IT Disaster Recovery Planning For Dummies

Häftad, Engelska, 2008

Av Peter H. Gregory, Washington) Gregory, Peter H. (AT&T Wireless Services, Woodinville, Peter H Gregory

269 kr

Beställningsvara. Skickas inom 7-10 vardagar

Fri frakt för medlemmar vid köp för minst 249 kr.

If you have a business or a nonprofit organization, or if you’re the one responsible for information systems at such an operation, you know that disaster recovery planning is pretty vital. But it’s easy to put it off. After all, where do you start? IT Disaster Recovery Planning For Dummies shows you how to get started by creating a safety net while you work out the details of your major plan. The right plan will get your business back on track quickly, whether you're hit by a tornado or a disgruntled employee with super hacking powers. Here's how to assess the situation, develop both short-term and long-term plans, and keep your plans updated.This easy-to-understand guide will help you Prepare your systems, processes, and people for an organized response to disaster when it strikesIdentify critical IT systems and develop a long-range strategySelect and train your disaster recovery teamConduct a Business Impact AnalysisDetermine risks to your business from natural or human-made causesGet management supportCreate appropriate plan documentsTest your planSome disasters get coverage on CNN, and some just create headaches for the affected organization. With IT Disaster Recovery Planning For Dummies, you’ll be prepared for anything from hackers to hurricanes!

Produktinformation

Utgivningsdatum2008-01-04
Mått185 x 234 x 23 mm
Vikt680 g
FormatHäftad
SpråkEngelska
Antal sidor384
FörlagJohn Wiley & Sons Inc
MedarbetareRothstein,PhilipJan
ISBN9780470039731

Tillhör följande kategorier

Peter H. Gregory, CISA, CISSP, is the author of fifteen books on security and technology, including Solaris Security (Prentice Hall), Computer Viruses For Dummies (Wiley), Blocking Spam and Spyware For Dummies (Wiley), and Securing the Vista Environment (O’Reilly).Peter is a security strategist at a publicly-traded financial management software company located in Redmond, Washington. Prior to taking this position, he held tactical and strategic security positions in large wireless telecommunications organizations. He has also held development and operations positions in casino management systems, banking, government, non-profit organizations, and academia since the late 1970s.He’s on the board of advisors for the NSA-certified Certificate program in Information Assurance & Cybersecurity at the University of Washington, and he’s a member of the board of directors of the Evergreen State Chapter of InfraGard.

