Disaster Recovery and Business Continuity 3rd edition

Disaster Recovery and Business Continuity 3rd edition: A Quick Guide for Small Organizations and Busy Executives

THEJENDRA B.S
Copyright Date: 2014
Published by: IT Governance Publishing
Pages: 284
https://www.jstor.org/stable/j.ctt7zsx6g
  • Cite this Item
  • Book Info
    Disaster Recovery and Business Continuity 3rd edition
    Book Description:

    What would you do if your systems were hacked or compromised by a virus? How would your IT systems cope in the event of flooding or an explosion?

    What if your IT systems simply stopped working?

    IT has brought many benefits to business. However, IT failures can seriously damage your ability to deliver products and services, harm your company's reputation, and jeopardise your relationship with your customers. In short, poorly managed IT problems could threaten the survival of your business.

    Create a Survival Plan

    If you want to protect your business, you need to put in place a business continuity (BC) and disaster recovery (DR) plan to help your business survive.Disaster Recovery and Business Continuity, a quick guide for organisations and business managersshows you how to develop a plan that will:

    keep your information safesafeguard your company from viruses and phishing scams.store data safely, and prevent years of work from being lost by accident.ensure your communication links are secure, and keep you connected when disaster strikesbomb-proof your dataprotect your data in the event of fire or flood.

    Read this practical guide and start building a business survival plan today

    eISBN: 978-1-84928-539-1
    Subjects: Technology

Table of Contents

  1. Front Matter
    (pp. 1-4)
  2. ABOUT THE AUTHOR
    (pp. 5-5)
  3. FOREWORD
    (pp. 6-7)
    Alan Calder

    The increasing dependence of organisations on IT systems and the growing range of threats they face, from an act of nature to a terrorist attack, means that organisations that are unprepared for the worst will not usually survive the unexpected. Therefore, over the last ten years disaster recovery and business continuity have become critical business issues.

    Business continuity is one of the most important areas of operational risk. This was recognised by the regulatory authorities in the Basel Accord, legislation from the UK’s Companies Act 2006 and the US Sarbanes-Oxley Act, which all require an organisation’s directors to take appropriate...

  4. PREFACE
    (pp. 8-9)
    Thejendra B.S
  5. Table of Contents
    (pp. 10-15)
  6. CHAPTER 1: INTRODUCTION TO DISASTER RECOVERY AND BUSINESS CONTINUITY
    (pp. 16-54)

    During the last decade, organisations have undergone huge technical and non-technical transformations, and in the last few years the business world has changed significantly. Regardless of the industry, more and more organisations around the world are operating 7 days a week, 24 hours a day. Competition has increased dramatically, and multiple options for a customer’s demand are available at the click of a mouse. Even a small organisation with only a few staff members depends on technology to compete globally in order to remain in business, which is of paramount importance to every organisation. It’s almost impossible to run any...

  7. CHAPTER 2: DATA DISASTERS
    (pp. 55-73)

    This chapter deals with the various ways in which an organisation’s data can be exposed to risk and the possible prevention methods.

    Data is generally defined as ‘factual information, especially information organised for analysis or used to reason or make decisions’. An organisation may have various kinds of data in various formats, for example, important finance documents in Microsoft® Excel® spreadsheets, computer files in Microsoft® Word® documents, databases, e-mails, information on members of staff and customer details. Different organisations view data with varying importance. For example, a credit card supplier will consider the details of the cards numbers as extremely...

  8. CHAPTER 3 VIRUS DISASTERS
    (pp. 74-81)

    A computer virus is a software program, that is usually written by an intelligent troublemaker (unethical software programmer), to wreak havoc on other computer programs. They may come in all shapes and forms and serve no useful purpose. The intention of a virus is to exploit any vulnerability in an operating system or program, and they have caused a substantial amount of financial damage to many organisations worldwide. Some viruses are harmless and can simply pop up with annoying messages, whereas others are deadly and can very quickly completely wipe out the data on a hard disk. A virus attack...

  9. CHAPTER 4: COMMUNICATION SYSTEM DISASTERS
    (pp. 82-87)

    Organisations have come a long way in exchanging information internally and externally from the good old days of plain telephones and telex. Today we have a variety of voice and data communication methods that companies have become heavily accustomed to. In fact, many would practically shut down if their communication links fail. For example, a large, well established online book seller like Amazon. com may lose hundreds of thousands of pounds if communication links to their website fail for even a short period of time, say during a peak shopping time like Christmas. Even a smaller organisation or contractor will...

  10. CHAPTER 5: SOFTWARE DISASTERS
    (pp. 88-94)

    For an organisation to function, it will need several different types of computer. Each computer usually has pre-installed software known as the operating system, for example, Windows ® 7, Windows® 8, or Linux. However, with only the operating system installed it isn’t possible to do anything useful. Additional software known as an application, such as, Microsoft® Office®, databases, e-mail, web software, finance applications, reporting tools and business applications also have to be installed for them to be of use in a work environment.

    Such software is normally provided by third-party contractors, or is sometimes developed in-house. It’s very complicated, and...

  11. CHAPTER 6: DATA CENTRE DISASTERS
    (pp. 95-100)

    A computer data centre is a secure room, or rooms, where an organisation’s mission critical servers and other important equipment are housed. A data centre is the heart of any modern organisation, and a disaster here can very quickly bring it to a complete standstill. Special precautions need to be taken to prevent IT disasters, especially within a data centre.

    A data centre should be built with extreme care and conform to all international safety standards. It should be located in a room that’s spacious, fire and waterproof, anti-static, ventilated, air conditioned and has UPS. An organisation should ensure that...

