SlideShare a Scribd company logo

ESEI White Paper-Disaster Recovery "A Risk Assessment Exercise"

ESEI
ESEI

In this paper, I address the importance of Disaster Recovery Planning when it comes to protecting business IT from the effects of natural and man-made calamities.

TechnologyBusiness
1 of 3
Download to read offline
  “Delivering integrated solutions since 1994”   Disaster Recovery Planning “A Risk Assessment Exercise” By: J. Antonio Rico, P.E. Dear Reader:  Did you know that the State of Texas ranks number one when it comes to natural disasters in  the United States?  That is right; according to the Federal Emergency Management Agency  (FEMA) website Texas has had 86 major disasters.  And even though the “big flood” of 2006 and  the “big freeze” of 2011 were not catalogued as major disaster, they did create havoc in our  International Borderplex area of El Paso, TX, Las Cruces, NM, and Juarez, MX.  During these two  natural events, area business activity was considerably reduced because businesses  experienced problems such as flooding, loss of electricity, loss of Internet and telephone, etc.  and in some cases, loss of line‐of‐business  applications and data.   According to the Richmond House Group, 20% of small and midsize businesses will suffer a  major disaster causing loss of critical data every five years.  This figure is important for us in our  area; in El Paso, TX 80 % of businesses are considered to be small to midsize.  In this paper, I address the importance of Disaster Recovery Planning when it comes to  protecting business IT from the effects of natural and man‐made calamities.  The most critical  part of a (DRP) is to assess the risk systems, applications, and data are exposed to and to  implement measures to reduce or eliminate such exposure.  Thank you 
Disaster Recovery Planning “A Risk Assessment Exercise” By: J. Antonio Rico, P.E. Introduction In recent years, the topic of how can a business recover from a major disaster has gain notoriety and is requiring business decision makers to assess the potential of a major catastrophe, its impact on the ability of the business to continue operations, and the development of steps that will bring the business back to full operation in a timely manner. The intent of this paper is not to define what a catastrophe is, how often one happens, or what geographic areas are most commonly affected. The intent is simply to highlight the importance of assessing the potential risks that a business’s Information Technology infrastructure faces and that it could impede the business’s ability to serve its clients. This is the first and most critical step, in the preparation of a sound Disaster Recovery Plan (DRP), which is a component of the Business Continuity Plan (BCP). Disaster Recovery vs. Business Continuity At this point, it is important to distinguish between the concepts of Disaster Recovery Plan and the Business Continuity Plan. The DRP is a set of policies and procedures set to restore critical infrastructure, such as IT, to its full operating capacity while BCP lays out the roadmap for the business functions, i.e., Human Resources, Accounting, Facilities, etc., required for the business to continue operating under the effects of an adverse condition be it a natural or a man-made disaster. In this paper, IT infrastructure refers to the telecommunications services used for voice and Internet connectivity, network and computer hardware, wired and wireless connections, applications, data back-up, and any other infrastructure used in connecting the business to its clients and suppliers. Assessing Risk Assessing risk can be accomplished by performing an impact analysis of the critical data, strategic roles, and IT resources that support the business processes. The risk assessment must evaluate both the external and internal factors. The external factors include suppliers and vendors while the internal factors include the business’s own infrastructure, processes, personnel, etc. The impact analysis will help define two important and widely used parameters, Recovery Point Objective (RPO) and Recovery Time Objective (RTO), for each of the systems that need to be restored first or prioritized. RPO defines the maximum amount of time that data might be lost. RTO is the amount of time allowed for a business process to be restored to operation. These numbers will impact the cost to implement a DRP; solutions that enable recovery over days or weeks (longer RTO) are typically much less expensive than solutions that enable a business to recover in hours, minutes or seconds (short RTO). Once the RPO and RTO parameters are defined, each area of the IT infrastructure must be analyzed to determine ways to prevent failure, detect potential threats, and correct any
problems within the allowable objectives. Some of the areas that will have to be assessed include, but are not limited to: 1. Telecommunications Service – What is the Internet and Telephone service provider level of service; i.e., Response time? Is the service redundant? 2. Network and Computer Hardware Location – Is the IT hardware located in an area prone to flooding or access by unauthorized people? Are the systems covered by maintenance plans? Is there sufficient and adequate protection against fire? 3. Electrical Service – Is the electrical service supplying the Network and Computer Hardware reliable? Is there a back-up power source? Are there Uninterruptible Power Supplies (UPS) protecting the hardware? 4. Data Back-up Systems – Is the data being backed up appropriately? Are the back-ups being tested periodically? Are the back-ups held on-site or off-site? 5. Servers - Do servers have the right hard drive protection, i.e. RAID? Is there a “snapshot” of the configuration that would allow a prompt restoration of a failed machine? 6. Wireless Devices – Is there the proper security policies in place to prevent unauthorized access to the network? 7. IT Policies – Are there policies in place to reduce the unauthorized use of passwords? Do users understand the approved network and computer system uses? In Closing Before any Disaster Recovery Plan can be developed, the risks associated with the IT infrastructure must be thoroughly assessed. This assessment must be conscientious to ensure that no possibility is ignored. The results of the risk assessment will be the base for the completion of a sound DRP. It is important to note that the risk assessment is a continuous action item that will have to be tested anytime a new system or application is added or anytime the network is modified. Failure to do so will result in an ineffective Disaster Recovery Plan. About the Author J. Antonio Rico, P.E. is the President of ESEI; a Telecommunications Engineering and IT Services company that plans, designs, integrates, and manages networks and systems.

