Documente Academic
Documente Profesional
Documente Cultură
Individual report
Project Mgmt2
Task 1: Element 4.1 Identify and document resources required for disaster recovery
according to specifications and cost constraints
1. What would be a disaster for Star Gazer Video Stores IT critical business systems?
Fire
Hackers
Stock theft
Power Outage
Financial Theft
ISP failure
Robbery
2. Why is it important to consider business requirements/specifications and cost
constraints when developing a disaster recovery plan?
It is important to consider business requirements/specifications and cost constraints when
developing a disaster recovery plan because it specifies the requirements for implementing,
operating and improving a documented Business Continuity Management System (BCMS)
within your organization and gives you confidence in business-to-business and business-to
customer dealings. The cost of developing and implementing contingency planning
strategies can be significant, especially if the strategy includes contracts for backup
services or duplicate equipment. There are too many options to discuss cost considerations
for each type.
One contingency cost that is often overlooked is the cost of testing a plan. Testing provides
many benefits and should be performed, although some of the less expensive methods
(such as a review) may be sufficient for less critical resources.
3. Identify and document resources required to support a disaster recovery plan according
to Star Gazer Video Stores business requirements/specifications and cost constraints
Resources That Support Critical Functions
Human Resources
Processing Capability
Computer-Based Services
1
Anureet Kaur
Individual report
Project Mgmt2
Anureet Kaur
Individual report
Project Mgmt2
Replication of data to an off-site location, which overcomes the need to restore the
data (only the systems then need to be restored or synced). This generally makes
use of storage area network (SAN) technology
High availability systems which keep both the data and system replicated off-site,
enabling continuous access to systems and data
Task 3: Element 4.3 Identify cutover criteria to initiate disaster recovery plan
1. Why is it important to undertake a damage assessment before deciding to initiate the
disaster recovery plan?
A damage assessment lowers the risk of disruption and assesses the potential impacts of
disruptions when they occur e.g.:- a business impact analysis report quantifies the
importance of business components and suggests appropriate fund allocation for measures
to protect them. The possibilities of failures are likely to be assessed in terms of their
impacts on safety, finances, marketing, legal compliance, and quality assurance. Where
possible, impact is expressed monetarily for purposes of comparison. For example, a
business may spend three times as much on marketing in the wake of a disaster to rebuild
customer confidence.
2. Identify cutover criteria relevant to Star Gazer Video Store
Loss of revenue for the business which falls below a threshold or period of time
3. When would a decision be made to initiate the disaster recovery plan?
As soon as the assessment of the situation has been undertaken
4. Who is responsible for activating the disaster recovery plan?
In the case of Star Gazer Video that would be Errol Finn.
Task 4: Element 4.4 Document disaster recovery plan and submit it to the
appropriate person for review and sign-off
Refer to Appendix A the Disaster Recovery Plan Template and complete the following:
1. Purpose: Explain the purpose of the disaster recovery for Star Gazer Video Store
The purpose of this plan is to enable the sustained execution of mission critical processes
and information technology systems for Star Gazer Video Store in the event of an
3
Anureet Kaur
Individual report
Project Mgmt2
extraordinary event that causes these systems to fail minimum requirements. The Star
Gazer Video Store Contingency Plan will assess the needs and requirements so that Star
Gazer Video Store may be prepared to respond to the event in order to efficiently regain
operation of the systems that are made inoperable from the event.
2. Scope: Explain the scope of the disaster recovery plan. Which functions, operations
and resources are necessary to restore and resume Star Gazer Video Stores operations?
3. Responsibility: Why is the owner the person with responsibility for activating the
contingency plan and leading a coordinated approach to disaster recovery?
For most systems, identification and authentication (I&A) is the first line of defense. I&A
is a technical measure that prevents unauthorized people (or unauthorized processes) from
entering a computer system.
There are three means of authenticating a user's identity, which can be used alone or in
combination:
something the individual knows (a secret -- e.g., a password, Personal Identification
Number (PIN), or cryptographic key);
something the individual possesses (a token -- e.g., an ATM card or a smart card);
and
something the individual is (a biometric -- e.g., such characteristics as a voice
pattern, handwriting dynamics, or a fingerprint)
Business Impact Analysis:
4. Identify the mission critical IT functions for Star Gazer Video Store
Protecting the continuity of an organization's mission or business is very difficult if it is
not clearly identified. Managers need to understand the organization from a point of
view that usually extends beyond the area they control. The definition of an
organization's critical mission or business functions is often called a business plan.
