SlideShare une entreprise Scribd logo

Dr

W
wch992003

DR

1  sur  14
Télécharger pour lire hors ligne
Interested in learning more about security? SANS Institute InfoSec Reading Room This paper is from the SANS Institute Reading Room site. Reposting is not permitted without express written permission. Disaster Recovery Plan Strategies and Processes A Disaster Recovery Plan is designed to ensure the continuation of vital business processes in the event that a disaster occurs. This paper discusses the development, maintenance and testing of the Disaster Recovery Plan, as well as addressing employee education and management procedures to insure provable recovery capability. Copyright SANS Institute Author Retains Full Rights AD
Disaster Recovery Plan Strategies and Processes Written by: Bryan C. Martin February 2002 Version 1.3 Introduction This Disaster Recovery Plan is designed to ensure the continuation of vital business processes in the event that a disaster occurs. This plan will provide an effective solution that can be used to ts. recover all vital business processes within the required time frame using vital records that are igh stored off-site. This Plan is just one of several plans that will provide procedures to handle emergency situations. These plans can be utilized individually but are designed to support one ll r another. fingerprint = AF19 FA27 2F94 998D FDB5 DE3Dplan allows the ability to handle Key The first plan is the Crisis Management Plan. This F8B5 06E4 A169 4E46 high-level coordination activities surrounding any crisis situation. We will also discuss the fu development, maintenance and testing of the Disaster Recovery Plan. Lastly, we will discuss the ins culture and employee education on Disaster Recovery. The term “disaster” is relative because disasters can occur in varying degrees. So, this Plan has eta considered this issue and incorporates management procedures as well as technical procedures to insure provable recovery capability. rr The next key issue to be strongly considered within the strategy for disaster recovery is a ho recovery strategy for alternate processing (Hot-Site). This plan identifies discusses the Hot-Site ut and the alternatives if the primary location is not available to provide Disaster Recovery services ,A for the various system environments. The final issue to be addressed within the Disaster Recovery Strategy is to insure that every 02 reasonable measure has been taken to identify and mitigate potential risks that exist within the 20 processing environment. The most successful Disaster Recovery Strategy is one that will never be implemented; therefore, risk avoidance is a critical element in the disaster recovery te process. tu A Disaster Recovery Management System can be defined as the on-going process of planning, sti developing, testing and implementing Disaster Recovery management procedures and processes In to ensure the efficient and effective resumption of vital business functions in the event of an unscheduled interruption. With the growing dependence on I/S and the Business Process to NS support business growth and changes associated with their complexities, compounded with the complexities of changing technology, the following elements are key to implementing a SA comprehensive Disaster Recovery Program: © · Critical Application Assessment · Back-Up Procedures · Recovery Procedures · Implementation Procedures Key· fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46 Test Procedures · Plan Maintenance Page 1 © SANS Institute 2002, As part of the Information Security Reading Room. Author retains full rights.
Crisis Management Plan This Crisis Management Plan is designed to ensure the continuation of vital business processes in the event that an emergency or crisis situation should occur. However, Executives and Senior Management can use the procedures in this plan. Should an emergency situation occur at any of the business locations, the plan should provide an effective method that can be used by management personnel to control all activities associated with a crisis situation in a pro-active manner and to lessen the potential negative impact with the media, the public and with shareholders. This plan should be updated annually and should always be readily available to ts. authorized personnel. igh This plan is designed as a companion document to the Business Resumption Plan. The Business Resumption Plan consists of two major parts, each a recovery plan. The first are the Disaster ll r Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46 Recovery Plans for technology in the event that a disaster should strike data processing center(s). fu The second is the Business Recovery Plan that will address issues surrounding the business operation and business units should a disaster affect. ins Scope and Objectives of the Crisis Management Plan eta The plan should provide information for the pro-active handling of any crisis situation and rr should include detailed procedures for the following: • ho Executives • Legal ut • Investor Relations ,A • Corporate Communications • 02 Corporate Administration • Marketing and Sales 20 • Human Resources • te Technology management tu The plan should also document the responsibilities, procedures, and checklists that will be used sti to manage and control the situation following an emergency or crisis occurrence. In The Crisis Management Plan has been developed to accomplish the following objectives: NS • Prepare senior management personnel to respond effectively in a crisis situation; • Manage the crisis in an organized and effective manner; SA • Limit the magnitude or impact of any crisis situation to the various business units. © Crisis Management Plan activities are initiated by a situation or crisis alert procedure. After discovery of an incident, the Crisis Management Team will perform an assessment of the situation and determine if there is a need to declare an emergency or crisis and activate the Crisis Management Plan. When the plan is activated, assigned management personnel will be alerted and Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46 directed to activate their procedures. Page 2 © SANS Institute 2002, As part of the Information Security Reading Room. Author retains full rights.
Disaster Definition A “disaster” is any event that can cause a significant disruption in operational and/or computer processing capabilities for a period of time, which affects the operations of the business. The purpose of defining a crisis or a discontinuity is to establish a documented description of what constitutes a crisis or a discontinuity. The intent is to minimize the decision-making ts. process when an event occurs. igh An outage (crisis/discontinuity) may exist when: a. A service providing support to a critical business function fails. ll r Key fingerprint =It is determined the998D FDB5 DE3D F8B5 06E4 A169 point it becomes b. AF19 FA27 2F94 service cannot be restored before the 4E46 vital to the business. fu ins Disaster Recovery Scenario eta The disaster recovery scenario that will be specifically addressed, within the scope of this plan, is the loss of access to the computer center and the data processing capabilities of those systems rr and the network connectivity. Although loss of access to the facility may be more probable, this ho Disaster Recovery Plan will only address recovery of the critical systems and essential communications. ut This scenario also assumes that all equipment in the computer room is not salvageable and that ,A all critical telecommunications capability has been lost. 02 In the event of a declared Disaster, key personnel will take immediate action to alert the Disaster 20 Recovery Center. Restoration of the Critical Coverage will be provided after a Disaster is declared and after turnover of the disaster recovery backup site. It will include, without te limitation, the following: tu 1. Delivery of the Authorized User Data and Software archived in off-site storage to the sti Disaster Recovery Center In 2. Connecting Network lines to the Disaster Recovery Center 3. Operating the Critical Applications on the Configuration at the Disaster Recovery Center NS 4. Provide Critical Coverage at the Disaster Recovery Center 5. Provide workspace and required equipment. SA Recovery Strategy © The recovery strategy that will be discussed as part of this Disaster Recovery Plan will be to relocate critical Information Systems processing to an alternate computer-processing center. The processes will be recovered at the Disaster Recovery Services provider name and location of the Hot-Site. The Disaster Recovery Services provider name is F8B5 06E4 for ensuring that the Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D responsible A169 4E46 system configurations and the associated network requirements are accurate and technically feasible at all times. Therefore, yearly testing will be a part of the alternate processing strategy. Page 3 © SANS Institute 2002, As part of the Information Security Reading Room. Author retains full rights.
Also, the associated network connectivity will be recovered, within the disaster recovery scenario, using the alternate processing strategy. Recovery Phases Recovery activities will be conducted in a phased approach. The emphasis will be to recover the critical applications effectively and efficiently. Critical applications will be recovered over a period of time after data center activation. ts. Phase I igh Move operations to the Disaster Recovery Backup Site and the Emergency Operations Center. This activity will begin with activation of the Disaster Recovery Plan. There is a period of up to ll r 24 Key fingerprintforAF19 FA27 2F94 the turnover of the disaster06E4 A169 4E46 site. hours allowed = organization and 998D FDB5 DE3D F8B5 recovery backup fu Phase II ins To recover critical business functions, restoration of the critical applications and critical network connectivity. The goal here is to recover the systems and network so that our customers eta can continue business. rr Phase III ho Return data processing activities to the primary facilities or another computer facility. ut ,A The following conditions, if met, will constitute a successful recovery effort: 02 • Restore critical applications to the most current date available on backup tapes stored off-site. Updating the systems and databases will take place as the recovery effort progresses. 20 • It is understood that, due to the emergency or disaster, response times will probably be te slower than normal production situations. tu The Plan provides recovery procedures to be used at the present data center site after repairs have sti been made or at the Disaster Recovery Backup Site and the Emergency Operations Center. It In also provides recovery procedures for the restoration of critical applications using either data recovered from the damaged data center or from the backup data stored off-site. NS Scope and Objectives of the Plan SA The Disaster Recovery Plan provides a state of readiness allowing prompt personnel response © after a disaster has occurred. This, in turn, provides for a more effective and efficient recovery effort. The Disaster Recovery Plan should be developed to accomplish the following objectives: 1. Limit the magnitude of any loss by minimizing the duration of a critical application service interruption. 2. Assess damage, = AF19 FA27 2F94and activate the repaired computer center. Key fingerprint repair the damage, 998D FDB5 DE3D F8B5 06E4 A169 4E46 3. Recover data and information imperative to the operation of critical application’s. 4. Manage the recovery operation in an organized and effective manner. 5. Prepare technology personnel to respond effectively in disaster recovery situations. Page 4 © SANS Institute 2002, As part of the Information Security Reading Room. Author retains full rights.
Every business has the responsibility to respond to any short or long term disruption of services. By developing, documenting, implementing and testing this Disaster Recovery Plan, businesses will be able to restore the availability of critical applications in a timely and organized manner following a disaster occurrence. In order to accomplish these objectives, the technology area will depend on support from senior management, end users and staff departments. Disaster Recovery Plan activities are initiated by a situation or disaster alert procedure. After discovery of an incident, technology management will be informed of a potential disaster at the ts. computer center. The Recovery Management Team will perform an assessment of the situation igh and determine if there is a need to declare a disaster and activate the Disaster Recovery Plan. When the Plan is activated, assigned recovery personnel will be alerted and directed to activate ll r their recovery procedures. FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46 Key fingerprint = AF19 Recovery Objectives fu ins This section will define those applications and customers that are critical to the business and the Recovery Time Objective (RTO) and the Recovery Point Objective (RPO) for this Disaster eta Recovery Plan. The Recovery Time Objective is the length of time a business can be without data processing availability and the Recovery Point Objective (RPO) is how old the data will be rr once the systems are recovered. ho The following applications and customers have been defined as critical and require restoration ut within the Recovery Time Objective (RTO) following a disaster declaration in order to support the restoration of the vital business functions. These applications and the supporting systems ,A will be recovered within the Disaster Recovery Scenario using the alternate processing strategy. 02 The list of Critical Applications and Critical Customers and the Recovery Time and Point Objectives should be reviewed and updated by management on an annual basis. 20 Development of a Disaster Recovery Plan te A. Plan Scope and Objectives tu B. Business Recovery Organization (BRO) and Responsibilities (Recovery Team Concept) sti C. Major Plan Components - format and structure In D. Scenario to Execute Plan E. Escalation, Notification and Plan Activation NS F. Vital Records and Off-Site Storage Program G. Personnel Control Program SA H. Data Loss Limitations I. Plan Administration (general) © Maintenance of the Plan The purpose of this section is to define the activity necessary to maintain the Disaster Recovery (DR) Plan for the mainframe and mid-range environments. DR Plan maintenance is of utmost Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46 importance to ensure currency of what is to be recovered and procedures governing the recovery. This means keeping the test plan and implementation plan current and in sync with business changes. All changes to the business and in the mainframe and mid-range environments must be considered for inclusion in and for updating of the Disaster Recovery Plan. Page 5 © SANS Institute 2002, As part of the Information Security Reading Room. Author retains full rights.