Recommended

IT6701-Information Management Unit 5
IT6701-Information Management Unit 5IT6701-Information Management Unit 5
IT6701-Information Management Unit 5SIMONTHOMAS S
 
MISO L008 Disaster Recovery Plan
MISO L008 Disaster Recovery PlanMISO L008 Disaster Recovery Plan
MISO L008 Disaster Recovery PlanJan Wong
 
Notes prep guide
Notes prep guideNotes prep guide
Notes prep guideElkanouni Mohamed
 
Information system availibility control
Information system availibility controlInformation system availibility control
Information system availibility controlShashwat Shriparv
 
Overcoming Hidden Risks in a Shared Security Model
Overcoming Hidden Risks in a Shared Security ModelOvercoming Hidden Risks in a Shared Security Model
Overcoming Hidden Risks in a Shared Security ModelOnRamp
 
What every CEO needs to know about Califorinia's new data breach law
What every CEO needs to know about Califorinia's new data breach lawWhat every CEO needs to know about Califorinia's new data breach law
What every CEO needs to know about Califorinia's new data breach lawDavid Sweigert
 
Growing Pains for Human Resources
Growing Pains for Human ResourcesGrowing Pains for Human Resources
Growing Pains for Human ResourcesHuman Capital Media
 
Cyber(in)security: systemic risks and responses
Cyber(in)security: systemic risks and responsesCyber(in)security: systemic risks and responses
Cyber(in)security: systemic risks and responsesblogzilla
 

Recommended

IT6701-Information Management Unit 5
IT6701-Information Management Unit 5IT6701-Information Management Unit 5
IT6701-Information Management Unit 5SIMONTHOMAS S
 
MISO L008 Disaster Recovery Plan
MISO L008 Disaster Recovery PlanMISO L008 Disaster Recovery Plan
MISO L008 Disaster Recovery PlanJan Wong
 
Notes prep guide
Notes prep guideNotes prep guide
Notes prep guideElkanouni Mohamed
 
Information system availibility control
Information system availibility controlInformation system availibility control
Information system availibility controlShashwat Shriparv
 
Overcoming Hidden Risks in a Shared Security Model
Overcoming Hidden Risks in a Shared Security ModelOvercoming Hidden Risks in a Shared Security Model
Overcoming Hidden Risks in a Shared Security ModelOnRamp
 
What every CEO needs to know about Califorinia's new data breach law
What every CEO needs to know about Califorinia's new data breach lawWhat every CEO needs to know about Califorinia's new data breach law
What every CEO needs to know about Califorinia's new data breach lawDavid Sweigert
 