Foreword xixIntroduction 1About This Book 1How This Book Is Organized 2Part I: Getting Started with Disaster Recovery 2Part II: Building Technology Recovery Plans 2Part III: Managing Recovery Plans 2Part IV: The Part of Tens 3What This Book Is — and What It Isn’t 3Assumptions about Disasters 3Icons Used in This Book 4Where to Go from Here 4Write to Us! 5Part I: Getting Started with Disaster Recovery 7Chapter 1: Understanding Disaster Recovery 9Disaster Recovery Needs and Benefits 9The effects of disasters 10Minor disasters occur more frequently 11Recovery isn’t accidental 12Recovery required by regulation 12The benefits of disaster recovery planning 13Beginning a Disaster Recovery Plan 13Starting with an interim plan 14Beginning the full DR project 15Managing the DR Project 18Conducting a Business Impact Analysis 18Developing recovery procedures 22Understanding the Entire DR Lifecycle 25Changes should include DR reviews 26Periodic review and testing 26Training response teams 26Chapter 2: Bootstrapping the DR Plan Effort 29Starting at Square One 30How disaster may affect your organization 30Understanding the role of prevention 31Understanding the role of planning 31Resources to Begin Planning 32Emergency Operations Planning 33Preparing an Interim DR Plan 34Staffing your interim DR plan team 35Looking at an interim DR plan overview 35Building the Interim Plan 36Step 1 — Build the Emergency Response Team 37Step 2 — Define the procedure for declaring a disaster 37Step 3 — Invoke the interim DR plan 39Step 4 — Maintain communications during a disaster 39Step 5 — Identify basic recovery plans 41Step 6 — Develop processing alternatives 42Step 7 — Enact preventive measures 44Step 8 — Document the interim DR plan 46Step 9 — Train ERT members 48Testing Interim DR Plans 48Chapter 3: Developing and Using a Business Impact Analysis 51Understanding the Purpose of a BIA 52Scoping the Effort 53Conducting a BIA: Taking a Common Approach 54Gathering information through interviews 55Using consistent forms and worksheets 56Capturing Data for the BIA 58Business processes 59Information systems 60Assets 61Personnel 62Suppliers 62Statements of impact 62Criticality assessment 63Maximum Tolerable Downtime 64Recovery Time Objective 64Recovery Point Objective 65Introducing Threat Modeling and Risk Analysis 66Disaster scenarios 67Identifying potential disasters in your region 68Performing Threat Modeling and Risk Analysis 68Identifying Critical Components 69Processes and systems 70Suppliers 71Personnel 71Determining the Maximum Tolerable Downtime 72Calculating the Recovery Time Objective 72Calculating the Recovery Point Objective 73Part II: Building Technology Recovery Plans 75Chapter 4: Mapping Business Functions to Infrastructure 77Finding and Using Inventories 78Using High-Level Architectures 80Data flow and data storage diagrams 80Infrastructure diagrams and schematics 84Identifying Dependencies 90Inter-system dependencies 91External dependencies 95Chapter 5: Planning User Recovery 97Managing and Recovering End-User Computing 98Workstations as Web terminals 99Workstation access to centralized information 102Workstations as application clients 104Workstations as local computers 108Workstation operating systems 113Managing and Recovering End-User Communications 119Voice communications 119E-mail 121Fax machines 125Instant messaging 126Chapter 6: Planning Facilities Protection and Recovery 129Protecting Processing Facilities 129Controlling physical access 130Getting charged up about electric power 140Detecting and suppressing fire 141Chemical hazards 144Keeping your cool 145Staying dry: Water/flooding detection and prevention 145Selecting Alternate Processing Sites 146Hot, cold, and warm sites 147Other business locations 149Data center in a box: Mobile sites 150Colocation facilities 150Reciprocal facilities 151Chapter 7: Planning System and Network Recovery 153Managing and Recovering Server Computing 154Determining system readiness 154Server architecture and configuration 155Developing the ability to build new servers 157Distributed server computing considerations 159Application architecture considerations 160Server consolidation: The double-edged sword 161Managing and Recovering Network Infrastructure 163Implementing Standard Interfaces 166Implementing Server Clustering 167Understanding cluster modes 168Geographically distributed clusters 169Cluster and storage architecture 170Chapter 8: Planning Data Recovery 173Protecting and Recovering Application Data 173Choosing How and Where to Store Data for Recovery 175Protecting data through backups 176Protecting data through resilient storage 179Protecting data through replication and mirroring 180Protecting data through electronic vaulting 182Deciding where to keep your recovery data 182Protecting data in transit 184Protecting data while in DR mode 185Protecting and Recovering Applications 185Application version 