IT Disaster Recovery Planning For Dummies

IT Disaster Recovery Planning For Dummies

IT Disaster Recovery Planning For Dummies

IT Disaster Recovery Planning For Dummies

Paperback

$31.99 
  • SHIP THIS ITEM
    Qualifies for Free Shipping
    Choose Expedited Shipping at checkout for delivery by Thursday, April 4
  • PICK UP IN STORE
    Check Availability at Nearby Stores

Related collections and offers


Overview

If you have a business or a nonprofit organization, or if you’re the one responsible for information systems at such an operation, you know that disaster recovery planning is pretty vital. But it’s easy to put it off. After all, where do you start?

IT Disaster Recovery Planning For Dummies shows you how to get started by creating a safety net while you work out the details of your major plan. The right plan will get your business back on track quickly, whether you're hit by a tornado or a disgruntled employee with super hacking powers. Here's how to assess the situation, develop both short-term and long-term plans, and keep your plans updated.

This easy-to-understand guide will help you

  • Prepare your systems, processes, and people for an organized response to disaster when it strikes
  • Identify critical IT systems and develop a long-range strategy
  • Select and train your disaster recovery team
  • Conduct a Business Impact Analysis
  • Determine risks to your business from natural or human-made causes
  • Get management support
  • Create appropriate plan documents
  • Test your plan

Some disasters get coverage on CNN, and some just create headaches for the affected organization. With IT Disaster Recovery Planning For Dummies, you’ll be prepared for anything from hackers to hurricanes!


Product Details

ISBN-13: 9780470039731
Publisher: Wiley
Publication date: 12/26/2007
Series: For Dummies Books
Pages: 384
Product dimensions: 7.30(w) x 9.20(h) x 0.90(d)

About the Author

Peter H. Gregory, CISA, CISSP, is the author of fifteen books on security and technology, including Solaris Security (Prentice Hall), Computer Viruses For Dummies (Wiley), Blocking Spam and Spyware For Dummies (Wiley), and Securing the Vista Environment (O’Reilly).
Peter is a security strategist at a publicly-traded financial management software company located in Redmond, Washington. Prior to taking this position, he held tactical and strategic security positions in large wireless telecommunications organizations. He has also held development and operations positions in casino management systems, banking, government, non-profit organizations, and academia since the late 1970s.
He’s on the board of advisors for the NSA-certified Certificate program in Information Assurance & Cybersecurity at the University of Washington, and he’s a member of the board of directors of the Evergreen State Chapter of InfraGard.