Growing Pains for Human Resources
Growing Pains for Human ResourcesGrowing Pains for Human Resources
Growing Pains for Human ResourcesHuman Capital Media
 
Cyber(in)security: systemic risks and responses
Cyber(in)security: systemic risks and responsesCyber(in)security: systemic risks and responses
Cyber(in)security: systemic risks and responsesblogzilla
 
Information Security
Information SecurityInformation Security
Information Securitychenpingling
 
Cybertopic_1security
Cybertopic_1securityCybertopic_1security
Cybertopic_1securityAnne Starr
 
Csec 610 Motivated Minds/newtonhelp.com
Csec 610 Motivated Minds/newtonhelp.comCsec 610 Motivated Minds/newtonhelp.com
Csec 610 Motivated Minds/newtonhelp.comamaranthbeg52
 
Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodologyPiyush Jain
 
IRJET- Data Leak Prevention System: A Survey
IRJET- Data Leak Prevention System: A SurveyIRJET- Data Leak Prevention System: A Survey
IRJET- Data Leak Prevention System: A SurveyIRJET Journal
 
Information security risk
Information security riskInformation security risk
Information security riskEtsegenet Fisseha
 
Business Continuity & Disaster Recovery Planning 02 - 04 December 2013 Kuala ...
Business Continuity & Disaster Recovery Planning 02 - 04 December 2013 Kuala ...Business Continuity & Disaster Recovery Planning 02 - 04 December 2013 Kuala ...
Business Continuity & Disaster Recovery Planning 02 - 04 December 2013 Kuala ...360 BSI
 
Cst 610 Motivated Minds/newtonhelp.com
Cst 610 Motivated Minds/newtonhelp.comCst 610 Motivated Minds/newtonhelp.com
Cst 610 Motivated Minds/newtonhelp.comamaranthbeg53
 
Security Analytics and Big Data: What You Need to Know
Security Analytics and Big Data: What You Need to KnowSecurity Analytics and Big Data: What You Need to Know
Security Analytics and Big Data: What You Need to KnowMapR Technologies
 
Are Your PCs and Laptops Recovery and Discovery Ready?
Are Your PCs and Laptops Recovery and Discovery Ready?Are Your PCs and Laptops Recovery and Discovery Ready?
Are Your PCs and Laptops Recovery and Discovery Ready?Iron Mountain
 
Data-Centric Security for the Extended Enterprise
Data-Centric Security for the Extended EnterpriseData-Centric Security for the Extended Enterprise
Data-Centric Security for the Extended EnterpriseNextLabs, Inc.
 
Understanding the security_organization
Understanding the security_organizationUnderstanding the security_organization
Understanding the security_organizationDan Morrill
 
It risk assessment
It risk assessmentIt risk assessment
It risk assessmentHappiest Minds Technologies
 
Disaster and RecoveryBusiness Impact AnalysisSystem .docx
Disaster and RecoveryBusiness Impact AnalysisSystem .docxDisaster and RecoveryBusiness Impact AnalysisSystem .docx
Disaster and RecoveryBusiness Impact AnalysisSystem .docxduketjoy27252
 
Business Continuity for Mission Critical Applications
Business Continuity for Mission Critical ApplicationsBusiness Continuity for Mission Critical Applications
Business Continuity for Mission Critical ApplicationsDataCore Software
 
Will You Be Prepared When The Next Disaster Strikes - Whitepaper
Will You Be Prepared When The Next Disaster Strikes - WhitepaperWill You Be Prepared When The Next Disaster Strikes - Whitepaper
Will You Be Prepared When The Next Disaster Strikes - WhitepaperChristian Caracciolo
 
Disaster Recovery
Disaster RecoveryDisaster Recovery
Disaster RecoverySteven Cahill
 
Contingency Plan WAK BANKS ATM
Contingency Plan WAK BANKS ATMContingency Plan WAK BANKS ATM
Contingency Plan WAK BANKS ATMWajahat Ali Khan
 