  12. CHAPTER 7: IT STAFF MEMBER DISASTERS
    (pp. 101-110)

    Every organisation will usually have several members of staff, or departments (internal or outsourced) for maintaining and troubleshooting the IT infrastructure. They are usually referred to as members of IT staff, technical support or technical assistance, and usually have specialised training and the necessary skills for maintaining critical IT equipment. For example, there may be a specialised team solely to manage back-ups and restorations of various servers, who are trained in using the software, that is, how and what to back up, how to restore, etc., or a dedicated team to manage and operate e-mail systems.

    No organisation can run...

  13. CHAPTER 8: IT CONTRACTOR DISASTERS
    (pp. 111-121)

    Any external organisation that supplies technology related equipment, software or services to an organisation is called an IT contractor. All organisations depend on a number of external and third-party agencies for hardware, software, telecom, support, consumables, spares and other IT equipment. This is because it isn’t possible to run any organisation independently without depending on one or more IT contractors for supporting some critical equipment or function. Selecting the right contractor is, therefore, of utmost importance to ensure timely support and assistance during all problems.

    A disaster occurring to a critical IT contractor is indirectly a disaster for any organisation...

  14. CHAPTER 9: IT PROJECT FAILURES
    (pp. 122-130)

    An organisation may require a myriad of IT equipment, such as computers, telecom devices, data and voice lines, security devices, firewalls and software. Proper selection, installation, configuration, and maintenance of IT environments are of crucial importance, and the implementation, configuration and handover of the equipment can be considered as an IT project. For example, installing a new LAN with the necessary servers, e-mail, internet, desktops and preloaded software for a new office can be classified as an IT project. Many factors must be considered during an IT implementation. Some of the most common and important factors to be considered in...

  15. CHAPTER 10: INFORMATION SECURITY
    (pp. 131-134)

    An organisation may rely on several types of data for its day-to-day business functions and to compete in the market. Some of this data can be highly confidential and must not be viewed, or altered, by unauthorised persons. If such information is somehow compromised then an organisation can get into serious trouble. For example, the salary details of its members of staff shouldn’t be made viewable to the public, or its payment or e-commerce website might be breached and defaced by hackers, causing damage to its reputation. It’s necessary to have a protective envelope around the various kinds of data...

  16. CHAPTER 11 CYBER SECURITY ISSUES
    (pp. 135-142)

    Cyber security is information security principles applied to an organisation’s computers and networks. It contains technologies and processes designed to protect computers, networks and data from unauthorised access, vulnerabilities and attacks routed via the Internet by cyber criminals.

    A cyber criminal is someone who commits crimes using computers, internet and software. These criminals attack computers, individuals or organisations to perform malicious activities, such as spreading viruses, data theft, identity theft, fraud or to steal sensitive data. Cyber criminals have come a long way from being mischievous individuals to government sponsored organisations who use it for espionage or electronic terrorism on...

  17. CHAPTER 12: INTRODUCTION TO NON-IT DISASTERS
    (pp. 143-164)

    The aim of this chapter is not to cover every conceivable disaster comprehensively. Rather, it’s to raise awareness about the type of disaster that could befall an organisation, prompt it to analyse the specific risks faced, and to encourage it to include the most relevant scenarios in its DRP and BCP.

    Every department within an organisation will have its own importance and dependency on others, and each must function collaboratively to ensure continued revenues and future business. Major equipment failures aren’t the only disasters that can happen – they can happen in many other areas as well. Risks and potential disasters...

  18. CHAPTER 13: DISASTER RECOVERY AT HOME
    (pp. 165-172)

    As personal computers (PCs), internet access and higher bandwidths have become more and more widespread the number of people working from home has increased enormously. Whatever the size of an organisation, it’s almost inevitable that it has members of staff working from home. This may be on a regular or occasional basis, such as the CEO burning the midnight oil on the annual business plan, sales people working up their PowerPoint ® presentations for a pitch the next morning, or data-input teleworkers. In their own way, all of these people expose the organisation to risks of one sort or another....

  19. CHAPTER 14: PLENTY OF QUESTIONS
    (pp. 173-179)

    This chapter contains dozens of useful questions that can be used to establish a workable DR and BC setup for an organisation.

    (Yes, No or N/A for each)

    Are the existing DR processes adequate?

    Are the offices close to airports or military areas prone to various threats?

    Are the offices close to factories and chemical plants that manufacture hazardous substances?

    Are there proper access control systems to prevent unauthorised persons entering the premises?

    Are members of staff allowing strangers and unauthorised persons into the premises?

    Are there proper security policies and guidelines published?

    Are the offices and workplaces fireproof and...

  20. CHAPTER 15: HOW DO I GET STARTED?
    (pp. 180-225)

    DR and BC can be complex activities involving cost and effort. In order to get started it is necessary to first have a plan and an initial scope for the activities. A plan need not, and cannot, be accurate or detailed from day one. It evolves and matures over time, depending on experience, what is learned, roadblocks and mistakes. Secondly, most of an organisation’s business managers think that BC is primarily the job of the IT department, but it’s not. Although it’s used extensively in organisations, it’s not the responsibility of the IT department alone, nor can they be blamed...

  21. APPENDIX 1: DISASTER RECOVERY TRAINING AND CERTIFICATION
    (pp. 226-230)
  22. APPENDIX 2: BUSINESS CONTINUITY STANDARDS
    (pp. 231-232)
  23. APPENDIX 3: MAKING DR AND BC EXCITING
    (pp. 233-234)
  24. APPENDIX 4: DISASTER RECOVERY GLOSSARY
    (pp. 235-280)
  25. ITG RESOURCES
    (pp. 281-284)