Disaster Recovery

Comparison between ISACA and DRII Business Continuity Plan

root — Fri, 15 Aug 2008 21:51:04 -0500

DRII vs ISACA Business Continuity Plan Comparison

ISACA (Information System Audit and Control Association) and DRII (Disaster Recovery Institute International) are the two organizations that have a competency to release the right procedure and step by step for Business Continuity Management. However, if you see each step from ISACA and DRII, you can find some small differences approach on it. Here is some example:

ISACA Business Continuity
1. Project management and initiation
2. Business impact analysis
3. Recovery strategy
4. Plan design and development
5. Training and awareness
6. Implementation and testing
7. Monitoring and maintenance

Business Continuity Management Guidelines from The Institute of Internal Auditors

root — Thu, 31 Jul 2008 17:40:59 -0500

The Institute of Internal Auditors recently releases Business Continuity Management Guidelines. This GTAG focuses on how business continuity management (BCM) is designed to enable business leaders to manage the level of risk the organization could encounter in the case of a natural or man-made disruptive event that affects the extended operability of the organization.

The guide includes:
- Disaster recovery planning for continuity of critical information technology infrastructure, and
- Business application systems.

Download Page

Disaster Recovery Planning, Seven simple step

root — Sun, 06 Jul 2008 04:16:48 -0500

Step 1 – Admit the possibility of disaster
Just as the first step to personal recovery is admitting one has a problem, so the first step in BCDR planning is to admit the organization faces tangible threats that could jeopardize its prosperity – or its survival. Until this first step is taken at a senior leadership level, go no further.

Step 2 – List and categorize likely threats to the organization
The nature of the business and its physical and social environment will influence the types of threats an organization might face. Once the threats are listed, they should be categorized according to their likely impact on various systems. The cost of the response should be balanced against the tolerance for system downtime -- the less downtime that can be tolerated, the more it will cost to create an appropriate response. Some systems must be functioning again within minutes or seconds, while others can be down a few hours, and still others can be down for a few days without serious consequences.

Step 3 – Outline the organization’s BCDR technology infrastructure
The key technology elements

Is America ready for business continuity

root — Thu, 19 Jun 2008 02:26:32 -0500

According to latest research from AT&T the answer are:

Nearly 30 percent of U.S. businesses don't consider business continuity planning a priority.
Two-thirds of IT executives predict that hacking will be the biggest threat in the next five years.
The next most frequently mentioned threats are internal:
Accidents — 56 percent
Sabotage — 47 percent
Remote workers — 44 percent

Levels of assurance in Disaster Recovery Plan

root — Sat, 24 May 2008 08:30:49 -0500

There is a propensity for the leader of every business unit to have an inflated sense of the criticality of the systems, services and contribution of their area. In order to sort out the priorities it is necessary to determine a level of assurance that is appropriate. An organized, defined set of assurance levels can be developed in terms of the following five standards, with a rough correspondence to maximum tolerable outages:

1. Platinum (five stars) – maximum tolerable outage less than hours;
2. Gold (four stars) – maximum tolerable outage up to one day;
3. Silver (three stars) – maximum tolerable outage up to one week;
4. Bronze (two stars) – maximum tolerable outage up to one month;
5. No standard – no defined tolerable outage.

14 step for family Disaster Recovery Plan

root — Wed, 26 Mar 2008 08:33:51 -0500

Meet with everyone in your household and discuss the types of disasters that are most likely to occur in your area. Work together to decide what to do in each case. Write your plan down on paper, and keep it in your family files.
Since disasters often strike entire communities rather than just a single home, share your plan with neighbors and encourage them to develop their own plan. Share your plan with family members or friends living outside your town.
Select two places to meet if an emergency strikes. In case of sudden emergencies, such as a fire, pick a spot in the neighborhood outside your home. In a widespread emergency when you can't get back home, pick a spot outside your neighborhood. Make sure everyone knows the address and phone number.

Nine type of IT Disaster

root — Fri, 21 Mar 2008 19:56:17 -0500

There are nine type of IT Disaster that could be happen every day in IT environment, from user error to hardware failure. This article discussed how IT Disaster happened and how we could prepare against this matter. The original list taken from Unix Backup and Recovery by W. Curtis Preston

1. User error

This has been, by far, the biggest percentage of restores in every environment that I have seen. "Hey, I was sklocking my flambality file, and I accidentally pressed the jankle button. Can you restore it, please?" This one is pretty easy, right? What about the common question: "Can you restore it as of about an hour ago?"

2. System-staff error

This is less common than user error (unless your users have root), but when it happens, oh boy, does it happen! What happens when you newfs your Informix raw device or delete a user's home directory? These restores need to go really fast, since they're your fault. As far as protecting yourself from this type of error, the same is true here as for user errors-either typical nightly backups or snapshots can protect you from this.

3. Hardware failure

Most books talk about protecting yourself from hardware failure, but they usually don't mention that hardware failure can come in two forms: disk drive failure and system-wide failure. It is important to mention this, because it takes two entirely different methods to protect yourself from these failures. Many people do not take this into consideration when planning their data protection plan.

ISO 24762 IT Disaster Recovery, New ISO released

root — Sun, 09 Mar 2008 20:56:42 -0500

New ISO/IEC 24762:2008 provides guidance on:

Implementing, operating, monitoring and maintaining the necessary facilities and services necessary for disaster recovery.
Fallback and recovery support for the organization’s ICT systems.
The capabilities which outsourced ICT disaster recovery service providers should possess and the practices they should follow, so as to provide basic secure operating environments and facilitate the organizations' recovery efforts.
The selection of a recovery site (e.g. considering factors such as environmental stability, good infrastructure, etc.), and
Requirements for ICT DR service providers to continuously improve their ICT DR services.

view standard here

Six step to develop Disaster Recovery Plan

root — Sun, 09 Mar 2008 01:04:37 -0600

How to develop Disaster Recovery Plan for your company? This simple guidance from W. Curtis Preston in his book Unix Backup and Recovery tell us six step to develop Disaster Recovery Plan. Here is the list.

1. Define (un)acceptable loss / Risk Assessment

“…Before you develop a disaster recovery plan, decide how much you will lose if you don't. That will help you decide how much time, effort, and money to spend on a disaster/recovery plan…”

Curtis give pressure on define unacceptable loss, or in the other ways perform a Risk Assessment for entire scenario. As we know that risk could be transferred (insurance), mitigated (by control it) or even accept the risk.

2. Back up everything.

“…You have to make sure that everything is backed up-including data, metadata, and the instructions you'll need to get them back…”

Curtis said to backup everything, (as long as you can have it), the basic principle is we could protect any kind of asset that we have.

3. Organize everything.

You have everything on backup volumes. But can you find the volume you need when disaster strikes? The key to being able to find your backups is organization.

Top 10 deadliest Earthquake in the world

root — Fri, 07 Mar 2008 09:20:25 -0600

During business impact analysis, IS auditor should make an regular analysis with each environmental exposures such as earthquake. And here is the list
Top 10 deadliest earthquake in the world