Forrester: How Organizations Are Improving Business Resiliency with Continuou...
Forrester: How Organizations Are Improving Business Resiliency with Continuou...Forrester: How Organizations Are Improving Business Resiliency with Continuou...
Forrester: How Organizations Are Improving Business Resiliency with Continuou...EMC
 
Mastering disaster a data center checklist
Mastering disaster a data center checklistMastering disaster a data center checklist
Mastering disaster a data center checklistChris Wick
 
Information Technology Disaster Planning
Information Technology Disaster PlanningInformation Technology Disaster Planning
Information Technology Disaster Planningguest340570
 
IRJET-Comparative Analysis of Disaster Recovery Solutions in Cloud Computing
IRJET-Comparative Analysis of Disaster Recovery Solutions in Cloud ComputingIRJET-Comparative Analysis of Disaster Recovery Solutions in Cloud Computing
IRJET-Comparative Analysis of Disaster Recovery Solutions in Cloud ComputingIRJET Journal
 

More Related Content

What's hot

Information Security
Information SecurityInformation Security
Information Securitychenpingling
 
Cybertopic_1security
Cybertopic_1securityCybertopic_1security
Cybertopic_1securityAnne Starr
 
Csec 610 Motivated Minds/newtonhelp.com
Csec 610 Motivated Minds/newtonhelp.comCsec 610 Motivated Minds/newtonhelp.com
Csec 610 Motivated Minds/newtonhelp.comamaranthbeg52
 
Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodologyPiyush Jain
 
IRJET- Data Leak Prevention System: A Survey
IRJET- Data Leak Prevention System: A SurveyIRJET- Data Leak Prevention System: A Survey
IRJET- Data Leak Prevention System: A SurveyIRJET Journal
 
Business Continuity & Disaster Recovery Planning 02 - 04 December 2013 Kuala ...
Business Continuity & Disaster Recovery Planning 02 - 04 December 2013 Kuala ...Business Continuity & Disaster Recovery Planning 02 - 04 December 2013 Kuala ...
Business Continuity & Disaster Recovery Planning 02 - 04 December 2013 Kuala ...360 BSI
 
Cst 610 Motivated Minds/newtonhelp.com
Cst 610 Motivated Minds/newtonhelp.comCst 610 Motivated Minds/newtonhelp.com
Cst 610 Motivated Minds/newtonhelp.comamaranthbeg53
 
Security Analytics and Big Data: What You Need to Know
Security Analytics and Big Data: What You Need to KnowSecurity Analytics and Big Data: What You Need to Know
Security Analytics and Big Data: What You Need to KnowMapR Technologies
 
Are Your PCs and Laptops Recovery and Discovery Ready?
Are Your PCs and Laptops Recovery and Discovery Ready?Are Your PCs and Laptops Recovery and Discovery Ready?
Are Your PCs and Laptops Recovery and Discovery Ready?Iron Mountain
 
Data-Centric Security for the Extended Enterprise
Data-Centric Security for the Extended EnterpriseData-Centric Security for the Extended Enterprise
Data-Centric Security for the Extended EnterpriseNextLabs, Inc.
 
Understanding the security_organization
Understanding the security_organizationUnderstanding the security_organization
Understanding the security_organizationDan Morrill
 

What's hot (13)

Information Security
Information SecurityInformation Security
Information Security
 
Cybertopic_1security
Cybertopic_1securityCybertopic_1security
Cybertopic_1security
 
Csec 610 Motivated Minds/newtonhelp.com
Csec 610 Motivated Minds/newtonhelp.comCsec 610 Motivated Minds/newtonhelp.com
Csec 610 Motivated Minds/newtonhelp.com
 
Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodology
 
IRJET- Data Leak Prevention System: A Survey
IRJET- Data Leak Prevention System: A SurveyIRJET- Data Leak Prevention System: A Survey
IRJET- Data Leak Prevention System: A Survey
 
Information security risk
Information security riskInformation security risk
Information security risk
 
Business Continuity & Disaster Recovery Planning 02 - 04 December 2013 Kuala ...
Business Continuity & Disaster Recovery Planning 02 - 04 December 2013 Kuala ...Business Continuity & Disaster Recovery Planning 02 - 04 December 2013 Kuala ...
Business Continuity & Disaster Recovery Planning 02 - 04 December 2013 Kuala ...
 
