SlideShare a Scribd company logo

IT4215-Info SecurityGroup-2-Disaster-Recovery-Plan-Final

Download as DOCX, PDF
M
Michael Valenti
1 of 10
Totally Not Amazon Group 2 Disaster Recovery Plan Information Security November 18th, 2013 By Andrew Ford, Ryan Mayer, Michael Valenti and Elijah Washburn
2 Totally Not Amazon Table of Contents 1.0 Company Overview ………………………………………………………………………….3 2.0 Disaster Recovery Overview..……………………………………………………………......3 3.0 Purpose………………………………………………………………………………….........3 4.0 Scope...……………………………………………………………………………………….3 4.1 A Who’s Involved…………………………………………………………………….3 4.1 B What’s Involved…………………………………………………………………....4 4.2 Equipment Involved…………………………………………………………………..4 5.0 Policy.……………………………………………………………………………………….4 5.1 Contingency Plan…..………………………………………………………………...4 Computer Emergency Response……………………………………………………..4 Succession Plan………………………………………………………………………5 Data Study……………………………………………………………………………5 Criticality of Service List…………………………………………………………….6 Data Backup and Restoration Plan…………………………………………………...6 Equipment Replacement Plan………….……………………………………………..6 Mass Media Management……………….……………………………………………7 5.2 Plans Must Be Put Into Action………………………………………………………..7 5.3 Plans Must Be Updated………...………………………………………………….….7 6.0 Enforcement………………………………………………………………………………...8 7.0 Definitions…………………………………………………………………………………..8 8.0 Revision History…………………………………………………………………………..10
3 1.0 Company Overview Totally Not Amazon is an online retailer; we process customer orders and ship products from various warehouse locations. Our Server Data includes customer information such as names, addresses and credit card information. We also carry vendor information such as products and quantity in stock. Our data is very valuable and requires us to keep a constant backup in an offsite location in case of emergency. 2.0 DisasterRecoveryOverview A disaster is an event that has a remarkable impact on data or working business operations. An incident no matter the size can bring the company into debt as well as deface our company image, which can lead to lost clients and impact the amount of sales we can gain in the future. Client confidentiality and data protection are held at a high standard. We want to be sure at any given time we are able to recover data without loss from clients for any reason. 3.0 Purpose It is always important for each member of our company to be on the same page in the event of a disaster. It will help everyone to restore the company to working order in a timely, organized fashion. 4.0 Scope 4.1 A Who’s Involved? In the event of a disaster, the personal directly involved in getting the company back on track would include the CIO and CISO as well as the
4 Network Administrator and Database Administrator based on the specifics of the disaster. These people will be highly for the recovery of the disaster and to bring both our Networks and Databases back up to working order. 4.1 B What’s Involved? Along with those responsible for taking action against a disaster, other personal are to be informed of the situations occurring within the company. These people include The CEO, Board of Directors, all network users as well as all employees and clients. Even though we have specified roles dealing with a disaster, we want everyone involved with the company who may not be directly involved in disaster recovery to be aware of the situation and that we are working towards a solution. 4.2 Equipment Involved Depending on the severity of the disaster and client / employee involvement, involved items can include but are not limited to:  Servers and Server Data  Personal Data  Laptops / Desktops  Workstations  Wireless Devices that are attached to the Companies Network 5.0 Policy 5.1 Contingency Plan 1. Computer Emergency Response:In the event that the company’s network becomes inaccessible or compromised, the Computer Emergency Response goes
5 into effect. The companies CSIRT (Computer Security Incident Response Team) will be notified of the situation, outside connections will be terminated, and immediate backup of current data will be created to be analyzed and compared to backup server data from an offsite location. 2. Succession Plan: First step towards recovery would be to collect the data from the CSIRT. Immediately followed by equipment and data loss / damage analysis. After we know how much damage has been done, we will inform employees, clients and all other important personal of the situation and how we are acting towards a solution. 3. Data Study: Taking the current data collected after the disaster has occurred, we will compare it to backup data collected from an offsite location. This will give our Disaster Recovery Team a better idea of the data that was lost after the disaster as well as what needs to be done to ensure it doesn’t happen again. In the case of an outside attacker, this includes patching any vulnerability that might have been exploited and making mandatory password changes for all network users. In the event of a natural disaster, our Recovery Team will complete an assessment of data and equipment damaged. Depending on the severity of the damage, we will decide what data and equipment need to be replaced during the Data Back and Restoration Plan as well as the Equipment Replacement Plan.
