disaster prevention and recovery
DESCRIPTION
Date: 5/16/06 By: Stacie Lund Lien Huynh Katie Allen. Disaster Prevention and Recovery. Why do we need to be concerned?. Disasters can occur at anytime Technology increases risk and vulnerability Hackers are able to do more damage Business cannot function without IS technology - PowerPoint PPT PresentationTRANSCRIPT
Disaster Prevention and Recovery
Date: 5/16/06
By:Stacie LundLien HuynhKatie Allen
Why do we need to be concerned?
● Disasters can occur at anytime– Technology increases risk and vulnerability – Hackers are able to do more damage– Business cannot function without IS
technology– Cannot guarantee sustainability of the
business
Disaster Threats
● Environmental- Hurricane Katrina
● Loss of Utilities/Services- Electrical Power outages, Communication breakdowns
● Equipment or system failure- Heaters or Washing machines
● Serious IS failure- Cyber crime
● Organized/Deliberate- COB Summer 2005
Prevention
● Disaster avoidance– Contingency plans– Back-up/redundant systems– Monitor notifications systems– Tests– Security
Avoiding Disasters
● Monitor/Planning– COBIT
● Identify possible disaster scenarios– Quality Control
● R.A.I.D–Redundant Array of Independent Discs- P drives on COB server
Contingency plans
● Provides step-by-step information in a disaster– Identify key risks– Creates a plan that is practical– Creates a RACI chart to notify individuals– Provides testing and maintenance plans to
ensure recovery
Example of Contingency plan
Redundant systems
● Good hardware, employees and software
● Back-up Systems– All data need to be saved
● Constantly● Prioritize tasks and data● Save and archive all
important data– Store back-ups in different
locations– Extra space
● Always more storage than you will ever need
Notification systems
● All systems need notification– Allows individuals to know when a problem has
occurred– Wall monitors send out signals
● ALL NOTIFICATION SHOULD BE TESTED● RACI Chart
– All individuals know responsibilities in an event of an emergency
Example of a Notification System
Example RACI chart
Example RACI chart
Drills/Tests
● Train and over train all individuals
● Time all results● Diversify plans for
testing (different times, days)
● Consistency ● Should tests be run
during peak times?
Security
● Network Security policies– Firewalls– Anti-virus– Spy-ware– All of the above must
be updated, tested and proven effective
Recovery
● Invest prevention is costly● File back-ups
– Create alternative locations for storage● Two storage systems 100 miles away● Should employees take back-ups home?
References
● http://www.ehs.neu.edu/emily3.gif● http://images.google.com/imgres?imgurl=http://web.uct.ac.za/depts/aims2/Assets/Ima
ges/Fig07-6F.gif&imgrefurl=http://web.uct.ac.za/depts/aims2/Figures.htm&h=540&w=780&sz=14&tbnid=34BpK7TXmzeaSM:&tbnh=97&tbnw=141&hl=en&start=1&prev=/images%3Fq%3Draci%2Bchart%26svnum%3D10%26hl%3Den%26lr%3D%26client%3Dfirefox-a%26rls%3Dorg.mozilla:en-US:official%26sa%3DN
● http://images.google.com/imgres?imgurl=http://www.cbc.ca/news/background/computer-security/gfx/titlephoto.jpg&imgrefurl=http://www.cbc.ca/news/background/computer-security/&h=300&w=470&sz=34&tbnid=-HvSA5fOGPamQM:&tbnh=79&tbnw=125&hl=en&start=3&prev=/images%3Fq%3Dsecurity%26svnum%3D10%26hl%3Den%26lr%3D%26client%3Dfirefox-a%26rls%3Dorg.mozilla:en-US:official%26sa%3DN
● http://docweb.cns.ufl.edu/update/u030206a/u030206a5.gif● http://www.morris.umn.edu/services/acad_affairs/graphics/OrgChart.jpg