Disaster Recovery & Business Continuity

-


Business Continuity & Disaster Recovery



Fact

  • 1 in 4 businesses never re-open their doors after a disaster.
  • 90% of businesses fail within 2 years after being struck by a disaster.
  • Information Systems are vulnerable to a variety of disruptions.
  • Mild : Temporary power outages, disk failures etc.
  • Severe : Equipment destruction, fire, natural disasters etc.
  •  Organizations must have the ability to withstand hazards and achieve business objectives through both gradual & sudden changes.
  •  Focus is on ‘Availability’ component of the famous C.I.A
  • We achieve this through ‘Disaster Recovery Planning’ & ‘Business Continuity Planning’.
 Disaster Recovery Planning (DRP) 

 The process of rebuilding your operations or infrastructure after the disaster has passed.

 Business Continuity Planning (BCP) 

The activities required to keep your organization running during a period of displacement or interruption of normal operations. 




 Why a Business Continuity needed for a Business

• Advancement of IT means businesses nowadays depend heavily on information systems.

• Many businesses cannot survive without 24 x 7 operations of IS. (e.g. e-commerce)

• Therefore traditional disaster recovery plans which focus on restoring centralized data & operations center might not be sufficient.

• More comprehensive and robust Business Continuity Plan is needed for critical IS. 



Business continuity plan should exist in the event of following disruptions or disasters.


 • Equipment Failure
 • Disruption of power supply or telecommunication
 • Application failure or database corruption
 • Human error, Sabotage, Vandalism & Strikes
 • Malicious Software (Viruses, Worms, Trojan Horses) Attack
 • Hacking or any other internet attack
 • Social Unrest or Terrorism
 • Fire 
 • Natural Disasters (Flood, Earthquake, Hurricanes etc.)

Business Continuity Planning : Team
  • Information systems have shifted from traditional centralized architecture to distributed and     client/server architecture.
  •  IT department alone cannot achieve BCP success
  • All executives, managers, employees must participate
  • BC/DR Coordinator is responsible for maintaining the BCP
  • He or She will carry out periodical reviews and redistribute document parts to relevant parties
There are different methods an organization can achieve BC
  • Cold Site: An empty facility located offsite with required infrastructure ready for installation in the  event of a disaster.
  •  Mutual Backup: Two organizations with similar system configuration agreeing to serve as backup site to each other.
  •  Hot Site: A site with hardware, software & network installed and compatible to original site.
  • Remote Journaling: Online transmission of data to backup systems periodically (every few hours) Minimizes loss of data and reduces recovery time.
  • Mirrored Site: A site equipped with identical facilities to the original site with system mirroring capability. Data is mirrored & backed up immediately. Transparent Recovery.


Mirrored Site
DR & BC Providers
  • Organizations can decide to use a facility delivered by a third party BC provider.
  • However following areas of concerns should be considered. 
  • Floor Space • Redundant Equipment
  • Redundant Network Capacity
  • Relationship with vendors to provide replacements or assistance
  •  Budgetary Constraints
  • Skilled personnel availability
Preparing the BC Plan: Phases
  1. Project Initiation BC objectives are defined and the scope is identified. A committee will be appointed to draw up BC policies.
  2. Business Analysis Performing the ‘Risk Analysis’, Considering alternative BC strategies, Cost-benefit analysis, strategy selection & establish the budget.
  3. Design & Development (Plan) BC team is identified and responsibilities are assigned. Develop BC strategy and action plan and plan activation criteria.
  4. Implementation (Plan) Prepare disaster response & recovery procedures. Vendor contracts prepared and recovery resources are purchased. Ensure that recovery team on alert.
  5. Testing - Exercise scenarios periodically & produce BC reports & evaluate. 6. Maintenance - Reviewing & constantly updating/improving the BC plan.
Legally Obligated
  • In some organizations business analysis  is not the only factor that determines BC Strategy.
  • They are legally obligated by regulators to provide certain levels of protection to client data.
  • Organizations who have direct public interest (such as banks) have legal obligations to implement DR & BC strategies.

Comments

  1. UnknownAugust 28, 2018 at 12:49 PM

    It was very helpful article on disaster recovery & business continuity. I found this blog post very helpful. Thanks for sharing valuable content.

    ReplyDelete

Post a Comment

Popular posts from this blog

Cyber Security Trends

-
Image
Cyber Security Trends As we remain on the edge of one more year, the war for our cybersecurity seethes on. There have been numerous information breaks in 2017, most strikingly for Equifax, Verizon, and Kmart. In any case, on the off chance that you look for a silver coating in the cloud, maybe you'll be happy of the news that the worldwide normal cost of an information rupture is down 10 percent over earlier years to $3.62 million, as indicated by the Ponemon Institute.  Tragically, the normal size of an information break expanded about two percent. Unmistakably there's still a lot of work to do. Here are a portion of the patterns, difficulties and dangers that anticipate all of us in 2018.  1. Prepared for the General Data Protection Regulation (GDPR)?  In the event that your arrangements for the European Union's new GDPR, clarifying how organizations should process, store, and secure the individual information of EU subjects are not finished, o
Read more

Implementing Cross-site Request Forgery protection in web applications via Synchronizer Token Patterns is tested.

-
Image
Cross Site Request Forgery (CSRF) Cross-site scripting forgery or CSRF is an attack that forces an end client to execute undesirable activity on a web application in which they are presently verified. This is likewise called as a single tick attack or session riding attack. In the event that the casualty is a normal client the attacker can get restricted access to the framework. Yet, in the event that the casualty is an administrator CSRF can trade off the whole web application. There are two ways to secure the CSRF attack: Synchronizer Token, Double submit Cookies. How to mitigate CSRF Try not to open any messages, peruse to different destinations or play out some other informal organization correspondence while validated to your managing an account site or any site that performs budgetary exchanges. This will keep any noxious contents from being executed while being confirmed to a money related site. At whatever point you complete a saving money or budgetary exchange on a site
Read more