6 4. Criticality of Service List: The following services are ranked upon criticality and priority. These issues are to be dealt with in descending order, providing client restoration above all else:  Client Data Restoration  Critical Business Data Restoration  Server Hardware  Employee Data  Employee Workstations and Equipment Restoration 5. Data Backup and Restoration Plan: After comparing current data from the disaster location to the backup data from an offsite location, clients will be informed of the data lost and we will begin restoring data from the backup servers from our offsite location. All missing files will be replaced with a backup copy. After clients are taken care of, we will begin the process again with employee data. 6. Equipment Replacement Plan: After the initial assessment of physical data and equipment damage during the Data Study, we will begin to replace any lost or damaged equipment. We will remove the old, damaged equipment and begin installing new equipment to our original location when the damage has been repaired or lessened to the point where we can begin moving back in.
7 7. Mass Media Management: After the Emergency Response Team has been contacted; we will release a statement to the public of our situation. We will be ahead of any news outlets, being honest to what has happened. Even if the damage is severe, we will be the ones giving the information of when issues occur and at which point we are in resolving the problem. This will ultimately benefit the company’s image. We will continue updating as events unfold and as we progress throughout response plan in order to make our clients, employees and the general public feel at ease during the disaster recovery process. 5.2 Plans must be placed in action: We intend to have our CSIRT and Disaster Recovery teams conduct Disaster Scenarios quarterly over weekend retreats. This will allow us to discover different possible exploits in our system as well as practice correct responses to multiple disaster scenarios. Along with quarterly retreats, we intend to have employees participate in Bi-Annual drills in order to verify competence in the instance of compromised data. 5.3 Plans must be updated: Along with practice of various disaster response scenarios, we intend to use these retreats in order to research how technology may have updated since our last retreat. Data of updated technology will also be collected during the time in between Scenario Retreats that will be able to use to hit the ground running when it is time to practice disaster scenarios.
8 Along with outside attacks, if a natural disaster is more likely to occur within that year (Hurricane moving through area, Wildfires spreading nearby) we will update our plans to focus more on the possibilities of these issues as well as conduct emergency DRP training sessions to make sure we are prepared for not only any situation, but natural disasters that have a tendency to occur more than others during that year. 6.0 Enforcement: It is mandatory for every employee to participate in the Disaster Prevention Plan that is required of them, whether it be a scenario for CSIRT, Disaster Recovery Team or employees as well as actual Disaster Response Plans. During scenarios, is a responsible personal does not fulfill their duties, they will be given one formal warning. If they fail at their duties a second time, they will be terminated from their position. During an actual disaster, if a responsible personal does not fulfill their duties they will be terminated automatically and without warning. If the person being terminated feels they had probable cause, they have the right to schedule a trial to plead their case to the Board of Directors. If the Board of Directors found the reason they could not fulfill their duties acceptable, the employee in question will be granted their title back. If not, the process of their termination will continue and conclude. 7.0 Definitions To Know Disaster– an event that if occurs, can have the potential to deal a great amount of damage, likely halting company production and initiating the company’s Disaster Recovery Plan. (See Section 2.0 Disaster Recovery Overview)
9 DisasterRecovery Plan – an ordered guide designed by a company providing steps for dealing with the damage caused by a disaster. (See Section 3.0 Purpose) Data – essential information the company holds varying depending on what business is practiced. It is the centerfold of recovery during response plans. (See Section 5.1 Contingency Plan) Scope – the extent of the area or subject matter that something deals with or to which it is relevant. (See Section 4.0 Scope) CSIRT – Computer Security Incident Response Team; A team that will be notified at the initial sign of an incident and will provide management of data through the backing up of files to be used at a later time. (See Section 5.1 Contingency Plan – Computer Emergency Response) DisasterRecovery Team – team of specified individuals who will take an initial assessment of damage and work throughout the guidelines in this plan to come to a solution in the event of a disaster. (See Section 5.1 Contingency Plan – Data Study) Scenario – an outline of entrances, exits and actions taken during specified events. (See Section 5.2 Plans Must Be Put into Action) Mandatory – required by rule or law (See Section 6.0 Enforcement) Plausible Cause – having a valid or credible excuse as to why a situation has occurred. (See section 6.0 Enforcement)
10 8.0 RevisionHistory 11/12/13 – Initial conception of DRP 11/14/13 – Follow-up and Finalizing Sections 11/15/13 – Proofing, Table of Contents

Recommended

Disaster recovery plan sample 2
Disaster recovery plan sample 2Disaster recovery plan sample 2
Disaster recovery plan sample 2
AbenetAsmellash
 