Cst 610 Motivated Minds/newtonhelp.com
Cst 610 Motivated Minds/newtonhelp.comCst 610 Motivated Minds/newtonhelp.com
Cst 610 Motivated Minds/newtonhelp.com
 
Security Analytics and Big Data: What You Need to Know
Security Analytics and Big Data: What You Need to KnowSecurity Analytics and Big Data: What You Need to Know
Security Analytics and Big Data: What You Need to Know
 
Are Your PCs and Laptops Recovery and Discovery Ready?
Are Your PCs and Laptops Recovery and Discovery Ready?Are Your PCs and Laptops Recovery and Discovery Ready?
Are Your PCs and Laptops Recovery and Discovery Ready?
 
Data-Centric Security for the Extended Enterprise
Data-Centric Security for the Extended EnterpriseData-Centric Security for the Extended Enterprise
Data-Centric Security for the Extended Enterprise
 
Understanding the security_organization
Understanding the security_organizationUnderstanding the security_organization
Understanding the security_organization
 
It risk assessment
It risk assessmentIt risk assessment
It risk assessment
 

Similar to ESEI White Paper-Disaster Recovery "A Risk Assessment Exercise"

Disaster and RecoveryBusiness Impact AnalysisSystem .docx
Disaster and RecoveryBusiness Impact AnalysisSystem .docxDisaster and RecoveryBusiness Impact AnalysisSystem .docx
Disaster and RecoveryBusiness Impact AnalysisSystem .docxduketjoy27252
 
Business Continuity for Mission Critical Applications
Business Continuity for Mission Critical ApplicationsBusiness Continuity for Mission Critical Applications
Business Continuity for Mission Critical ApplicationsDataCore Software
 
Will You Be Prepared When The Next Disaster Strikes - Whitepaper
Will You Be Prepared When The Next Disaster Strikes - WhitepaperWill You Be Prepared When The Next Disaster Strikes - Whitepaper
Will You Be Prepared When The Next Disaster Strikes - WhitepaperChristian Caracciolo
 
Contingency Plan WAK BANKS ATM
Contingency Plan WAK BANKS ATMContingency Plan WAK BANKS ATM
Contingency Plan WAK BANKS ATMWajahat Ali Khan
 
Forrester: How Organizations Are Improving Business Resiliency with Continuou...
Forrester: How Organizations Are Improving Business Resiliency with Continuou...Forrester: How Organizations Are Improving Business Resiliency with Continuou...
Forrester: How Organizations Are Improving Business Resiliency with Continuou...EMC
 
Mastering disaster a data center checklist
Mastering disaster a data center checklistMastering disaster a data center checklist
Mastering disaster a data center checklistChris Wick
 
Information Technology Disaster Planning
Information Technology Disaster PlanningInformation Technology Disaster Planning
Information Technology Disaster Planningguest340570
 
IRJET-Comparative Analysis of Disaster Recovery Solutions in Cloud Computing
IRJET-Comparative Analysis of Disaster Recovery Solutions in Cloud ComputingIRJET-Comparative Analysis of Disaster Recovery Solutions in Cloud Computing
IRJET-Comparative Analysis of Disaster Recovery Solutions in Cloud ComputingIRJET Journal
 
Running head Residency DRP Research Paper OutlineResidency DR.docx
Running head Residency DRP Research Paper OutlineResidency DR.docxRunning head Residency DRP Research Paper OutlineResidency DR.docx
Running head Residency DRP Research Paper OutlineResidency DR.docxtodd521
 
Integra: Attack of the Business Killing Monster (Infographic)
Integra: Attack of the Business Killing Monster (Infographic)Integra: Attack of the Business Killing Monster (Infographic)
Integra: Attack of the Business Killing Monster (Infographic)Jessica Legg
 