The Disaster Recovery Plan may require updates if problems or changes include some or any of the following: - Mainframe and Mid-Range Disaster Recovery Test results - New critical applications or critical customers - Increased application complexity - New equipment acquisitions - Changes to: ts. - Hardware igh - Software - Network ll r Key- fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46 Applications - Data fu ins A formal review of a Disaster Recovery Plan should be conducted yearly, and a quarterly Disaster Recovery Readiness Assessment Audit should be conducted as well. The purpose of the eta reviews and the audits is to identify any changes to ensure that these and any other updates identified since the previous review have been captured. rr Items to be reviewed for Plan update should include: ho - Personnel changes ut - Mission changes ,A - Priority changes - New Business Organizations 02 - Mainframe and Mid-range Disaster Recovery Test procedures and results 20 - Backup procedures - Recovery procedures te - Relocation / Migration Plan tu - Software (operating system, utilities, application programs) - Hardware (mainframe, mid-range and peripherals) sti - Communications Network Facilities In Particular attention should be paid to the review of the recovery equipment configurations to NS ensure that the business has the required equipment to restore the business functionality as SA quickly and smoothly as possible. These reviews will require the time and attention of all Plan holders and team members, © especially those that have hardware and network responsibilities. The proper maintenance of the Plan will be the responsibility of ALL holders of the Plan. It will be their responsibility to incorporate all approved revisions into their assigned copy to ensure thatKey Plan manual is maintained 2F94viable and readied Action Plan. All removed pages are to the fingerprint = AF19 FA27 as a 998D FDB5 DE3D F8B5 06E4 A169 4E46 be properly disposed; they should be placed in the classified materials bins throughout the office or shredded. It is the responsibility of all Plan holders to protect Confidential material and dispose of it in a proper manner. Page 6 © SANS Institute 2002, As part of the Information Security Reading Room. Author retains full rights.
Disaster Recovery Testing Overview The purpose of this Test Plan Document is to specifically identify and document the task plan and procedures to be implemented in a testing environment. This Test Plan includes test parameters, objectives, measurement criteria, test methodology, task plan charts and time lines to validate the effectiveness of the current Disaster Recovery Plan. The Disaster Recovery Plan will be tested to ensure that the business has the ability to continue the critical business processes in the event of a disaster. It is very important that the Recovery procedures are executable and ts. accurate. Another benefit of testing the plan is to train the personnel who will be responsible for igh executing the Disaster Recovery Plan. The important issue is not that the test succeeded without problems, but, that the test results and problems encountered are reviewed and used to update or ll r revise the current Disaster Recovery Plan procedures. Testing can 06E4 A169 4E46by executing Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 be accomplished the disaster implementation plan or it may be desirable to execute a subset of the plan. When fu performing a Disaster Recovery Test, it is very important to use only that information which is ins recalled from the off-site storage facility. This is to ensure the following: eta 1. Simulate the conditions of an ACTUAL Disaster Recovery situation. 2. Completeness of the disaster recovery information stored at the Records Retention rr Site. 3. Ensure the ability to recover the intended functions. ho ut This test plan includes the following areas: ,A 1. Schedule 02 a. Planning Sessions 20 b. Pre-Test Technical Review c. Debriefing te 2. Introduction tu a. Preface b. Scope sti c. Recovery Site In d. Primary Test Objectives e. Secondary Test Objectives NS f. Exclusion (if applicable) SA g. Test Assumptions, Dependencies and Success Criteria 3. Test Teams a. ChoicePoint Participants © b. IBM Participants (as applicable) 4. Pre-Test Planning a. Activities b. Issues Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46 c. Concerns 5. Test Timeline a. Planned start and stop time of test and tasks. b. Actual start and stop time of test and tasks (to be completed during the test) Page 7 © SANS Institute 2002, As part of the Information Security Reading Room. Author retains full rights.
6. Critical Test Checkpoints a. Activity b. Recommendation c. Responsible party 7. Test Problem Log a. Document any problems encountered prior to the test. b. Record any deviations from Test Plan. Post Test Review ts. igh The purpose of this Post Test Review document is to identify any problem areas and any recommendations for improvement to the plan. The Post Test Review document includes the ll r following areas: = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46 Key fingerprint fu 1. Highlights ins a. Overall Test Results b. Test Dates eta c. Disaster Recovery Back-up Site d. Local Access Suite rr e. Test Participants 2. Test Objectives ho a. Primary Test Objectives ut b. Secondary Test Objectives ,A c. Exclusions (if applicable) 3. Timeline 02 a. Planned task, start and end times and duration 20 b. Actual task, start and end times 4. Problems Encountered During the Test te a. Problem Log tu 1. Actual Problem 2. Assigned to sti 3. Target Date for Resolution In 4. Status 5. Resolution NS 6. DR Process or Technical SA b. Problem Summary 5. Follow Up to Pre-Test Problems 6. Follow Up to Suggestions for Improvement/Recommendations from Last Year's © Test 7. Detailed Summary and Observations 8. Recommendations for Next Year's Test Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46 Establishing the Continuity Culture Page 8 © SANS Institute 2002, As part of the Information Security Reading Room. Author retains full rights.
Documenting the Disaster Recovery Plan is one element of developing a strategy. The plan’s success, however, depends upon: • Implementation of the recommendations made, across the entire business. • A program of training of those directly involved in the execution of the plan • An education and awareness program to ensure enterprise-wide understanding and adoption of the plan, covering internal and external ts. stakeholders, i.e. employees, customers, suppliers and shareholders igh It is essential to commit to implementing all recommendations and strategies identified in the ll r Disaster fingerprintPlan, otherwise2F94 998D FDB5in its preparation will be redundant. Key Recovery = AF19 FA27 investment made DE3D F8B5 06E4 A169 4E46 Similarly training and awareness must be embarked upon to ensure that the entire organization is fu confident and competent concerning the plan. All parties must appreciate the importance of ins Disaster Recovery Plan to the operation’s survival and their role in this process. eta This awareness should extend to those external stakeholders and third parties upon whom the organization depends/has influence in both normal and crisis operations. rr Implementation of the plan in this manner and all those associated with the organization can ho have confidence in its ability to manage in a crisis, and the continuity culture will have started. ut Actions: ,A • Select the Emergency Management/ BCM/ Crisis and Recovery 02 Teams. 20 • Implement relevant training programs for each team dependent upon task, including crisis communications/ media training as appropriate. te This process is ongoing, as team members will change. tu • Establish and equip emergency and crisis centers. sti • Establish internal and external contractual arrangements/ service level agreements. In • Implement back-up and off-site storage arrangements. NS • Distribute plan documentation as appropriate. • Conduct internal and external awareness programs. These programs SA can be built into employee and supplier induction processes and customer marketing programs. © Disaster Recovery Education for Employees: Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46 Prepare Your Employees for Data Backup: You'll need to educate your employees about where to store their files (in a specific directory on their PC that is backed up or on the central server) so that all files are included in the backup. Page 9 © SANS Institute 2002, As part of the Information Security Reading Room. Author retains full rights.
You'll also want to avoid data loss and downtime by installing anti-virus software and teaching your employees how viruses are spread and Prepare your Employees for Disaster Recovery: Involving employees in the disaster recovery effort will also help ensure that recovery procedures are well planned and executed based on your business' need to provide as seamless a recovery as possible. Find out typical processes and turnaround times that your customers have come to expect and plan how you will prioritize recovery efforts. Make sure all employees know whom to contact in an emergency, and outline what they can do to remain productive ts. during the recovery period. If you're using a service, identify who in the company will contact igh the service to initiate recovery efforts. Make sure you have the contact information off-site in case of a fire, flood, or other act of nature. ll r Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46 Disaster Recovery Statistics: fu • ins Only 15% of midrange data centers would be able to recover more than 30% of their applications in any time frame. eta • Just 3.8% could recover their applications within the same day. • Only 2.5% could recover within four hours. rr ho The eight R’s of a successful recovery plan ut • Reason for planning ,A • Recognition • Reaction 02 • Recovery 20 • Restoration • Return To Normal te • Rest and Relax tu • Re-evaluate and Re-document sti In Conclusion Every day, businesses are confronted with disasters of varying degrees. Those that have NS adequately developed, maintained, and exercised their contingency plans will survive. Yet many corporate executives continue to take the uninhibited operations of their companies for granted. SA They remain complacent, assuming that the power will always be available, the telephone system will not fail, there will be no fire or earthquake--everything will always be normal. Very few © executives plan for their own, much less their organization’s mortality; however, if a business is to survive, organizational “strategic” and “tactical” battle planning is essential. The final corporate contingency plan is the lifeblood of corporate survival. However, it is only as good as the foundation upon which it was built. The foundation is, of course, the concept. This document is the means by which a particular mission, program, or policy directive is translated into a Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46 fundamental organizational and operational methodology. Once the concept is developed through a logical building block approach, and is sanctioned by both management and the operating elements, construction of the contingency plan may commence. A fundamental premise of successful contingency planning is that plans are developed by those who must Page 10 © SANS Institute 2002, As part of the Information Security Reading Room. Author retains full rights.
actually carry them out in the event of an actual disaster. The role of the Corporate Contingency Planner is to strategically, and relentlessly, manage the process. And, in doing so, he or she must rely on both internal and external assistance. In addition to in-house assistance, there are a multitude of disaster assistance organizations and services available to assist the contingency planner. Preparing a corporate contingency plan is a non-trivial undertaking. However, corporate leaders must recognize the vulnerabilities they invite by not adequately planning for survival. Disaster planning is truly a vital part of the overall business plan. ts. References: igh 1. Wold, Geoffrey H. “Disaster Recovery Planning Process” ll r http://www.drj.com/new2dr/w2_004.htm FDB5 DE3D F8B5 06E4 A169 4E46 Key fingerprint = AF19 FA27 2F94 998D fu 2. The Business Continuity Institute ins http://www.thebci.org/frametrial.html eta 3. Boroski, Doran. “Protect processes as well as investments in disaster recovery plans” http://www.computerworld.com/storyba/0,4125,NAV47_STO68345,00.html rr 4. DRI International ”Business Continuity Management Survey Examines How The Events of ho 9/11 Shape the Business Continuity Industry” ut http://www.dr.org/fallnews.pdf ,A 5. Wrobel, Len “Components of a Successful LAN Disaster Recovery Plan” 02 http://www.disaster-resource.com/content_page/nuggets.shtml 20 6. Radeke, Michelle “Prepare for Effective Data Backup and Recovery” te http://www.workz.com/content/543.asp tu 7. Hussong, Jr. William A. “So You’re The Company’s New Contingency Planner” sti http://www.drj.com/new2dr/w3_001.htm In 8. Disaster Recovery Planning: Strategies for Protecting Critical Information Assets NS By: Jon William Toigo SA © Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46 Page 11 © SANS Institute 2002, As part of the Information Security Reading Room. Author retains full rights.
ts. igh ll r Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46 fu ins eta rr ho ut ,A 02 20 te tu sti In NS SA © Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46 Page 12 © SANS Institute 2002, As part of the Information Security Reading Room. Author retains full rights.
Last Updated: August 26th, 2012 Upcoming SANS Training Click Here for a full list of all Upcoming SANS Events by Location SANS Melbourne 2012 Melbourne, Australia Sep 03, 2012 - Sep 08, 2012 Live Event Capital Region Fall 2012 Arlington - Baltimore, Sep 05, 2012 - Sep 20, 2012 Live Event SANS Crystal City 2012 Arlington, VA Sep 06, 2012 - Sep 11, 2012 Live Event SANS Network Security 2012 Las Vegas, NV Sep 16, 2012 - Sep 24, 2012 Live Event SANS Forensics Prague 2012 Prague, Czech Republic Oct 07, 2012 - Oct 13, 2012 Live Event SOS: SANS October Singapore 2012 Singapore, Singapore Oct 08, 2012 - Oct 20, 2012 Live Event SANS CyberCon 2012 Online, VA Oct 08, 2012 - Oct 13, 2012 Live Event SEC 579: Virtualization and Private Cloud Security @ Bangalore, India Oct 08, 2012 - Oct 13, 2012 Live Event Bangalore SANS Gulf Region 2012 Dubai, United Arab Oct 13, 2012 - Oct 25, 2012 Live Event Emirates SANS Seattle 2012 Seattle, WA Oct 14, 2012 - Oct 19, 2012 Live Event SANS Baltimore 2012 Baltimore, MD Oct 15, 2012 - Oct 20, 2012 Live Event SANS South Africa 2012 - Cape Town Cape Town, South Oct 26, 2012 - Oct 27, 2012 Live Event Africa SANS Chicago 2012 Chicago, IL Oct 27, 2012 - Nov 05, 2012 Live Event SANS Bangalore 2012 Bangalore, India Oct 29, 2012 - Nov 03, 2012 Live Event SANS South Africa 2012 Johannesburg, South Oct 29, 2012 - Nov 03, 2012 Live Event Africa SANS Korea 2012 Seoul, Korea, Republic Nov 05, 2012 - Nov 13, 2012 Live Event Of SANS Tokyo Autumn 2012 Tokyo, Japan Nov 05, 2012 - Nov 10, 2012 Live Event SANS San Diego 2012 San Diego, CA Nov 12, 2012 - Nov 17, 2012 Live Event SANS Sydney 2012 Sydney, Australia Nov 12, 2012 - Nov 20, 2012 Live Event BETA FOR526 Windows Memory Forensics In-Depth OnlineDC Aug 27, 2012 - Aug 31, 2012 Live Event SANS OnDemand Books & MP3s Only Anytime Self Paced

