1. Associate Level Material
Appendix D
Disaster Recovery Plan
Student Name: Delroy Francis
UNIVERSITY OF PHOENIX
IT/244 INTRO TO IT SECURITY
Instructor’s Name: JAMES BRYANT
Date: 1/19/2012
2. Disaster Recovery Plan
1. Disaster Recovery Plan
Due in Week Three: For your selected scenario, describe the key elements of the Disaster Recovery Plan
to be used in case of a disaster and the plan for testing the DRP.
I will have a central meeting place for all emergency Management team to meet up at. Each team
would evaluated and access the loss or interruption in service which occurred and will get the system
back up and running, while instituting plans for coordinating the recovery program, disseminating
information and assembling personnel to the various sites. These personnel would assess and decide
the severity of the disaster. This would be to declare the incident a disaster versus interruption in
service.
1.1. Risk Assessment
1.1.1. Critical business processes
List the mission-critical business systems and services that must be protected by the
DRP.
Enter your text here
1.1.2. Internal, external, and environmental risks
Briefly discuss the internal, external, and environmental risks, which might be likely
to affect the business and result in loss of the facility, loss of life, or loss of assets.
Threats could include weather, fire or chemical, earth movement, structural failure,
energy, biological, or human.
A natural disaster that could happen would be a tornado or flood that could
completely wipe out a building where all the computer equipment is used or
stored. By using a DRP all the data could be stored at an off-site location to
assure the operations of the company will be able to continue in case of a
disaster
1.2. Disaster Recovery Strategy
Of the strategies of shared-site agreements, alternate sites, hot sites, cold sites, and warm
sites, identify which of these recovery strategies is most appropriate for your selected scenario
and why.
IT/244 Intro to IT Security Page 1
3. Disaster Recovery Plan
I would choose a “Hot Site” as the hot site would have live communication links,
already working , the system would already be ready for a disaster or immediate
failover of operations.
A “Warm Site” would also have live communication links and some hardware, but
would need installation of software and some restoration of media format and data
from tape this would take days to several hours for the site to be up and running .
A “Cold Site” could be the focal point or the facility where is declared as the
meeting point when a disaster is declared, this would be the point where all staff will
gather at, this location will typically have external communications, but no software
or data which will required more resources .
Clearly, the cost associated with a Hot Site is immeasurably different from those of a
Cold or Warm Site – So from the initial steps defining importance. So from business
a sense and investment, the goal is to protect the business assets.
1.3. Disaster Recovery Test Plan
For each testing method listed, briefly describe each method and your rationale for why it will
or will not be included in your DRP test plan.
Periodic reviews of the plan to ensure it is kept up to date, distributed, and understood. The
maintenance of the Disaster Recover and Team Plans is to keep it synchronous with program,
hardware, software, physical environment, network and applications changes
Disaster Recovery testing verifies that all facets of the Plan have been implemented and have
been found to be accurate and sufficient. After initial acceptance of the Plan, ongoing testing
on a periodic basis is necessary to ensure the continued viability of its contents
Testing can be as simple as examining the existence of documentation, or as complex as
simulating a major disaster. This Disaster Recovery Plan is tested for all procedural and
organizational aspects and technical recovery capabilities up to but not including testing at
contingency site locations
IT/244 Intro to IT Security Page 2
4. Disaster Recovery Plan
1.3.1. Walk-throughs
Walk through and inspection would be done by every department, the IT
would be implementing where the computer should be stored and create a
scenario of the downtime including and estimated up time. Security
department should be running drill daily whether there is a disaster or not.
Every department should have a log book on when each drill was run
including time and department or site, references of those who conducted
the drill should be listed on the log.
1.3.2. Simulations
Enter your text here
1.3.3. Checklists
I would have Separate contact lists for each department this would include the names of all
individuals, including their job title and contact information , cell and home phone numbers would be
included in the contact lists ,this would be locked in a confidential area of the recovery plan. The
contact lists for all outside source and all government entities would be on file in case of a recovery
process .
1.3.4. Parallel testing
Validating a newer structure for its conformability until management is ready to crossover from
the old to the new ,while still continuing with full functional and operational.
IT/244 Intro to IT Security Page 3
5. Disaster Recovery Plan
1.3.5. Full interruption
Enter your text here
IT/244 Intro to IT Security Page 4
6. Disaster Recovery Plan
2. References
Cite all your references by adding the pertinent information to this section by following this example.
American Psychological Association. (2001). Publication manual of the American
Psychological Association (5th ed.). Washington, DC: Author.
IT/244 Intro to IT Security Page 5