Mastering disaster e book Telehouse
Mastering disaster e book TelehouseMastering disaster e book Telehouse
Mastering disaster e book TelehouseTelehouse
 
Whitepaper : Building a disaster ready infrastructure
Whitepaper : Building a disaster ready infrastructureWhitepaper : Building a disaster ready infrastructure
Whitepaper : Building a disaster ready infrastructureJake Weaver
 
Unit III AssessmentQuestion 1 1. Compare and contrast two.docx
Unit III AssessmentQuestion 1 1. Compare and contrast two.docxUnit III AssessmentQuestion 1 1. Compare and contrast two.docx
Unit III AssessmentQuestion 1 1. Compare and contrast two.docxmarilucorr
 
RUNNING HEADER Disaster Recovery Plan Information and Documentat.docx
RUNNING HEADER Disaster Recovery Plan Information and Documentat.docxRUNNING HEADER Disaster Recovery Plan Information and Documentat.docx
RUNNING HEADER Disaster Recovery Plan Information and Documentat.docxanhlodge
 
Module 02 Performance Risk-based Analytics With all the advancem
Module 02 Performance Risk-based Analytics With all the advancemModule 02 Performance Risk-based Analytics With all the advancem
Module 02 Performance Risk-based Analytics With all the advancemIlonaThornburg83
 
Running head THREATS, ATTACKS AND VULNERABILITY ASSESSMENT .docx
Running head THREATS, ATTACKS AND VULNERABILITY ASSESSMENT .docxRunning head THREATS, ATTACKS AND VULNERABILITY ASSESSMENT .docx
Running head THREATS, ATTACKS AND VULNERABILITY ASSESSMENT .docxtodd521
 
Risk management by Deepak kumar dwivedi
Risk management by Deepak kumar dwivediRisk management by Deepak kumar dwivedi
Risk management by Deepak kumar dwivediEm Red
 

Similar to ESEI White Paper-Disaster Recovery "A Risk Assessment Exercise" (20)

Disaster and RecoveryBusiness Impact AnalysisSystem .docx
Disaster and RecoveryBusiness Impact AnalysisSystem .docxDisaster and RecoveryBusiness Impact AnalysisSystem .docx
Disaster and RecoveryBusiness Impact AnalysisSystem .docx
 
Business Continuity for Mission Critical Applications
Business Continuity for Mission Critical ApplicationsBusiness Continuity for Mission Critical Applications
Business Continuity for Mission Critical Applications
 
Will You Be Prepared When The Next Disaster Strikes - Whitepaper
Will You Be Prepared When The Next Disaster Strikes - WhitepaperWill You Be Prepared When The Next Disaster Strikes - Whitepaper
Will You Be Prepared When The Next Disaster Strikes - Whitepaper
 
Disaster Recovery
Disaster RecoveryDisaster Recovery
Disaster Recovery
 
Contingency Plan WAK BANKS ATM
Contingency Plan WAK BANKS ATMContingency Plan WAK BANKS ATM
Contingency Plan WAK BANKS ATM
 
Forrester: How Organizations Are Improving Business Resiliency with Continuou...
Forrester: How Organizations Are Improving Business Resiliency with Continuou...Forrester: How Organizations Are Improving Business Resiliency with Continuou...
Forrester: How Organizations Are Improving Business Resiliency with Continuou...
 
Mastering disaster a data center checklist
Mastering disaster a data center checklistMastering disaster a data center checklist
Mastering disaster a data center checklist
 
Information Technology Disaster Planning
Information Technology Disaster PlanningInformation Technology Disaster Planning
Information Technology Disaster Planning
 
IRJET-Comparative Analysis of Disaster Recovery Solutions in Cloud Computing
IRJET-Comparative Analysis of Disaster Recovery Solutions in Cloud ComputingIRJET-Comparative Analysis of Disaster Recovery Solutions in Cloud Computing
IRJET-Comparative Analysis of Disaster Recovery Solutions in Cloud Computing
 