Recommandé

Impact of Any Emergency in the Critical Infrastructure
Impact of Any Emergency in the Critical InfrastructureImpact of Any Emergency in the Critical Infrastructure
Impact of Any Emergency in the Critical InfrastructureIPPAI
 
Assess Your Business Continuity Management Process
Assess Your Business Continuity Management ProcessAssess Your Business Continuity Management Process
Assess Your Business Continuity Management ProcessAnand Subramaniam
 
Chap5
Chap5Chap5
Chap5jitu897
 
Srm
SrmSrm
SrmTim Smith
 
Informing Program Performance with Programmatic and Technical Risk
Informing Program Performance with Programmatic and Technical RiskInforming Program Performance with Programmatic and Technical Risk
Informing Program Performance with Programmatic and Technical RiskGlen Alleman
 
Why Traditional Risk Management fails in the Oil+Gas Sector
Why Traditional Risk Management fails in the Oil+Gas SectorWhy Traditional Risk Management fails in the Oil+Gas Sector
Why Traditional Risk Management fails in the Oil+Gas Sectorjanknopfler
 
Solvency II IT Impacts
Solvency II IT ImpactsSolvency II IT Impacts
Solvency II IT ImpactsAli BELCAID
 
Risk management
Risk managementRisk management
Risk managementAllanMJerusha
 

Recommandé

Impact of Any Emergency in the Critical Infrastructure
Impact of Any Emergency in the Critical InfrastructureImpact of Any Emergency in the Critical Infrastructure
Impact of Any Emergency in the Critical InfrastructureIPPAI
 
Assess Your Business Continuity Management Process
Assess Your Business Continuity Management ProcessAssess Your Business Continuity Management Process
Assess Your Business Continuity Management ProcessAnand Subramaniam
 
Chap5
Chap5Chap5
Chap5jitu897
 
Srm
SrmSrm
SrmTim Smith
 
Informing Program Performance with Programmatic and Technical Risk
Informing Program Performance with Programmatic and Technical RiskInforming Program Performance with Programmatic and Technical Risk
Informing Program Performance with Programmatic and Technical RiskGlen Alleman
 
Why Traditional Risk Management fails in the Oil+Gas Sector
Why Traditional Risk Management fails in the Oil+Gas SectorWhy Traditional Risk Management fails in the Oil+Gas Sector
Why Traditional Risk Management fails in the Oil+Gas Sectorjanknopfler
 
Solvency II IT Impacts
Solvency II IT ImpactsSolvency II IT Impacts
Solvency II IT ImpactsAli BELCAID
 
Risk management
Risk managementRisk management
Risk managementAllanMJerusha
 
Revista semanal del 20 al 25 de agosto
Revista semanal del 20 al 25 de agosto Revista semanal del 20 al 25 de agosto
Revista semanal del 20 al 25 de agosto elbeatricino
 
Historia de la fotografia melanny lasso 1002
Historia de la fotografia melanny lasso 1002Historia de la fotografia melanny lasso 1002
Historia de la fotografia melanny lasso 1002Melannylasso
 
Brasil acessivelcaderno05 cópia
Brasil acessivelcaderno05 cópiaBrasil acessivelcaderno05 cópia
Brasil acessivelcaderno05 cópiaandresa26
 
Tutorial bàsic Dropbox nov2013
Tutorial bàsic Dropbox nov2013Tutorial bàsic Dropbox nov2013
Tutorial bàsic Dropbox nov2013Sergi Godia Lopez
 
Los desafíos de trabajo docente, la investigación y el desarrollo sostenible
Los desafíos de trabajo docente, la investigación y el desarrollo sostenible Los desafíos de trabajo docente, la investigación y el desarrollo sostenible
Los desafíos de trabajo docente, la investigación y el desarrollo sostenible redesformaciondocente
 
Hipoglucemia curso enarm siglo xxi 36246001
Hipoglucemia curso enarm siglo xxi 36246001Hipoglucemia curso enarm siglo xxi 36246001
Hipoglucemia curso enarm siglo xxi 36246001emilio2005angel1973
 
The Digital Marketing Down Under - Australia
The Digital Marketing Down Under - AustraliaThe Digital Marketing Down Under - Australia
The Digital Marketing Down Under - AustraliaRyan Bonnici
 
Trastornos específicos del lenguaje
Trastornos específicos del lenguajeTrastornos específicos del lenguaje
Trastornos específicos del lenguajeTami.Marimar
 
Intro
IntroIntro
IntroHeatherHamline
 
Publicidad
PublicidadPublicidad
Publicidad1010198
 
Parque Nacional San Esteban (2004)
Parque Nacional San Esteban (2004)Parque Nacional San Esteban (2004)
Parque Nacional San Esteban (2004)BioParques
 
Social Business Planning for Enterprise
Social Business Planning for EnterpriseSocial Business Planning for Enterprise
Social Business Planning for EnterpriseLeader Networks
 
Купи успешный бизнес
Купи успешный бизнесКупи успешный бизнес
Купи успешный бизнесAndrey Kryvonos
 
Reconocimeinto general y de actores
Reconocimeinto general y de actoresReconocimeinto general y de actores
Reconocimeinto general y de actoressanbenitomayorga
 
GLOSSARY OF PRINT TERMS IN ENGLISH
GLOSSARY OF PRINT TERMS IN ENGLISHGLOSSARY OF PRINT TERMS IN ENGLISH
GLOSSARY OF PRINT TERMS IN ENGLISHChristophe Roucher
 
Contabilidad (contabilidad)
Contabilidad (contabilidad)Contabilidad (contabilidad)
Contabilidad (contabilidad)Geovanny Jiménez
 
Accessing r from python using r py2
Accessing r from python using r py2Accessing r from python using r py2
Accessing r from python using r py2Wisdio
 
Project Management1
Project Management1Project Management1
Project Management1ibsslideshow
 
Joe Colyn
Joe ColynJoe Colyn
Joe Colynthelenju
 
Frutiger talk
Frutiger talkFrutiger talk
Frutiger talkCigdem Patlak
 
contingency planning in health care delivery
contingency planning in health care deliverycontingency planning in health care delivery
contingency planning in health care deliveryRuby Med Plus
 
Virtualisation:- Business Continuity Solution or Enabler
Virtualisation:- Business Continuity Solution or EnablerVirtualisation:- Business Continuity Solution or Enabler
Virtualisation:- Business Continuity Solution or Enablersubtitle
 

Contenu connexe

En vedette

Revista semanal del 20 al 25 de agosto
Revista semanal del 20 al 25 de agosto Revista semanal del 20 al 25 de agosto
Revista semanal del 20 al 25 de agosto elbeatricino
 
Historia de la fotografia melanny lasso 1002
Historia de la fotografia melanny lasso 1002Historia de la fotografia melanny lasso 1002
Historia de la fotografia melanny lasso 1002Melannylasso
 
Brasil acessivelcaderno05 cópia
Brasil acessivelcaderno05 cópiaBrasil acessivelcaderno05 cópia
Brasil acessivelcaderno05 cópiaandresa26
 
Tutorial bàsic Dropbox nov2013
Tutorial bàsic Dropbox nov2013Tutorial bàsic Dropbox nov2013
Tutorial bàsic Dropbox nov2013Sergi Godia Lopez
 
Los desafíos de trabajo docente, la investigación y el desarrollo sostenible
Los desafíos de trabajo docente, la investigación y el desarrollo sostenible Los desafíos de trabajo docente, la investigación y el desarrollo sostenible
Los desafíos de trabajo docente, la investigación y el desarrollo sostenible redesformaciondocente
 
Hipoglucemia curso enarm siglo xxi 36246001
Hipoglucemia curso enarm siglo xxi 36246001Hipoglucemia curso enarm siglo xxi 36246001
Hipoglucemia curso enarm siglo xxi 36246001emilio2005angel1973
 
The Digital Marketing Down Under - Australia
The Digital Marketing Down Under - AustraliaThe Digital Marketing Down Under - Australia
The Digital Marketing Down Under - AustraliaRyan Bonnici
 
Trastornos específicos del lenguaje
Trastornos específicos del lenguajeTrastornos específicos del lenguaje
Trastornos específicos del lenguajeTami.Marimar
 
Publicidad
PublicidadPublicidad
Publicidad1010198
 
Parque Nacional San Esteban (2004)
Parque Nacional San Esteban (2004)Parque Nacional San Esteban (2004)
Parque Nacional San Esteban (2004)BioParques
 
Social Business Planning for Enterprise
Social Business Planning for EnterpriseSocial Business Planning for Enterprise
Social Business Planning for EnterpriseLeader Networks
 
Купи успешный бизнес
Купи успешный бизнесКупи успешный бизнес
Купи успешный бизнесAndrey Kryvonos
 
Reconocimeinto general y de actores
Reconocimeinto general y de actoresReconocimeinto general y de actores
Reconocimeinto general y de actoressanbenitomayorga
 
GLOSSARY OF PRINT TERMS IN ENGLISH
GLOSSARY OF PRINT TERMS IN ENGLISHGLOSSARY OF PRINT TERMS IN ENGLISH
GLOSSARY OF PRINT TERMS IN ENGLISHChristophe Roucher
 
Accessing r from python using r py2
Accessing r from python using r py2Accessing r from python using r py2
Accessing r from python using r py2Wisdio
 
Project Management1
Project Management1Project Management1
Project Management1ibsslideshow
 

En vedette (20)

Revista semanal del 20 al 25 de agosto
Revista semanal del 20 al 25 de agosto Revista semanal del 20 al 25 de agosto
Revista semanal del 20 al 25 de agosto
 