Cd and-power-disaster-recovery-plan
Cd and-power-disaster-recovery-planCd and-power-disaster-recovery-plan
Cd and-power-disaster-recovery-plan
gotpowerinc
 
ESG Lab Validation Report: Achieving Best Practices for Virtual Machine Backu...
ESG Lab Validation Report: Achieving Best Practices for Virtual Machine Backu...ESG Lab Validation Report: Achieving Best Practices for Virtual Machine Backu...
ESG Lab Validation Report: Achieving Best Practices for Virtual Machine Backu...
Symantec
 
Disaster Management - Technical
Disaster Management - TechnicalDisaster Management - Technical
Disaster Management - Technical
Nishant Mevawala
 
Contingency Planning Guide
Contingency Planning GuideContingency Planning Guide
Contingency Planning Guide
rlynes
 
Awake Institute Scientific Study 3-20-15
Awake Institute Scientific Study 3-20-15Awake Institute Scientific Study 3-20-15
Awake Institute Scientific Study 3-20-15
Carol Setters
 
Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERT
Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERTNursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERT
Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERT
David Sweigert
 
Disaster plan
Disaster planDisaster plan
Disaster plan
BookStoreLib
 

Recommended

Disaster recovery plan sample 2
Disaster recovery plan sample 2Disaster recovery plan sample 2
Disaster recovery plan sample 2
AbenetAsmellash
 
Cd and-power-disaster-recovery-plan
Cd and-power-disaster-recovery-planCd and-power-disaster-recovery-plan
Cd and-power-disaster-recovery-plan
gotpowerinc
 
ESG Lab Validation Report: Achieving Best Practices for Virtual Machine Backu...
ESG Lab Validation Report: Achieving Best Practices for Virtual Machine Backu...ESG Lab Validation Report: Achieving Best Practices for Virtual Machine Backu...
ESG Lab Validation Report: Achieving Best Practices for Virtual Machine Backu...
Symantec
 
Disaster Management - Technical
Disaster Management - TechnicalDisaster Management - Technical
Disaster Management - Technical
Nishant Mevawala
 
Contingency Planning Guide
Contingency Planning GuideContingency Planning Guide
Contingency Planning Guide
rlynes
 
Awake Institute Scientific Study 3-20-15
Awake Institute Scientific Study 3-20-15Awake Institute Scientific Study 3-20-15
Awake Institute Scientific Study 3-20-15
Carol Setters
 
Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERT
Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERTNursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERT
Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERT
David Sweigert
 
Disaster plan
Disaster planDisaster plan
Disaster plan
BookStoreLib
 
7 deadly sins of backup and recovery
7 deadly sins of backup and recovery7 deadly sins of backup and recovery
7 deadly sins of backup and recovery
geekmodeboy
 
Business continuity at_northrop_grumman
Business continuity at_northrop_grummanBusiness continuity at_northrop_grumman
Business continuity at_northrop_grumman
Anshuman Jaiswal
 
Contingency Planning And Disaster Recovery Planning
Contingency Planning And Disaster Recovery PlanningContingency Planning And Disaster Recovery Planning
Contingency Planning And Disaster Recovery Planning
mmohamme1124
 
Pertemuan 15 disaster recovery plan
Pertemuan 15 disaster recovery planPertemuan 15 disaster recovery plan
Pertemuan 15 disaster recovery plan
newbie2019
 
Experion Data Breach Response Excerpts
Experion Data Breach Response ExcerptsExperion Data Breach Response Excerpts
Experion Data Breach Response Excerpts
Peter Henley
 
Disaster Recovery Plan
Disaster Recovery PlanDisaster Recovery Plan
Disaster Recovery Plan
Indeevari Ramanayake
 
Tugas matematika buku kalkulus
Tugas matematika buku kalkulusTugas matematika buku kalkulus
Tugas matematika buku kalkulus
pratama_33
 
Migracja z Drupal 6 PressFlow do WordPress 4
Migracja z Drupal 6 PressFlow do WordPress 4Migracja z Drupal 6 PressFlow do WordPress 4
Migracja z Drupal 6 PressFlow do WordPress 4
Dawid Rzepczynski
 
BUSN 3130 F2015-W.E. REV2 Job Manual
BUSN 3130 F2015-W.E. REV2 Job ManualBUSN 3130 F2015-W.E. REV2 Job Manual
BUSN 3130 F2015-W.E. REV2 Job Manual
Michael Valenti
 
