Disaster Recovery And Incident Response Management Information Technology Essay
Not all events are emergencies, and not all emergencies become disasters. A hasty decision to declare a disaster can be more disruptive than the event itself. A timely and appropriate response, however, is necessary to protect the safety of employees and reduce the risk to property.
-Chubb Loss Control Services
Introduction
Disasters of many kinds strike organizations around the world on an almost daily basis. But most of these disasters never make headlines because they occur at the local level. Everybody is familiar with the disaster that stuck on Haiti and Chile in recent days. So the natural and the humans are the two factors responsible for causing the disaster. Natural causes like fires, floods, landslide, civil war, and earthquake and the human made causes like the errors and carelessness done by the human helps other intruders to attack the system bringing the organization in a standstill position.
In information technology, disaster recovery is defined as a set of actions that are taken in the event of major disaster and returning into the market within a short period of time. The main objective of disaster recovery is to minimize the adverse effect caused by those disasters, and help to prevent from future occurring. Disaster can include computer related issues such as hacker attacks and computer viruses, electrical issue such as power failure and underground cable cuts resulting in such failure can bring the business into a halt with loss of money. As a result, most companies are aware that they need to back up their information to limit data loss and to aid data recovery.
Most large companies spend between 2% and 4% of their IT budget on disaster recovery planning; this is intended to avoid larger losses. Of companies that are hit by the major disaster 43% never reopened, 51% close within two years of time and only 6% will survive for the long term. So seeing this data one can assume the necessary of disaster recovery process. So in order to avoid the above scenario business organization needs to take certain steps for the disaster recovery.
One of the most important aspects of disaster recovery planning is providing the business continuity, which involves insuring that the critical business processes of an organization will be maintained in the event of a disaster. Backing of computer data is especially important when referring to the areas of the organization that use IT systems since this is where the data is stored.
This paper will provide information on why disaster recovery planning is important, reasons of its necessity, what a disaster recovery plan is and how it is used, and the process for formulating a plan. One can get information about various types of disaster recovery technology and its uses, the business continuity planning, backing and recovering data, and helping to prevent data loss in the event of future disasters.
Why Disaster Recovery Is Important
Disaster recovery can be vital to an organization for several reasons. First, if planned properly and executed correctly, it can save time and large sum of money, and both time and money are the valuable assets of the business. Money is usually the bottom line of business and the loss of money can expand into more problems, such as employees losing jobs or whole departments being shut down. It can also improve the quality of lives affected by the events leading up to it by helping to preserve vital information such as medical records and other valuable data that would otherwise be lost.
Since disasters can and often leads to network outages which in turn can cause communication system to go down, so it is important to have a plan that will enable communication. This is especially important in situations where people may be injured and need immediate assistance. It also allows emergency workers the ability to spread the word to each other and the public about the danger.
While it is important to plan for possible disasters and it is also possible to detect certain disasters before they occur. Things such as weather can usually be planned for whereas terrorist attacks or widespread of computer hacking are often unexpected, but recovering and resuming from those tasks is very important. That is why disaster recovery is important and in those cases one can take following measures to preserve data as much as possible. The first step would be to detect the network or system outages as quickly as possible, and notify any affected parties so the necessary actions can be taken. The next step is to isolate the affected areas so damage cannot spread, and repair the affected system so business continuity can resume.
Reason for Disaster Recovery Plans
There are many reasons why disaster recovery plans can be crucial to a company’s survival. One is that a well constructed plan saves time and effort, and often prevents vital information from being lost. Because of this, efforts can be directed to other areas in need of immediate attention.
There are also many risks that can have a negative impact on the normal operations of an organization. Here, it is advisable to perform a risk assessment to define what constitutes a disaster, and which risks that a company is susceptible to and what can be done to counteract them. Possible disasters can include natural disasters, terrorist attacks, organized or deliberate disruption, system or equipment failure, computer viruses, human error, legal issues and worker strikes. While it is not possible to anticipate when such issues might occur but, it is possible to plan for these possibilities. A large part of the success of any disaster recovery action depends on the planning for several different scenarios, and even doing “dry runs”, where everyone pretends that something actually happened and acts accordingly. The more prepared a company is to handle the disaster; the smoother the recovery process will go. This is why backup of infrastructure is crucial and having it will help run the business with minimized data loss.
The Plan
A good disaster recovery plan composed of many factors which include: the customers, facilities, knowledge of workers and business information. By notifying customers of the problem, companies can help to minimize the possible panic that can occur during a disaster situation. Knowing how to handle such situations before they occur will speed up the recovery process and allow companies to notify customers both quickly and efficiently. This will also allow for any unexpected issues organization may encounter. Backup systems are important as they allow companies to continue operations during the disaster. They also help prevent loss of data. It is also important during the disaster recovery process to remember that employees will be required to work long hours. That is why a good support system should be in place, as this will help to faster recovery process during the incident. And backups should always be stored in a different location. The security and reliability of the data is key because of the important role it will play in the time of incident also the key people in the organization should know where the backups are kept so that they can accessed it quickly and easily. This helps to improve the chances of business continuity and help maintain the old and new relationships between the company and its customers. Thus the customers will know that they can rely on the company during difficult times, and that their information is safe and well maintained.