Historia de la fotografia melanny lasso 1002
Historia de la fotografia melanny lasso 1002Historia de la fotografia melanny lasso 1002
Historia de la fotografia melanny lasso 1002
 
Brasil acessivelcaderno05 cópia
Brasil acessivelcaderno05 cópiaBrasil acessivelcaderno05 cópia
Brasil acessivelcaderno05 cópia
 
Tutorial bàsic Dropbox nov2013
Tutorial bàsic Dropbox nov2013Tutorial bàsic Dropbox nov2013
Tutorial bàsic Dropbox nov2013
 
Los desafíos de trabajo docente, la investigación y el desarrollo sostenible
Los desafíos de trabajo docente, la investigación y el desarrollo sostenible Los desafíos de trabajo docente, la investigación y el desarrollo sostenible
Los desafíos de trabajo docente, la investigación y el desarrollo sostenible
 
Hipoglucemia curso enarm siglo xxi 36246001
Hipoglucemia curso enarm siglo xxi 36246001Hipoglucemia curso enarm siglo xxi 36246001
Hipoglucemia curso enarm siglo xxi 36246001
 
The Digital Marketing Down Under - Australia
The Digital Marketing Down Under - AustraliaThe Digital Marketing Down Under - Australia
The Digital Marketing Down Under - Australia
 
Trastornos específicos del lenguaje
Trastornos específicos del lenguajeTrastornos específicos del lenguaje
Trastornos específicos del lenguaje
 
Intro
IntroIntro
Intro
 
Publicidad
PublicidadPublicidad
Publicidad
 
Parque Nacional San Esteban (2004)
Parque Nacional San Esteban (2004)Parque Nacional San Esteban (2004)
Parque Nacional San Esteban (2004)
 
Social Business Planning for Enterprise
Social Business Planning for EnterpriseSocial Business Planning for Enterprise
Social Business Planning for Enterprise
 
Купи успешный бизнес
Купи успешный бизнесКупи успешный бизнес
Купи успешный бизнес
 
Reconocimeinto general y de actores
Reconocimeinto general y de actoresReconocimeinto general y de actores
Reconocimeinto general y de actores
 
GLOSSARY OF PRINT TERMS IN ENGLISH
GLOSSARY OF PRINT TERMS IN ENGLISHGLOSSARY OF PRINT TERMS IN ENGLISH
GLOSSARY OF PRINT TERMS IN ENGLISH
 
Contabilidad (contabilidad)
Contabilidad (contabilidad)Contabilidad (contabilidad)
Contabilidad (contabilidad)
 
Accessing r from python using r py2
Accessing r from python using r py2Accessing r from python using r py2
Accessing r from python using r py2
 
Project Management1
Project Management1Project Management1
Project Management1
 
Joe Colyn
Joe ColynJoe Colyn
Joe Colyn
 
Frutiger talk
Frutiger talkFrutiger talk
Frutiger talk
 

Similaire à Dr

contingency planning in health care delivery
contingency planning in health care deliverycontingency planning in health care delivery
contingency planning in health care deliveryRuby Med Plus
 
Virtualisation:- Business Continuity Solution or Enabler
Virtualisation:- Business Continuity Solution or EnablerVirtualisation:- Business Continuity Solution or Enabler
Virtualisation:- Business Continuity Solution or Enablersubtitle
 
Business continuity & Disaster recovery planing
Business continuity & Disaster recovery planingBusiness continuity & Disaster recovery planing
Business continuity & Disaster recovery planingHanaysha
 
Buisness contingency plan
Buisness contingency planBuisness contingency plan
Buisness contingency planRMC
 
Key Features of Effective Business Continuity Plan
Key Features of Effective Business Continuity PlanKey Features of Effective Business Continuity Plan
Key Features of Effective Business Continuity PlanContinuSys
 
Running head DISASTER RECOVERY PLAN FOR HUAWEIDISASTER RECO.docx
Running head DISASTER RECOVERY PLAN FOR HUAWEIDISASTER RECO.docxRunning head DISASTER RECOVERY PLAN FOR HUAWEIDISASTER RECO.docx
Running head DISASTER RECOVERY PLAN FOR HUAWEIDISASTER RECO.docxtodd271
 
Bussiness continuity
Bussiness continuityBussiness continuity
Bussiness continuityatharabbas
 
A Proactive Approach to Business Continuity
A Proactive Approach to Business ContinuityA Proactive Approach to Business Continuity
A Proactive Approach to Business ContinuityDiana DePaola
 
Incident managment plan
Incident managment planIncident managment plan
Incident managment planSafwan Hashmi
 
Improve your it disaster recovery plan, and your ability to recover from dis...
Improve your it disaster recovery plan, and your ability to recover from dis... Improve your it disaster recovery plan, and your ability to recover from dis...
Improve your it disaster recovery plan, and your ability to recover from dis...geekmodeboy
 
Forkomil 2009 Soetam
Forkomil 2009 SoetamForkomil 2009 Soetam
Forkomil 2009 SoetamSoetam Rizky
 
Business continuity planning and disaster recovery
Business continuity planning and disaster recoveryBusiness continuity planning and disaster recovery
Business continuity planning and disaster recoveryKrutiShah114
 
Business continuity plan
Business continuity planBusiness continuity plan
Business continuity planSafwan Hashmi
 
Crisis Management
Crisis ManagementCrisis Management
Crisis Managementeuwebtc01
 
Crisis Management
Crisis ManagementCrisis Management
Crisis Managementeuweben01
 
Crisis Management
Crisis ManagementCrisis Management
Crisis Managementeuwebsc01
 
Chapter 32Disaster Recovery, Business Continuity, Backups, a
Chapter 32Disaster Recovery, Business Continuity, Backups, aChapter 32Disaster Recovery, Business Continuity, Backups, a
Chapter 32Disaster Recovery, Business Continuity, Backups, aEstelaJeffery653
 
A Proposed Model for IT Disaster Recovery Plan
A Proposed Model for IT Disaster Recovery PlanA Proposed Model for IT Disaster Recovery Plan
A Proposed Model for IT Disaster Recovery PlanHossam Al-Ansary
 
A Proposed Model For IT Disaster Recovery Plan
A Proposed Model For IT Disaster Recovery PlanA Proposed Model For IT Disaster Recovery Plan
A Proposed Model For IT Disaster Recovery PlanHeather Strinden
 

Similaire à Dr (20)

contingency planning in health care delivery
contingency planning in health care deliverycontingency planning in health care delivery
contingency planning in health care delivery
 
Virtualisation:- Business Continuity Solution or Enabler
Virtualisation:- Business Continuity Solution or EnablerVirtualisation:- Business Continuity Solution or Enabler
Virtualisation:- Business Continuity Solution or Enabler
 
Business continuity & Disaster recovery planing
Business continuity & Disaster recovery planingBusiness continuity & Disaster recovery planing
Business continuity & Disaster recovery planing
 
Buisness contingency plan
Buisness contingency planBuisness contingency plan
Buisness contingency plan
 
Key Features of Effective Business Continuity Plan
Key Features of Effective Business Continuity PlanKey Features of Effective Business Continuity Plan
Key Features of Effective Business Continuity Plan
 
Running head DISASTER RECOVERY PLAN FOR HUAWEIDISASTER RECO.docx
Running head DISASTER RECOVERY PLAN FOR HUAWEIDISASTER RECO.docxRunning head DISASTER RECOVERY PLAN FOR HUAWEIDISASTER RECO.docx
Running head DISASTER RECOVERY PLAN FOR HUAWEIDISASTER RECO.docx
 
Bussiness continuity
Bussiness continuityBussiness continuity
Bussiness continuity
 
Risk Intelligence
Risk IntelligenceRisk Intelligence
Risk Intelligence
 
A Proactive Approach to Business Continuity
A Proactive Approach to Business ContinuityA Proactive Approach to Business Continuity
A Proactive Approach to Business Continuity
 
Incident managment plan
Incident managment planIncident managment plan
Incident managment plan
 
Improve your it disaster recovery plan, and your ability to recover from dis...
Improve your it disaster recovery plan, and your ability to recover from dis... Improve your it disaster recovery plan, and your ability to recover from dis...
Improve your it disaster recovery plan, and your ability to recover from dis...
 
