery Plan Brandon Brown University of Phoenix IT/244 Intro to IT Security Katarina Brunski October 14, 2013 Access Control Policy Due in Week Seven: Outline the Access Control Policy. Describe how access control methodologies work to secure information systems Authentication Authentication establishes the identity of a user on a network. Malicious user and programs try to disrupt the service of the network in an attempt to obtain sensitive information or falsify data by mimicking valid persons. Differentiating the malevolent from the valid or appropriate individuals is a part of the authentication process and is vital to network security. Every worker will have photo access badges that will be coded to either allow or disallow personnel from certain areas. The access badges will only allow the workers into areas that they are cleared to enter, and when they enter those areas, the times will be logged. Workers will access to the network by having a unique username and password that is not to be shared with anyone else, at all. Access control strategy Discretionary access control This is to permit the right to use the system only to users who have correct authorization. Least privilege is basically having things on a need to know basis. The entry-level worker does not need to be privileged to the same information and access as the senior IT director. Least privilege will allow the user to access only the information that they need to do their job...
Words: 622 - Pages: 3
... 2010 Axia College IT/224 Intro to IT Security Disaster Recovery Plan: Risk Assessment: There are many risk that assessments that come into play when it comes to a business, in this cases our risk assessments are centered around the protection of our systems such as; human resources system, interior design system, exterior design system, customer privacy system, and our back-up system. Internal, external, and environmental risks: There are many risks that come with any type of business, it is up to the owners to identify these risks and deal with them in the appropriate way. With any business there will be some type of problem such as loss of business, which is a result of customers not using our services; the more customers that we lose would result in more money spent and less money made hence the loss of assets. There is also the case of fires; no company is completely safe from the threat of fires and depending on the type of fire, and because of this there could be some type of loss of life. This is also possible when there are bad weather, earthquakes, or terrorists attacks. Disaster Recovery Strategy: Of the different types of strategies talked about I think the best way to go in my situation and the business that I am conducting would be a warm site. A warm site is like a mediator between hot and cold sites and would provide the advantages of both sites in the different ways. Disaster Recovery test Plan: Walk-through: Each member or client will have an...
Words: 470 - Pages: 2
...| Enhanced Security for Data Access | | Richard Edvalson 1/12/2014 | Contents I. Contents 1 II. Introduction 5 III. Access Control Layers 5 A. The Access Control Perimeter 5 B. Asset Containers 5 C. Workplace Perimeter 5 IV. Access Control Methods and Technical Strategies 5 A. Identification, Authentication, and Authorization 5 B. Logical Access Controls 5 1. Network Architecture Controls 5 2. Remote Network Access 5 3. Security Network Ports 5 4. Encryption 5 5. PKI Compliance Requirements 5 6. Passwords, Pins, and Other Forms of Access 5 C. Physical Access Controls 5 1. Classified Storage and Handling 5 2. Badges, Memory Cards, and Smartcards 5 3. Physical Tokens and Physical Intrusion Detection 5 V. Access Control Integration and Administrative Strategies 5 A. Biometric Systems 5 B. Separation of Duties 5 C. Protecting the Enrollment Process 6 D. Protecting the Verification Process 6 E. Cryptographic Controls 6 F. Integrating Access Control Methods 6 VI. Public Key Infrastructure 6 A. DoD-Approved PKI 6 B. Multi-factor Authentication 6 C. Identification and Authentication through Digit Signature of Challenge 6 D. Data Integrity through Digital Signature of the Information 6 E. Confidentiality through Encryption 6 F. Assists with Technical non-Repudiation through Digital Signatures 6 VII. Mitigating Risk in the User Domain 6 A. Interviewing and Background Screening...
Words: 590 - Pages: 3
...Section 1 Major Goals of the Disaster Recovery Plan * To minimize the interruptions within the normal operations of the business. * To limit the extent of disruptions and damage within the business. * To minimize the economic impact of the interruption with the business. * To establish alternative means of operations in advance before the incident. * To provide smooth and complete restoration of business in a timely fashion. Section 2 Personnel Name | Position | Address | Telephone | E-Mail | | | | | | | | | | | | | | | | | | | | | | | | | | Section 3 Software Profile Software Name | Critical Software Y/N | Fixed AssetY/N | Software Manufacturer | Comments | | | | | | | | | | | | | | | | | | | | | | | | | | Section 4 Inventory * Air Conditioner or Heater * Controllers * Disk Units * General Data Communication * Humidifier or Dehumidifier * Workstation controllers * I/O Processors * Models * Personal computers * Processing Units * Racks * Spare Displays * Spare workstations * System printer * Tape and diskette units * Telephones Manufacturer | Description | Model | Serial Number | Owned/Leased | Cost | | | | | | | | | | | | | | | | | | | | | | | | | Section 5 Back-up Policy * Daily, journal receivers are changed at ________ and at ________. * Daily, a save of...
