AUDITING & DISASTER

RECOVERY…

Lerdinia V. Mapepa
W160436
What is Disaster Recovery?
 It is a process of returning an organization, society, or
system to a state of normality after the occurrence of a
disastrous event.

 Disaster recovery in information technology is part of security

planning and is developed in conjunction with a business continuity
plan.

 Disaster recovery is a set of policies and procedures which focus on

protecting an organization from any significant effects in case of a
negative event.
 What are the typical disasters ?
Disasters are disruptions that cause critical
information loss or inoperative for a period of
time, adversely impacting organizational
operations.

The disruption could be a few minutes to several

months, depending on the extent of damage to the
information resource.

A disaster may be caused by natural calamities,

such as earthquakes, floods, tornados, severe
thunderstorms and fire, which cause extensive
damage to the processing facility.

A disaster could also be caused by events

precipitated by human beings such as terrorist
attacks, hacker attacks, viruses or human error.
 Factors to consider…
A recovery strategy / plan identifies the best way to recover a
system in case of interruption.

There are various strategies for recovering critical

information .

The selection of a recovery strategy would depend on:

The criticality of the business process and the applications

supporting the processes

Cost

Time required to recover

Security
 Recovery strategies…
Recovery strategies based on the risk level identified for
recovery would include developing:
Hot sites
Warm sites
Cold sites
Duplicate information processing facilities
Mobile sites
Reciprocal arrangements with other organizations
 Recovery Sites…
* Hot sites—They are fully configured and ready to operate within several hours.
* Warm sites—They are partially configured, usually with network connections and
selected peripheral equipment, such as disk drives and other controllers, but
without the main computer.

* Cold sites—They have only the basic environment (i.e., electrical wiring, air
conditioning, flooring, etc.) to operate an IPF reducing the cost. The cold site is
ready to receive equipment, but does not offer any components at the site in
advance of the need. Activation of the site may take several weeks.
* Duplicate information processing facilities (duplicate/redundant IPFs)—They
are dedicated, self-developed recovery sites that can back up critical applications.
They can range in form from a standby hot site to a reciprocal agreement with
another company installation.

* Mobile sites—This is a specially designed trailer that can be quickly transported to

a business location or to an alternate site to provide a ready-conditioned IPF
 RAID …
* Redundant Array of Independent (or Inexpensive) Disks
* Redundant Array of Independent (or Inexpensive) Disks (RAID)
provides performance improvements and fault-tolerant
capabilities via hardware or software solutions, breaking up data
and writing data to a series of multiple disks to simultaneously
improve performance and/or save large files.
* These systems provide the potential for cost-effective mirroring
offsite for data backup.
 RPO AND RTO …
The recovery point objective (RPO) & recovery time objective
(RTO) are two very important parameters that are closely
associated with data recovery.
These are part of the factors to consider when selecting a
recovery strategy.
* The RTO is how long you can go without a specific application.
This is often associated with the maximum allowable or
maximum tolerable outage. (time)
* The RPO is slightly different. This dictates the allowable data
loss -- how much data can we afford to lose? (data)
 The Disaster Recovery Plan …
Elements of an effective DR plan:
 Regular backups or replication of all critical systems and data
. Clear, complete instructions on how to restore systems.
 Offsite storage of backups and restoration instructions.
 Arrangements for an alternative data centre location.
 An effective testing plan.

 An effective DR plan will address these types of situations:

just having an effective disaster recovery plan is not enough when you lose
access to the entire building!
Benefits of DR management and
planning
* Clear, tested and reliable instructions and procedures in the event of
a disaster.
* Improved assurance to customers, employees and the investment
community.
* Reduced exposure to significant and prolonged business outages.
* Reduced coat and confusion during a disaster.
* Improved internal and external communication channels and
procedures