Disaster Recovery and Business Continuity

Disaster Recovery and Business Continuity: A Quick Guide for Small Organizations and Busy Executives

THEJENDRA BS
Copyright Date: 2008
Edition: 2
Published by: IT Governance Publishing
Pages: 289
https://www.jstor.org/stable/j.ctt5hh4d4
  • Cite this Item
  • Book Info
    Disaster Recovery and Business Continuity
    Book Description:

    Disaster Recovery and Business Continuity is a quick guide to business recovery best practices explained in a practical and easy to implement manner. This book is designed to be a concise handbook for IT Service Personnel, Business Managers, etc., wishing to know what disaster recovery and business continuity is all about in a realistic manner. The entire book is written in a Question & Answer format for easy comprehension and speedy reading with no business jargon. The chapters are also short and just to the point. The answers to the various questions are also concise and rarely exceed one page. Real world examples are used wherever necessary. This book should be used as a quick reference by small organizations and busy executives to get a basic overview of DRP and BCP for implementing, or planning to implement, within their IT departments and organizations.

    eISBN: 978-1-905356-38-6
    Subjects: Technology

Table of Contents

  1. Front Matter
    (pp. 1-5)
  2. FOREWORD
    (pp. 6-6)
    Alan Calder

    Business Continuity and Disaster Recovery have, over the last five years, become critical business issues. The increasing dependence of organizations on IT systems and the growing range of threats they face – from acts of nature to terrorist attacks – mean that organizations unprepared for the worst usually do not survive the unexpected.

    Regulatory authorities recognize the challenge and, in the Basel Accord and in legislation from the UK’s Companies Act 2006 to the US Sarbanes-Oxley Act, require company directors to take appropriate action to identify and deal with operational risk. Business continuity is one of the most important areas...

  3. PREFACE
    (pp. 7-8)
    Thejendra BS
  4. Table of Contents
    (pp. 9-9)
  5. CHAPTER 1: INTRODUCTION TO DISASTER RECOVERY AND BUSINESS CONTINUITY
    (pp. 10-50)

    The business world has changed significantly in the past few years. Organizations have undergone huge technical and non-technical transformations over the last decade. Regardless of the industry, more and more businesses are operating on a 24x7 global basis. Competition has also increased dramatically and is now available at a click of a mouse button. Even small organizations with less than a dozen employees depend on several modern technologies and worldwide competition to remain in business. To stay in business, alive and kicking, is of paramount importance to every modern organization. Today, it is not possible to run your business using...

  6. CHAPTER 2: DATA DISASTERS
    (pp. 51-70)

    This chapter deals with the various ways in which your organization’s data can be exposed to risk, and possible prevention methods.

    A general dictionary defines ‘data’ as ‘factual information, especially information organized for analysis or used to reason or make decisions’. Organizations have various kinds of data in several formats and importance. For example, important finance documents and Excel spreadsheets, computer files in Word documents, databases, E-mails, employee information, customer details, etc, can all be classified as data. Different organizations view data with varying importance. For example, a credit card supplier will consider all details of his credit card numbers,...

  7. CHAPTER 3: VIRUS DISASTERS
    (pp. 71-78)

    A computer virus is a software program, usually written by intelligent troublemakers (unethical software programmers), to wreak havoc on other computer programs. Viruses come in all flavours. A virus is a software program that serves no useful purpose. It is written with an intention to cause havoc by exploiting some vulnerabilities of the operating system or programs. Some viruses are harmless and can simply pop up with annoying messages, whereas other viruses are deadly and can wipe out all the data on a hard disk in a matter of minutes. A virus attack can happen in minutes and normally users...

  8. CHAPTER 4: COMMUNICATION SYSTEM DISASTERS
    (pp. 79-85)

    Organizations have come a long way in exchanging information internally and externally from the good old days of plain telephones and telex. Some of the common and most extensively used methods of communication are listed below.

    E-mail

    Internet, WorldWideWeb, Chat, Instant Messenger, etc

    Private telephone networks for voice

    Data transfer using Internet and private leased lines

    Mobile phones, pagers, SMS, etc

    Regular telephones, fax, etc

    Voice over IP, Voice over Broadband

    Local and wide area networks

    Wireless

    … and various other electronic methods.

    Organizations have also become heavily dependent on various methods of communication. In fact, many businesses will practically...

  9. CHAPTER 5: SOFTWARE DISASTERS
    (pp. 86-92)

    Today, for any modern organization to function, it will definitely need several different types of computer. Each computer normally comes pre-loaded with a piece of software called the operating system. But having computers with only an operating system loaded is not enough. It is not possible to do anything useful with just an operating system like Windows 98, Windows 2000, XP, Vista, Linux, etc. Additional business software, usually called an application, like MS-Office, databases, e-mail, web software, finance applications, reporting tools, business applications, etc, have to be loaded into computers for them to be useful at work.

    Such software is...

  10. CHAPTER 6: DATA CENTRE DISASTERS
    (pp. 93-98)

    A data centre is a secure room or rooms where the company’s critical servers and other important equipment are housed. A computer data centre is the heart of any modern organization. A disaster here can cripple an entire organization within minutes, so special precautions need to be taken to prevent IT disasters, especially within the data centres.

    Building Security: ‘Hello Mr CIO. This is the Building Security Officer calling. Sorry to wake you up at 2 am in the middle of the night. There was a fire in the office just now.’

    CIO: ‘Heavens. What was the damage?’

    Building Security:...

