Business Continuity and Disaster Recovery

Chapter 8Part 2

Pages 914 to 945

Recovery Strategies

• Figure 8-4 on page 916

Recovery Strategies

• Maximum Tolerable Downtime (MTD)• Recovery Time Objective (RTO)– Acceptable downtime to avoid unacceptable

consequences• Work Recovery Time (WRT) – Restoring data, testing, making everything live

• Recovery Point Object (RPO)– Acceptable data loss

Recovery Strategies

• MTD, RTO, WRT, RPO help determine recovery solutions

• The are derived during BIA• “Let’s say a company has determined if it

cannot process order requests for 12 hours, the financial hit will be too large for it to survive.”

Recovery Strategies

• Figure 8-4 on page 916• Recovery Strategy Stages– Table 8-2 on page 917

• List on page 918

Recovery

• Nondisaster – Hard disk failure

• Disaster– Facility is unusable for a day or longer.– Usually requires restoration from offsite copies

• Catastrophe– Destruction of facility

Recovery

• Mean time between failures (MTBF)• Mean time to repair (MTTR)

Facility Recovery

• Hot site – fully configured and ready to run, expensive

• Warm site – Leased or rented, partially configured with infrastructure, but not computers

• Cold site – Leased or rented empty data center

Reciprocal agreement

• Company A and Company B agree to use each other ‘s facilities

• Most environment maxed out• Stress level of two companies sharing facilities• Mutual aid agreement – agree to help each

other in an emergency

Redundant Sites

• Site configure exactly like primary site• Most expensive backup option• If a company could lose a million dollars if it

were out of business for a few hours, the loss would override the cost of this option.

Facility Recovery

• Rolling hot site – back of large truck or trailer• Multiple processing centers– Throughout the world?– Move all processing in a matter of seconds.

Challenges

• Many organizations do not totally understand how their networks are configured

• Will images work on new computers?• Customized software from vendor when not

given source code.– What if vendor goes bankrupt– Software escrow

Documentation

• Recovery procedures need to be documented– How to install images, configure OS and servers,

install software– Who should be contacted

Human Resources

• If offsite facility is 250 miles away, how do we get people there and housed.

• Identify user requirements to carry out their job. Today we are extremely dependent on technology

• Executive Succession Plan– Loss of senior executive does not create

leadership vacuum

Backups

• Full backup – all data is backed up• Differential backup – All files that have

modified since last full backup• Incremental backup – all files that have been

modified since last full or incremental backup

Backups

• Critical data should be backed up and stored both at an onsite area and an offsite area.

• Make sure back ups can be properly restored.

Backup Solutions

• Data shadowing – duplicating hardware and maintaining more than one copy of the information. Maybe more than one disk for the image.

• Data mirroring – Mirrored disk• Multiple reads in parallel

Backup Solutions

• Electronic vaulting – If files are modified, periodically transmit them to an offsite backup. Once a hour, day, week, or month.

• Remote journaling – move transaction logs to offsite facility

Backup Solutions

• Asynchronous replication – Secondary data volumes are synched in seconds, hours or days.

• Synchronous replication – primary and secondary repositories are always in synch.

• Figure 8-7 on page 942

High Availability

• Hosting company’s SLA to get items fixed if it does go down.

• Example: Promise specific turnaround time for service interruption.

High Availability

• Fault tolerance– RAID disks • Parity data to rebuild disks

• Failover capability– Switch over to a working system

• Cluster of servers– Load balancing– Failover capability

Insurance

• Cyber insurance– Losses due to denial-of-service, malware, hackers,

etc.• Business interruption insurance– If the company is out of business for a certain

length of time, the insurance company will pay for specified expenses and lost earnings.