Professional Documents
Culture Documents
and
Disaster Recovery Management in EBanking
Md. Mahbubur Rahman Alam
Assistant Professor, BIBM.
E-mail: alam_mr@yahoo.com
Cell: 01556323244
Web: www.bibm-bd.org
Introduction
What is a Disaster?
Any
Anyunplanned
unplannedevent
eventthat
thatrequires
requiresimmediate
immediate
redeployment
redeploymentof
oflimited
limitedresources
resources
Sample Disasters
Natural Forces
Fire
Environmental
Hazards
Flood / Water
Damage
Extreme Weather
Technical Failure
Power Outage
Equipment Failure
Network Failure
Software Failure
Human Interference
Criminal Act
Human Error
Loss of Users
Explosions
Natural Disasters
2004: four hurricanes in Florida
2005: Katrina, Rita, Wilma
Those who plan tend to fare better than those who dont
*Source: AP or Reuters
40% of all
SMBs will go
out of
business, if
they cannot
get their data
in the first 24
hours after a
crisis.
-- Gartner
Introduction
What is a Disaster Recovery Plan?
AAmanagement
managementdocument
documentfor
forhow
howand
andwhen
whento
toutilize
utilize
resources
resourcesneeded
neededto
tomaintain
maintainselected
selectedfunctions
functions
when
whendisrupted
disruptedby
byagreed
agreedupon
uponincidents
incidents
Other names commonly used:
Introduction
What is the magnitude of an incident?
Regional Area
Local Area
Within 3 Blocks
To The Building
Within 3 Floors
On The Floor
Within The Room
Introduction
Types of Strategies
Avoidance Strategy
Redundant
configuration to
avoid incidents
Site harden
facilities to resist
incidents
Redundant utilities
and hardware
Automated
operation recovery
plan
Mitigation Strategy
Recovery Strategy
Early warning
High level recovery
detection
plan
Contractual
Off-site data storage
Very responsive
agreements with
vendors
vendor relationships
Mirrored data and
Very knowledgeable
documents
employees
Detailed migration
recovery
plan
Types
of Strategy
Options
Hot site
Cold site
Worm Site
Computer Hardware
Alternatives
Hot Sites
Ready to Operate Within Several Hours
Not for long term extended use
Network Component
Warm Sites
Partially Configured with network connections
Without Main Computer
Cold Sites
Site with only basic environment
Planning
Scoping &
Risk
Assessment
Disaster Recovery
Approach
Implementation
Recovery
Disaster
Training
Strategy
Recovery
&
Development Plan
Testing
Approval
Planning
The primary objective for the Planning Phase is to gain
management consensus on the focus areas and scope of a
Disaster Recovery Plan that will address major business risks
Implementation
The primary objective for the Implementation Phase is to
develop, test, and rollout a Disaster Recovery plan. The
implementation phase could be longer or shorter, depending
upon scope, approach, and staffing defined during the Scoping
and Risk Assessment phase
BCP objective
Good Practices
Customer
server(s)
WAN
Customer
Firewall
ViaRemote
Platform
Recovery process
Manage
Crisis
Time Zero
Status
Restored
Capture actual ETTR
Emergency
Mobilize
Restore
Restore
Roll Forward
Response
Resources
Backups
Applications
& ReSync
Compliance?
Self/Own
Central Bank
ISO 17799
BS 7799
BS 15000