190 likes | 368 Vues
Disaster Prevention and Recovery. Kristen Emch Christine Jennings-Garant. Introduction . Prevention, protection, and recovery are a crucial function to EVERY system or company. It is most important to operations within the system Not so much management Operations must have:
E N D
Disaster Prevention and Recovery Kristen Emch Christine Jennings-Garant
Introduction • Prevention, protection, and recovery are a crucial function to EVERY system or company. • It is most important to operations within the system • Not so much management • Operations must have: • Disaster prevention and recovery plans • Plans for back up
Prevention/Protection • Prevention – the act of keeping something from happening • There are 4 main methods: • Redundancy • Hardware • Firewalls • Virus Protection
Redundancy • Redundancy – a system design that makes duplicates to provide alternatives in case of failure • Devices, referred to as Secondary Storage, are used to create system duplicates: • Secondary storage – storing large amounts of data and instructions more permanently
Redundancy • RAID (Redundant Array of Independent/Inexpensive Disks) • Allows system to make a “reconstruction map” to rebuild data • Multiple hard drives copy data so that if one drive fails, there is no single point of failure • Improves efficiency
Redundancy • Software may be used to monitor or check the back-up system • Improves quality of the system • Valuable to keep copy of entire system at an external location • Disadvantage • If the back-up system isn’t monitored, the company will lose its redundancy • Ex. Kerr administration building, 2 mos. ago
2. Hardware • Consider the use of more expensive hardware • Higher mean time between failure (MBTF) • Better quality hardware lasts longer • Disadvantage • May not be financially possible
3. Firewalls • Used to protect from external threats • Break-ins or unauthorized access to the system • Servers vs. Workstations • Anyone can access a website (server) • Can set protocol levels of firewalls • Ex. No access to COB from outside • Other preventative measures include the use of identification numbers and passwords
4. Virus Protection *Viruses are the #1 type of attack on information systems • Used to prevent contamination of system • Internal personnel pulling external threats into system • Constantly monitors and protects • Should be frequently updated • Ex. Symantec updates online
Recovery • Recovery – regaining or saving something lost • Naval helicopter crash
Recovery • Make sure data are never compromised • Overlaps with redundancy • Ex: COB writes tapes and takes them offsite every night • Companies can be hired to do this job
Testing • Removes the redundancy element • Anything can happen • Element of quality control (QC) • Stage problems
COBIT • COBIT is an IT governance framework and supporting toolset • Allows managers to bridge the gap between control requirements, technical issues, and business risks • COBIT enables clear policy development and good practice for IT control throughout organizations
COBIT • 2 for disaster prevention and recovery • DS 10- manage problems • DS 4 – ensure continuous service • RACI chart • Responsible • Accountable • Consulted • Informed
COBIT DS-10 • RACI Chart
COBIT DS-4 • RACI Chart
Let’s Review… • There are 4 main types of prevention • Redundancy * • Hardware • Firewalls • Virus Protection • If the back up system is not kept track of, the system loses its redundancy
Let’s Review… • Recovery is getting out of the problem once it’s too late • Make sure data are never compromised • COBIT is a tool that helps bridge the gap between requirements and risk