Data and System Security Read chapter 32 ,  Choose an organization describe your plan and proposal for a comprehensive Disaster Recovery and Business Cont

Data and System Security Read chapter 32 , 

Choose an organization describe your plan and proposal for a comprehensive Disaster Recovery and Business Cont

Click here to Order a Custom answer to this Question from our writers. It’s fast and plagiarism-free.

Data and System Security Read chapter 32 , 

Choose an organization describe your plan and proposal for a comprehensive Disaster Recovery and Business Continuity plan.

List all your references/resources. Chapter 32
Disaster Recovery, Business Continuity,
Backups, and High Availability
Copyright © 2014 by McGraw-Hill Education.

Disaster recovery and business continuity planning are separate but related concepts. In fact, disaster recovery is part of business continuity.
Disaster recovery (DR) concerns the recovery of the technical components of your business, such as computers, software, the network, data, and so on.
Business continuity planning (BCP) includes disaster recovery along with procedures to restore business operations and the underlying functionality of the business infrastructure needed to support the business, along with the resumption of the daily work of the people in your workplace. Business continuity planning is vital to keeping your business running and to providing a return to “business as usual” during a disaster.
Copyright © 2014 by McGraw-Hill Education.

What Constitutes a Disaster?
A disaster is defined as a “sudden, unplanned calamitous event causing great damage or loss” or “any event that creates an inability on an organization’s part to provide critical business functions for some predetermined period of time.”
With this general definition in mind, the disaster recovery planner or business continuity professional would sit down with all the principals in the organization and map out what would constitute a disaster for that organization. This is the initial stage
of creating a business impact analysis (BIA).
Copyright © 2014 by McGraw-Hill Education.

Service Assurance Methods
DR and BCP professionals work together to ensure the recoverability and continuity of all aspects of an organization that are affected by an outage or security event. This chapter analyzes the best practices and methodologies for DR and BCP.
We also give close consideration to backups, which are necessary for disaster recovery as well as recovery from less severe incidents. Tape backups, which have traditionally been a key component of DR strategies to move data from the primary data center to the backup site, are giving way to online, real-time data replication strategies to keep data synchronized.
We consider high availability in the final section of this chapter. All three of these components–DR/BCP, backups, and HA, form the core of a resiliency strategy for services and data.
Copyright © 2014 by McGraw-Hill Education.

Disaster Recovery
When you put together a disaster recovery plan, you need to understand how your organization’s information technology (IT) infrastructure, applications, and network support the business functions of the enterprise you are recovering.
For example, a particular business unit may claim not to need a certain application or function on day three of a disaster, but the technology process may dictate that the application should be available on day one, due to technological interdependencies. In this example, the DR planner should work with (and educate) the business unit to help them understand why they need to pay for a day-one recovery as opposed to a day-three recovery. The business unit’s budget will typically include a sizeable expense for the IT department, and this may cause the business unit to think that any disaster recovery or business continuity efforts will be cost prohibitive. In working with the IT subject matter experts (SMEs), you can sometimes figure out a way to bypass a particular electronic feed or file dependency that may be needed to continue the recovery of your system.
Copyright © 2014 by McGraw-Hill Education.

Determining What to Recover
All of this will work well if you know what you are recovering and who to consult with. The responsible business continuity or disaster recovery professional should work with the IT group and the business unit to achieve one purpose—to operate a fine, productive, and lucrative organization.
You can come to know what you are recovering and who is involved by gathering experts, such as the programmer, business analyst, system architect, or any other necessary SME. These experts will prove to be invaluable when it comes to creating your DR plan. They know what it takes to technically run the business systems in question and can explain why a certain disaster recovery process will cost a certain amount. This information is important for the manager of the business unit, so that she can make informed decisions.
Copyright © 2014 by McGraw-Hill Education.