Forkomil 2009 Soetam
Forkomil 2009 SoetamForkomil 2009 Soetam
Forkomil 2009 Soetam
 
Business continuity planning and disaster recovery
Business continuity planning and disaster recoveryBusiness continuity planning and disaster recovery
Business continuity planning and disaster recovery
 
Business continuity plan
Business continuity planBusiness continuity plan
Business continuity plan
 
Crisis Management
Crisis ManagementCrisis Management
Crisis Management
 
Crisis Management
Crisis ManagementCrisis Management
Crisis Management
 
Crisis Management
Crisis ManagementCrisis Management
Crisis Management
 
Chapter 32Disaster Recovery, Business Continuity, Backups, a
Chapter 32Disaster Recovery, Business Continuity, Backups, aChapter 32Disaster Recovery, Business Continuity, Backups, a
Chapter 32Disaster Recovery, Business Continuity, Backups, a
 
A Proposed Model for IT Disaster Recovery Plan
A Proposed Model for IT Disaster Recovery PlanA Proposed Model for IT Disaster Recovery Plan
A Proposed Model for IT Disaster Recovery Plan
 
A Proposed Model For IT Disaster Recovery Plan
A Proposed Model For IT Disaster Recovery PlanA Proposed Model For IT Disaster Recovery Plan
A Proposed Model For IT Disaster Recovery Plan
 

