| |
| |
Security Series Walk-Through | |
| |
| |
Preface | |
| |
| |
About the Authors | |
| |
| |
Acknowledgments | |
| |
| |
Quality Assurance | |
| |
| |
| |
Introduction to Disaster Recovery | |
| |
| |
Why Disaster Recovery? | |
| |
| |
Business Functions | |
| |
| |
Critical Support Functions | |
| |
| |
Corporate-Level Support Functions | |
| |
| |
What Is a Disaster? | |
| |
| |
What Kinds of Disasters Are There? | |
| |
| |
Lack of Computer Security | |
| |
| |
Death of Key Employees | |
| |
| |
Strikes | |
| |
| |
Accidents | |
| |
| |
Spills | |
| |
| |
Explosions | |
| |
| |
Technological Breakdowns | |
| |
| |
Sabotage and Terrorism | |
| |
| |
What Are the Possible Effects of a Disaster? | |
| |
| |
Within the Organization | |
| |
| |
External to the Organization | |
| |
| |
What Is Business Continuity Planning? | |
| |
| |
Summary | |
| |
| |
Test Your Skills | |
| |
| |
| |
Preparing to Develop the Disaster Recovery Plan | |
| |
| |
Why Plan? | |
| |
| |
Direct Pressure | |
| |
| |
Indirect Pressure | |
| |
| |
Establishing the Team | |
| |
| |
Getting Management Support | |
| |
| |
The Need for Ongoing Departmental Support | |
| |
| |
Team Members | |
| |
| |
Recovery Manager | |
| |
| |
Facilities Coordinator | |
| |
| |
Technical Coordinator | |
| |
| |
Administrative Coordinator | |
| |
| |
Network Coordinator | |
| |
| |
Applications Coordinator | |
| |
| |
Computer Operations Coordinator | |
| |
| |
DR Team Sub-Teams | |
| |
| |
Management Team | |
| |
| |
Business Recovery Team | |
| |
| |
Departmental Recovery Team | |
| |
| |
Computer Recovery Team | |
| |
| |
Damage Assessment Team | |
| |
| |
Security Team | |
| |
| |
Facilities Support Team | |
| |
| |
Administrative Support Team | |
| |
| |
Logistics Support Team | |
| |
| |
User Support Team | |
| |
| |
Computer Backup Team | |
| |
| |
Offsite Storage Team | |
| |
| |
Software Recovery Team | |
| |
| |
Communications Team | |
| |
| |
Applications Team | |
| |
| |
Computer Restoration Team | |
| |
| |
Human Resources Team | |
| |
| |
Marketing and Customer Relations Team | |
| |
| |
Other Teams | |
| |
| |
Characteristics of Team Members | |
| |
| |
External Team Members | |
| |
| |
Creating a Notification Directory | |
| |
| |
Securing and Preparing Resources | |
| |
| |
Alphawest | |
| |
| |
Affiliated Computer Services Inc (ACS) | |
| |
| |
IBM | |
| |
| |
Team Tasks | |
| |
| |
Auditing Current Vulnerability | |
| |
| |
Determining What Actions to Complete Now | |
| |
| |
Creating Recovery Teams and Test Plans | |
| |
| |
Summary | |
| |
| |
Test Your Skills | |
| |
| |
| |
Assessing Risk and Impact | |
| |
| |
Defining Risk | |
| |
| |
Risk Assessment | |
| |
| |
Risk Management | |
| |
| |
Emergency Situation or Event | |
| |
| |
Choosing the Assessment Method | |
| |
| |
Matching the Response to the Threat | |
| |
| |
Identifying Mission-Critical Processes and Systems | |
| |
| |
Evaluating Critical Functions | |
| |
| |
Setting Priorities Based on Time Horizons | |
| |
| |
Implementing Disaster Avoidance | |
| |
| |
Avoiding Disasters through Effective Preventive Planning | |
| |
| |
Creating Contingency Plans for Unavoidable Threats | |
| |
| |
Disaster-based Risk Assessment | |
| |
| |
Identify Hazards or Risks | |
| |
| |
Assess and Prioritize Risks | |
| |
| |
Develop Controls and Make Risk Decisions | |
| |
| |
Implement a Risk-Handling Plan and Controls | |
| |
| |
Evaluate, Track, and Report | |
| |
| |
Asset-based Risk Assessment | |
| |
| |
Asset Assessment | |
| |
| |
Threat Assessment | |
| |
| |
Vulnerability Assessment | |
| |
| |
Risk Assessment | |
| |
| |
Controls | |
| |
| |
The Business Impact Analysis | |
| |
| |
Business Impact | |
| |
| |
How the Assessment Works | |
| |
| |
Octave Risk Assessment | |
| |
| |
| |
Create a Threat Profile | |
| |
| |
| |
Identify Infrastructure Vulnerabilities | |
| |
| |
| |
Develop a Security Strategy | |
| |
| |
Summary | |
| |
| |
Test Your Skills | |
| |
| |
| |
Prioritizing Systems and Functions for Recovery | |
| |
| |
Identifying and Prioritizing Assets and Functions | |
| |
| |
Identifying Critical Assets | |
| |
| |
Identifying Functions and Processes | |
| |
| |
Prioritizing Disaster Recovery Planning Efforts | |
| |
| |
Processes or Functions that Create Assets | |
