Teds Tremendous Toys Data Recovery Solution

220 views

Published on

My short paper recommending a disaster recovery solution for a bogus company.

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
220
On SlideShare
0
From Embeds
0
Number of Embeds
5
Actions
Shares
0
Downloads
1
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Teds Tremendous Toys Data Recovery Solution

  1. 1. Running head: TEDS TREMENDOUS TOYS 1 Bachelor in Information Technology Program Teds Tremendous Toys’ Information Security Solution: Disaster Recovery Wade Tatum
  2. 2. Running head: TEDS TREMENDOUS TOYS 2 Table of ContentsTable of Contents........................................................................................................................................ 2Introduction.................................................................................................................................................. 3Disaster Recovery....................................................................................................................................... 3 Information Assets..........................................................................................................3 Disaster Recovery Plan..................................................................................................4 Backup Plan................................................................................................................4 DRP Activation............................................................................................................6 Recovering a System.................................................................................................6 Testing the Plan..........................................................................................................7Summary..................................................................................................................................................... 7References.................................................................................................................................................. 8
  3. 3. Running head: TEDS TREMENDOUS TOYS 3 Introduction Securing Ted’s Toys IT network will require concentrating on several different areas. Oneimportant area is disaster recovery. Business continuity – the continued operations of a company inresponse to an incident or disaster – includes the discipline of disaster recovery. A disaster recoveryplan, or business continuity plan, as defined by Wold (n.d.) is “a comprehensive statement of consistentactions to be taken before, during, and after a disaster.” Business continuity and disaster recoveryplanning will be important steps for Ted’s Toys to ensure the security of its network and assets. SecureInc. has created a disaster recovery plan that addresses key issues and is based on the company’sbusiness needs. Within the plan, existing information assets are categorized and threats to those assetsare outlined. Disaster RecoveryInformation Assets Secure Inc. has performed a conscious examination of Ted’s Toys security situation. Part of theexamination process involves asset identification (Dulaney, 2009). Information assets can be generallydefined as data, records, programs, devices, network links, or any component of value to the organization(Wikipedia, 2011; Slade, 2006). Identified information assets, their categories, and some threats andrisks that can affect them are shown in Table 1. Natural disaster threats can include floods, tornados, etc.Human caused threats can be attacks (viruses and hacking), physical intrusion and sabotage, andemployee errors. General risks consist of fire, loss of electricity, and climate control loss (airconditioning).
  4. 4. Running head: TEDS TREMENDOUS TOYS 4 Asset Type Asset Threat/Risk Databases – customer data, employee data, and Natural disasters inventory. Data Human caused threats Paper records – policies General risks and procedures. Data backups Microsoft Office Operating systems Applications/Software Quicken Human caused threats Sales and inventory applications Servers Natural disasters Hardware Laptops/Desktops Human caused threats Wireless access points General risks Natural disasters Physical Infrastructure/ Cable runs (electrical and Human caused threats Wiring network) General risksTable 1: Information assets and threatsDisaster Recovery Plan Research shows that 1 out of 5 small to mid-sized businesses such as Ted’s Toys experience amajor disaster every 5 years (Venyu Solutions Inc., 2011). A comprehensive, proactive DRP will protectthe company’s assets. Some of the key issues, processes, and procedures to asses and implement aredeveloping a backup plan (to recover affected assets), activating the disaster recovery plan (DRP),returning to normal operations (reconstitution), and testing the plan (Cisco Systems, 2004). Backup Plan A backup plan – the agreed upon procedures for maintaining backups and archives of systemand user data – is an integral part of ensuring business continuity, integrity, and availability (Slade, 2006).Ultimately, developing a backup plan and maintaining backups will guard against a single point of failurefor Ted’s Toys network and assets. Several different options are available for performing backups andthey can be implemented with different software, hardware, and media combinations (Dean, 2010). Theoption that will be best for Ted’s Toys is one that, as Dean (2010) contends, is “an option that promises tomaximize data protection but reduce the time and cost associated with backups” (pg. 714). What mediaor storage option to use, when to perform backups, and what to back up are all aspects to consider.
