11/10/09 1

TEL382

Wallace Chapter 7

11/10/09 2

Outline

• Electrical Service

• Risk Assessment

• Your Building’s Power System

• Building Power Protection Strategy

• Power Generators

11/10/09 3

Electrical Service

• Taken For Granted• Without it, All Business Stops• Need Plan to:

– Reduce Likelihood of Loss

– Recover From Outage

• Need Process to:– Monitor Lines and Filter Spikes

– Provide Power During Brownout or Outage

– Transition Seamlessly From Normal to Emergency Power

• Must Be Tested

11/10/09 4

Risk Assessment

• Voltage Sags (Brownout)

• Voltage Spike (Over Voltage) – Instantaneous

• Voltage Surge – Short-term Voltage Increase (>3ns)

• Noise

• Blackout

11/10/09 5

Your Building’s Power System

• Equipment is Spread Out All Over Building

• Filter Electricity As It Enters Building

11/10/09 6

Building Power Protection Strategy

• Surge Protectors to Isolate Sensitive Equipment

• Line Conditioning

• UPS

• Generator

• Physical Security

11/10/09 7

Power Generators

• Large Facilities Such as Hospitals, Food Storage, ISPs, etc.

• Proper Sizing, Switching Time

• How Long Will it Need to Run?

• Regular Testing

• Work With Local Utility (Use on Peak Usage Days)

• Regulatory Issues

11/10/09 8

TEL382

Wallace Chapter 8

11/10/09 9

Outline

• Telecommunications Service

• Risk Assessment

• Cabling

• Telephone Switching Room

• Action Plan Steps

11/10/09 10

Telecommunications Service

• System Can Only Handle 10% of Full Usage

• Phone Punch-Down Block to PBX to CO

11/10/09 11

Risk Assessment

• Natural Hazards– Ice Storms, Blizzards, Thunderstorms, Lightning,

Tornadoes, Hurricanes, Floods

• Man-Made– Buried Line Cuts, Accidents, CO Failure

• Telephone Equipment Room– Temperatures, Humidity, Power, Fire, Security

11/10/09 12

Cabling

• Internal Cabling– Locked, Fire Suppression, No Combustibles,

Sufficient Light and Ventilation

• External Cabling– Trace Path, Redundant Paths, Route Separation,

Multiple Vendors

11/10/09 13

Telephone Switching Room

• PBX is a Single Point of Failure

• PBX Requires Backup, Just Like Servers

• IXC POP

11/10/09 14

Action Plan Steps

• Make Inventory of Assets– Equipment Description, Model and Serial Numbers,

Contract Number, Service POCs, Sample Floor Plans, Backup Configuration Data

• Create Wiring Maps• Create Telephone Number Inventory• Identify Critical Circuits

– Develop Restoration Priority List

• Create Migration Plan– Cable, Telephone Equipment Room, Alternate

Communication Methods

11/10/09 15

TEL382

Wallace Chapter 9

11/10/09 16

Outline

• Vital Records• Records Transportation• Records Retention• Media Storage• Risk Assessment• Mitigation• Action Plan Steps• Maintenance Activities• Immediate Actions in an Emergency• Recovery Techniques

11/10/09 17

Vital Records

• Inventory What You Have– Records, Media, Originating Department, Location

• Prioritize

• Store in Safe Location

11/10/09 18

Records Transportation

• Where?

• How?

• Safeguards and Security– Send Copies of Magnetic Media (Not Originals)

11/10/09 19

Records Retention

• Eliminate Obsolete Records

• Identification and Location

• Record Disposition– Shredder

11/10/09 20

Media Storage

• Separate Room or Off-site

• Air Filtration, HVAC, Humidity

• Paper

• Microfilm

• Magnetic Media

11/10/09 21

Risk Assessment

• Water, Smoke, Structural, Fire, Humidity, Heat/Cold, Theft, Sabotage, Insects, Rodents, Magnetic Fields

11/10/09 22

Mitigation

• Fire Detection and Suppression

• Minimize Electrical Equipment

• Environmental Controls

• Proper Markings and Records

• Security

11/10/09 23

Action Plan Steps

• Obtain Damage Containment Supplies– Depends Upon Risk Assessments and Inventory– General Items (Flashlights, Hand Tools, etc.)– Portable Equipment (Wet vacs, Dehumidifiers, Water

pumps, etc.)– Safety Equipment

• Maintenance Activities – Daily, Weekly, Quarterly

11/10/09 24

Immediate Actions in an Emergency

• Initial Damage Assessment

• Use Teams– Damage Containment, Assessment, Shuttle, Triage

• Should Documents be Evacuated?