| |
| |
Processes or Functions that Protect Assets | |
| |
| |
Determining What to Recover When | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
Conducting Dependency Analysis | |
| |
| |
Defining Disaster Declaration Threshold Criteria | |
| |
| |
Summary | |
| |
| |
Test Your Skills | |
| |
| |
| |
Identify Data Storage and Recovery Sites | |
| |
| |
Data Backup | |
| |
| |
How to Back Up Your Data | |
| |
| |
When to Back Up Your Data | |
| |
| |
How Often to Back Up Your Data | |
| |
| |
Where to Store Backups | |
| |
| |
Information as an Asset | |
| |
| |
Recovery Site Alternatives | |
| |
| |
Function | |
| |
| |
Written Agreements | |
| |
| |
Alternative Site Selection Criteria | |
| |
| |
Number of Sites Available | |
| |
| |
Distance from Site | |
| |
| |
Facilities | |
| |
| |
Cost | |
| |
| |
Contract | |
| |
| |
Designing Recovery Solutions | |
| |
| |
Establishing a Disaster Recovery Site | |
| |
| |
Selecting Backup and Restoration Strategies | |
| |
| |
Storage Backup and Recovery Tools | |
| |
| |
Restoring Communications and Recovering Users | |
| |
| |
Summary | |
| |
| |
Test Your Skills | |
| |
| |
| |
Developing Plans, Procedures, and Relationships | |
| |
| |
What Documents Will You Need? | |
| |
| |
Collecting Contact Information | |
| |
| |
Computer Vendor | |
| |
| |
Suppliers | |
| |
| |
Emergency Services | |
| |
| |
Customers | |
| |
| |
Key DR Personnel | |
| |
| |
Management for the Organization | |
| |
| |
Evaluating Your Support Tools | |
| |
| |
People | |
| |
| |
Supplies | |
| |
| |
Proof That Your Vendors Are Planning | |
| |
| |
Emergency Operations Center | |
| |
| |
Creating Backups | |
| |
| |
Full Backups | |
| |
| |
Incremental Backups | |
| |
| |
Backing Up the Mirror | |
| |
| |
Creating the Recovery Plan | |
| |
| |
Capturing the Planning Output in the DR Plan | |
| |
| |
Upstream Relationships | |
| |
| |
Vendor Emergencies | |
| |
| |
Vendor Handoffs | |
| |
| |
Hardware Support | |
| |
| |
Software Support | |
| |
| |
Downstream Relationships | |
| |
| |
Service Level Agreements with Customers | |
| |
| |
Directing the Disaster Recovering Team | |
| |
| |
Team Actions Following a Disaster or After a Drill | |
| |
| |
Summary | |
| |
| |
Test Your Skills | |
| |
| |
| |
Developing Procedures for Special Circumstances | |
| |
| |
Emergencies During the Emergency | |
| |
| |
Support Contracts | |
| |
| |
Disaster Recovery Contracts | |
| |
| |
Preparations | |
| |
| |
Identifying the Gaps in Your Recovery Plans | |
| |
| |
Backups | |
| |
| |
Testing | |
| |
| |
Systems | |
| |
| |
People | |
| |
| |
Identifying Disaster Recovery Risks | |
| |
| |
Location | |
| |
| |
Situation | |
| |
| |
Systems | |
| |
| |
Summary | |
| |
| |
Test Your Skills | |
| |
| |
| |
Testing the Disaster Recovery Plan | |
| |
| |
Rehearsing the DR Plan | |
| |
| |
Reasons for Testing the Disaster Recovery Plan | |
| |
| |
Considering the Impact of Testing on the Organization's Activities | |
| |
| |
Developing Testing Criteria and Procedures | |
| |
| |
Using a Step-By-Step Process to Test the Plan | |
| |
| |
Developing Test Scenarios and Using Test Results Effectively | |
| |
| |
Maintaining the DR Plan | |
| |
| |
Applying Change Control: Why and How | |
| |
| |
Ensuring Normal Developments Are Accounted for in the DR Plan | |
| |
| |
Scheduling Regular Reviews | |
| |
| |
Managing and Documenting the Recovery | |
| |
| |
Identifying Stakeholders | |
| |
| |
Defining Clear Goals at the Start | |
| |
| |
Reporting | |
| |
| |
Summary | |
| |
| |
Test Your Skills | |
| |
| |
| |
Continued Assessment of Needs, Threats, and Solutions | |
| |
| |
What to Do After the Disaster Recovery Test | |
| |
| |
What Was Learned? | |
| |
| |
What Will Be Done Differently | |
| |
| |
Threat Determination in System | |
| |
| |
Threat Classification | |
| |
| |
SWOT (Strengths, Weaknesses, Opportunities, Threats) | |
| |
| |
Solution Determination | |
| |
| |
Damage | |
| |
| |
Reproducible | |
| |
| |
Exploitable | |
| |
| |
Users/Systems Affected | |
| |
| |
Discoverable | |
| |
| |
Summary | |
| |
| |
Test Your Skills | |
| |
| |
| |
Sample Disaster Recovery Plan | |
| |
| |
| |
Checklist Testing Sample Documents280 | |
| |
| |
Glossary | |
| |
| |
References | |
| |
| |
Index | |