Read an Excerpt

Click to read or download

Table of Contents

Foreword xix

Introduction 1

About This Book 1

How This Book Is Organized 2

Part I: Getting Started with Disaster Recovery 2

Part II: Building Technology Recovery Plans 2

Part III: Managing Recovery Plans 2

Part IV: The Part of Tens 3

What This Book Is — and What It Isn’t 3

Assumptions about Disasters 3

Icons Used in This Book 4

Where to Go from Here 4

Write to Us! 5

Part I: Getting Started with Disaster Recovery 7

Chapter 1: Understanding Disaster Recovery 9

Disaster Recovery Needs and Benefits 9

The effects of disasters 10

Minor disasters occur more frequently 11

Recovery isn’t accidental 12

Recovery required by regulation 12

The benefits of disaster recovery planning 13

Beginning a Disaster Recovery Plan 13

Starting with an interim plan 14

Beginning the full DR project 15

Managing the DR Project 18

Conducting a Business Impact Analysis 18

Developing recovery procedures 22

Understanding the Entire DR Lifecycle 25

Changes should include DR reviews 26

Periodic review and testing 26

Training response teams 26

Chapter 2: Bootstrapping the DR Plan Effort 29

Starting at Square One 30

How disaster may affect your organization 30

Understanding the role of prevention 31

Understanding the role of planning 31

Resources to Begin Planning 32

Emergency Operations Planning 33

Preparing an Interim DR Plan 34

Staffing your interim DR plan team 35

Looking at an interim DR plan overview 35

Building the Interim Plan 36

Step 1 — Build the Emergency Response Team 37

Step 2 — Define the procedure for declaring a disaster 37

Step 3 — Invoke the interim DR plan 39

Step 4 — Maintain communications during a disaster 39

Step 5 — Identify basic recovery plans 41

Step 6 — Develop processing alternatives 42

Step 7 — Enact preventive measures 44

Step 8 — Document the interim DR plan 46

Step 9 — Train ERT members 48

Testing Interim DR Plans 48

Chapter 3: Developing and Using a Business Impact Analysis 51

Understanding the Purpose of a BIA 52

Scoping the Effort 53

Conducting a BIA: Taking a Common Approach 54

Gathering information through interviews 55

Using consistent forms and worksheets 56

Capturing Data for the BIA 58

Business processes 59

Information systems 60

Assets 61

Personnel 62

Suppliers 62

Statements of impact 62

Criticality assessment 63

Maximum Tolerable Downtime 64

Recovery Time Objective 64

Recovery Point Objective 65

Introducing Threat Modeling and Risk Analysis 66

Disaster scenarios 67

Identifying potential disasters in your region 68

Performing Threat Modeling and Risk Analysis 68

Identifying Critical Components 69

Processes and systems 70

Suppliers 71

Personnel 71

Determining the Maximum Tolerable Downtime 72

Calculating the Recovery Time Objective 72

Calculating the Recovery Point Objective 73

Part II: Building Technology Recovery Plans 75

Chapter 4: Mapping Business Functions to Infrastructure 77

Finding and Using Inventories 78

Using High-Level Architectures 80

Data flow and data storage diagrams 80

Infrastructure diagrams and schematics 84

Identifying Dependencies 90

Inter-system dependencies 91

External dependencies 95

Chapter 5: Planning User Recovery 97

Managing and Recovering End-User Computing 98

Workstations as Web terminals 99

Workstation access to centralized information 102

Workstations as application clients 104

Workstations as local computers 108

Workstation operating systems 113

Managing and Recovering End-User Communications 119

Voice communications 119

E-mail 121

Fax machines 125

Instant messaging 126

Chapter 6: Planning Facilities Protection and Recovery 129

Protecting Processing Facilities 129

Controlling physical access 130

Getting charged up about electric power 140

Detecting and suppressing fire 141

Chemical hazards 144

Keeping your cool 145

Staying dry: Water/flooding detection and prevention 145

Selecting Alternate Processing Sites 146

Hot, cold, and warm sites 147

Other business locations 149

Data center in a box: Mobile sites 150

Colocation facilities 150

Reciprocal facilities 151

Chapter 7: Planning System and Network Recovery 153

Managing and Recovering Server Computing 154

Determining system readiness 154

Server architecture and configuration 155

Developing the ability to build new servers 157

Distributed server computing considerations 159

Application architecture considerations 160

Server consolidation: The double-edged sword 161

Managing and Recovering Network Infrastructure 163

Implementing Standard Interfaces 166

Implementing Server Clustering 167

Understanding cluster modes 168

Geographically distributed clusters 169

Cluster and storage architecture 170

Chapter 8: Planning Data Recovery 173

Protecting and Recovering Application Data 173

Choosing How and Where to Store Data for Recovery 175

Protecting data through backups 176

Protecting data through resilient storage 179

Protecting data through replication and mirroring 180

Protecting data through electronic vaulting 182

Deciding where to keep your recovery data 182

Protecting data in transit 184

Protecting data while in DR mode 185

Protecting and Recovering Applications 185

Application version 186