  5. 5. Running head: TEDS TREMENDOUS TOYS 5 What storage option to utilize Secure Inc. recommends a multilayered storage scheme offered through the data protectionprovider Venyu Solutions Inc. Venyu is a data protection and availability solutions company with acombined 30 years of experience in ensuring business continuity (Venyu Solutions Inc., 2011). Venyuoffers online data backup services that provide offsite data protection in several redundant datacentersincluding one located under 85 feet of limestone rock in Springfield, MO. (Venyu Solutions Inc., 2011). Two different methods are proposed – onsite backup of working data and offsite backup forultimate disaster protection. The onsite backup is provided by Venyu in what is called a local vault – alocal copy of the most critical data. Onsite backups are proposed for immediate recovery in the event ofsystem crashes and hardware failures. Additionally, full system backups will be stored at Venyu’sdatacenters. To protect the integrity of Ted’s Toys’ data, the information is compressed and encryptedbefore being sent to the datacenters. Secure Inc. recommends Venyu’s trusted comprehensive services. This proposal will allow Ted’sToys to concentrate on its business goals without having to hire additional IT personnel and/or maintainan offsite storage facility. In a recent article announcing the opening of one of Venyus datacenters, acompany vice president stated, “we specialize in [data protection and backups] and can do it for usuallycheaper than they can even think about doing it” (Loftin, 2011). When to back up Utilizing Venyu’s services will eliminate the need to decide on when to back up Ted’s Toys’ data.Venyu will automatically back up all of the necessary data in a near continuous data protection (CDP)fashion. Every few seconds any data changes at the block-level will be saved. Another good aspect toconsider, as stated by Dean (2010), is, “where and for how long will backup media be stored” (pg. 713-714). Ted’s Toys should work with Venyu to ensure that data is kept for seven years. What to back up Copies and backups of important data and information assets should be kept safe. This willensure, in the event of any disaster, that business operations can be fully resumed. Dulaney (2009)explains that, “a backup plan identifies which information is to be stored … [and Ted’s Toys] must look at
  6. 6. Running head: TEDS TREMENDOUS TOYS 6the relative value of the information [retained].” Databases, user files, applications, and paper records (asoutlined in Table 1) are key categories on which to concentrate. The question of where will backup, recovery, and DRP documentation be stored should also beasked (Dean, 2010). All documentation pertaining to policies and procedures should be stored in fire,moisture, and pressure proofed storage containers for reasonable protection against minor disasters(Dulaney, 2009). Secure Inc. proposes that Ted’s Toys electronically scan these along with the mostimportant paper documents and archive them along with data backups. DRP Activation Stewart, Tittel, and Chapple (2008) state that “when a disaster interrupts your business, yourdisaster recovery plan should be able to kick in nearly automatically and begin providing support torecovery operations” (pg. 602). Part of activating the plan will be communicating the facts concerning thedamages and whether the DRP should be fully activated. Secure Inc. recommends that Ted’s Toys’departmental managers – warehousing, sales, and manufacturing – and Ted himself have access to theDRP documentation. All of these individuals should be empowered to the extent of requesting the backedup data from Venyu. In emergencies, DRP procedures should be accessible and documented in asystematic format without assuming or omitting any procedural steps (Cisco, 2004). Recovering a System Reconstituting, or recovering, the network and the system’s components includes “making surehardware is functioning, restoring or installing the operating systems, restoring or installing applications,and restoring data files” (Dulaney, 2009). In the case of utilizing the recommended onsite incrementalbackups, the process will be transferring lost data or applications to new systems. Accessing the backedup data whether through a local back up or Venyu Inc. should be a structured and monitored process.This portion of the DRP will also consist of such steps as (Cisco Systems, 2004): • Verifying Ted’s Toys site is free from aftereffects of the disaster and that there are no further threats • Ensuring infrastructure services power, telecommunications, environmental controls, office equipment, and supplies are operational • Testing system operations to ensure full functionality
  7. 7. Running head: TEDS TREMENDOUS TOYS 7 Testing the Plan An initial test of the DRP utilizing a mock walk-through will present any additional informationconcerning missing steps, ineffective procedures, or other changes needed to create an efficient plan(Wold, n.d.). After the plan is finalized, Secure Inc. proposes that Ted and his managerial staff perform astructured scenario based walk-through twice yearly. In the role-playing exercises, the staff is presentedwith scenarios and then consults the DRP for approved actions (Stewart, Tittel, & Chapple, 2008). Thisprocess allows the staff to learn to assess the situation, respond appropriately, and contact the correctindividuals (including Venyu) Summary Given the severity and frequency of recent disasters including hurricane Katrina, devastatingearthquakes, and tornado outbreaks, recovery and reconstitution of Ted’s Toys’ critical data is animportant business continuity discipline to address. The DRP outlined by Secure Inc. concentrates on theassets to protect, the backup plan and its components, plan testing, and the basic process of activatingand utilizing the plan. The growth of Ted’s business has increased the effects of information asset lossand the proposed DRP enables Ted’s Toys to protect assets in a proactive way.
  8. 8. Running head: TEDS TREMENDOUS TOYS 8 ReferencesAsset (computer security). (2011, February 1). In Wikipedia, The Free Encyclopedia. Retrieved May 26, 2011, from http://en.wikipedia.org/w/index.php? title=Asset_(computer_security)&oldid=411449384Cisco Systems. (2004). Disaster recovery: Best practices white paper [Document ID: 15118]. Retrieved from http://www.cisco.com/en/US/technologies/collateral/tk869/tk769/white_paper_c11- 453495.pdfDean, T. (2010). Network+ guide to networks (5th ed.). Boston, MA: Thompson Course Technology.Loftin J. (2011, May 27). Officials cut ribbon for IT data protection company. Bossierpress.com. Retrieved from http://www.bossierpress.com/index.php? option=com_content&view=article&id=3351:officials-cut-ribbon-for-it-data-protection- company&catid=1:local-news&Itemid=134Slade, R. (2006). Dictionary of information security. Rockland, MA, USA: Syngress. http://site.ebrary.com.library.capella.edu/lib/capella/Doc?id=10142562&ppg=152Stewart, J. M., Tittel, E., & Chapple, M. (2008). CISSP: certified information systems security professional study guide (4th ed.). Indianapolis, IN.: Wiley Publishing Inc.Wold, J. (n.d.). Disaster recovery planning process. Disaster Recovery Journal, 5(1) . Retrieved from http://www.drj.com/new2dr/w2_002.htm

×