Words: 311 - Pages: 2
...Disaster Recovery Plan: A Brief Overview IT244 Axia Online College of University of Phoenix This following paper will highlight a brief overview of a DRP, covering the purpose of a DRP, key elements of a DRP, methods to test a DRP, and why testing should be done on a DRP. The main function or purpose of a DRP is to basically help identify a logical plan to recover from a disaster. Such as in any business, especially dealing with information technology, a DRP can help a business or company continue to run smoothly, with minimum disruption to normal operations. Every DRP is created differently and key elements that make a DRP may differentiate. To give an example onto what kind of key elements are found in a DRP; according to the information shown by the University of Arkansas, Fayetteville Department of Computing Services website, DRP can contain the following key elements: 1. General Information About The Plan 2. Disaster Planning 3. Initiation of Emergency Procedures 4. Initiation of Recovery Procedures 5. Maintaining the Plan A DRP cannot be fully realized or put into action unless a testing of the DRP can be done. The testing basically helps find any weak areas in the DRP so planner can improve in those areas. According to Mark S. Merkow and Jim Breithaupt authors of Information Security: Principles and Practices there are five methods to test a DRP and they are as follow: 1. Walk-through: Members...
Words: 583 - Pages: 3
...Disaster Recovery Plan Company Overview Strategic Business Solutions is a Veteran-owned small business with less than fifty employees and the business goal is to continue specializing in Information Technology (IT), project management, and business development solutions. Our main projects involve Internet-based E-commerce solutions. The following diagram depicts our current network, which is PCI compliant and can handle high-traffic websites: Risk Assessment Critical business processes Disruption of an information resource is not a disaster in itself, unless it is related to a critical business process, for example, an organization losing its revenue generating business process due to an information system failure. Other examples of potential critical business processes may include: * Production of finished goods * Advertising of the organization’s product(s) to be sold * Selling of the enterprise’s products or services * Receiving payments * Dispatching of finished goods * Provision of final services * Legal and regulatory compliance * Safeguarding of private and confidential data and other Information assets * Logistics services in the organization * Paying the employees Internal, external, and environmental risks Although all forms of corporate risks and potential damage can’t be avoided, but a realistic objective is to ensure the survival of the organization by establishing a culture that will identify and manage...
Words: 1568 - Pages: 7
...Disaster Recovery Plan for 123 Textiles. This is my disaster recovery plan for 123 textiles whom has recently been traumatized by the break-in of their company. This plan is to ensure the safety of the building, the server, and its employees and to maintain the assets of the company. First thing to do is to secure the building. In a high-crime area you might want to protect the data and its information first. Being that the company is not open 24 hours a day, security is going to be the first focus. Hiring security guards in a rotation that starts at the close of business is going to be a must. Second the installation of closed-circuit TV or security cameras outside of the building and a few inside near the new location of the server should be ok. All video needs to be recorded using a DVR or any other recording device that records for 24 hours or more. The videos should also be kept secure just in case there is an incident. Alarms should be attached also so that not only security but the police can be notified in case of a break-in. Motion detectors can and should be inserted near the entrance and hall of where the server will now be located. Having a secured door with a pass-code on the door should also be inserted so that only authorized personnel can enter in and out of where the server will now be located. Here is the type of security hardware I would suggest. Being able to back up the system: Securing personal and public information is something that you do not...
Words: 1270 - Pages: 6
...DRP / ECP Disaster Recovery Plan Enterprise Continuity Plan This presentation will explore the different parts and pieces necessary for a successful Disaster Recovery Plan / Enterprise Continuity Plan. More specifically, this presentation will provide information needed to garner and bolster support for such a plan from the university’s executive team. A well prepared, maintained and rehearsed recovery and/or continuity plan should have the ability to keep the university up and running throughout any type of disruptive event. DRP/ECP Team Members & Roles ● ● ● ● ● ● ● ● ● ● Crisis Management Team Administrative Support Team Damage Assessment Team Recovery Coordination Team Corporate Communications Team Human Resources Support Team Site Restoration Team Transportation Support Team System Restoration Team Voice Recovery Team and End-User Tech Support Team The Crisis Management Team should be a cohort of upper level management that will be responsible for all significant decision making in response to the current event. Only specific members of the Crisis Management team should be authorized to declare an emergency and decide on the appropriate action. Key responsibilities of this group include: analyzation of preliminary reports, disaster declaration, determination of appropriate response, activation of contingency plans and notification of team leaders (Hiles, 2010). The Administrative Support Team includes representatives from all major departments who can provide...
Words: 2423 - Pages: 10