Dr

  • 1. Interested in learning more about security? SANS Institute InfoSec Reading Room This paper is from the SANS Institute Reading Room site. Reposting is not permitted without express written permission. Disaster Recovery Plan Strategies and Processes A Disaster Recovery Plan is designed to ensure the continuation of vital business processes in the event that a disaster occurs. This paper discusses the development, maintenance and testing of the Disaster Recovery Plan, as well as addressing employee education and management procedures to insure provable recovery capability. Copyright SANS Institute Author Retains Full Rights AD
  • 2. Disaster Recovery Plan Strategies and Processes Written by: Bryan C. Martin February 2002 Version 1.3 Introduction This Disaster Recovery Plan is designed to ensure the continuation of vital business processes in the event that a disaster occurs. This plan will provide an effective solution that can be used to ts. recover all vital business processes within the required time frame using vital records that are igh stored off-site. This Plan is just one of several plans that will provide procedures to handle emergency situations. These plans can be utilized individually but are designed to support one ll r another. fingerprint = AF19 FA27 2F94 998D FDB5 DE3Dplan allows the ability to handle Key The first plan is the Crisis Management Plan. This F8B5 06E4 A169 4E46 high-level coordination activities surrounding any crisis situation. We will also discuss the fu development, maintenance and testing of the Disaster Recovery Plan. Lastly, we will discuss the ins culture and employee education on Disaster Recovery. The term “disaster” is relative because disasters can occur in varying degrees. So, this Plan has eta considered this issue and incorporates management procedures as well as technical procedures to insure provable recovery capability. rr The next key issue to be strongly considered within the strategy for disaster recovery is a ho recovery strategy for alternate processing (Hot-Site). This plan identifies discusses the Hot-Site ut and the alternatives if the primary location is not available to provide Disaster Recovery services ,A for the various system environments. The final issue to be addressed within the Disaster Recovery Strategy is to insure that every 02 reasonable measure has been taken to identify and mitigate potential risks that exist within the 20 processing environment. The most successful Disaster Recovery Strategy is one that will never be implemented; therefore, risk avoidance is a critical element in the disaster recovery te process. tu A Disaster Recovery Management System can be defined as the on-going process of planning, sti developing, testing and implementing Disaster Recovery management procedures and processes In to ensure the efficient and effective resumption of vital business functions in the event of an unscheduled interruption. With the growing dependence on I/S and the Business Process to NS support business growth and changes associated with their complexities, compounded with the complexities of changing technology, the following elements are key to implementing a SA comprehensive Disaster Recovery Program: © · Critical Application Assessment · Back-Up Procedures · Recovery Procedures · Implementation Procedures Key· fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46 Test Procedures · Plan Maintenance Page 1 © SANS Institute 2002, As part of the Information Security Reading Room. Author retains full rights.
  • 3. Crisis Management Plan This Crisis Management Plan is designed to ensure the continuation of vital business processes in the event that an emergency or crisis situation should occur. However, Executives and Senior Management can use the procedures in this plan. Should an emergency situation occur at any of the business locations, the plan should provide an effective method that can be used by management personnel to control all activities associated with a crisis situation in a pro-active manner and to lessen the potential negative impact with the media, the public and with shareholders. This plan should be updated annually and should always be readily available to ts. authorized personnel. igh This plan is designed as a companion document to the Business Resumption Plan. The Business Resumption Plan consists of two major parts, each a recovery plan. The first are the Disaster ll r Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46 Recovery Plans for technology in the event that a disaster should strike data processing center(s). fu The second is the Business Recovery Plan that will address issues surrounding the business operation and business units should a disaster affect. ins Scope and Objectives of the Crisis Management Plan eta The plan should provide information for the pro-active handling of any crisis situation and rr should include detailed procedures for the following: • ho Executives • Legal ut • Investor Relations ,A • Corporate Communications • 02 Corporate Administration • Marketing and Sales 20 • Human Resources • te Technology management tu The plan should also document the responsibilities, procedures, and checklists that will be used sti to manage and control the situation following an emergency or crisis occurrence. In The Crisis Management Plan has been developed to accomplish the following objectives: NS • Prepare senior management personnel to respond effectively in a crisis situation; • Manage the crisis in an organized and effective manner; SA • Limit the magnitude or impact of any crisis situation to the various business units. © Crisis Management Plan activities are initiated by a situation or crisis alert procedure. After discovery of an incident, the Crisis Management Team will perform an assessment of the situation and determine if there is a need to declare an emergency or crisis and activate the Crisis Management Plan. When the plan is activated, assigned management personnel will be alerted and Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46 directed to activate their procedures. Page 2 © SANS Institute 2002, As part of the Information Security Reading Room. Author retains full rights.
  • 4. Disaster Definition A “disaster” is any event that can cause a significant disruption in operational and/or computer processing capabilities for a period of time, which affects the operations of the business. The purpose of defining a crisis or a discontinuity is to establish a documented description of what constitutes a crisis or a discontinuity. The intent is to minimize the decision-making ts. process when an event occurs. igh An outage (crisis/discontinuity) may exist when: a. A service providing support to a critical business function fails. ll r Key fingerprint =It is determined the998D FDB5 DE3D F8B5 06E4 A169 point it becomes b. AF19 FA27 2F94 service cannot be restored before the 4E46 vital to the business. fu ins Disaster Recovery Scenario eta The disaster recovery scenario that will be specifically addressed, within the scope of this plan, is the loss of access to the computer center and the data processing capabilities of those systems rr and the network connectivity. Although loss of access to the facility may be more probable, this ho Disaster Recovery Plan will only address recovery of the critical systems and essential communications. ut This scenario also assumes that all equipment in the computer room is not salvageable and that ,A all critical telecommunications capability has been lost. 02 In the event of a declared Disaster, key personnel will take immediate action to alert the Disaster 20 Recovery Center. Restoration of the Critical Coverage will be provided after a Disaster is declared and after turnover of the disaster recovery backup site. It will include, without te limitation, the following: tu 1. Delivery of the Authorized User Data and Software archived in off-site storage to the sti Disaster Recovery Center In 2. Connecting Network lines to the Disaster Recovery Center 3. Operating the Critical Applications on the Configuration at the Disaster Recovery Center NS 4. Provide Critical Coverage at the Disaster Recovery Center 5. Provide workspace and required equipment. SA Recovery Strategy © The recovery strategy that will be discussed as part of this Disaster Recovery Plan will be to relocate critical Information Systems processing to an alternate computer-processing center. The processes will be recovered at the Disaster Recovery Services provider name and location of the Hot-Site. The Disaster Recovery Services provider name is F8B5 06E4 for ensuring that the Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D responsible A169 4E46 system configurations and the associated network requirements are accurate and technically feasible at all times. Therefore, yearly testing will be a part of the alternate processing strategy. Page 3 © SANS Institute 2002, As part of the Information Security Reading Room. Author retains full rights.