Application patches and fixes 186

Application configuration 186

Application users and roles 187

Application interfaces 189

Application customizations 189

Applications dependencies with databases,operating systems, and more 190

Applications and client systems 191

Applications and networks 192

Applications and change management 193

Applications and configuration management 193

Off-Site Media and Records Storage 194

Chapter 9: Writing the Disaster Recovery Plan 197

Determining Plan Contents 198

Disaster declaration procedure 198

Emergency contact lists and trees 200

Emergency leadership and role selection 202

Damage assessment procedures 203

System recovery and restart procedures 205

Transition to normal operations 207

Recovery team 209

Structuring the Plan 210

Enterprise-level structure 210

Document-level structure 211

Managing Plan Development 212

Preserving the Plan 213

Taking the Next Steps 213

Part III: Managing Recovery Plans 215

Chapter 10: Testing the Recovery Plan 217

Testing the DR Plan 217

Why test a DR plan? 218

Developing a test strategy 219

Developing and following test procedures 220

Conducting Paper Tests 221

Conducting Walkthrough Tests 222

Walkthrough test participants 223

Walkthrough test procedure 223

Scenarios 224

Walkthrough results 225

Debriefing 225

Next steps 226

Conducting Simulation Testing 226

Conducting Parallel Testing 227

Parallel testing considerations 228

Next steps 229

Conducting Cutover Testing 230

Cutover test procedure 231

Cutover testing considerations 233

Planning Parallel and Cutover Tests 234

Clustering and replication technologies and cutover tests 235

Next steps 236

Establishing Test Frequency 236

Paper test frequency 237

Walkthrough test frequency 238

Parallel test frequency 239

Cutover test frequency 240

Chapter 11: Keeping DR Plans and Staff Current 241

Understanding the Impact of Changes on DR Plans 241

Technology changes 242

Business changes 243

Personnel changes 245

Market changes 247

External changes 248

Changes — some final words 249

Incorporating DR into Business Lifecycle Processes 250

Systems and services acquisition 250

Systems development 251

Business process engineering 252

Establishing DR Requirements and Standards 253

A Multi-Tiered DR Standard Case Study 254

Maintaining DR Documentation 256

Managing DR documents 257

Updating DR documents 258

Publishing and distributing documents 260

Training Response Teams 261

Types of training 261

Indoctrinating new trainees 262

Chapter 12: Understanding the Role of Prevention 263

Preventing Facilities-Related Disasters 264

Site selection 265

Preventing fires 270

HVAC failures 272

Power-related failures 272

Protection from civil unrest and war 273

Avoiding industrial hazards 274

Preventing secondary effects of facilities disasters 275

Preventing Technology-Related Disasters 275

Dealing with system failures 276

Minimizing hardware and software failures 276

Pros and cons of a monoculture 277

Building a resilient architecture 278

Preventing People-Related Disasters 279

Preventing Security Issues and Incidents 280

Prevention Begins at Home 283

Chapter 13: Planning for Various Disaster Scenarios 285

Planning for Natural Disasters 285

Earthquakes 285

Wildfires 287

Volcanoes 288

Floods 289

Wind and ice storms 290

Hurricanes 291

Tornadoes 292

Tsunamis 293

Landslides and avalanches 295

Pandemic 297

Planning for Man-Made Disasters 300

Utility failures 300

Civil disturbances 301

Terrorism and war 302

Security incidents 303

Part IV: The Part of Tens 305

Chapter 14: Ten Disaster Recovery Planning Tools 307

Living Disaster Recovery Planning System (LDRPS) 307

BIA Professional 308

COBRA Risk Analysis 308

BCP Generator 309

DRI Professional Practices Kit 310

Disaster Recovery Plan Template 310

SLA Toolkit 311

LBL ContingencyPro Software 312

Emergency Management Guide for Business and Industry 312

DRJ’s Toolbox 313

Chapter 15: Eleven Disaster Recovery Planning Web Sites 315

DRI International 315

Disaster Recovery Journal 316

Business Continuity Management Institute 316

Disaster Recovery World 317

Disaster Recovery Planning.org 317

The Business Continuity Institute 318

Disaster-Resource.com 319

Computerworld Disaster Recovery 319

CSO Business Continuity and Disaster Recovery 320

Federal Emergency Management Agency (FEMA) 320

Rothstein Associates Inc 321

Chapter 16: Ten Essentials for Disaster Planning Success 323

Executive Sponsorship 323

Well-Defined Scope 324

Committed Resources 325

The Right Experts 325

Time to Develop the Project Plan 326

Support from All Stakeholders 326

Testing, Testing, Testing 327

Full Lifecycle Commitment 327

Integration into Other Processes 328

Luck 329

Chapter 17: Ten Benefits of DR Planning 331

Improved Chances of Surviving “The Big One” 331

A Rung or Two Up the Maturity Ladder 332

Opportunities for Process Improvements 332

Opportunities for Technology Improvements 333

Higher Quality and Availability of Systems 334

Reducing Disruptive Events 334

Reducing Insurance Premiums 335

Finding Out Who Your Leaders Are 336

Complying with Standards and Regulations 336

Competitive Advantage 338

Index 339

From the B&N Reads Blog

Customer Reviews