Tugas 1 Matematika Semester 3
Tugas 1 Matematika Semester 3Tugas 1 Matematika Semester 3
Tugas 1 Matematika Semester 3
gundul28
 
Tugas MATEMATIKA BAB 4
Tugas MATEMATIKA BAB 4Tugas MATEMATIKA BAB 4
Tugas MATEMATIKA BAB 4
gundul28
 
Alfresco - Entreprise numérique et rétention des données - Fedisa
Alfresco - Entreprise numérique et rétention des données - FedisaAlfresco - Entreprise numérique et rétention des données - Fedisa
Alfresco - Entreprise numérique et rétention des données - Fedisa
Bassem ASSEH
 
ALUPANEL MIROIR
ALUPANEL MIROIRALUPANEL MIROIR
ALUPANEL MIROIR
TendanceMiroir
 
Evolución humana (versión extendida)
Evolución humana (versión extendida)Evolución humana (versión extendida)
Evolución humana (versión extendida)
Departamento de Ciencias Naturales.- IES Alpajés
 
Katalog BPK Gunung Mulia 2016
Katalog BPK Gunung Mulia 2016Katalog BPK Gunung Mulia 2016
Katalog BPK Gunung Mulia 2016
bpkgunungmulia
 
Planning for contingencies
Planning for contingenciesPlanning for contingencies
Planning for contingencies
Hassanein Alwan
 
Contingency Plan WAK BANKS ATM
Contingency Plan WAK BANKS ATMContingency Plan WAK BANKS ATM
Contingency Plan WAK BANKS ATM
Wajahat Ali Khan
 
ISOL 533 - Information Security and Risk Management DIS.docx
ISOL 533 - Information Security and Risk Management DIS.docxISOL 533 - Information Security and Risk Management DIS.docx
ISOL 533 - Information Security and Risk Management DIS.docx
vrickens
 
RUNNING HEADER Disaster Recovery Plan Information and Documentat.docx
RUNNING HEADER Disaster Recovery Plan Information and Documentat.docxRUNNING HEADER Disaster Recovery Plan Information and Documentat.docx
RUNNING HEADER Disaster Recovery Plan Information and Documentat.docx
anhlodge
 
Disaster Recovery Policy
Disaster Recovery PolicyDisaster Recovery Policy
Disaster Recovery Policy
Continuity Control
 
Microsoft Whitepaper: Disaster Preparedness Guide
Microsoft Whitepaper: Disaster Preparedness GuideMicrosoft Whitepaper: Disaster Preparedness Guide
Microsoft Whitepaper: Disaster Preparedness Guide
DWP Information Architects Inc.
 
Information Technology Disaster Planning
Information Technology Disaster PlanningInformation Technology Disaster Planning
Information Technology Disaster Planning
guest340570
 

More Related Content

What's hot

7 deadly sins of backup and recovery
7 deadly sins of backup and recovery7 deadly sins of backup and recovery
7 deadly sins of backup and recovery
geekmodeboy
 
Business continuity at_northrop_grumman
Business continuity at_northrop_grummanBusiness continuity at_northrop_grumman
Business continuity at_northrop_grumman
Anshuman Jaiswal
 
Contingency Planning And Disaster Recovery Planning
Contingency Planning And Disaster Recovery PlanningContingency Planning And Disaster Recovery Planning
Contingency Planning And Disaster Recovery Planning
mmohamme1124
 

What's hot (6)

7 deadly sins of backup and recovery
7 deadly sins of backup and recovery7 deadly sins of backup and recovery
7 deadly sins of backup and recovery
 
Business continuity at_northrop_grumman
Business continuity at_northrop_grummanBusiness continuity at_northrop_grumman
Business continuity at_northrop_grumman
 
Contingency Planning And Disaster Recovery Planning
Contingency Planning And Disaster Recovery PlanningContingency Planning And Disaster Recovery Planning
Contingency Planning And Disaster Recovery Planning
 
Pertemuan 15 disaster recovery plan
Pertemuan 15 disaster recovery planPertemuan 15 disaster recovery plan
Pertemuan 15 disaster recovery plan
 
Experion Data Breach Response Excerpts
Experion Data Breach Response ExcerptsExperion Data Breach Response Excerpts
Experion Data Breach Response Excerpts
 
Disaster Recovery Plan
Disaster Recovery PlanDisaster Recovery Plan
Disaster Recovery Plan
 