11/10/09 25

Recovery Techniques

• Water Damage to Paper– Air-Drying, Freeze-Drying, Photocopying, Iron

• Fire Damage to Paper– Photocopy

• Optical and Magnetic Media– Rinse and Transport in Bags of Cold Distilled Water,

Air Dry, Duplicate

11/10/09 26

TEL382

Wallace Chapter 10

11/10/09 27

Outline

• Data

• Risk Assessment

• Creating a Data Recovery Plan

• Planning

• Planning (Continued)

11/10/09 28

Data

• Accounting Files, Customer Lists, Part Lists, Manufacturing Drawings, etc.

• Difficult to Impossible to Recreate

• Device Failure, Application or User Error

• Physical Loss or Logical Loss

• Disaster

11/10/09 29

Risk Assessment

• Key Causes– Viruses, Disasters, Man-Made Outages, Hard Drive

Crash, Laptop Loss, SW Failures, Application Failures, Vendor Failure

• Tactical Issues– Compromised Information, Lost Productivity,

Employee Downtime, Loss of Customer Information

• Strategic Issues– Loss of Opportunity, Increased Operational Cost,

Inability to Support Customers, Increased Systems Cost, Noncompliance Issues

11/10/09 30

Creating a Data Recovery Plan

• Planning

• Identifying Critical Data

• Create Appropriate Policies and Procedures

• Determine Type of Backups

• Develop Recovery Processes

• Plan Testing and Maintenance

11/10/09 31

Planning

• Stakeholders, Business Needs and Requirements• Regulatory Requirements• Current Backup Strategy and Procedures• Off-line Storage vs. Online Backups• Remote Sites

– Cold Site: Open Space

– Warm Site: Systems and Communications

– Hot Site: Active Duplicate of Live Systems

– Mobile Site: Trailer with IT and Communications Equipment

– Mirrored Site: Duplicate Site

11/10/09 32

Planning (Continued)

• Find Data• Categorize It• Policies to Reduce Storage Requirements• Policies for Classification

– Critical, Sensitive, Legally Required, Non-critical

• Backup Types– Regular to Tape or Other Media, Electronic Vault, Remote

Mirroring

• Develop Recovery Processes– Recovery Time Objective, Recovery Point Objective,

Availability, Assurance, Cost, Performance Requirements

11/10/09 33

TEL382

Wallace Chapter 11

11/10/09 34

Outline

• Networks

• Risk Assessment

• Data Storage

• Action Plan Steps

11/10/09 35

Networks

• Servers, Workstations, Wire, Cable, RF, Routers, Switches, Hubs, etc.

11/10/09 36

Risk Assessment

• Single Points of Failure

• Cut Cables, EM Interference, Fire, Water, etc.

• Duplicate Services to each Desktop, Duplicate Access

• Redundant Equipment

• Wireless

• Monitoring Packages

11/10/09 37

Data Storage

• Disk Mirroring

• RAID– Duplexing, Mirroring, Striping, Parity– RAID 0, RAID 1, RAID 2, RAID 3, RAID 4, RAID

5, RAID 10

• Load Balancing

• Network Attached Storage

• Storage Area Network

11/10/09 38

Action Plan Steps

• Document Physical and Logical Network Layout

• Develop Appropriate Backup Strategies

• Identify Single Points of Failure

• Install Redundant Devices

• Monitor the Network

11/10/09 39

TEL382

Wallace Chapter 12

11/10/09 40

Outline

• End-User PCs

• Risk Assessment

• Mobile Devices

• Protecting End-User Vital Records

11/10/09 41

End-User PCs

• On Everyone’s Desk

• Servers, Laptops, PDAs, Cellphones, etc.

11/10/09 42

Risk Assessment

• Inventory Assets (HW and SW)• Replacement Schedule (4yrs normal, 2yrs critical)• Surge Protectors, UPS, Environment, etc.• Physical Security

– “Image” the SW, Licenses, Serial Numbers, Manuals, etc.

• Backup Strategies– Storage Volume Requirements, Time Length, Interoperability,

Backup Software

• Backup Technologies– Tape, ZIP, CD, DVD, Internet, Network

11/10/09 43

Mobile Devices

• Security– Keep Out of Sight, Alternate Case, Store in Hotel

Room, Never Leave Unattended, In car Trunk

• Backup Frequently

11/10/09 44

Protecting End-User Vital Records

• Treat Backup Data as Critical Data

• SW Licenses

• Original Media

• Eliminate Date from Surplus Devices

11/10/09 45

TEL382

Wallace Chapter 17

11/10/09 46

Outline

• Backups

• Planning For Data Recovery

• Testing

11/10/09 47

Backups

• Media Expense vs. Retrieval Time

11/10/09 48

Planning For Data Recovery

• What Do You Have, Where is it Located, How is it Used

• Type of Backup, Scheduling, Automatic or Manual, Media, Handling and Storage, Testing

• Standardize• System SW, Application SW, In-house SW• Customer Lists, Contracts, Product Designs, E-

mail Directories, Account Histories• Scheme (AAA, AA, A, B, C, D)• Strategies (Full, Incremental, Differential)

11/10/09 49

Testing

• Files, Directories, Applications Data, Database, OS, System Recovery