Since the development of a business plan will be used to support contingency planning,
it is necessary not only to identify critical missions and businesses, but also to set
priorities for them. A fully redundant capability for each function is prohibitively
expensive for most organizations. In the event of a disaster, certain functions will not be
performed. If appropriate priorities have been set (and approved by senior
management), it could mean the difference in the organization's ability to survive a
disaster.
4
Anureet Kaur
Individual report
Project Mgmt2
5. Identify critical data, software and hardware including critical LAN components
Software
Stock Database
Customer DB
Financial Packages
Operating Systems
Office SW
Antivirus Protection
Hardware
Implementation Services
Financial transactions
Store Transactions
Customer Data
Supplier Information
Store DB
Content Information
6. Include the analysis of the possible threats and risks to the system
Fire
Hackers
Stock theft
Power Outage
5
Anureet Kaur
Individual report
Project Mgmt2
Financial Theft
ISP failure
Robbery
7. How long can Star Gazer Video Store function in the case of a disaster?
It depends on the size of the business. For small business like star Gazer video store
disaster recovery would take from few hours or 2-3 days. If its more than that, then we
need to use manual system instead of automatic system. Thats totally time wastage.
8. If a replacement system is required, how will Star Gazer Video Store fund this?
The best option would be Lease or on rent.
9. What kind of infrastructure, buildings and communications equipment will Star Gazer
Video Store need in order to resume business and how easy will it be to access?
Physical Infrastructure
Infrastructure & buildings ---------Hot sites and cold sites may also offer office
space in addition to processing capability support. Other types of contractual
arrangements can be made for office space, security services, furniture, and more in
the event of a contingency. If the contingency plan calls for moving offsite,
procedures need to be developed to ensure a smooth transition back to the primary
operating facility or to a new facility. Protection of the physical infrastructure is
normally an important part of the emergency response plan, such as use of fire
extinguishers or protecting equipment from water damage the primary contingency
strategy is usually backup onto magnetic, optical, microfiche, paper, or other
medium and offsite storage. Paper documents are generally harder to backup than
electronic ones. A supply of forms and other needed papers can be stored offsite.
Communications ----Service providers may offer contingency services. Voice
communications carriers often can reroute calls (transparently to the user) to a new
location. Data communications carriers can also reroute traffic. Hot sites are usually
capable of receiving data and voice communications. If one service provider is
down, it may be possible to use another. However, the type of communications
carrier lost, either local or long distance, is important. Local voice service may be
carried on cellular. Local data communications, especially for large volumes, is
normally more difficult. In addition, resuming normal operations may require
another rerouting of communications services.
10. Identify statutory requirements and commercial requirements which impact on this
contingency plan
Anureet Kaur
Individual report
Project Mgmt2
Anureet Kaur
Individual report
Project Mgmt2
13. Analyze the severity and the potential impact of the threats
Anureet Kaur
Individual report
Project Mgmt2
Anureet Kaur
Individual report
Project Mgmt2
backups,
media controls,
documentation, and
maintenance.
16. Include the maintenance schedule (agreed with when determining DRP strategy)
System maintenance requires either physical or logical access to the system. Support and
operations staff, hardware or software vendors, or third-party service providers may
maintain a system. Maintenance may be performed on site, or it may be necessary to move
equipment to a repair site. Maintenance may also be performed remotely via
communications connections. If someone who does not normally have access to the system
performs maintenance, then a security vulnerability is introduced.
In some circumstances, it may be necessary to take additional precautions, such as
conducting background investigations of service personnel. Supervision of maintenance
personnel may prevent some problems, such as "snooping around" the physical area.
However, once someone has access to the system, it is very difficult for supervision to
prevent damage done through the maintenance process.
17. Explain the following LAN recovery strategies and how they relate to Star Gazer Video
Store:
Documentation of the Local Area Network
The PCs are connected to a local area network (LAN) so that users can
exchange and share information. The central component of the LAN is
a LAN server, a more powerful computer that acts as an intermediary
between PCs on the network and provides a large volume of disk storage
for shared information, including shared application programs. The
server provides logical access controls on potentially sharable
information via elementary access control lists. These access controls
can be used to limit user access to various files and programs stored on
the server. Some programs stored on the server can be retrieved via the
LAN and executed on a PC; others can only be executed on the server.