Viewers also liked

BUSN 3130 F2015-W.E. REV2 Job Manual
BUSN 3130 F2015-W.E. REV2 Job ManualBUSN 3130 F2015-W.E. REV2 Job Manual
BUSN 3130 F2015-W.E. REV2 Job Manual
Michael Valenti
 
Tugas 1 Matematika Semester 3
Tugas 1 Matematika Semester 3Tugas 1 Matematika Semester 3
Tugas 1 Matematika Semester 3
gundul28
 

Viewers also liked (9)

Tugas matematika buku kalkulus
Tugas matematika buku kalkulusTugas matematika buku kalkulus
Tugas matematika buku kalkulus
 
Migracja z Drupal 6 PressFlow do WordPress 4
Migracja z Drupal 6 PressFlow do WordPress 4Migracja z Drupal 6 PressFlow do WordPress 4
Migracja z Drupal 6 PressFlow do WordPress 4
 
BUSN 3130 F2015-W.E. REV2 Job Manual
BUSN 3130 F2015-W.E. REV2 Job ManualBUSN 3130 F2015-W.E. REV2 Job Manual
BUSN 3130 F2015-W.E. REV2 Job Manual
 
Tugas 1 Matematika Semester 3
Tugas 1 Matematika Semester 3Tugas 1 Matematika Semester 3
Tugas 1 Matematika Semester 3
 
Tugas MATEMATIKA BAB 4
Tugas MATEMATIKA BAB 4Tugas MATEMATIKA BAB 4
Tugas MATEMATIKA BAB 4
 
Alfresco - Entreprise numérique et rétention des données - Fedisa
Alfresco - Entreprise numérique et rétention des données - FedisaAlfresco - Entreprise numérique et rétention des données - Fedisa
Alfresco - Entreprise numérique et rétention des données - Fedisa
 
ALUPANEL MIROIR
ALUPANEL MIROIRALUPANEL MIROIR
ALUPANEL MIROIR
 
Evolución humana (versión extendida)
Evolución humana (versión extendida)Evolución humana (versión extendida)
Evolución humana (versión extendida)
 
Katalog BPK Gunung Mulia 2016
Katalog BPK Gunung Mulia 2016Katalog BPK Gunung Mulia 2016
Katalog BPK Gunung Mulia 2016
 

Similar to IT4215-Info SecurityGroup-2-Disaster-Recovery-Plan-Final

Contingency Plan WAK BANKS ATM
Contingency Plan WAK BANKS ATMContingency Plan WAK BANKS ATM
Contingency Plan WAK BANKS ATM
Wajahat Ali Khan
 
ISOL 533 - Information Security and Risk Management DIS.docx
ISOL 533 - Information Security and Risk Management DIS.docxISOL 533 - Information Security and Risk Management DIS.docx
ISOL 533 - Information Security and Risk Management DIS.docx
vrickens
 
RUNNING HEADER Disaster Recovery Plan Information and Documentat.docx
RUNNING HEADER Disaster Recovery Plan Information and Documentat.docxRUNNING HEADER Disaster Recovery Plan Information and Documentat.docx
RUNNING HEADER Disaster Recovery Plan Information and Documentat.docx
anhlodge
 
Information Technology Disaster Planning
Information Technology Disaster PlanningInformation Technology Disaster Planning
Information Technology Disaster Planning
guest340570
 
E’s Data Security Company Strategic Security Plan – 2015.docx
E’s Data Security Company Strategic Security Plan – 2015.docxE’s Data Security Company Strategic Security Plan – 2015.docx
E’s Data Security Company Strategic Security Plan – 2015.docx
mydrynan
 
1Running head DISASTER RECOVERY PLAN2DISASTER RECOVERY PLAN.docx
1Running head DISASTER RECOVERY PLAN2DISASTER RECOVERY PLAN.docx1Running head DISASTER RECOVERY PLAN2DISASTER RECOVERY PLAN.docx
1Running head DISASTER RECOVERY PLAN2DISASTER RECOVERY PLAN.docx
felicidaddinwoodie
 
Generic_Sample_incidentresponseplanIRP_ISS_2016
Generic_Sample_incidentresponseplanIRP_ISS_2016Generic_Sample_incidentresponseplanIRP_ISS_2016
Generic_Sample_incidentresponseplanIRP_ISS_2016
Samuel Loomis
 
Kept up by Potential IT Disasters? Your Guide to Disaster Recovery as a Servi...
Kept up by Potential IT Disasters? Your Guide to Disaster Recovery as a Servi...Kept up by Potential IT Disasters? Your Guide to Disaster Recovery as a Servi...
Kept up by Potential IT Disasters? Your Guide to Disaster Recovery as a Servi...
VAST
 
