| |
| |
| Security Series Walk-Through | |
| |
| |
| Preface | |
| |
| |
| About the Authors | |
| |
| |
| Acknowledgments | |
| |
| |
| Quality Assurance | |
| |
| |
| |
| Introduction to Disaster Recovery | |
| |
| |
| Why Disaster Recovery? | |
| |
| |
| Business Functions | |
| |
| |
| Critical Support Functions | |
| |
| |
| Corporate-Level Support Functions | |
| |
| |
| What Is a Disaster? | |
| |
| |
| What Kinds of Disasters Are There? | |
| |
| |
| Lack of Computer Security | |
| |
| |
| Death of Key Employees | |
| |
| |
| Strikes | |
| |
| |
| Accidents | |
| |
| |
| Spills | |
| |
| |
| Explosions | |
| |
| |
| Technological Breakdowns | |
| |
| |
| Sabotage and Terrorism | |
| |
| |
| What Are the Possible Effects of a Disaster? | |
| |
| |
| Within the Organization | |
| |
| |
| External to the Organization | |
| |
| |
| What Is Business Continuity Planning? | |
| |
| |
| Summary | |
| |
| |
| Test Your Skills | |
| |
| |
| |
| Preparing to Develop the Disaster Recovery Plan | |
| |
| |
| Why Plan? | |
| |
| |
| Direct Pressure | |
| |
| |
| Indirect Pressure | |
| |
| |
| Establishing the Team | |
| |
| |
| Getting Management Support | |
| |
| |
| The Need for Ongoing Departmental Support | |
| |
| |
| Team Members | |
| |
| |
| Recovery Manager | |
| |
| |
| Facilities Coordinator | |
| |
| |
| Technical Coordinator | |
| |
| |
| Administrative Coordinator | |
| |
| |
| Network Coordinator | |
| |
| |
| Applications Coordinator | |
| |
| |
| Computer Operations Coordinator | |
| |
| |
| DR Team Sub-Teams | |
| |
| |
| Management Team | |
| |
| |
| Business Recovery Team | |
| |
| |
| Departmental Recovery Team | |
| |
| |
| Computer Recovery Team | |
| |
| |
| Damage Assessment Team | |
| |
| |
| Security Team | |
| |
| |
| Facilities Support Team | |
| |
| |
| Administrative Support Team | |
| |
| |
| Logistics Support Team | |
| |
| |
| User Support Team | |
| |
| |
| Computer Backup Team | |
| |
| |
| Offsite Storage Team | |
| |
| |
| Software Recovery Team | |
| |
| |
| Communications Team | |
| |
| |
| Applications Team | |
| |
| |
| Computer Restoration Team | |
| |
| |
| Human Resources Team | |
| |
| |
| Marketing and Customer Relations Team | |
| |
| |
| Other Teams | |
| |
| |
| Characteristics of Team Members | |
| |
| |
| External Team Members | |
| |
| |
| Creating a Notification Directory | |
| |
| |
| Securing and Preparing Resources | |
| |
| |
| Alphawest | |
| |
| |
| Affiliated Computer Services Inc (ACS) | |
| |
| |
| IBM | |
| |
| |
| Team Tasks | |
| |
| |
| Auditing Current Vulnerability | |
| |
| |
| Determining What Actions to Complete Now | |
| |
| |
| Creating Recovery Teams and Test Plans | |
| |
| |
| Summary | |
| |
| |
| Test Your Skills | |
| |
| |
| |
| Assessing Risk and Impact | |
| |
| |
| Defining Risk | |
| |
| |
| Risk Assessment | |
| |
| |
| Risk Management | |
| |
| |
| Emergency Situation or Event | |
| |
| |
| Choosing the Assessment Method | |
| |
| |
| Matching the Response to the Threat | |
| |
| |
| Identifying Mission-Critical Processes and Systems | |
| |
| |
| Evaluating Critical Functions | |
| |
| |
| Setting Priorities Based on Time Horizons | |
| |
| |
| Implementing Disaster Avoidance | |
| |
| |
| Avoiding Disasters through Effective Preventive Planning | |
| |
| |
| Creating Contingency Plans for Unavoidable Threats | |
| |
| |
| Disaster-based Risk Assessment | |
| |
| |
| Identify Hazards or Risks | |
| |
| |
| Assess and Prioritize Risks | |
| |
| |
| Develop Controls and Make Risk Decisions | |
| |
| |
| Implement a Risk-Handling Plan and Controls | |
| |
| |
| Evaluate, Track, and Report | |
| |
| |
| Asset-based Risk Assessment | |
| |
| |
| Asset Assessment | |
| |
| |
| Threat Assessment | |
| |
| |
| Vulnerability Assessment | |
| |
| |
| Risk Assessment | |
| |
| |
| Controls | |
| |
| |
| The Business Impact Analysis | |
| |
| |
| Business Impact | |
| |
| |
| How the Assessment Works | |
| |
| |
| Octave Risk Assessment | |
| |
| |
| |
| Create a Threat Profile | |
| |
| |
| |
| Identify Infrastructure Vulnerabilities | |
| |
| |
| |
| Develop a Security Strategy | |
| |
| |
| Summary | |
| |
| |
| Test Your Skills | |
| |
| |
| |
| Prioritizing Systems and Functions for Recovery | |
| |
| |
| Identifying and Prioritizing Assets and Functions | |
| |
| |
| Identifying Critical Assets | |
| |
| |
| Identifying Functions and Processes | |
| |
| |
| Prioritizing Disaster Recovery Planning Efforts | |
| |
| |
| Processes or Functions that Create Assets | |