  11. CHAPTER 7: IT STAFF DISASTERS
    (pp. 99-110)

    Every modern organization will usually have several staff or departments (internal or outsourced) for maintaining and troubleshooting the IT infrastructure. Such staff or departments are usually called IT staff, tech support, and technical assistance, etc. They usually have specialized training and the skills necessary for maintaining critical IT equipment. For example, you could have a specialized team just to manage backups and restorations of various servers in your organization. They could be trained in using the backup software, how to back up, what to back up, how to restore, etc. Or there could be a dedicated team just to manage...

  12. CHAPTER 8: IT VENDOR DISASTERS
    (pp. 111-121)

    All organizations depend on a number of external and third-party agencies for hardware, software, telecom, support, consumables, spares, and other IT equipment. It is not possible to run any organization without having one or more IT vendors supporting some critical equipment or function. Selecting the right vendor is therefore of utmost importance to get timely support and assistance during all problems. For example, if an organization is heavily dependent on e-mail for its business, the vendor who supplies and supports the e-mail software will be very critical to the organization’s business. If the e-mail vendor goes out of business then...

  13. CHAPTER 9: IT PROJECT FAILURES
    (pp. 122-132)

    Modern organizations today require myriads of IT equipment like computers, telecom devices, data and voice lines, security devices, firewalls, software, etc. Proper selection, installation, configuration and maintenance of those IT environments are of crucial importance. Implementation, configuration and handover of such equipment can be considered as an IT project. For example, installing a new local area network with the necessary servers, e-mail, Internet, desktops, preloaded software, etc, for a new office can be classified as an IT project. Dozens of factors must be considered during an IT implementation. Some of the common, and most important, factors to be considered in...

  14. CHAPTER 10: INFORMATION SECURITY
    (pp. 133-140)

    Organizations can suffer from various disasters if critical information and data is compromised by any means. Organizations will rely on several types of data. Some of the information can be confidential and must not be viewed or altered by unauthorized persons. For example, the salary details of all your employees cannot be made public for everyone to know or view. Or your company payment or ecommerce website can be breached and defaced by hackers, causing reputation damage. Hence, it is necessary to have a protective envelope around the various kinds of data that an organization uses. This is information security....

  15. CHAPTER 11: DISASTER RECOVERY TOOLS
    (pp. 141-144)

    This chapter will outline various IT tools and services available to implement disaster recovery. The information is based on the respective websites and brochures: mention of any tools is not an endorsement, promotion or sales recommendation for the products or services. Organizations are advised to fully evaluate the features of the products to see whether they suit their business, technical and commercial requirements. Not all tools may be required for all organizations. Most of the websites allow you a time-bound evaluation copy for download.

    Backup tools: Reliable data backup software is the most important and basic system requirement in any...

  16. CHAPTER 12: INTRODUCTION TO NON-IT DISASTERS
    (pp. 145-175)

    Within an organization every department will have its own importance and dependency on others. Every department must function collaboratively to ensure continued revenues and future business. Major equipment failures are not the only disasters that can happen. Disasters can happen in many other areas as well. Risks and potential disasters lurk everywhere. Some of the non-IT disasters that can strike an organization are:

    Trade or labour union problems

    Project failures

    Human error

    Marketing and sales blunders

    … and numerous other disasters.

    This chapter outlines various non-IT disasters that can strike your organization. The aim of the chapter is not to...

  17. CHAPTER 13: DISASTER RECOVERY AT HOME
    (pp. 176-184)

    As home PCs and Internet access have become more and more widespread, so the number of people working from home has increased enormously over the last few years. Whatever the size of your organization, it is almost inevitable that you have a number of people working from home, whether on a regular or occasional basis, from the CEO burning the midnight oil on the annual business plan, to sales people working up their Powerpoint presentations for a pitch the next morning to data-input teleworkers. In their own way, these people all expose the organization to risk of one sort or...

  18. CHAPTER 14: PLENTY OF QUESTIONS
    (pp. 185-193)

    Here is a long assorted list of general and specific questions business owners can ask themselves, or the persons responsible for disaster prevention and recovery.

    This chapter contains dozens of questions related to DR and BC planning but there is one important question that must be answered first before any work can start on creating a proper DR or BC setup:

    How do you get commitment by top management for DR and BC planning?

    It is easy to get the best possible plans, technical equipment, manpower, external consultants, etc, for establishing a proper disaster recovery setup if an organization is...

  19. CHAPTER 15: HOW DO I GET STARTED?
    (pp. 194-238)

    Disaster recovery and business continuity is complex and involves much cost and effort. In order to get started it is necessary to first have a plan and an initial scope for the project. A plan need not or cannot be accurate or detailed from day one. It evolves and matures over time depending on experience, what is learnt, roadblocks, mistakes, etc. Most business managers think that business continuity is primarily the IT department’s job. It is not. Though IT is used extensively in businesses it is not the responsibility of the IT department alone, nor can they be blamed for...

  20. APPENDIX 1: SOURCES OF FURTHER INFORMATION
    (pp. 239-242)
  21. APPENDIX 2: DISASTER RECOVERY TRAINING AND CERTIFICATION
    (pp. 243-247)
  22. APPENDIX 3: BUSINESS CONTINUITY STANDARDS
    (pp. 248-251)
  23. APPENDIX 4: MAKING DR AND BC EXCITING
    (pp. 252-253)
  24. APPENDIX 5: DISASTER RECOVERY GLOSSARY
    (pp. 254-287)
  25. APPENDIX 6: ITG RESOURCES
    (pp. 288-289)