Gillaspie Melvin 13-1 Continuity Plan
Gillaspie Melvin 13-1 Continuity PlanGillaspie Melvin 13-1 Continuity Plan
Gillaspie Melvin 13-1 Continuity Plan
Sammie Gillaspie
 

Similar to IT4215-Info SecurityGroup-2-Disaster-Recovery-Plan-Final (20)

Planning for contingencies
Planning for contingenciesPlanning for contingencies
Planning for contingencies
 
Contingency Plan WAK BANKS ATM
Contingency Plan WAK BANKS ATMContingency Plan WAK BANKS ATM
Contingency Plan WAK BANKS ATM
 
ISOL 533 - Information Security and Risk Management DIS.docx
ISOL 533 - Information Security and Risk Management DIS.docxISOL 533 - Information Security and Risk Management DIS.docx
ISOL 533 - Information Security and Risk Management DIS.docx
 
RUNNING HEADER Disaster Recovery Plan Information and Documentat.docx
RUNNING HEADER Disaster Recovery Plan Information and Documentat.docxRUNNING HEADER Disaster Recovery Plan Information and Documentat.docx
RUNNING HEADER Disaster Recovery Plan Information and Documentat.docx
 
Disaster Recovery Policy
Disaster Recovery PolicyDisaster Recovery Policy
Disaster Recovery Policy
 
Microsoft Whitepaper: Disaster Preparedness Guide
Microsoft Whitepaper: Disaster Preparedness GuideMicrosoft Whitepaper: Disaster Preparedness Guide
Microsoft Whitepaper: Disaster Preparedness Guide
 
Information Technology Disaster Planning
Information Technology Disaster PlanningInformation Technology Disaster Planning
Information Technology Disaster Planning
 
E’s Data Security Company Strategic Security Plan – 2015.docx
E’s Data Security Company Strategic Security Plan – 2015.docxE’s Data Security Company Strategic Security Plan – 2015.docx
E’s Data Security Company Strategic Security Plan – 2015.docx
 
Immaculate Conception Shelter Crisis Communications Plan
Immaculate Conception Shelter Crisis Communications PlanImmaculate Conception Shelter Crisis Communications Plan
Immaculate Conception Shelter Crisis Communications Plan
 
Aon Global Rapid Response
Aon Global Rapid ResponseAon Global Rapid Response
Aon Global Rapid Response
 
Aon Global Rapid Response
Aon Global Rapid ResponseAon Global Rapid Response
Aon Global Rapid Response
 
1Running head DISASTER RECOVERY PLAN2DISASTER RECOVERY PLAN.docx
1Running head DISASTER RECOVERY PLAN2DISASTER RECOVERY PLAN.docx1Running head DISASTER RECOVERY PLAN2DISASTER RECOVERY PLAN.docx
1Running head DISASTER RECOVERY PLAN2DISASTER RECOVERY PLAN.docx
 
Business continuity plan
Business continuity planBusiness continuity plan
Business continuity plan
 
Generic_Sample_incidentresponseplanIRP_ISS_2016
Generic_Sample_incidentresponseplanIRP_ISS_2016Generic_Sample_incidentresponseplanIRP_ISS_2016
Generic_Sample_incidentresponseplanIRP_ISS_2016
 
How to Make an Effective Cloud Disaster Recovery Strategy.pdf
How to Make an Effective Cloud Disaster Recovery Strategy.pdfHow to Make an Effective Cloud Disaster Recovery Strategy.pdf
How to Make an Effective Cloud Disaster Recovery Strategy.pdf
 
Incident managment plan
Incident managment planIncident managment plan
Incident managment plan
 
Sample Incident Response Plan
Sample Incident Response PlanSample Incident Response Plan
Sample Incident Response Plan
 
Kept up by Potential IT Disasters? Your Guide to Disaster Recovery as a Servi...
Kept up by Potential IT Disasters? Your Guide to Disaster Recovery as a Servi...Kept up by Potential IT Disasters? Your Guide to Disaster Recovery as a Servi...
Kept up by Potential IT Disasters? Your Guide to Disaster Recovery as a Servi...
 
