Disasters are a common occurrence these days. The origin of a disaster could be human (e.g. theft and terrorism), technological (.e.g. computer failures), or natural (e.g. earthquakes and hurricanes). Regardless of the source, the consequences of disasters are always devastating and costly. Organizations that operate in such disaster prone environments must take action to prevent, mitigate, and recover from these types of events. Otherwise, their business operations will suffer long-term damage. In this paper, we will delve into the field of business continuity and disaster recovery by discussing some of the best practices of dealing with disaster scenarios. We will also present a case study of a corporation’s efforts to recover from a real disaster and the lessons they learned from the experience. Finally, we conclude with some suggestions for firms that have extensive global and offshore outsourcing operations.
Business Continuity and Disaster Recovery Planning
Business continuance (sometimes referred to as business continuity) describes the processes and procedures an organization puts in place to ensure that essential functions can continue during and after a disaster. Business continuance planning seeks to prevent interruption of mission-critical services, and to reestablish full functioning as swiftly and smoothly as possible.
A business continuance plan should include:
• A disaster recovery plan, which specifies an organization's planned strategies for post-failure procedures;
• A business resumption plan, which specifies a means of maintaining essential services at the crisis location;
• A business recovery plan, which specifies a means of recovering business functions at an alternate location; and
• A contingency plan, which specifies a means of dealing with external events that can seriously impact the organization.
A disaster recovery plan (DRP) which is synonymously referred as a business continuity plan (BCP) — is a comprehensive set of measures and procedures put into place within an organization to ensure that essential, mission critical resources and infrastructures are maintained or backed up by alternatives during various stages of a disaster.
Disaster Recovery Planning enables an organization to respond efficiently to potential threats that may render all or parts of its operations and resources unavailable. DRP protects the organization is the following ways,
• Minimizes system downtime and recovery time.
• Minimizes the risk of permanent loss of core assets or the entire organization.
• Minimizes confusion during a disaster.
• Minimizes the amount of decision-making during a high-stress time when emotions will be running high.
• Provides a greater sense of security.
• Ensures a certain level of system and resource stability during a disaster.
• Provides a platform in which to simulate various disaster recovery scenarios.
• Ensures the reliability of secondary systems such as hot sites and server mirrors.
Three key areas to be addressed during DRP are as follows:
1. Prevention (pre-disaster): The pre-planning which is required to minimize the overall impact of a disaster on systems and resources. This pre-planning also maximizes the ability of an organization to recover from a disaster.
2. Continuity (during a disaster): The process of maintaining core, mission-critical systems and resource "skeletons" and/or initiating secondary hot sites during a disaster. Continuity measures prevent the whole organization from folding by preserving essential systems and resources.
3. Recovery (post-disaster): The steps required for the restoration of all systems and resources to full, normal operational status. Organizations can cut down on recovery time by subscribing to quick-ship programs.
According to many experts, the first step in business continuity planning is deciding which of the organization's functions are essential, and apportioning the available budget accordingly. Once the crucial components are identified, failover mechanisms can be put in place. New technologies, such as disk mirroring over the Internet, make it feasible for an organization to maintain up-to-date copies of data in geographically dispersed locations, so that data access can continue uninterrupted if one location is disabled.
Business Continuity and Disaster Recovery Planning [1] Introduction
Business Continuity and Disaster Recovery Planning [2] The BCM Model
Business Continuity and Disaster Recovery Planning [3] Chief Security Officer and DRP
This posting series provide information about Business Continuity and Disaster Recovery Planning. It is included the BCM Model, Business Impact Analysis and a lot of idea on Disaster Recovery Planning (DRP) that are useful for chief security officer (CSO)
Please note that : This posting is copied from a report of the software security class that I attened at San Jose State University in Fall 2007
0 comments:
Post a Comment