Disaster�Recovery

� Organizations face a variety of disaster

scenarios.
� Disasters can be caused by nature or
manmade events.
� Disaster recovery plans consider all
types of organizational disruption.
� Different disruptions will require
different recovery strategies.

25
 Disaster�Recovery�Plans�(DRP)�/�
Process
� DRPs intended to minimize disaster impact.
− Defines the data, resources, and necessary steps to
restore critical organizational processes.
� Planning process, initial phase:
− Consider needed resources to perform the company’s
mission.
− Identify critical functions.
� Initial phase yields the business impact assessment (BIA).
� Continued planning includes:
− Outline of processes and procedures to restore an
organizations critical operations
− Prioritized according to criticality for restoral

26
 Category Level�of�the�Function’s�Need How�Long�Can�the�Organization�
Last�Without�the�Function
Critical Absolutely�essential�for� The�function�is�needed�
operations.�Without�the�function,� immediately.�The�organization�
the�basic�mission�of�the� cannot�function�without�it.�
organization�cannot�occur.�

Necessar Required�for�normal� Can�live�without�it�for�at�most�30�

y�for� processing,�but�the�organization� days�before�your�organization�is�
normal� can�live�without�it�for�a�short� severely�impacted.�
processing period�of�time.�

Desirable Not�needed�for�normal� Can�live�without�the�function�for�

processing�but�enhances�the� more�than�30�days,�but�it�is�a�
organization’s�ability�to�conduct� function�that�will�eventually�need�to�
its�mission�efficiently.� be�accomplished�when�normal�
operations are�restored.�

Optional Nice�to�have�but�does�not�affect� Not essential,�and�no�subsequent�

the�operation�of�the� processing�will�be�required�to�
organization.� restore�this�function.�
Consider� No�discernable�purpose�for�the� No�impact�to�the�organization;�the�
eliminating function.� function�is�not�needed�for�any�
27 organizational�purpose.�
 Business�Continuity�Plan�(BCP)
� Focuses on continued operation of a business in
extenuating circumstances.
� Stronger emphasis placed on critical systems.
� Will describe the functions that are most critical,
based on a previously conducted BIA.
� Will describe the order in which functions should
be returned to operation.
� Describes what is needed for the business to
continue to operate.

28
 Backups
� Critical part of BCP and BRP
� Provides valid, uncorrupted data for
restoration
� Good backups include all needed files
− Applications, operations systems, and
utilities

29
 What�Needs�to�Be�Backed�Up?
� Data
� Application�programs
� Operating�systems
� Utilities�for�the�hardware�platform
� Personnel,�equipment,�and�electrical�power�must�
also�be�part�of�the�plan.
� Backup�plan�should�back�up�the�files�that�change�
more�often�than�the�files�that�do�not�chance�much.

30
 Backup�Strategy
� Backup considerations

− Size of the resulting backup

− Media used for the backup
− How long backups will be stored
� Four types of backups
− Full, differential, incremental,
delta

31
 Backup�Types
� Full backup
− All files copied onto the storage media
� Differential backup
− Files that have changed since last full
backup
� Incremental backup
− Files since last for full or incremental
backup
� Delta backup
− Portions of files changed since last backup

32
 Characteristics�of�Different�
Backup�Types
Full Differential Incremental Delta

Amount�of� Large Medium Medium Small

Space

Restoration Simple Simple Involved Complex

33
 Backup�Frequency�/�Retention
� Base frequency on time organization can
survive without current data.
� Base retention on operational
environment and frequency of backups.
� Retention strategy should avoid putting
all backups in one location.
− Ideally an offsite location will also
be used.

34
 Alternative�Sites
� Should be considered in BCP / DRP
� Three types of sites:
− Hot site: Fully configured
environment that can be operational
immediately
− Warm site: Partially configured, lacks
more expensive computing
components
− Cold site: Basic environmental
controls but few computing
components

35
 Utilities
� Power failures may disrupt operations
− UPSs provide enough power to allow
systems to be shutdown gracefully.
− Backup generator may be necessary
for sustained power needs.
� Other utilities like telephone and
Internet should be considered.

36
 Secure�Recovery
� Provide power, communications,

and technical support.

� Offer a secure operating

environment.
� Provide restoration of critical files

and data.

37
 Cloud�Computing
� Allows for the contracting of functions like e-
mail and file storage to third parties
� Can be more cost effective but also comes
with inherent risks

38