ITS 4910 - Information Trends/Research and Design Project


Module 12

This lesson presents some background on week twelve. Objectives important to this lesson:

  1. What is this week about?
  2. Current assignments

Concepts:

The assignment for this week says to create an epic Disaster Recovery Plan. The list of features is not very useful because it asks for complete works of fiction based on the hypothetical employees of the enterprise whose plan you are writing.

In ITS 4350, we saw some relevant statistics:

  • 90% of companies having a data center disruption lasting 10 days or more go into bankruptcy
  • 40% of companies that have disasters never reopen
  • 30% of companies that have disasters fail within two years

The three statistics above should tell you to have a plan in place that will not let the disaster close your company.

It often helps people to deal with a problem if they can break the problem into smaller pieces. I think this is why there are so many subset discussions in IT. Consider two classification schemes regarding disasters:

  • natural disaster or man-made disaster - Is the disaster caused by nature, or by an act of a human being? Most disasters commonly listed in texts are clearly natural (e.g. earthquake, tornado, tsunami) while others require more detail to determine their class. Can a fire be caused by a person? How about a flood? How about other kinds of mayhem? (Cue video...)



    Mayhem comes in both classifications: natural and man-made. The question is what do we do to avoid or minimize the mayhem?
  • The other point of view is time based. Does the disaster have a rapid onset or a slow onset? Is it more like a storm or more like global warming? Do we learn from Italy and China, or do we wait for it to be in our town?

What should be crossing your mind now is why the category you place a disaster in should matter? Are the plans in the red books or the blue books depending on the classification? If that is how your organization works, go for it. The rest of us are going to the next topic.

The course planners seem to think we should form a team for Disaster Recovery, and assign duties to each position or role. In a small company, you should expect that many things are done by a handful of people, and this is so on each team in a large company. You should form a group to handle the concerns of each item in your BIA, since those are the elements that you decided were important at the beginning of the planning process. If you need a separate group for each BIA element, you probably have a very complex organization. If one team can do the whole thing, good for them. You are better served if all the teams (however many there are) cooperate and communicate their intentions to each other. They are all building (or rebuilding) the same company. Management oversight should be quite thorough because the end result of this process is our new, improved organization.

A formal guide to DRPs can be found in NIST SP 800-34, Revision 1. Get support to make the plan, consult the BIA, propose and add controls to reduce the need for the plan, plan to service the disaster, write out the plan (Duh?), test the plan, then review and maintain the plan. Familiar enough?

  • Know your environment
  • Know your systems
  • Know when something doesn't look or act right
  • Know how to diagnose

 

Assignments

  1. Complete the assignment made in this module, including all features needed for your draft version.
  2. Review notes from previous classes.