Information system managment disaster recovery
Information system managment disaster recoveryInformation system managment disaster recovery
Information system managment disaster recovery
 
Gillaspie Melvin 13-1 Continuity Plan
Gillaspie Melvin 13-1 Continuity PlanGillaspie Melvin 13-1 Continuity Plan
Gillaspie Melvin 13-1 Continuity Plan
 

IT4215-Info SecurityGroup-2-Disaster-Recovery-Plan-Final

  • 1. Totally Not Amazon Group 2 Disaster Recovery Plan Information Security November 18th, 2013 By Andrew Ford, Ryan Mayer, Michael Valenti and Elijah Washburn
  • 2. 2 Totally Not Amazon Table of Contents 1.0 Company Overview ………………………………………………………………………….3 2.0 Disaster Recovery Overview..……………………………………………………………......3 3.0 Purpose………………………………………………………………………………….........3 4.0 Scope...……………………………………………………………………………………….3 4.1 A Who’s Involved…………………………………………………………………….3 4.1 B What’s Involved…………………………………………………………………....4 4.2 Equipment Involved…………………………………………………………………..4 5.0 Policy.……………………………………………………………………………………….4 5.1 Contingency Plan…..………………………………………………………………...4 Computer Emergency Response……………………………………………………..4 Succession Plan………………………………………………………………………5 Data Study……………………………………………………………………………5 Criticality of Service List…………………………………………………………….6 Data Backup and Restoration Plan…………………………………………………...6 Equipment Replacement Plan………….……………………………………………..6 Mass Media Management……………….……………………………………………7 5.2 Plans Must Be Put Into Action………………………………………………………..7 5.3 Plans Must Be Updated………...………………………………………………….….7 6.0 Enforcement………………………………………………………………………………...8 7.0 Definitions…………………………………………………………………………………..8 8.0 Revision History…………………………………………………………………………..10
  • 3. 3 1.0 Company Overview Totally Not Amazon is an online retailer; we process customer orders and ship products from various warehouse locations. Our Server Data includes customer information such as names, addresses and credit card information. We also carry vendor information such as products and quantity in stock. Our data is very valuable and requires us to keep a constant backup in an offsite location in case of emergency. 2.0 DisasterRecoveryOverview A disaster is an event that has a remarkable impact on data or working business operations. An incident no matter the size can bring the company into debt as well as deface our company image, which can lead to lost clients and impact the amount of sales we can gain in the future. Client confidentiality and data protection are held at a high standard. We want to be sure at any given time we are able to recover data without loss from clients for any reason. 3.0 Purpose It is always important for each member of our company to be on the same page in the event of a disaster. It will help everyone to restore the company to working order in a timely, organized fashion. 4.0 Scope 4.1 A Who’s Involved? In the event of a disaster, the personal directly involved in getting the company back on track would include the CIO and CISO as well as the
  • 4. 4 Network Administrator and Database Administrator based on the specifics of the disaster. These people will be highly for the recovery of the disaster and to bring both our Networks and Databases back up to working order. 4.1 B What’s Involved? Along with those responsible for taking action against a disaster, other personal are to be informed of the situations occurring within the company. These people include The CEO, Board of Directors, all network users as well as all employees and clients. Even though we have specified roles dealing with a disaster, we want everyone involved with the company who may not be directly involved in disaster recovery to be aware of the situation and that we are working towards a solution. 4.2 Equipment Involved Depending on the severity of the disaster and client / employee involvement, involved items can include but are not limited to:  Servers and Server Data  Personal Data  Laptops / Desktops  Workstations  Wireless Devices that are attached to the Companies Network 5.0 Policy 5.1 Contingency Plan 1. Computer Emergency Response:In the event that the company’s network becomes inaccessible or compromised, the Computer Emergency Response goes
  • 5. 5 into effect. The companies CSIRT (Computer Security Incident Response Team) will be notified of the situation, outside connections will be terminated, and immediate backup of current data will be created to be analyzed and compared to backup server data from an offsite location. 2. Succession Plan: First step towards recovery would be to collect the data from the CSIRT. Immediately followed by equipment and data loss / damage analysis. After we know how much damage has been done, we will inform employees, clients and all other important personal of the situation and how we are acting towards a solution. 3. Data Study: Taking the current data collected after the disaster has occurred, we will compare it to backup data collected from an offsite location. This will give our Disaster Recovery Team a better idea of the data that was lost after the disaster as well as what needs to be done to ensure it doesn’t happen again. In the case of an outside attacker, this includes patching any vulnerability that might have been exploited and making mandatory password changes for all network users. In the event of a natural disaster, our Recovery Team will complete an assessment of data and equipment damaged. Depending on the severity of the damage, we will decide what data and equipment need to be replaced during the Data Back and Restoration Plan as well as the Equipment Replacement Plan.