The Disaster Planning Process
There are several steps companies should take to plan for disaster recovery. While it is not possible to plan for every disaster that may occur, it is important to be prepared in the event that one does. There are certain steps that can be taken to help ensure data is safe and systems can be restored. Computer equipment should always be maintained whenever possible. This includes the purchase of new hardware and software when needed, as well as testing existing equipment to be sure it is in working order. It is also essential to periodically check for computer viruses, and repair and remove them as they occur. Knowing, how to reinstall the software will speed up the recovery process and help with restoration. Knowing where to find offsite storage disks helps easy to retrieve, and restore the process. The same applies to the backup data source.
Similarly, knowing how to install the backup data and be sure that more than one person within the company is able to do this in case the person in charge of doing so is not available. This will also save time and money.
One can extend data recovery capabilities by purchasing the software necessary to complete the task and minimize the time it takes to do so. There are many software applications that can assist with these tasks. Also, be sure the hardware is up to date and able to work with the chosen software. If it is not, the software may not work correctly, and significant data may be lost.
Disaster Recovery Technologies
Information technology or (IT) systems can provide enormous value to an organization. Here, data can be stored and quickly recalled in greater masses than ever before. However there is likely to present vulnerability; when access to this data is interrupted, the organization and its customers often suffer. This is why it is crucial to have a backup system in place that will effectively backup and preserve necessary data. Such systems include: tape backup, a virtual tape library of data, Synchronous replication software, Replication storage technology, and Virtual PBX/hosted phone service. Not only will this equipment store the data, but also allows for system continuity and maintenance of communications services. At a minimum, system outages can cost millions of dollars, decreased productivity and various legal issues that can occur as a result. It can also threaten the liability of an organization that is why effective disaster recovery planning has now become a prerequisite to the success of a business. Preparing an organization for possible disasters and implementing a plan is the domain of business continuity. Such processes will enable activity to continue after a disaster occurs. This will help maintain customer loyalty and help keep an organization above others whose plans were not as effective.
Another technology that can be helpful in the event of a disaster is a backup battery or uninterruptible power supply (UPS) for main servers or computer systems. This allows the network to stay up, and will eliminate the interruption of data transfer that is taking place during such an event. It also keeps the entire system from going down if the outage doesn’t last for too long.
Business Continuity Planning
Business continuity planning is a procedure designed to ensure business processes will continue following a disaster. Every organization should have one as many unexpected disasters may occur. Both long and short term plans should be devised so that different types and levels of disasters are addressed. The business continuity plan should take in to account the need for alternate facilities such as offices, warehouses, and retail outlets should normal business locations become inaccessible for both employees and customers. These facilities may also provide the necessary space for carrying out vital business transactions, and can also serve as a place for data backup and restoration. Choose outlets that are not all in one location in case an entire section of a city or town is inoperable.
The plan should also include a host of other items. They include: departmental guidelines detailing how business operations are to be maintained under those circumstances, where employees should report those circumstances, and to whom they should report. Business continuity planning focuses solely on the recovery of data, maintenance and continuation of normal business operations. There are several steps that must be taken in order to ensure a high level of business continuity. First a written policy should be put in place instructing employees on what to do to reestablish business functionality. Each business application must be cataloged, its recovery needs assessed and documented, and the importance of each prioritized to enable company staff to meet each individual need in a timely manner. This will help maximize productivity when it is at its most crucial point. Here, a business impact analysis can be performed to determine the level of impact certain disasters could have on an organization and its employees. This analysis quantifies the impact of each business system and determines the effects that the loss of each IT system could have on the company and its data. Factors include a risk analysis to determine likelihood of an interruption to business applications, and figures the probability of an event, weighing it against amount of disruption the event might cause.
Backup and Recovery
Backup refers to the process of copying information from a disk or hard drive to a secure storage medium. Tape backup systems are usually used, as they provide easy access to that information, and can be stored and accessed easily. Tape backup also provides one of the fundamental building blocks of a disaster recovery plan. Determining when to run a backup is a function of the interconnectivity and interdependency of several business applications. Here, administrators must carefully coordinate the copy process in order to ensure the integrity of the information on tape. This is because it is vital to have this information restored exactly as it was copied, and to be sure it is all there after it has been restored. Recovering data from a backup source involves restoring the contents of the tape to disk, then performing a reconciliation process to rectify any errant information.
