Scribd Logo
Upload

Welcome to Scribd!

  • LaRon Walker - Impacts of Disaster Recovery

    Uploaded by

    LaRon Walker
    75 views6 pages
    Impacts of Disaster Recovery

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Impacts of Disaster Recovery

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    75 views6 pages

    LaRon Walker - Impacts of Disaster Recovery

    Uploaded by

    LaRon Walker
    Impacts of Disaster Recovery

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 6

    Running Head: Impacts of Disaster Recovery 1

    Impacts of Disaster Recovery

    LaRon Walker

    Master of Information Technology and Internet Security

    April, 2010
    2

    ABSTRACT

    Any business or organization is vulnerable to the risk of a disaster occurring without warning whether

    natural, accidental, or intentional. These risks create the necessity for companies to become more

    proactive in disaster recovery practices and prepare for these types of unforeseen events. These

    recovery strategies are very important, as they are the backbone of the business if some type of disaster

    where to occur. Failure to prepare for such an event could result in the destruction of the business.

    This document will discuss some of the recommended steps to plan for a disaster, and three industry

    standards that can help guide the development of an effective, efficient disaster recovery plan.
    3

    Impacts of Disaster Recovery

    LaRon Walker

    Master of Information Technology and Internet Security

    April, 2010

    When operating any business, one must always consider the risks of natural events that could

    cause the loss of valuable data whether in paper or digital form. Some people believe having a backup

    strategy alone is enough in the event a system or storage device crashes. However, they fail to include

    the possibility of backups being corrupt or destroyed via a natural disaster, fire, or hacker attack. With

    this in mind, the continuity of the business would be at risk if proper steps are not taken to ensure that

    all information has a path to be recovered in a fast efficient manner. This type of preparation is

    commonly referred to as Business Continuity Management (BCM).

    There have been many different industry standards that have been developed in the last few

    years that were created to help businesses recover in the event of an unforeseen disaster. After

    researching, I have found three ISO standards when used together, will cover all aspects of BCM,

    including Business Continuity Planning ( BCP) and Disaster Recovery. These ISO standards are:

     ISO/IEC 24762:2008: Information technology -- Security techniques --Guidelines for

    information and communications technology disaster recovery services

     ISO/IEC 27002:2005: Information technology --Security techniques -- Code of practice

    for information security management


    4

     ISO/PAS 22399:2007: Societal security - Guideline for incident preparedness and

    operational continuity management.

    ISO 24762 is the standard in that focuses on Disaster recovery. The theory behind this is to help

    businesses define the most critical information necessary for the business to operate in the event of a

    disaster, and how this information will be backed up, stored, and retrieved whether paper or digital. In

    today’s business world, it is common for companies have onsite as well as offsite storage facilities. This

    technique covers the event if a building or its contents are unrecoverable.

    ISO 27002 is the standard that focuses on security policies that involve access, assets,

    communication, and operation management and also information security. This standard applies to

    network access, data access, and physical access (building) alike.

    ISO 22399 is the standard that focuses on defining the actual BCP. Per Barr (2008), ISO22399

    help businesses and organizations:

     "Understand the overall context within which the organization operates;

     "Identify critical objectives;

     "Understand barriers, risks, and disruptions that may impede critical objectives;

     "Evaluate residual risk and risk tolerance to understand outcomes of controls and

    mitigation strategies;

     "Plan how an organization can continue to achieve its objectives should a disruptive

    incident occur;

     "Develop incident and emergency response, continuity response and recovery response

    procedures;

     "Define roles and responsibilities, and resources to respond to an incident;


    5

     "Meet compliance with applicable legal, regulatory, and other requirements;

     “Provide mutual and community assistance;

     "Interface with first responders and the media; and

     "Promote a cultural change within the organization that recognizes that risk is inherent

    in every decision and activity, and must be effectively managed."

    The above three industry standards together along with proper testing against various disaster scenarios

    can help ensure a business’s future in the event of a disaster.

    Business Continuity Management encompasses Disaster Recovery and a Business Continuity

    Plan (BCP). These all fall under Information Security, as Information Security not only involves

    controlling access to networks and data, but also the securing of data in the sense of being recoverable,

    along with proper testing practices to verify the integrity of the data. Per Ulasien (2009), the

    recommended steps when developing a BCP are:

    1. Create a Business Continuity Planning Team

    2. Establish a Business Continuity Budget

    3. Identify All Critical Business Functions

    4. Identify All Prominent Business Threats

    5. Develop and Implement a Threat Mitigation Plan

    6. Develop Continuity and Recovery Procedures

    7. Document the Business Continuity Plan

    8. Train Employees

    9. Develop and Execute a Business Continuity Test Plan

    10. Establish a Test and Maintenance Schedule


    6

    Failure to follow any of the above steps can result in a gap in the recovery process, which in turn could

    cause other parts of the continuity plan to fail, ultimately destroying the business.

    Information Security covers many aspects of businesses operations including Business

    Continuity Management, Planning, and disaster recovery, along with network, data, and physical access

    control. When considering the future of any organization, one of the most important components that

    must be addressed is proactive preparation in the event of a system, data, or building disaster. This

    strategy should be frequently reviewed and tested to ensure that all techniques maintain the highest

    level of integrity, as this process could determine an organization’s future.

    References

    Barr, J. (2008). ISO Standard for Disaster Recovery. Faulkner Information Services. Retrieved April

    24, 2010 from Faulkner Information Services database.

    Ledford, J. (2010). Business Continuity for Corporate Libraries. Faulkner Information Services.

    Retrieved April 24, 2010 from Faulkner Information Services database.

    Ulasien, P. (2009). Preparing a Business Continuity for Plan. Faulkner Information Services.

    Retrieved April 24, 2010 from Faulkner Information Services database.

    You might also like