  • 6. 6 4. Criticality of Service List: The following services are ranked upon criticality and priority. These issues are to be dealt with in descending order, providing client restoration above all else:  Client Data Restoration  Critical Business Data Restoration  Server Hardware  Employee Data  Employee Workstations and Equipment Restoration 5. Data Backup and Restoration Plan: After comparing current data from the disaster location to the backup data from an offsite location, clients will be informed of the data lost and we will begin restoring data from the backup servers from our offsite location. All missing files will be replaced with a backup copy. After clients are taken care of, we will begin the process again with employee data. 6. Equipment Replacement Plan: After the initial assessment of physical data and equipment damage during the Data Study, we will begin to replace any lost or damaged equipment. We will remove the old, damaged equipment and begin installing new equipment to our original location when the damage has been repaired or lessened to the point where we can begin moving back in.
  • 7. 7 7. Mass Media Management: After the Emergency Response Team has been contacted; we will release a statement to the public of our situation. We will be ahead of any news outlets, being honest to what has happened. Even if the damage is severe, we will be the ones giving the information of when issues occur and at which point we are in resolving the problem. This will ultimately benefit the company’s image. We will continue updating as events unfold and as we progress throughout response plan in order to make our clients, employees and the general public feel at ease during the disaster recovery process. 5.2 Plans must be placed in action: We intend to have our CSIRT and Disaster Recovery teams conduct Disaster Scenarios quarterly over weekend retreats. This will allow us to discover different possible exploits in our system as well as practice correct responses to multiple disaster scenarios. Along with quarterly retreats, we intend to have employees participate in Bi-Annual drills in order to verify competence in the instance of compromised data. 5.3 Plans must be updated: Along with practice of various disaster response scenarios, we intend to use these retreats in order to research how technology may have updated since our last retreat. Data of updated technology will also be collected during the time in between Scenario Retreats that will be able to use to hit the ground running when it is time to practice disaster scenarios.
  • 8. 8 Along with outside attacks, if a natural disaster is more likely to occur within that year (Hurricane moving through area, Wildfires spreading nearby) we will update our plans to focus more on the possibilities of these issues as well as conduct emergency DRP training sessions to make sure we are prepared for not only any situation, but natural disasters that have a tendency to occur more than others during that year. 6.0 Enforcement: It is mandatory for every employee to participate in the Disaster Prevention Plan that is required of them, whether it be a scenario for CSIRT, Disaster Recovery Team or employees as well as actual Disaster Response Plans. During scenarios, is a responsible personal does not fulfill their duties, they will be given one formal warning. If they fail at their duties a second time, they will be terminated from their position. During an actual disaster, if a responsible personal does not fulfill their duties they will be terminated automatically and without warning. If the person being terminated feels they had probable cause, they have the right to schedule a trial to plead their case to the Board of Directors. If the Board of Directors found the reason they could not fulfill their duties acceptable, the employee in question will be granted their title back. If not, the process of their termination will continue and conclude. 7.0 Definitions To Know Disaster– an event that if occurs, can have the potential to deal a great amount of damage, likely halting company production and initiating the company’s Disaster Recovery Plan. (See Section 2.0 Disaster Recovery Overview)
  • 9. 9 DisasterRecovery Plan – an ordered guide designed by a company providing steps for dealing with the damage caused by a disaster. (See Section 3.0 Purpose) Data – essential information the company holds varying depending on what business is practiced. It is the centerfold of recovery during response plans. (See Section 5.1 Contingency Plan) Scope – the extent of the area or subject matter that something deals with or to which it is relevant. (See Section 4.0 Scope) CSIRT – Computer Security Incident Response Team; A team that will be notified at the initial sign of an incident and will provide management of data through the backing up of files to be used at a later time. (See Section 5.1 Contingency Plan – Computer Emergency Response) DisasterRecovery Team – team of specified individuals who will take an initial assessment of damage and work throughout the guidelines in this plan to come to a solution in the event of a disaster. (See Section 5.1 Contingency Plan – Data Study) Scenario – an outline of entrances, exits and actions taken during specified events. (See Section 5.2 Plans Must Be Put into Action) Mandatory – required by rule or law (See Section 6.0 Enforcement) Plausible Cause – having a valid or credible excuse as to why a situation has occurred. (See section 6.0 Enforcement)
  • 10. 10 8.0 RevisionHistory 11/12/13 – Initial conception of DRP 11/14/13 – Follow-up and Finalizing Sections 11/15/13 – Proofing, Table of Contents