| |
| |
| Processes or Functions that Protect Assets | |
| |
| |
| Determining What to Recover When | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| Conducting Dependency Analysis | |
| |
| |
| Defining Disaster Declaration Threshold Criteria | |
| |
| |
| Summary | |
| |
| |
| Test Your Skills | |
| |
| |
| |
| Identify Data Storage and Recovery Sites | |
| |
| |
| Data Backup | |
| |
| |
| How to Back Up Your Data | |
| |
| |
| When to Back Up Your Data | |
| |
| |
| How Often to Back Up Your Data | |
| |
| |
| Where to Store Backups | |
| |
| |
| Information as an Asset | |
| |
| |
| Recovery Site Alternatives | |
| |
| |
| Function | |
| |
| |
| Written Agreements | |
| |
| |
| Alternative Site Selection Criteria | |
| |
| |
| Number of Sites Available | |
| |
| |
| Distance from Site | |
| |
| |
| Facilities | |
| |
| |
| Cost | |
| |
| |
| Contract | |
| |
| |
| Designing Recovery Solutions | |
| |
| |
| Establishing a Disaster Recovery Site | |
| |
| |
| Selecting Backup and Restoration Strategies | |
| |
| |
| Storage Backup and Recovery Tools | |
| |
| |
| Restoring Communications and Recovering Users | |
| |
| |
| Summary | |
| |
| |
| Test Your Skills | |
| |
| |
| |
| Developing Plans, Procedures, and Relationships | |
| |
| |
| What Documents Will You Need? | |
| |
| |
| Collecting Contact Information | |
| |
| |
| Computer Vendor | |
| |
| |
| Suppliers | |
| |
| |
| Emergency Services | |
| |
| |
| Customers | |
| |
| |
| Key DR Personnel | |
| |
| |
| Management for the Organization | |
| |
| |
| Evaluating Your Support Tools | |
| |
| |
| People | |
| |
| |
| Supplies | |
| |
| |
| Proof That Your Vendors Are Planning | |
| |
| |
| Emergency Operations Center | |
| |
| |
| Creating Backups | |
| |
| |
| Full Backups | |
| |
| |
| Incremental Backups | |
| |
| |
| Backing Up the Mirror | |
| |
| |
| Creating the Recovery Plan | |
| |
| |
| Capturing the Planning Output in the DR Plan | |
| |
| |
| Upstream Relationships | |
| |
| |
| Vendor Emergencies | |
| |
| |
| Vendor Handoffs | |
| |
| |
| Hardware Support | |
| |
| |
| Software Support | |
| |
| |
| Downstream Relationships | |
| |
| |
| Service Level Agreements with Customers | |
| |
| |
| Directing the Disaster Recovering Team | |
| |
| |
| Team Actions Following a Disaster or After a Drill | |
| |
| |
| Summary | |
| |
| |
| Test Your Skills | |
| |
| |
| |
| Developing Procedures for Special Circumstances | |
| |
| |
| Emergencies During the Emergency | |
| |
| |
| Support Contracts | |
| |
| |
| Disaster Recovery Contracts | |
| |
| |
| Preparations | |
| |
| |
| Identifying the Gaps in Your Recovery Plans | |
| |
| |
| Backups | |
| |
| |
| Testing | |
| |
| |
| Systems | |
| |
| |
| People | |
| |
| |
| Identifying Disaster Recovery Risks | |
| |
| |
| Location | |
| |
| |
| Situation | |
| |
| |
| Systems | |
| |
| |
| Summary | |
| |
| |
| Test Your Skills | |
| |
| |
| |
| Testing the Disaster Recovery Plan | |
| |
| |
| Rehearsing the DR Plan | |
| |
| |
| Reasons for Testing the Disaster Recovery Plan | |
| |
| |
| Considering the Impact of Testing on the Organization's Activities | |
| |
| |
| Developing Testing Criteria and Procedures | |
| |
| |
| Using a Step-By-Step Process to Test the Plan | |
| |
| |
| Developing Test Scenarios and Using Test Results Effectively | |
| |
| |
| Maintaining the DR Plan | |
| |
| |
| Applying Change Control: Why and How | |
| |
| |
| Ensuring Normal Developments Are Accounted for in the DR Plan | |
| |
| |
| Scheduling Regular Reviews | |
| |
| |
| Managing and Documenting the Recovery | |
| |
| |
| Identifying Stakeholders | |
| |
| |
| Defining Clear Goals at the Start | |
| |
| |
| Reporting | |
| |
| |
| Summary | |
| |
| |
| Test Your Skills | |
| |
| |
| |
| Continued Assessment of Needs, Threats, and Solutions | |
| |
| |
| What to Do After the Disaster Recovery Test | |
| |
| |
| What Was Learned? | |
| |
| |
| What Will Be Done Differently | |
| |
| |
| Threat Determination in System | |
| |
| |
| Threat Classification | |
| |
| |
| SWOT (Strengths, Weaknesses, Opportunities, Threats) | |
| |
| |
| Solution Determination | |
| |
| |
| Damage | |
| |
| |
| Reproducible | |
| |
| |
| Exploitable | |
| |
| |
| Users/Systems Affected | |
| |
| |
| Discoverable | |
| |
| |
| Summary | |
| |
| |
| Test Your Skills | |
| |
| |
| |
| Sample Disaster Recovery Plan | |
| |
| |
| |
| Checklist Testing Sample Documents280 | |
| |
| |
| Glossary | |
| |
| |
| References | |
| |
| |
| Index | |