To initiate a session on the network or execute programs on the server,
users at a PC must log into the server and provide a user identifier and
password known to the server. Then they may use files to which they
have access.
One of the applications supported by the server is electronic mail (email), which can be used by all PC users. Other programs that run on the
server can only be executed by a limited set of PC users.
10
Anureet Kaur
Individual report
Project Mgmt2
Anureet Kaur
Individual report
Project Mgmt2
some files. HGA also conceded that its systems did not have audit logging capabilities
sufficient to track an attacker's activities. Hence, for most of these attacks, HGA could not
accurately gauge the extent of penetration.
In one case, an attacker made use of a bug in an e-mail utility and succeeded in acquiring
System Administrator privileges on the server--a significant breach. HGA found no
evidence that the attacker attempted to exploit these privileges before being discovered two
days later. When the attack was detected, COG immediately contacted the HGA's Incident
Handling Team, and was told that a bug fix had been distributed by the server vendor
several months earlier. To its embarrassment, COG discovered that it had already received
the fix, which it then promptly installed. It now believes that no subsequent attacks of the
same nature have succeeded.
Although HGA has no evidence that it has been significantly harmed to date by attacks via
external networks, it believes that these attacks have great potential to inflict damage.
HGA's management considers itself lucky that such attacks have not harmed HGA's
reputation and the confidence of the citizens its serves. It also believes the likelihood of
such attacks via external networks will increase in the future.
23 Monitoring LAN functionality
The PCs are connected to a local area network (LAN) so that users can exchange and share
information. The central component of the LAN is a LAN server, a more powerful
computer that acts as an intermediary between PCs on the network and provides a large
volume of disk storage for shared information, including shared application programs. The
server provides logical access controls on potentially sharable information via elementary
access control lists. These access controls can be used to limit user access to various files
and programs stored on the server. Some programs stored on the server can be retrieved via
the LAN and executed on a PC; others can only be executed on the server.
To initiate a session on the network or execute programs on the server, users at a PC must
log into the server and provide a user identifier and password known to the server. Then
they may use files to which they have access.
One of the applications supported by the server is electronic mail (e-mail), which can be
used by all PC users. Other programs that run on the server can only be executed by a
limited set of PC users.
Identify the most critical server. Develop a maintenance schedule for backing up the
critical server at Star Gazer Video Store. In developing the server backup schedule,
address the following issues:
24 Where will media be stored?
12
Anureet Kaur
Individual report
Project Mgmt2
Anureet Kaur
Individual report
Project Mgmt2
site but also on-line (e.g., an off-site RAID mirror). Such a replica has fairly limited value
as a backup, and should not be confused with an off-line backup.
Cold database backup
During a cold backup, the database is closed or locked and not available to users. The data
files do not change during the backup process so the database is in a consistent state when
it is returned to normal operation.
Hot database backup
Some database management systems offer a means to generate a backup image of the
database while it is online and usable ("hot"). This usually includes an inconsistent image
of the data files plus a log of changes made while the procedure is running. Upon a restore,
the changes in the log files are reapplied to bring the database in sync.[
I would use for Off-site data protection backing up critical information from the server at
Star Gazer Video Store.
Restoration Phase - Return to Normal Operations:
30. Develop procedures for restoring the original site so that normal operations may be
fully resumed at Star Gazer Video Store. These procedures should include:
Testing the restored system- A review can be a simple test to check the accuracy of
contingency plan documentation. For instance, a reviewer could check if individuals listed
are still in the organization and still have the responsibilities that caused them to be
included in the plan. This test can check home and work telephone numbers, organizational
codes, and building and room numbers. The review can determine if files can be restored
from backup tapes or if employees know emergency procedures.
Restoring or replacing IT equipment at Star Gazer Video Store - Materials, equipment,
and backup media should be properly packaged, labeled, and shipped to the appropriate
location. Restore the applications to the primary recovery site utilizing a Recovery and
Restoration Checklist
14
Anureet Kaur
Individual report
Appendix B
Approval/Sign-Off Form
Project Mgmt2
Project Sponsor
Signature:
(teacher)
Project Sponsor
(Print name)
Anureet Kaur
IT Manager
Signature:
(student)
Date:
IT Manager
(Print name)
17__/__11_/___ 2010
15
Anureet Kaur
16
Individual report
Project Mgmt2