  • 5. Also, the associated network connectivity will be recovered, within the disaster recovery scenario, using the alternate processing strategy. Recovery Phases Recovery activities will be conducted in a phased approach. The emphasis will be to recover the critical applications effectively and efficiently. Critical applications will be recovered over a period of time after data center activation. ts. Phase I igh Move operations to the Disaster Recovery Backup Site and the Emergency Operations Center. This activity will begin with activation of the Disaster Recovery Plan. There is a period of up to ll r 24 Key fingerprintforAF19 FA27 2F94 the turnover of the disaster06E4 A169 4E46 site. hours allowed = organization and 998D FDB5 DE3D F8B5 recovery backup fu Phase II ins To recover critical business functions, restoration of the critical applications and critical network connectivity. The goal here is to recover the systems and network so that our customers eta can continue business. rr Phase III ho Return data processing activities to the primary facilities or another computer facility. ut ,A The following conditions, if met, will constitute a successful recovery effort: 02 • Restore critical applications to the most current date available on backup tapes stored off-site. Updating the systems and databases will take place as the recovery effort progresses. 20 • It is understood that, due to the emergency or disaster, response times will probably be te slower than normal production situations. tu The Plan provides recovery procedures to be used at the present data center site after repairs have sti been made or at the Disaster Recovery Backup Site and the Emergency Operations Center. It In also provides recovery procedures for the restoration of critical applications using either data recovered from the damaged data center or from the backup data stored off-site. NS Scope and Objectives of the Plan SA The Disaster Recovery Plan provides a state of readiness allowing prompt personnel response © after a disaster has occurred. This, in turn, provides for a more effective and efficient recovery effort. The Disaster Recovery Plan should be developed to accomplish the following objectives: 1. Limit the magnitude of any loss by minimizing the duration of a critical application service interruption. 2. Assess damage, = AF19 FA27 2F94and activate the repaired computer center. Key fingerprint repair the damage, 998D FDB5 DE3D F8B5 06E4 A169 4E46 3. Recover data and information imperative to the operation of critical application’s. 4. Manage the recovery operation in an organized and effective manner. 5. Prepare technology personnel to respond effectively in disaster recovery situations. Page 4 © SANS Institute 2002, As part of the Information Security Reading Room. Author retains full rights.
  • 6. Every business has the responsibility to respond to any short or long term disruption of services. By developing, documenting, implementing and testing this Disaster Recovery Plan, businesses will be able to restore the availability of critical applications in a timely and organized manner following a disaster occurrence. In order to accomplish these objectives, the technology area will depend on support from senior management, end users and staff departments. Disaster Recovery Plan activities are initiated by a situation or disaster alert procedure. After discovery of an incident, technology management will be informed of a potential disaster at the ts. computer center. The Recovery Management Team will perform an assessment of the situation igh and determine if there is a need to declare a disaster and activate the Disaster Recovery Plan. When the Plan is activated, assigned recovery personnel will be alerted and directed to activate ll r their recovery procedures. FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46 Key fingerprint = AF19 Recovery Objectives fu ins This section will define those applications and customers that are critical to the business and the Recovery Time Objective (RTO) and the Recovery Point Objective (RPO) for this Disaster eta Recovery Plan. The Recovery Time Objective is the length of time a business can be without data processing availability and the Recovery Point Objective (RPO) is how old the data will be rr once the systems are recovered. ho The following applications and customers have been defined as critical and require restoration ut within the Recovery Time Objective (RTO) following a disaster declaration in order to support the restoration of the vital business functions. These applications and the supporting systems ,A will be recovered within the Disaster Recovery Scenario using the alternate processing strategy. 02 The list of Critical Applications and Critical Customers and the Recovery Time and Point Objectives should be reviewed and updated by management on an annual basis. 20 Development of a Disaster Recovery Plan te A. Plan Scope and Objectives tu B. Business Recovery Organization (BRO) and Responsibilities (Recovery Team Concept) sti C. Major Plan Components - format and structure In D. Scenario to Execute Plan E. Escalation, Notification and Plan Activation NS F. Vital Records and Off-Site Storage Program G. Personnel Control Program SA H. Data Loss Limitations I. Plan Administration (general) © Maintenance of the Plan The purpose of this section is to define the activity necessary to maintain the Disaster Recovery (DR) Plan for the mainframe and mid-range environments. DR Plan maintenance is of utmost Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46 importance to ensure currency of what is to be recovered and procedures governing the recovery. This means keeping the test plan and implementation plan current and in sync with business changes. All changes to the business and in the mainframe and mid-range environments must be considered for inclusion in and for updating of the Disaster Recovery Plan. Page 5 © SANS Institute 2002, As part of the Information Security Reading Room. Author retains full rights.
  • 7. The Disaster Recovery Plan may require updates if problems or changes include some or any of the following: - Mainframe and Mid-Range Disaster Recovery Test results - New critical applications or critical customers - Increased application complexity - New equipment acquisitions - Changes to: ts. - Hardware igh - Software - Network ll r Key- fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46 Applications - Data fu ins A formal review of a Disaster Recovery Plan should be conducted yearly, and a quarterly Disaster Recovery Readiness Assessment Audit should be conducted as well. The purpose of the eta reviews and the audits is to identify any changes to ensure that these and any other updates identified since the previous review have been captured. rr Items to be reviewed for Plan update should include: ho - Personnel changes ut - Mission changes ,A - Priority changes - New Business Organizations 02 - Mainframe and Mid-range Disaster Recovery Test procedures and results 20 - Backup procedures - Recovery procedures te - Relocation / Migration Plan tu - Software (operating system, utilities, application programs) - Hardware (mainframe, mid-range and peripherals) sti - Communications Network Facilities In Particular attention should be paid to the review of the recovery equipment configurations to NS ensure that the business has the required equipment to restore the business functionality as SA quickly and smoothly as possible. These reviews will require the time and attention of all Plan holders and team members, © especially those that have hardware and network responsibilities. The proper maintenance of the Plan will be the responsibility of ALL holders of the Plan. It will be their responsibility to incorporate all approved revisions into their assigned copy to ensure thatKey Plan manual is maintained 2F94viable and readied Action Plan. All removed pages are to the fingerprint = AF19 FA27 as a 998D FDB5 DE3D F8B5 06E4 A169 4E46 be properly disposed; they should be placed in the classified materials bins throughout the office or shredded. It is the responsibility of all Plan holders to protect Confidential material and dispose of it in a proper manner. Page 6 © SANS Institute 2002, As part of the Information Security Reading Room. Author retains full rights.
  • 8. Disaster Recovery Testing Overview The purpose of this Test Plan Document is to specifically identify and document the task plan and procedures to be implemented in a testing environment. This Test Plan includes test parameters, objectives, measurement criteria, test methodology, task plan charts and time lines to validate the effectiveness of the current Disaster Recovery Plan. The Disaster Recovery Plan will be tested to ensure that the business has the ability to continue the critical business processes in the event of a disaster. It is very important that the Recovery procedures are executable and ts. accurate. Another benefit of testing the plan is to train the personnel who will be responsible for igh executing the Disaster Recovery Plan. The important issue is not that the test succeeded without problems, but, that the test results and problems encountered are reviewed and used to update or ll r revise the current Disaster Recovery Plan procedures. Testing can 06E4 A169 4E46by executing Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 be accomplished the disaster implementation plan or it may be desirable to execute a subset of the plan. When fu performing a Disaster Recovery Test, it is very important to use only that information which is ins recalled from the off-site storage facility. This is to ensure the following: eta 1. Simulate the conditions of an ACTUAL Disaster Recovery situation. 2. Completeness of the disaster recovery information stored at the Records Retention rr Site. 3. Ensure the ability to recover the intended functions. ho ut This test plan includes the following areas: ,A 1. Schedule 02 a. Planning Sessions 20 b. Pre-Test Technical Review c. Debriefing te 2. Introduction tu a. Preface b. Scope sti c. Recovery Site In d. Primary Test Objectives e. Secondary Test Objectives NS f. Exclusion (if applicable) SA g. Test Assumptions, Dependencies and Success Criteria 3. Test Teams a. ChoicePoint Participants © b. IBM Participants (as applicable) 4. Pre-Test Planning a. Activities b. Issues Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46 c. Concerns 5. Test Timeline a. Planned start and stop time of test and tasks. b. Actual start and stop time of test and tasks (to be completed during the test) Page 7 © SANS Institute 2002, As part of the Information Security Reading Room. Author retains full rights.