Running head Residency DRP Research Paper OutlineResidency DR.docx
Running head Residency DRP Research Paper OutlineResidency DR.docxRunning head Residency DRP Research Paper OutlineResidency DR.docx
Running head Residency DRP Research Paper OutlineResidency DR.docx
 
Integra: Attack of the Business Killing Monster (Infographic)
Integra: Attack of the Business Killing Monster (Infographic)Integra: Attack of the Business Killing Monster (Infographic)
Integra: Attack of the Business Killing Monster (Infographic)
 
Mastering disaster e book Telehouse
Mastering disaster e book TelehouseMastering disaster e book Telehouse
Mastering disaster e book Telehouse
 
Whitepaper : Building a disaster ready infrastructure
Whitepaper : Building a disaster ready infrastructureWhitepaper : Building a disaster ready infrastructure
Whitepaper : Building a disaster ready infrastructure
 
Disaster Recovery - Deep Dive
Disaster Recovery - Deep DiveDisaster Recovery - Deep Dive
Disaster Recovery - Deep Dive
 
PACE-IT: Risk and Security Related Concepts
PACE-IT: Risk and Security Related ConceptsPACE-IT: Risk and Security Related Concepts
PACE-IT: Risk and Security Related Concepts
 
Unit III AssessmentQuestion 1 1. Compare and contrast two.docx
Unit III AssessmentQuestion 1 1. Compare and contrast two.docxUnit III AssessmentQuestion 1 1. Compare and contrast two.docx
Unit III AssessmentQuestion 1 1. Compare and contrast two.docx
 
RUNNING HEADER Disaster Recovery Plan Information and Documentat.docx
RUNNING HEADER Disaster Recovery Plan Information and Documentat.docxRUNNING HEADER Disaster Recovery Plan Information and Documentat.docx
RUNNING HEADER Disaster Recovery Plan Information and Documentat.docx
 
Module 02 Performance Risk-based Analytics With all the advancem
Module 02 Performance Risk-based Analytics With all the advancemModule 02 Performance Risk-based Analytics With all the advancem
Module 02 Performance Risk-based Analytics With all the advancem
 
Running head THREATS, ATTACKS AND VULNERABILITY ASSESSMENT .docx
Running head THREATS, ATTACKS AND VULNERABILITY ASSESSMENT .docxRunning head THREATS, ATTACKS AND VULNERABILITY ASSESSMENT .docx
Running head THREATS, ATTACKS AND VULNERABILITY ASSESSMENT .docx
 
Risk management by Deepak kumar dwivedi
Risk management by Deepak kumar dwivediRisk management by Deepak kumar dwivedi
Risk management by Deepak kumar dwivedi
 

Recently uploaded

2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 

Recently uploaded (20)

2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 

ESEI White Paper-Disaster Recovery "A Risk Assessment Exercise"