It is also a good idea to vault the tapes so they will not be lost in the same disaster that caused the primary data to be deleted. Electronic tape vaulting is an attractive option because of the lower cost and higher speed networking capabilities of today. Here, the network can transmit taped data over the network, which makes it possible to restore data in more than one location without the need for manual transmittal.
Disaster Recovery Prevention
While it is often not possible to prevent a disaster from occurring, it is possible to prevent data loss and minimize the recovery process. There are steps companies can take to prevent data loss that will cover a wide span of disasters. It is important for organizations to plan for all types of disasters, and implement plans accordingly. Be sure the storage unit used to store tape backup and other data systems has a fire suppression system. This will help keep the information as safe as possible and will often prevent from destruction. Also, be sure the tapes are stored in containers that help guard against water. Also, check the types of access controls and activities that take place in neighboring storage units. If they are easily accessible, consider storing the backups in another location. This will help prevent unwarranted theft or damage. Since this information is vital, it must be carefully protected. All records should be kept secure at all times. This will protect organizations against identity theft, intellectual property theft, and misuse. This protects not only the employees, but the customers as well, and has become even more important in recent years with the increase in laws to protect such information. Saving digital records is also a good idea. This way, if the paper records are lost or destroyed, the information is still saved and is readily accessible when needed. Digital records also provide a legal substitute for the tangible paperwork in the event of loss and destruction. This can also help protect against theft, and also provides organizations with yet one more tool to assist with disaster recovery and business continuity.
Incident Response
Computer security incident response has become an important component of information technology (IT) programs. Security-related threats have become not only more numerous and diverse but also more damaging and disruptive. New types of security-related incidents emerge frequently. Preventative activities based on the results of risk assessments can lower the number of incidents, but not all incidents can be prevented. An incident response capability is therefore necessary for rapidly detecting incidents, minimizing loss and destruction, mitigating the weaknesses that were exploited, and restoring computing services. National Institute of Standard and Technology (NIST) Special Publication 800-61 has provided the incident response and response methodology while ISO 17799 involved in assessing an organization’s incident handling and response capabilities.
A Computer Security Incident Response Plan (CSIRP) provides guidance and documentation on computer security incident response handling and communication efforts. The CSIRP is activated whenever a computer security incident occurs, and guides the responses to all incidents whose severity is such that they could affect a company’s ability to do business, or undermine its reputation. CSIRP development should be the top security budget priority in any company more important than security services, and more important than security products. When a security incident occurs, the first step is creating a Computer Security Incident Response Team and there are different models commonly used for organizing incident handling and response teams. The first is the centralized team which is typically suited for the smaller organization with one main geographic location. And the second model is the distributed incident response team. This model splits a central team into smaller teams that are located in different areas. This model is good for the big organization whose offices are located into several states or in different towns of the state and on this model the teams have different function and responsibilities. The third and the last model is the coordinating team. In this model an experienced team acts as guidance over another team without actually having authority over them. We can see this type of response team in large organization, where majority of IT experts are in the central location such as headquarter, with other smaller teams spread out in other location.
Preparation for the incident response should be year round and this is not technically performed at the time of the incident but the checks and continuity to ensure readiness for incidents should always be there. This is most important step in incident response methodology, for several reasons. First, by thinking proactively, an organization will prepare for more possible contingencies. Second, the better an organization is, the more rapidly it will be able to respond the case when an actual incident happens; this initial response often determines the overall security of the incident as a whole. And for the preparation policy is an important part of an organization. Smaller organizations may have one large policy with multiple sections, whereas larger organizations may have a number of distinct policies that explains the organization incident response methodology.
The second phase of the incident handling process is the identification where the incident handling team is alerted to identify if something is happening or not and typically, the most senior and experienced handlers will work on the case. Failed logon attempts, gaps in log files or suspicious logs, unexplained user accounts or files, Intrusion Detection alarms, interfaces in promiscuous mode are all the indicator of this phase. The third stage is the containment phase where the incident handling team will actually perform the necessary work by making backups of the affected system and may surrounds the area where the problem started. In this phase management really needs to coordinate with other business units and associates. So building positive relationships by the incident response team with other members of an organization is key factor for tackling the incident. The fourth step is the eradication which can be very difficult, depending on how the attacks have been done, how long is its existence and the cost of the damage. During this phase the incident response team tries to identify the root cause of the attacks by deploying the rules on Access Control List (ACL), Intrusion Prevention System, firewalls and other security devices which can help control the threat and minimize the damage. The final step is the recovery phase, the goal of this phase is simple that is just make the system response to normal, but in order to do this any affected system should be validated using standard organizational testing plans and procedure with the baseline data created during the preparation phase.
Overall, the building and managing of an incident response team requires a significant investment in time and resources. In depth knowledge of the organization, including political influence throughout the tiers of management will be absolutely important for an incident handling team to be effective.
Order Now