Business Continuity Planning
The business continuity professional is more concerned with the business functions that the employees perform than with the underlying technologies. To figure out how the business can resume normal operations during a disaster, the business continuity professional needs to work with each business unit as closely as possible. This means they need to meet with the people who make the decisions, the people who carry out the decisions in the management team, and finally the “worker bees” who actually do the work.
You can think of the “worker bees” as power users who know an application intimately. They know the nuances and idiosyncrasies of the business function—they are looking at the trees as opposed to the forest. This is important when it comes to preparing the business unit’s business continuity plan. The power users should participate in your disaster recovery rehearsals and business continuity tabletop exercises.
Copyright © 2014 by McGraw-Hill Education.

Management Team
The business unit management team is vital because its members see the business unit from a business perspective—at a higher level—and will help in determining the importance of the application, as they are acquainted with the mission of the business unit. The business unit also needs to keep in mind the need for a disaster recovery plan as it introduces new or upgraded program applications. The disaster recovery and/or business continuity professional should be kept informed about such changes.
For example, a member of management in a business unit might talk to a vendor about a product that could make a current business function quicker, smarter, and better. Being the diligent manager, he would bring the vendor in to meet with upper management, and the decision would be made to buy the product, all without informing the IT department or the disaster recovery or business continuity professional.
As you can see, the business continuity professional needs to have a relationship with every principle within the business unit so that, should a new product be brought into the organization, the knowledge and ability to recover the product will be taken into consideration.
Copyright © 2014 by McGraw-Hill Education.

The Four Components of Business Continuity Planning
There are four main components of business continuity planning, each of which is essential to the whole BCP initiative:
Plan initiation
Business impact analysis or assessment
Development of the recovery strategies
Rehearsal or exercise of the disaster recovery and business continuity plans

Each business unit should have its own plan. The organization as a whole needs to have a global plan, encompassing all the business units. There should be two plans that work in tandem: a business continuity plan (recovery of the people and business function) and a disaster recovery plan (technological and application recovery).
Copyright © 2014 by McGraw-Hill Education.

Initiating a Plan
Plan initiation puts everyone on the same page at the beginning of the creation of the plan. A disaster or event is defined from the perspective of the specific business unit or entire organization. What one business unit or organization considers a disaster may not be considered a disaster by another business unit or organization, and vice versa.
A BIA is important for several reasons. It provides an organization or business unit with a dollar value impact
for an unexpected event. This indicates how long an organization can have its business interrupted before it will go out of business completely.
Copyright © 2014 by McGraw-Hill Education.

Here are three examples of possible events that could impact your business and compel you to implement your disaster recovery or business continuity plan, along with some possible responses:
Hurricane: Because a hurricane can be predicted a reasonable amount of time before it strikes, you have time to inform employees to prepare their homes and other personal effects.
You also have the time to alert your technology group so that they can initiate their preparation strategy procedures.
Blackout: You can ensure that your enterprise is attached to a backup generator or an uninterruptible power supply (UPS). You can conduct awareness programs and perhaps give away small flashlights that employees can keep in their desks.
Illness outbreak: You can provide an offsite facility where your employees can relocate during the outbreak and investigation.
Copyright © 2014 by McGraw-Hill Education.

Analyzing the Business Impact
With a BIA, you must first establish what the critical business function is. This can be determined only by the critical members of the business unit.
The BIA should be completed and reviewed by the business unit, including upper management, since the financing of the business continuity plan and disaster recovery project will ultimately come from the business unit’s coffers.
Copyright © 2014 by McGraw-Hill Education.

Developing Recovery Strategies
The next step is to develop your recovery strategy. The business unit will be paying for the recovery, so they need to know what their options are for different types of recoveries.
You can provide anything from a no-frills recovery to an instantaneous recovery. It all depends on the business functions that have to be recovered and on how long the business unit can go without the function.
The question is essentially how much insurance the business unit wants to buy. If it is your business, you are the only one who can make that decision. Someone who does not have as large a stake in the growth of the business cannot look at the business from the same perspective.
Copyright © 2014 by McGraw-Hill Education.