  • 1.   “Delivering integrated solutions since 1994”   Disaster Recovery Planning “A Risk Assessment Exercise” By: J. Antonio Rico, P.E. Dear Reader:  Did you know that the State of Texas ranks number one when it comes to natural disasters in  the United States?  That is right; according to the Federal Emergency Management Agency  (FEMA) website Texas has had 86 major disasters.  And even though the “big flood” of 2006 and  the “big freeze” of 2011 were not catalogued as major disaster, they did create havoc in our  International Borderplex area of El Paso, TX, Las Cruces, NM, and Juarez, MX.  During these two  natural events, area business activity was considerably reduced because businesses  experienced problems such as flooding, loss of electricity, loss of Internet and telephone, etc.  and in some cases, loss of line‐of‐business  applications and data.   According to the Richmond House Group, 20% of small and midsize businesses will suffer a  major disaster causing loss of critical data every five years.  This figure is important for us in our  area; in El Paso, TX 80 % of businesses are considered to be small to midsize.  In this paper, I address the importance of Disaster Recovery Planning when it comes to  protecting business IT from the effects of natural and man‐made calamities.  The most critical  part of a (DRP) is to assess the risk systems, applications, and data are exposed to and to  implement measures to reduce or eliminate such exposure.  Thank you 
  • 2. Disaster Recovery Planning “A Risk Assessment Exercise” By: J. Antonio Rico, P.E. Introduction In recent years, the topic of how can a business recover from a major disaster has gain notoriety and is requiring business decision makers to assess the potential of a major catastrophe, its impact on the ability of the business to continue operations, and the development of steps that will bring the business back to full operation in a timely manner. The intent of this paper is not to define what a catastrophe is, how often one happens, or what geographic areas are most commonly affected. The intent is simply to highlight the importance of assessing the potential risks that a business’s Information Technology infrastructure faces and that it could impede the business’s ability to serve its clients. This is the first and most critical step, in the preparation of a sound Disaster Recovery Plan (DRP), which is a component of the Business Continuity Plan (BCP). Disaster Recovery vs. Business Continuity At this point, it is important to distinguish between the concepts of Disaster Recovery Plan and the Business Continuity Plan. The DRP is a set of policies and procedures set to restore critical infrastructure, such as IT, to its full operating capacity while BCP lays out the roadmap for the business functions, i.e., Human Resources, Accounting, Facilities, etc., required for the business to continue operating under the effects of an adverse condition be it a natural or a man-made disaster. In this paper, IT infrastructure refers to the telecommunications services used for voice and Internet connectivity, network and computer hardware, wired and wireless connections, applications, data back-up, and any other infrastructure used in connecting the business to its clients and suppliers. Assessing Risk Assessing risk can be accomplished by performing an impact analysis of the critical data, strategic roles, and IT resources that support the business processes. The risk assessment must evaluate both the external and internal factors. The external factors include suppliers and vendors while the internal factors include the business’s own infrastructure, processes, personnel, etc. The impact analysis will help define two important and widely used parameters, Recovery Point Objective (RPO) and Recovery Time Objective (RTO), for each of the systems that need to be restored first or prioritized. RPO defines the maximum amount of time that data might be lost. RTO is the amount of time allowed for a business process to be restored to operation. These numbers will impact the cost to implement a DRP; solutions that enable recovery over days or weeks (longer RTO) are typically much less expensive than solutions that enable a business to recover in hours, minutes or seconds (short RTO). Once the RPO and RTO parameters are defined, each area of the IT infrastructure must be analyzed to determine ways to prevent failure, detect potential threats, and correct any
  • 3. problems within the allowable objectives. Some of the areas that will have to be assessed include, but are not limited to: 1. Telecommunications Service – What is the Internet and Telephone service provider level of service; i.e., Response time? Is the service redundant? 2. Network and Computer Hardware Location – Is the IT hardware located in an area prone to flooding or access by unauthorized people? Are the systems covered by maintenance plans? Is there sufficient and adequate protection against fire? 3. Electrical Service – Is the electrical service supplying the Network and Computer Hardware reliable? Is there a back-up power source? Are there Uninterruptible Power Supplies (UPS) protecting the hardware? 4. Data Back-up Systems – Is the data being backed up appropriately? Are the back-ups being tested periodically? Are the back-ups held on-site or off-site? 5. Servers - Do servers have the right hard drive protection, i.e. RAID? Is there a “snapshot” of the configuration that would allow a prompt restoration of a failed machine? 6. Wireless Devices – Is there the proper security policies in place to prevent unauthorized access to the network? 7. IT Policies – Are there policies in place to reduce the unauthorized use of passwords? Do users understand the approved network and computer system uses? In Closing Before any Disaster Recovery Plan can be developed, the risks associated with the IT infrastructure must be thoroughly assessed. This assessment must be conscientious to ensure that no possibility is ignored. The results of the risk assessment will be the base for the completion of a sound DRP. It is important to note that the risk assessment is a continuous action item that will have to be tested anytime a new system or application is added or anytime the network is modified. Failure to do so will result in an ineffective Disaster Recovery Plan. About the Author J. Antonio Rico, P.E. is the President of ESEI; a Telecommunications Engineering and IT Services company that plans, designs, integrates, and manages networks and systems.