LaRon Walker - Impacts of Disaster Recovery
Content
Running Head: Impacts of Disaster Recovery
1
Impacts of Disaster Recovery
LaRon Walker
Master of Informaon Technology and Internet Security S ecurity
April, 2010
2
ABSTRACT
Any business or organizaon is vulnerable to the risk of a disaster occurring without warning whether natural, accidental, or intenonal. These risks create the necessity for companies to become more proacve in disaster recovery pracces and prepare for these types of unforeseen events. These recovery strategies are very important, as they are the backbone of the business if some type of disaster where to occur. Failure to prepare for such an event could result in the destru destrucon con of the business. This document will discuss some of the recommended steps to plan for a disaster, and three industry standards that can help guide the development of an eecve, ecient disaster recovery rec overy plan.
3
Impacts of Disaster Recovery
LaRon Walker
Master of Informaon Technology and Internet Security S ecurity
April, 2010
When operang any business, one must always consider the risks of natural events that could cause the loss of valuable data whether whether in paper or digital form. Some people believe having a backup strategy alone is enough in the event a system or storage device crashes. However, they fail to include
the possibility of backups being being corrupt or destroyed via a natural disaster, disaster, re, or hacker aack. With this in mind, the connuity of the business would be at risk if proper steps are not taken to ensure that all informaon has a path to be recovered in a fast fast ecient manner. This type of preparaon is commonly referred to as Business Connuity Management (BCM).
There have been many dierent industry standards that have been developed in the last few years that were created to help businesses recover in the event of an unforeseen disaster. disaster. Aer researching, I have found three ISO standards when used together, will cover all aspects of BCM, including Business Connuity Connuity Planning ( BCP) and Dis Disaster aster Recovery. These ISO standards are:
ISO/IEC 24762:2008: Informaon technology -- Security techniques --Guidelines for informaon and communicaons technology disaster recovery services
ISO/IEC 27002:2005: Informaon technology --Security techniques -- Code of pracce for informaon security management
4
ISO/PAS 22399:2007: Societal security - Guideline for incident preparedness and operaonal connuity management.
ISO 24762 is the standard in that focuses on Disaster recovery. The theory behind this is to help
businesses dene the most crical informaon necessary for the business to operate in the event of a disaster, and how this informaon informaon will be backed up, stored, and retrieved whether paper or digital digital.. In today’s business world, it is common common for companies have onsite as well as o osite site storage facilies. This technique covers the event if a building or its contents are unrecoverable. unrec overable.
ISO 27002 is the standard that focuses on security policies that involve access, assets, communicaon, and operaon management management and also informaon security. This standard applies to network access, data access, acc ess, and physical access (building) alike.
ISO 22399 is the standard that focuses on dening the actual BCP. BCP. Per Barr (2008), ISO22399 help businesses and organizaons:
"Understand the overall context within which the organizaon operates;
"Idenfy crical objecves;
"Understand barriers, risks, and disrupons that may impede crical objecves;
"Evaluate residual risk and risk tolerance to understand outcomes of controls and migaon strategies;
"Plan how an organizaon can connue to achieve its objecves should a disrupve incident occur;
"Develop incident and emergency response, connuity response and recovery response procedures;
"Dene roles and responsibilies, and resources to respond to an incident;
5
"Meet compliance with applicable legal, regulatory, and other requirements;
“Provide mutual and community assistance;
"Interface with rst responders and the media; and
"Promote a cultural change within the organizaon that recognizes that risk is inherent in every decision and acvity, and must be eecvely managed."
The above three industry standards together along with proper tesng against various disaster scenarios can help ensure a business’s future in the event of a disaster.
Business Connuity Management encompasses Disaster Recovery and a Business Connuity Plan (BCP). These all fall under Informaon Security, Security, as Informaon Security not only involves
controlling access to networks and data, but also the securing of data in the sense of being recoverable, along with proper tesng pracces to verify the integrity of the data. Per Ulasien (2009), the recommended steps when developing a BCP are:
1.
Create Create a Busin Business ess C Con onnui nuity ty Plann Planning ing T Team eam
2. Est Establ ablish ish a B Busi usines nesss Connu Connuity ity B Budg udget et 3. Ide Idenf nfy y All Crical Crical Bus Busine iness ss Func Funcon onss 4. Ide Idenf nfy y All Promin Prominent ent Busi Busines nesss Threa Threats ts 5. Dev Develo elop p and Imple Implemen mentt a Threat Threat Miga Migaon on Pl Plan an 6. Dev Develo elop p Connu Connuity ity and and Recover Recovery y Procedu Procedures res 7. Doc Docume ument nt the the Busin Business ess C Con onnui nuity ty Plan Plan 8. Tr Trai ain n Empl Employ oyee eess 9. Develo Develop p an and d Ex Execute ecute a Busines Businesss Connui Connuity ty Te Test st Plan Plan 10. Estab Establish lish a Test and Maintenance Maintenance Schedule Schedule
6
Failure to follow any of the above steps can result in a gap in the recovery process, which in turn could cause other parts of the connuity plan to fail, ulmately destroying the business.
Informaon Security covers many aspects of businesses operaons including Business
Connuity Management, Planning, and disaster recovery, along with network, data, and physical access control. When considering the future future of any organizaon, organizaon, one of the mos mostt important components that must be addressed is proacve preparaon in the the event of a system, data, or building disaster. This strategy should be frequently reviewed and tested to ensure that all techniques maintain the highest level of integrity, as this process could determine an organizaon’s future.
References
Barr, J. (2008). ISO Standard for Disaster Recovery . Faulkner Informaon Services. Retrieved April
24, 2010 from Faulkner Informaon Services database.
Ledford, J. (2010). Business Connuity for Corporate Libraries . Faulkner Informaon Services.
Retrieved April 24, 2010 from Faulkner Informaon Services database.
Ulasien, P. (2009). Preparing a Business Connuity for Plan. Faulkner Informaon Services. Faulkner Informaon Services database.
Retrieved April 24, 2010 from
