Disaster Prevention and Recovery

Date: 5/16/06

By:Stacie LundLien HuynhKatie Allen

Why do we need to be concerned?

● Disasters can occur at anytime– Technology increases risk and vulnerability – Hackers are able to do more damage– Business cannot function without IS

technology– Cannot guarantee sustainability of the

business

Disaster Threats

● Environmental- Hurricane Katrina

● Loss of Utilities/Services- Electrical Power outages, Communication breakdowns

● Equipment or system failure- Heaters or Washing machines

● Serious IS failure- Cyber crime

● Organized/Deliberate- COB Summer 2005

Prevention

● Disaster avoidance– Contingency plans– Back-up/redundant systems– Monitor notifications systems– Tests– Security

Avoiding Disasters

● Monitor/Planning– COBIT

● Identify possible disaster scenarios– Quality Control

● R.A.I.D–Redundant Array of Independent Discs- P drives on COB server

Contingency plans

● Provides step-by-step information in a disaster– Identify key risks– Creates a plan that is practical– Creates a RACI chart to notify individuals– Provides testing and maintenance plans to

ensure recovery

Example of Contingency plan

Redundant systems

● Good hardware, employees and software

● Back-up Systems– All data need to be saved

● Constantly● Prioritize tasks and data● Save and archive all

important data– Store back-ups in different

locations– Extra space

● Always more storage than you will ever need

Notification systems

● All systems need notification– Allows individuals to know when a problem has

occurred– Wall monitors send out signals

● ALL NOTIFICATION SHOULD BE TESTED● RACI Chart

– All individuals know responsibilities in an event of an emergency

Example of a Notification System

Example RACI chart

Example RACI chart

Drills/Tests

● Train and over train all individuals

● Time all results● Diversify plans for

testing (different times, days)

● Consistency ● Should tests be run

during peak times?

Security

● Network Security policies– Firewalls– Anti-virus– Spy-ware– All of the above must

be updated, tested and proven effective

Recovery

● Invest prevention is costly● File back-ups

– Create alternative locations for storage● Two storage systems 100 miles away● Should employees take back-ups home?

References

● http://www.ehs.neu.edu/emily3.gif● http://images.google.com/imgres?imgurl=http://web.uct.ac.za/depts/aims2/Assets/Ima

ges/Fig07-6F.gif&imgrefurl=http://web.uct.ac.za/depts/aims2/Figures.htm&h=540&w=780&sz=14&tbnid=34BpK7TXmzeaSM:&tbnh=97&tbnw=141&hl=en&start=1&prev=/images%3Fq%3Draci%2Bchart%26svnum%3D10%26hl%3Den%26lr%3D%26client%3Dfirefox-a%26rls%3Dorg.mozilla:en-US:official%26sa%3DN

● http://images.google.com/imgres?imgurl=http://www.cbc.ca/news/background/computer-security/gfx/titlephoto.jpg&imgrefurl=http://www.cbc.ca/news/background/computer-security/&h=300&w=470&sz=34&tbnid=-HvSA5fOGPamQM:&tbnh=79&tbnw=125&hl=en&start=3&prev=/images%3Fq%3Dsecurity%26svnum%3D10%26hl%3Den%26lr%3D%26client%3Dfirefox-a%26rls%3Dorg.mozilla:en-US:official%26sa%3DN

● http://docweb.cns.ufl.edu/update/u030206a/u030206a5.gif● http://www.morris.umn.edu/services/acad_affairs/graphics/OrgChart.jpg