  • 9. 6. Critical Test Checkpoints a. Activity b. Recommendation c. Responsible party 7. Test Problem Log a. Document any problems encountered prior to the test. b. Record any deviations from Test Plan. Post Test Review ts. igh The purpose of this Post Test Review document is to identify any problem areas and any recommendations for improvement to the plan. The Post Test Review document includes the ll r following areas: = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46 Key fingerprint fu 1. Highlights ins a. Overall Test Results b. Test Dates eta c. Disaster Recovery Back-up Site d. Local Access Suite rr e. Test Participants 2. Test Objectives ho a. Primary Test Objectives ut b. Secondary Test Objectives ,A c. Exclusions (if applicable) 3. Timeline 02 a. Planned task, start and end times and duration 20 b. Actual task, start and end times 4. Problems Encountered During the Test te a. Problem Log tu 1. Actual Problem 2. Assigned to sti 3. Target Date for Resolution In 4. Status 5. Resolution NS 6. DR Process or Technical SA b. Problem Summary 5. Follow Up to Pre-Test Problems 6. Follow Up to Suggestions for Improvement/Recommendations from Last Year's © Test 7. Detailed Summary and Observations 8. Recommendations for Next Year's Test Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46 Establishing the Continuity Culture Page 8 © SANS Institute 2002, As part of the Information Security Reading Room. Author retains full rights.
  • 10. Documenting the Disaster Recovery Plan is one element of developing a strategy. The plan’s success, however, depends upon: • Implementation of the recommendations made, across the entire business. • A program of training of those directly involved in the execution of the plan • An education and awareness program to ensure enterprise-wide understanding and adoption of the plan, covering internal and external ts. stakeholders, i.e. employees, customers, suppliers and shareholders igh It is essential to commit to implementing all recommendations and strategies identified in the ll r Disaster fingerprintPlan, otherwise2F94 998D FDB5in its preparation will be redundant. Key Recovery = AF19 FA27 investment made DE3D F8B5 06E4 A169 4E46 Similarly training and awareness must be embarked upon to ensure that the entire organization is fu confident and competent concerning the plan. All parties must appreciate the importance of ins Disaster Recovery Plan to the operation’s survival and their role in this process. eta This awareness should extend to those external stakeholders and third parties upon whom the organization depends/has influence in both normal and crisis operations. rr Implementation of the plan in this manner and all those associated with the organization can ho have confidence in its ability to manage in a crisis, and the continuity culture will have started. ut Actions: ,A • Select the Emergency Management/ BCM/ Crisis and Recovery 02 Teams. 20 • Implement relevant training programs for each team dependent upon task, including crisis communications/ media training as appropriate. te This process is ongoing, as team members will change. tu • Establish and equip emergency and crisis centers. sti • Establish internal and external contractual arrangements/ service level agreements. In • Implement back-up and off-site storage arrangements. NS • Distribute plan documentation as appropriate. • Conduct internal and external awareness programs. These programs SA can be built into employee and supplier induction processes and customer marketing programs. © Disaster Recovery Education for Employees: Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46 Prepare Your Employees for Data Backup: You'll need to educate your employees about where to store their files (in a specific directory on their PC that is backed up or on the central server) so that all files are included in the backup. Page 9 © SANS Institute 2002, As part of the Information Security Reading Room. Author retains full rights.
  • 11. You'll also want to avoid data loss and downtime by installing anti-virus software and teaching your employees how viruses are spread and Prepare your Employees for Disaster Recovery: Involving employees in the disaster recovery effort will also help ensure that recovery procedures are well planned and executed based on your business' need to provide as seamless a recovery as possible. Find out typical processes and turnaround times that your customers have come to expect and plan how you will prioritize recovery efforts. Make sure all employees know whom to contact in an emergency, and outline what they can do to remain productive ts. during the recovery period. If you're using a service, identify who in the company will contact igh the service to initiate recovery efforts. Make sure you have the contact information off-site in case of a fire, flood, or other act of nature. ll r Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46 Disaster Recovery Statistics: fu • ins Only 15% of midrange data centers would be able to recover more than 30% of their applications in any time frame. eta • Just 3.8% could recover their applications within the same day. • Only 2.5% could recover within four hours. rr ho The eight R’s of a successful recovery plan ut • Reason for planning ,A • Recognition • Reaction 02 • Recovery 20 • Restoration • Return To Normal te • Rest and Relax tu • Re-evaluate and Re-document sti In Conclusion Every day, businesses are confronted with disasters of varying degrees. Those that have NS adequately developed, maintained, and exercised their contingency plans will survive. Yet many corporate executives continue to take the uninhibited operations of their companies for granted. SA They remain complacent, assuming that the power will always be available, the telephone system will not fail, there will be no fire or earthquake--everything will always be normal. Very few © executives plan for their own, much less their organization’s mortality; however, if a business is to survive, organizational “strategic” and “tactical” battle planning is essential. The final corporate contingency plan is the lifeblood of corporate survival. However, it is only as good as the foundation upon which it was built. The foundation is, of course, the concept. This document is the means by which a particular mission, program, or policy directive is translated into a Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46 fundamental organizational and operational methodology. Once the concept is developed through a logical building block approach, and is sanctioned by both management and the operating elements, construction of the contingency plan may commence. A fundamental premise of successful contingency planning is that plans are developed by those who must Page 10 © SANS Institute 2002, As part of the Information Security Reading Room. Author retains full rights.
  • 12. actually carry them out in the event of an actual disaster. The role of the Corporate Contingency Planner is to strategically, and relentlessly, manage the process. And, in doing so, he or she must rely on both internal and external assistance. In addition to in-house assistance, there are a multitude of disaster assistance organizations and services available to assist the contingency planner. Preparing a corporate contingency plan is a non-trivial undertaking. However, corporate leaders must recognize the vulnerabilities they invite by not adequately planning for survival. Disaster planning is truly a vital part of the overall business plan. ts. References: igh 1. Wold, Geoffrey H. “Disaster Recovery Planning Process” ll r http://www.drj.com/new2dr/w2_004.htm FDB5 DE3D F8B5 06E4 A169 4E46 Key fingerprint = AF19 FA27 2F94 998D fu 2. The Business Continuity Institute ins http://www.thebci.org/frametrial.html eta 3. Boroski, Doran. “Protect processes as well as investments in disaster recovery plans” http://www.computerworld.com/storyba/0,4125,NAV47_STO68345,00.html rr 4. DRI International ”Business Continuity Management Survey Examines How The Events of ho 9/11 Shape the Business Continuity Industry” ut http://www.dr.org/fallnews.pdf ,A 5. Wrobel, Len “Components of a Successful LAN Disaster Recovery Plan” 02 http://www.disaster-resource.com/content_page/nuggets.shtml 20 6. Radeke, Michelle “Prepare for Effective Data Backup and Recovery” te http://www.workz.com/content/543.asp tu 7. Hussong, Jr. William A. “So You’re The Company’s New Contingency Planner” sti http://www.drj.com/new2dr/w3_001.htm In 8. Disaster Recovery Planning: Strategies for Protecting Critical Information Assets NS By: Jon William Toigo SA © Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46 Page 11 © SANS Institute 2002, As part of the Information Security Reading Room. Author retains full rights.
  • 13. ts. igh ll r Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46 fu ins eta rr ho ut ,A 02 20 te tu sti In NS SA © Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46 Page 12 © SANS Institute 2002, As part of the Information Security Reading Room. Author retains full rights.
  • 14. Last Updated: August 26th, 2012 Upcoming SANS Training Click Here for a full list of all Upcoming SANS Events by Location SANS Melbourne 2012 Melbourne, Australia Sep 03, 2012 - Sep 08, 2012 Live Event Capital Region Fall 2012 Arlington - Baltimore, Sep 05, 2012 - Sep 20, 2012 Live Event SANS Crystal City 2012 Arlington, VA Sep 06, 2012 - Sep 11, 2012 Live Event SANS Network Security 2012 Las Vegas, NV Sep 16, 2012 - Sep 24, 2012 Live Event SANS Forensics Prague 2012 Prague, Czech Republic Oct 07, 2012 - Oct 13, 2012 Live Event SOS: SANS October Singapore 2012 Singapore, Singapore Oct 08, 2012 - Oct 20, 2012 Live Event SANS CyberCon 2012 Online, VA Oct 08, 2012 - Oct 13, 2012 Live Event SEC 579: Virtualization and Private Cloud Security @ Bangalore, India Oct 08, 2012 - Oct 13, 2012 Live Event Bangalore SANS Gulf Region 2012 Dubai, United Arab Oct 13, 2012 - Oct 25, 2012 Live Event Emirates SANS Seattle 2012 Seattle, WA Oct 14, 2012 - Oct 19, 2012 Live Event SANS Baltimore 2012 Baltimore, MD Oct 15, 2012 - Oct 20, 2012 Live Event SANS South Africa 2012 - Cape Town Cape Town, South Oct 26, 2012 - Oct 27, 2012 Live Event Africa SANS Chicago 2012 Chicago, IL Oct 27, 2012 - Nov 05, 2012 Live Event SANS Bangalore 2012 Bangalore, India Oct 29, 2012 - Nov 03, 2012 Live Event SANS South Africa 2012 Johannesburg, South Oct 29, 2012 - Nov 03, 2012 Live Event Africa SANS Korea 2012 Seoul, Korea, Republic Nov 05, 2012 - Nov 13, 2012 Live Event Of SANS Tokyo Autumn 2012 Tokyo, Japan Nov 05, 2012 - Nov 10, 2012 Live Event SANS San Diego 2012 San Diego, CA Nov 12, 2012 - Nov 17, 2012 Live Event SANS Sydney 2012 Sydney, Australia Nov 12, 2012 - Nov 20, 2012 Live Event BETA FOR526 Windows Memory Forensics In-Depth OnlineDC Aug 27, 2012 - Aug 31, 2012 Live Event SANS OnDemand Books & MP3s Only Anytime Self Paced