Procedures and Contacts
In a business recovery situation, there must be written procedures that all employees in your business unit can quickly access, understand, and follow. Information needs to be readily available about the business function that has to be performed. The procedures should be stored in multiple, accessible locations to ensure they are available in a disaster scenario.
You also need to make readily available a list of people to contact, along with their contact information. This list must be of the current employees to contact, and it should include members of the Human Resources, Facilities, Risk Management, and Legal departments. The list of contacts should also include the local fire and rescue department, police department, and emergency operations center.
Copyright © 2014 by McGraw-Hill Education.

Rehearsing Disaster Recovery and Business Continuity Plans
The fourth BCP component, and the most crucial, is to rehearse, exercise, or test the plan. This is “where the rubber meets the road.”
Having the other three components in place is important, but the plan is inadequate if you’re not sure whether it will work. It is vital to test your plan. If the plan has not been tested and it fails during a disaster, all the work you put into developing it is for naught. If the plan fails during a test, though, you can improve on it and test again.
Copyright © 2014 by McGraw-Hill Education.

Third-Party Vendor Issues
Most organizations make use of various third-party vendors (Enterprise Resource Planning [ERP], Application Service Provider [ASP], etc.) in their recovery efforts. In such cases, the information about the third-party vendor is just as critical in your business or technology recovery. When you need to make use of such resources, it is beneficial, if not crucial, to make inquiries into the third-party’s operations prior to the implementation of its product or services.
In the real world, the disaster recovery and/or business continuity professional has to integrate the vendor’s information into the business unit’s continuity plan. If a critical path in your DR plan depends on the involvement of a third-party vendor, you can’t get your operation up and running if that third-party vendor isn’t prepared to assist you. For example, suppose that processing loans is the bread and butter of your business, and your business relies on credit bureau reports to process loans. In this scenario, you need to ensure that if your organization experiences an outage, you will still receive these reports so that your company can continue to conduct business.
The vendor’s ability to recover from a failure will also affect how robust your recovery is. Although your recovery may be technically sound, you must be sure that you can conduct business. The same standards you apply to your own organization should apply to third-party vendors you do business with. They should be available to you to conduct business. The disaster recovery or business continuity coordinator should make the appropriate inquiries with vendors to ensure that they can support a DR scenario.
Copyright © 2014 by McGraw-Hill Education.

Awareness and Training Programs
Another important element of disaster recovery and business continuity planning is an awareness program. The business continuity or disaster recovery professional can meet with each business for tabletop exercises. These exercises are important, because they actually get the members of the business unit to sit down and think about a particular event and how first to prevent or mitigate it and then how to recover from it.
The event can be anything from a category 3 hurricane to workplace violence. Any work stoppage can potentially impede the progress of an organization’s recovery or resumption of services, and it is up to the management team to design or develop a plan of action or a business continuity plan. The business continuity or disaster recovery professional must facilitate this process and make the business unit aware that there are events that can bring the business to a grinding halt.
Copyright © 2014 by McGraw-Hill Education.

Backups may be used for complete system restoration, but they can also allow you to recover the contents of a mailbox, for example, or an “accidentally” deleted document. Backups can be extended to saving more than just digital data. Backup processes can include the backup of specifications and configurations, policies and procedures, equipment, and data centers.
However, if the backup is not good or is too old, or the backup media is damaged, it will not fix the problem. Just having a backup procedure in place does not always offer adequate protection.
Many organizations can no longer depend on traditional backup processes—doing an offline backup is unacceptable, doing an online backup would unacceptably degrade system performance, and restoring from a backup would take so much time that the organization could not recover. Such organizations are using alternatives to traditional backups, such as redundant systems and cloud services.
Backup systems and processes, therefore, reflect the availability needs of an organization as well as its recovery needs.
Copyright © 2014 by McGraw-Hill Education.

