Running Head: Impacts of Disaster Recovery

1

Impacts of Disaster Recovery LaRon Walker Master of Information Technology and Internet Security April, 2010

2

ABSTRACT Any business or organization is vulnerable to the risk of a disaster occurring without warning whether natural, accidental, or intentional. These risks create the necessity for companies to become more proactive in disaster recovery practices and prepare for these types of unforeseen events. These recovery strategies are very important, as they are the backbone of the business if some type of disaster where to occur. Failure to prepare for such an event could result in the destruction of the business. This document will discuss some of the recommended steps to plan for a disaster, and three industry standards that can help guide the development of an effective, efficient disaster recovery plan.

3

Impacts of Disaster Recovery LaRon Walker Master of Information Technology and Internet Security April, 2010 When operating any business, one must always consider the risks of natural events that could cause the loss of valuable data whether in paper or digital form. Some people believe having a backup strategy alone is enough in the event a system or storage device crashes. However, they fail to include the possibility of backups being corrupt or destroyed via a natural disaster, fire, or hacker attack. With this in mind, the continuity of the business would be at risk if proper steps are not taken to ensure that all information has a path to be recovered in a fast efficient manner. This type of preparation is commonly referred to as Business Continuity Management (BCM). There have been many different industry standards that have been developed in the last few years that were created to help businesses recover in the event of an unforeseen disaster. After researching, I have found three ISO standards when used together, will cover all aspects of BCM, including Business Continuity Planning ( BCP) and Disaster Recovery. These ISO standards are:

y

ISO/IEC 24762:2008: Information technology -- Security techniques --Guidelines for information and communications technology disaster recovery services

y

ISO/IEC 27002:2005: Information technology --Security techniques -- Code of practice for information security management

4 ISO/PAS 22399:2007: Societal security - Guideline for incident preparedness and operational continuity management. ISO 24762 is the standard in that focuses on Disaster recovery. The theory behind this is to help businesses define the most critical information necessary for the business to operate in the event of a disaster, and how this information will be backed up, stored, and retrieved whether paper or digital. In today s business world, it is common for companies have onsite as well as offsite storage facilities. This technique covers the event if a building or its contents are unrecoverable. ISO 27002 is the standard that focuses on security policies that involve access, assets, communication, and operation management and also information security. This standard applies to network access, data access, and physical access (building) alike. ISO 22399 is the standard that focuses on defining the actual BCP. Per Barr (2008), ISO22399 help businesses and organizations:

y

y y y y

"Understand the overall context within which the organization operates; "Identify critical objectives; "Understand barriers, risks, and disruptions that may impede critical objectives; "Evaluate residual risk and risk tolerance to understand outcomes of controls and mitigation strategies;

y

"Plan how an organization can continue to achieve its objectives should a disruptive incident occur;

y

"Develop incident and emergency response, continuity response and recovery response procedures;

y

"Define roles and responsibilities, and resources to respond to an incident;

5 "Meet compliance with applicable legal, regulatory, and other requirements; Provide mutual and community assistance; "Interface with first responders and the media; and "Promote a cultural change within the organization that recognizes that risk is inherent in every decision and activity, and must be effectively managed." The above three industry standards together along with proper testing against various disaster scenarios can help ensure a business s future in the event of a disaster. Business Continuity Management encompasses Disaster Recovery and a Business Continuity Plan (BCP). These all fall under Information Security, as Information Security not only involves controlling access to networks and data, but also the securing of data in the sense of being recoverable, along with proper testing practices to verify the integrity of the data. Per Ulasien (2009), the recommended steps when developing a BCP are: 1. Create a Business Continuity Planning Team

y y y y

2. Establish a Business Continuity Budget 3. Identify All Critical Business Functions 4. Identify All Prominent Business Threats 5. Develop and Implement a Threat Mitigation Plan 6. Develop Continuity and Recovery Procedures 7. Document the Business Continuity Plan 8. Train Employees 9. Develop and Execute a Business Continuity Test Plan 10. Establish a Test and Maintenance Schedule

6 Failure to follow any of the above steps can result in a gap in the recovery process, which in turn could cause other parts of the continuity plan to fail, ultimately destroying the business. Information Security covers many aspects of businesses operations including Business Continuity Management, Planning, and disaster recovery, along with network, data, and physical access control. When considering the future of any organization, one of the most important components that must be addressed is proactive preparation in the event of a system, data, or building disaster. This strategy should be frequently reviewed and tested to ensure that all techniques maintain the highest level of integrity, as this process could determine an organization s future. References Barr, J. (2008). ISO Standard for Disaster Recovery. Faulkner Information Services. Retrieved April

24, 2010 from Faulkner Information Services database.
Ledford, J. (2010). Business Continuity for Corporate Libraries. Faulkner Information Services.

Retrieved April 24, 2010 from Faulkner Information Services database.
Ulasien, P. (2009). Preparing a Business Continuity for Plan. Faulkner Information Services.

Retrieved April 24, 2010 from Faulkner Information Services database.

Sign up to vote on this title
UsefulNot useful