IPT :: Workbook 3

home about workbooks subscribe

Workbook 3 : Disaster Recovery In Complex Networks

LEARN HOW TO:

How an organisation can get its critical applications functioning sufficiently quickly to avert a major and irreversible disaster.
How to prepare an IT environment so that it can be recovered in the event of a disaster.
How to identify and rationalise the processes and complexities which are involved in writing a plan.
How to avoid the effect of queued non critical applications becoming critical because of the time lag.
How to prioritise and recover databases held on distributed file servers.

WORKBOOK OBJECTIVES:

Organisations who have large and distributed networks often do not have a recovery plan. One of the reasons is the complexity involved in designing and writing a plan and the feeling that with a distributed system they will not lose all their processing power at one time. Yet, "Statistics indicate that 80% of companies who suffer a major disaster, and do not have any form of continuity of contingency capability go into liquidation within 18 months". Graham Heath, Director of Norwich Union Risk services How organisations can avoid this situation is examined in this workbook.

The essential need of diaster recovery success is to use all the organisation's key human resources to write the plan, how this can be accomplished is also discussed, as are ways to win line management and user cooperation in designing and evaluating the plan. The costed plan then needs to be written and cooperation is needed for this so that a central editing team can produce the finished document, again methods for achieving this end are discussed.

Testing is covered together with the pitfalls. How staff can be encouraged to cooperate and give useful feed back to the Disaster Coordinator is examined as well as methodologies for acceptably updating the plan in the light of the test. Once written and tested the plan has other uses and these are examined, as are real life disasters, to ensure that all aspects of recovery are considered.

WHO SHOULD USE THIS WORKBOOK:

Workbook is targeted for anyone concerned with the integrity and availability of a business function that operates through a network of computers.

order today

Modules:

1. BUSINESS CONTINUITY

Business Continuity
Threats and triggers
Who should lead?
Business disaster life cycle
Problems inherent in plans
Recovery plan work flow
The Steering Committee
The Administrator
Problems inherent in plans
Insurances
- Consequential loss
- Recreation costs
- Insurance level assessments
Disaster Costings
Impact and single loss
Actuarial calculation
Points to consider
Check list
Case study

2. OFFICE BUILDING SECURITY

Electricity and electrical equipment
Flood
Fire
Entry controls
Check List

3. REDUCING THE RISK OF IT DISASTER

Finding vulnerabilities in the system
Survey
- Databases
- Personnel
- Programming
Physical security
Access control
Communications
Internet
Webs
Intranets
Extranets
PCs and terminals
Computer security risk management
Business risk analysis
Risk analysis
Check list
Case Study

4. DETERMINING BUSINESS NEEDS

Business requirements
Command and Control
Department plans
- Directors
- Line managers
- Supervisors
- Staff
Analysis of requirements
Information gathering
Disaster Triggers
Analysis of the business process
Check list

5. IT PROCESSING REQUIREMENTS

Business requirements and applications
Collaboration on the plan
Reaching consensus
Selecting support sites and continuity strategy
- Cold start
- Flying start
- Hot start
Selecting the recovery site
Node triangularisation
Homeworking
Displaced staff
Check list
Case study

6. DESIGNING THE BACKUP AND RECOVERY SOLUTION

Interoperabilitiy
Data
- Application data
- Meta data
- System data
Available backup options
Pint in time
On-line copies
Incremental copies
Log data
Taking backup data
Centralised and decentralised backup
Scope of the recovery
Alternate site
Distance between sites
Recovery configuration
Program and database considerations
- Application programs
- Database considerations
Cost of recovery
- The plan
- Continuity of the plan
- Cost of the disaster
Speed of recovery
Completeness of recovery
Recovering file servers
Available software

7. HOME WORKING AS A BUSINESS CONTINUITY STRATEGY

Pilot projects
Anticipated savings
Corporate savings
Legal requirements
Homeworking and the Plan
- As part of daily procesing
- Costs
Intranet Web use
Disadvantages in home working
Designing and using home working within the plan
Security

8. PRESENTING THE PLAN

Presentation to the board
Purpose of the presentation
Keeping meetings in track
- The presenter
Objectives in presenting the plan
Dress rehearsals
Closing techniques o produce decisions
Ending the meeting
Check lists
Project

9. EXPANSION DURING A RECOVERY

Business impacts
Web site
- Web costs
- Customer liaison
Integrate Web sites
Homeworking
Public relations
Check list

10. SECURITY ISSUES ON THE WEB AND INTERNET

WWW Overview
Security of Web sites
Modification
Disclosure
Denial
Fraud
Extortion
Espionage
Organised Crime
The real threats
Browser and Server security
Security problems of active content
The server
Root directories
- Server side includes
- Security overrides
Server authentication
Extranets
- Home working with extranets
- Knowledge espionage
Check list

11. MOVING A NETWORK

Moving a network and the BCP
- Team organisation
- Group functions
- Identifying tasks
- Internal relations
- Goals for planning effort
- Security
Final week

12. LESSONS FROM HISTORY

Extortion
- Growth of cyber terrorism
- Protection
- Extortion and the BCP
The 1993 terrorist bombings
- City of London
- New York
Lessons learned

13. BOMB THREATS

Activities on receipt of a threat
Preparations
Major bomb plants
Postal bombs
Proactive moves
Bomb searches
Reactive moves

14. WRITING THE PLAN

Disaster response guidelines
Staff responses to general emergencies
- Bomb alerts
- Earthquake and storm
- Explosion
- Fire
- Flood
- Extortion
- Hostage taking
- Power failure
- Riot
- Robbery
- Toxic waste
- Water leak
Requirements analysis and research
Solution definition
Examples of IT alternatives
- Sales ledger and accounts receivable
- Sales invoices
- Purchase ledger accounts payable
- Cost accounting
- Customer service
- Work in progress
- Inventory control
- Product scheduling
- Goods received
- Shipping
- Payroll
Pre-disaster considerations
Documenting the plan
Solution refinement
Main deliverables
Existing documentation
Software packages
Case study

15. VALIDATING THE PLAN

Maintenance
Plan updates
- Audit of packages
- Pre test activities
- Acceptance criteria
The test
- Post mortems
Line managers and the test
Check list of key recovery information
- Communicating the plan
Training
External

16. TRAINING

Staff in general
Targeting the programme
Public seminars
External training
Check list

17. SECURITY OF THE RECOVERY

Organised crime
Recovery Risks
Security of backup data and software
- Ensuring backup data is usable
Security of transmissions
- Crypt
- DES
- Triple DES
- Public key
- Clipper
- PGP
- IDEA
- SSL
- S-HTTP
Keys
- Key management
- Security requirements
Authentication
Homeworking security
Primary and alternate site security
- Command and control
- Physical security
- Documentation
Security of permanent and temporary staff
- Travelling and housing
- Screening temporary staff
Types of firewalls
- VPNs
Case Study

Webmaster