Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

MISO L008 Disaster Recovery Plan


Published on

Published in: Business
  • Be the first to comment

  • Be the first to like this

MISO L008 Disaster Recovery Plan

  1. 1. ManagementInformation Systemsin Organizations<br />DISASTER<br />RECOVERY PLAN<br />Prepared by: Jan Wong<br />
  2. 2. The Learning Outcomes<br />At the end of this session you should be able to:<br />the importance ofdisaster recovery in an organization<br />EXAMINE<br />the steps in risk management approach<br />DESCRIBE<br />backup systems and system recovery<br />DISCUSS<br />
  3. 3. Danger<br />Jeopardy<br />Threat<br />RISKS<br />Peril<br />Menace<br />Hazard<br />
  4. 4. Thinking about risk<br /><ul><li>Chance (probability) of something happening
  5. 5. Impact (cost) if it happens</li></ul>Is it possible to protect against every risk?<br />What is RISK?<br />“The chance of a negative outcome”<br />
  6. 6. A risk-management approachhelps <br />identify threats and <br />select cost-effective security measures.<br />Risk-management analysis can be enhanced by the use of DSS software packages. <br />Calculations can be used to compare the expected loss with the cost of preventing it. <br />A business continuity planoutlines the process in which businesses should recover from a major disaster<br />Risk ManagementApproach<br />“What is it all about?”<br />
  7. 7. What are the STEPS in RISK MGMT.?<br />
  8. 8. STEP 1:<br />Determine the value and importance of assets<br />Infrastructure: hardware, networks, security environment itself<br />Software environment<br />Staff<br />Cost of replacement<br />Cost of loss of use<br />Assessment of assets<br />
  9. 9. STEP 2:<br />List all potential threats<br />Review the current protection/controls system<br />Record weaknesses in the current protection system in view of all the potential threats<br />Vulnerability of assets<br />
  10. 10. STEP 3:<br />Assess the probability of damage<br />Specify the tangible and intangible losses that may result<br />Loss analysis<br />
  11. 11. STEP 4:<br />Provide a description of available controls that should be considered – general, application, network etc<br />Probability of successful defense<br />The cost<br />Protection analysis<br />
  12. 12. STEP 5:<br />Compare cost and benefits<br />Decide on which controls to install<br />Cost Benefit Analysis<br />
  13. 13. Intended to:<br />Prevent accidental hazards<br />Deter intentional acts<br />Detect problems ASAP<br />Enhance damage recovery<br />Correct problems comprehensively<br />Controls to Mitigate Risk<br />
  14. 14. Increasing the Reliability of Systems<br />Fault tolerance to keep the information systems working, even if some parts fail. <br />Intelligent Systems for <br />Early Detection of problems<br />Detecting intrusion<br />IT Security in the 21st Security<br />
  15. 15. Why do we need to back up systems?<br />Because systems fail<br />Impact <br />From minor irritation to business closedown<br />Back up system to: <br />Periodic in Local storage<br />Periodic in Remote storage<br />Mirror site – local<br />Mirror site – distant<br />Withstand fault tolerance<br />Backing-up Systems<br />
  16. 16. System Disaster – it happens!<br />Think about:<br />Loss of power<br />Cyber crime<br />Traumatic damage<br />Hardware failure<br />Statutory Requirement<br />
  17. 17. System Recovery and Business Continuity<br />Is there a relationship between the two?<br />Here are some key thoughts about disaster recovery by Knoll (1986):<br />The purpose of a recovery plan is to keep the business running after a disaster occurs<br />Recovery planning is part of asset protection<br />Planning should focus first on recovery from a total loss of all capabilities<br />
  18. 18. How to ensure that the recovery system works<br />Proof of capability usually involves some kind of what-if analysis that shows that the recovery plan is current<br />All critical applications must be identified and their recovery procedures addressed in the plan<br />
  19. 19. Disaster Recovery Plan<br />In other words: BACK UP PROCEDURES<br />In the event of a major disaster it may be necessary to move to another back up location.<br />
  20. 20. Disaster Recovery Plan Considerations<br />Customers<br />Facilities<br />Communications<br />Infrastructure<br />Disaster <br />Recovery<br />Plan<br />Knowledge<br />Workers<br />Computer<br />Equipment<br />Business<br />Information<br />PGM<br />
  21. 21. Disaster Recovery Plan<br />HOT SITE VENDORS<br />External hot site vendors provide access to a fully configured back up data center.<br />Following the 1989 San Francisco earthquake Charles Schwab were up and running in New Jersey the following morning.<br />PGM<br />
  22. 22. Disaster Recovery Plan<br />COLD SITE VENDORS<br />Provide empty office space with special flooring, wiring and ventilation.<br />In an emergency the affected company moves its own or leased computers to the cold site.<br />These back up sites may work well for a company with centralised computing facilities but what can a company with a distributed network system do?<br />PGM<br />
  23. 23. Physical access control<br />Uninterrupted power supply (UPS)<br />Generator<br />Humidity control<br />Temperature control<br />Water Detector<br />Raised Floors<br />Fire Extinguisher <br />Alarm<br />Methods to Control & Secure I.S.<br />PGM<br />
  24. 24. THINGS TO TAKE NOTE OFF<br />Risk management approach (the 5 steps)<br />What are the different risk mitigation controls?<br />Types of back-up systems<br />What is a disaster recovery plan?<br />What should be considered in a disaster recovery plan?<br />
  25. 25. Managing System Security<br />
  26. 26. IT’S TIME FOR SOME DISCUSSIONS!<br />List and briefly describe the steps involved in risk analysis of controls.<br />Define and describe a disaster recovery plan.<br />What are “hot” and “cold” recovery sites?<br />Explain why risk management should involve the following elements: threats, exposure associated with each threat, risk of each threat occurring, and cost of controls, as well as assessment of their effectiveness.<br />Why should information control and security be a prime concern to management?<br />
  27. 27. IT’S TIME FOR ANIN-CLASS ACTIVITY!<br />Get into groups of 5-6 members<br />Using the Risk Management Approach (5-Steps), apply it to your company / one company of your choice as below:<br />GSC Cinemas Ticketing / Fashion Retail (brick-and-mortar) / IBM / Malaysian Airlines Ticketing / Hilton Hotel Reservation / Facebook<br />Suggest which Risk Mitigation Control should you implement and how it can help you mitigate your risk<br />Present your approach the class<br />
  28. 28. Coming soon… next class<br />ManagementInformation Systemsin Organizations<br />DISASTER<br />RECOVERY PLAN<br />What is a disaster recovery plan? How does it minimize risk?<br />