Traditional Backup Methods
In the traditional backup process, data is copied to backup media, primarily tape, in a predictable and orderly fashion for secure storage both onsite and offsite.
Backup media can thus be made available to restore data to new or repaired systems after failure. In addition to data, modern operating systems and application configurations are also backed up.
This provides faster restore capabilities and occasionally may be the only way to restore systems where applications that support data are intimately integrated with a specific system.
Copyright © 2014 by McGraw-Hill Education.

Backup Types
There are several standard types of backups:

Copyright © 2014 by McGraw-Hill Education.

Full Backups
Backs up all data selected, whether or not it has changed since the last backup. The definition of a full backup varies on different systems. On some systems it includes critical operating system files needed to rebuild a system completely; on other systems it backs up only the user data.
Copyright © 2014 by McGraw-Hill Education.

Copy Backups
Data is copied from one disk to another.
Copyright © 2014 by McGraw-Hill Education.

Incremental Backups
When data is backed up, the archive bit on a file is turned off. When changes are made to the file, the archive bit is set again. An incremental backup uses this information to back up only files that have changed since the last backup. This backup turns the archive bit off again, and the next incremental backup backs up only the files that have changed since the last incremental backup. This backup type saves time, but it means that the restore process will involve restoring the last full backup and every incremental backup made after it.
Copyright © 2014 by McGraw-Hill Education.

Restoring from an Incremental backup requires that all backups be applied.
The circle encloses all the backups that must be restored.

Copyright © 2014 by McGraw-Hill Education.

Differential Backups
Like an incremental backup, a differential backup only backs up files with the archive bit set—files that have changed since the last backup. Unlike an incremental backup, however, a differential backup does not reset the archive bit.
Each differential backup backs up all files that have changed since the last backup that reset the bits. Using this strategy, a full backup is followed by differential backups.
A restore consists of restoring the full backup and then only the last differential backup made. This saves time during the restore, but, depending on your system, creating differential backups takes longer than creating incremental backups.
Copyright © 2014 by McGraw-Hill Education.

Restoring from a differential backup requires applying only the full backup and the last differential backup.
The circle encloses all of the backups that must be restored.

Copyright © 2014 by McGraw-Hill Education.

Backup Rotation Strategies
In the traditional backup process, old backups are usually not immediately replaced by the new backup. Instead, multiple previous copies of backups are kept. This ensures recovery should one backup tape set be damaged or otherwise be found not to be good. Two traditional backup rotation strategies are Grandfather-Father-Son (GFS) and Tower of Hanoi.
Copyright © 2014 by McGraw-Hill Education.

GFS Backup Strategy
In the GFS rotation strategy, a backup is made to separate media each day.
Each Sunday a full backup is made, and each day of the week an incremental backup is made.
The Sunday backups are kept for a month, and the current week’s incremental backups are also kept.
On the first Sunday of the month, a new tape or disk is used to make a full backup. The previous full backup becomes the last full backup of the prior month and is re-labeled as a monthly backup.
Weekly and daily tapes are rotated as needed, with the oldest being used for the current backup.
Thus, on any given day of the month, that week’s backup is available, as well as the previous four or five weeks’ full backups, along with the incremental backups taken each day of the preceding week. If the backup scheme has been in use for a while, prior months’ backups are also available.
Copyright © 2014 by McGraw-Hill Education.

No backup strategy is complete without plans to test backup media and backups by doing a restore. If a backup is unusable, it’s worse than having no backup at all, because it has lured users into a sense of security. Be sure to add the testing of backups to your backup strategy, and do this on a test system.
Copyright © 2014 by McGraw-Hill Education.