186Application patches and fixes 186Application configuration 186Application users and roles 187Application interfaces 189Application customizations 189Applications dependencies with databases,operating systems, and more 190Applications and client systems 191Applications and networks 192Applications and change management 193Applications and configuration management 193Off-Site Media and Records Storage 194Chapter 9: Writing the Disaster Recovery Plan 197Determining Plan Contents 198Disaster declaration procedure 198Emergency contact lists and trees 200Emergency leadership and role selection 202Damage assessment procedures 203System recovery and restart procedures 205Transition to normal operations 207Recovery team 209Structuring the Plan 210Enterprise-level structure 210Document-level structure 211Managing Plan Development 212Preserving the Plan 213Taking the Next Steps 213Part III: Managing Recovery Plans 215Chapter 10: Testing the Recovery Plan 217Testing the DR Plan 217Why test a DR plan? 218Developing a test strategy 219Developing and following test procedures 220Conducting Paper Tests 221Conducting Walkthrough Tests 222Walkthrough test participants 223Walkthrough test procedure 223Scenarios 224Walkthrough results 225Debriefing 225Next steps 226Conducting Simulation Testing 226Conducting Parallel Testing 227Parallel testing considerations 228Next steps 229Conducting Cutover Testing 230Cutover test procedure 231Cutover testing considerations 233Planning Parallel and Cutover Tests 234Clustering and replication technologies and cutover tests 235Next steps 236Establishing Test Frequency 236Paper test frequency 237Walkthrough test frequency 238Parallel test frequency 239Cutover test frequency 240Chapter 11: Keeping DR Plans and Staff Current 241Understanding the Impact of Changes on DR Plans 241Technology changes 242Business changes 243Personnel changes 245Market changes 247External changes 248Changes — some final words 249Incorporating DR into Business Lifecycle Processes 250Systems and services acquisition 250Systems development 251Business process engineering 252Establishing DR Requirements and Standards 253A Multi-Tiered DR Standard Case Study 254Maintaining DR Documentation 256Managing DR documents 257Updating DR documents 258Publishing and distributing documents 260Training Response Teams 261Types of training 261Indoctrinating new trainees 262Chapter 12: Understanding the Role of Prevention 263Preventing Facilities-Related Disasters 264Site selection 265Preventing fires 270HVAC failures 272Power-related failures 272Protection from civil unrest and war 273Avoiding industrial hazards 274Preventing secondary effects of facilities disasters 275Preventing Technology-Related Disasters 275Dealing with system failures 276Minimizing hardware and software failures 276Pros and cons of a monoculture 277Building a resilient architecture 278Preventing People-Related Disasters 279Preventing Security Issues and Incidents 280Prevention Begins at Home 283Chapter 13: Planning for Various Disaster Scenarios 285Planning for Natural Disasters 285Earthquakes 285Wildfires 287Volcanoes 288Floods 289Wind and ice storms 290Hurricanes 291Tornadoes 292Tsunamis 293Landslides and avalanches 295Pandemic 297Planning for Man-Made Disasters 300Utility failures 300Civil disturbances 301Terrorism and war 302Security incidents 303Part IV: The Part of Tens 305Chapter 14: Ten Disaster Recovery Planning Tools 307Living Disaster Recovery Planning System (LDRPS) 307BIA Professional 308COBRA Risk Analysis 308BCP Generator 309DRI Professional Practices Kit 310Disaster Recovery Plan Template 310SLA Toolkit 311LBL ContingencyPro Software 312Emergency Management Guide for Business and Industry 312DRJ’s Toolbox 313Chapter 15: Eleven Disaster Recovery Planning Web Sites 315DRI International 315Disaster Recovery Journal 316Business Continuity Management Institute 316Disaster Recovery World 317Disaster Recovery Planning.org 317The Business Continuity Institute 318Disaster-Resource.com 319Computerworld Disaster Recovery 319CSO Business Continuity and Disaster Recovery 320Federal Emergency Management Agency (FEMA) 320Rothstein Associates Inc 321Chapter 16: Ten Essentials for Disaster Planning Success 323Executive Sponsorship 323Well-Defined Scope 324Committed Resources 325The Right Experts 325Time to Develop the Project Plan 326Support from All Stakeholders 326Testing, Testing, Testing 327Full Lifecycle Commitment 327Integration into Other Processes 328Luck 329Chapter 17: Ten Benefits of DR Planning 331Improved Chances of Surviving “The Big One” 331A Rung or Two Up the Maturity Ladder 332Opportunities for Process Improvements 332Opportunities for Technology Improvements 333Higher Quality and Availability of Systems 334Reducing Disruptive Events 334Reducing Insurance Premiums 335Finding Out Who Your Leaders Are 336Complying with Standards and Regulations 336Competitive Advantage 338Index 339