The Tower of Hanoi Backup Strategy
The Tower of Hanoi strategy is based on a game played with three poles and a number of rings. The object is to move the rings from their starting point on one pole to the other pole.
However, the rings are of different sizes, and you are not allowed to have a ring on top of one that is smaller than itself. To accomplish the task, a certain order must be followed.
Consider a simple version of the Tower of Hanoi, in which you are given three pegs, one of which has three rings stacked on it from largest at the bottom to smallest at the top. Call these rings A (small), B (medium), and C (large). You need to move the rings to the right-hand peg. How do you solve this puzzle?
Copyright © 2014 by McGraw-Hill Education.

Tower of Hanoi Solution
The solution is to move
A to the right-hand peg,
then B to the middle peg,
A on top of B on the middle peg,
then C to the right-hand peg,
then A to the now-empty left-hand peg,
B on top of C on the right-hand peg,
and finally A on top of B to complete the stack on the right-hand peg.
The rings were moved in this order: A B A C A B A. If you solve this puzzle with four rings labeled A through D, your moves would be A B A C A B A D A B A C A B A.
Five rings are solved with the sequence A B A C A B A D A B A C A B A E A B A C A B A D A B A C A B A.
As you can see, there is a recursive pattern here that looks complicated but is actually very repetitive. Small children solve this puzzle all the time.
Copyright © 2014 by McGraw-Hill Education.

Tower of Hanoi for Backups
To use the same strategy with backup tapes requires the use of multiple tapes in this same complicated order. Each backup is a full backup, and multiple backups are made to each tape. Since each tape’s backups are not sequential, the chance that the loss of one tape or damage to one tape will destroy backups for the current period is nil. A fairly current backup is always available on another tape. This backup method gives you as many different restore options as you have tapes.
Consider a three-tape Tower of Hanoi backup scheme and its similarity to the sequence of the game. On day one, you perform a full backup to tape A. On day two, your full backup goes to tape B. On day three, you back up to tape A again, and on day four you introduce tape C, which hasn’t been used yet. At this point, you now have three tapes containing full backups for the last three days. That’s pretty good coverage. On days 5, 6, and 7, you use tapes A, B, and A again, respectively. This gives you three tapes containing full backups that you can rely on, even if one tape is damaged.
Copyright © 2014 by McGraw-Hill Education.

Use More Tapes
For additional coverage, you can use a four-tape or five-tape Tower of Hanoi scheme.
You would perform the same rotation as in the game, either A B A C A B A D A B A C A B A in a four-tape system or A B A C A B A D A B A C A B A E A B A C A B A D A B A C A B A in a five-tape system.
Higher numbers of tapes can be used as well, but the system is complicated enough that human error can become a concern. Backup software can assist by prompting the backup operator for the correct tape if it is configured for a Tower of Hanoi scheme.
Copyright © 2014 by McGraw-Hill Education.

Backup Alternatives and Newer Methodologies
Many backup strategies are available for use today as alternatives to traditional tape backups:
Hierarchical Storage Management (HSM) 
Windows shadow copy 
Online backup or data vaulting 
Dedicated backup networks 
Disk-to-disk (D2D) technology 
Copyright © 2014 by McGraw-Hill Education.

Hierarchical Storage Management (HSM) 
HSM is more of an archiving system than a strict “backup” strategy, but it is a valid way of preserving data that can be considered as part of a data retention strategy. Long available for mainframe systems, it is also available on Windows.
HSM is an automated process that moves the least-used files to progressively more remote data storage. In other words, frequently used and changed data is stored online on high speed, local disks. As data ages (as it is not accessed and is not changed), it is moved to more remote storage locations, such as disk appliances or even tape systems.
However, the data is still cataloged and appears readily available to the user. If accessed, it can be automatically made available—it can be moved to local disks, it can be returned via network access, or, in the case of offline storage, operators can be prompted to load the data. Online services or cloud storage can be used for the more remote data storage, and this approach is commonly found in e-mail archiving solutions.
Copyright © 2014 by McGraw-Hill Education.

Windows Shadow Copy
This Windows service takes a snapshot of a working volume, and then a normal data backup can be made that includes open files. The shadow copy service doesn’t make a copy; it just fixes a point in time and then places subsequent changes in a hidden volume.
When a backup is made, closed files and disk copies of open files are stored along with the changes. When files are stored on a Windows system, the service runs in the background, constantly recording file changes.
If a special client is loaded, previous versions of a file can be accessed and restored by any user who has authorization to read the file. Imagine that Alice deletes a file on Monday, or Bob makes a mistake in a complex spreadsheet design on Friday. On the following Tuesday, each can obtain their old versions of the file on their own, without a call to the help desk, and without IT getting involved.
Copyright © 2014 by McGraw-Hill Education.

Online Backup or Data Vaulting
An individual or business can contract with an online service that automatically and regularly connects to a host or hosts and copies identified data to an online server.
Typically, arrangements can be made to back up everything, data only, or specific data sets.
Payment plans are based both on volume of data backed up and on the number of hosts, ranging up to complete data backups of entire data centers.
Copyright © 2014 by McGraw-Hill Education.

Dedicated Backup Networks
An Ethernet LAN can become a backup bottleneck if disk and tape systems are provided in parallel and exceed the LAN’s throughput capacity. Backups also consume bandwidth and thus degrade performance for other network operations.
Dedicated backup networks are often implemented using a Fibre Channel storage area network (SAN) or Gigabit Ethernet network and Internet Small Computer Systems Interface (iSCSI). iSCSI and Gigabit Ethernet can provide wire-speed data transfer. Backup is to servers or disk appliances on the SAN.
Copyright © 2014 by McGraw-Hill Education.

Disk-to-Disk (D2D) Technology
A slow tape backup system may be a bottleneck, as servers may be able to provide data faster than the tape system can record it. D2D servers don’t wait for a tape drive, and disks can be provided over high-speed dedicated backup networks, so both backups and restores can be faster.
D2D can use traditional network-attached storage (NAS) systems supported by Ethernet connectivity and either the Network File System (NFS on Unix) protocol or Common Internet File System (CIFS on Windows) protocol, or dedicated backup networks can be provided for D2D.
Copyright © 2014 by McGraw-Hill Education.

Backup Benefits
Many benefits can be obtained from backing up as a regular part of IT operations:
Cost savings: It takes many people-hours to reproduce digitally stored data. The cost of backup software and hardware is a fraction of this cost.
Productivity: Users cannot work without data. When data can be restored quickly, productivity is maintained.
Increased security: When backups are available, the impact of an attack that destroys or corrupts data is lessened. Data can be replaced or compared to ensure its integrity.
Simplicity: When centralized backups are used, no user needs to make a decision about what to back up.
Copyright © 2014 by McGraw-Hill Education.

Backup Policy
The way to ensure that backups are made and protected is to have an enforceable and enforced backup policy.
The policy should identify the goals of the process, such as frequency, the necessity of onsite and offsite storage, and requirements for formal processes, authority, and documentation.
Procedures can then be developed, approved, and used that interpret policy in light of current applications, data sets, equipment, and the availability of technologies. Several topics should be specifically detailed in the policy.
Copyright © 2014 by McGraw-Hill Education.

Administrative Authority
Designate who has the authority to physically start the backup, transport and check out backup media, perform restores, sign off on activity, and approve changes in procedures. This should also include guidelines for how individuals are chosen.
Recommendations should include separating duties between backing up and restoring, between approval and activity, and even between systems. (For example, those authorized to back up directory services …

Place your order now for a similar assignment and have exceptional work written by one of our experts, guaranteeing you an A result.

Need an Essay Written?

This sample is available to anyone. If you want a unique paper order it from one of our professional writers.

Get help with your academic paper right away

Quality & Timely Delivery

Free Editing & Plagiarism Check

Security, Privacy & Confidentiality