Disasters Prevention and Recovery for Information SystemsCauses of DisasterWhy Do Disasters Happen?Business ConsequencesIT-specific RepercussionsPrevention is the best cure.Disaster PreventionNot everything can be foreseen or prevented. At which point, we go to “plan B”… alias - “recovery.”Disaster RecoveryIT TechniquesSlide 11Slide 12Slide 13SourcesDisastersDisastersPrevention and RecoveryPrevention and Recoveryfor Information Systemsfor Information SystemsNatalyaNatalyaHaleyHaleySheena Sheena AricAricJoannaJoannaBoyechkoBoyechkoGreenGreenLuchtLuchtMcKinnisMcKinnisQuillopoQuillopoCauses of DisasterCauses of Disaster•PeoplePeople•Attack by a Attack by a hacker/virushacker/virus•TerrorismTerrorism•Data lossData loss•WarWar•CrashCrash•NatureNature•FloodsFloods•HurricanesHurricanes•FireFire•EarthquakesEarthquakes•VolcanoesVolcanoes•StormsStorms•FireFire•Power Power OutagesOutages•NatureNatureWhy Do Disasters Why Do Disasters Happen?Happen?•EntropyEntropy•Location-specific quirksLocation-specific quirks•Fault linesFault lines•Extreme weatherExtreme weather•Volcanic activityVolcanic activity•Lack of thoughtfulnessLack of thoughtfulnessBusiness ConsequencesBusiness Consequences•Interruption of normal processesInterruption of normal processes•Loss/damageLoss/damage•DelaysDelays•Unseen “fractures”Unseen “fractures”•Effect on profitsEffect on profits•InvestmentInvestment•Long-term viabilityLong-term viabilityIT-specific RepercussionsIT-specific Repercussions•Corrupt/unreliable dataCorrupt/unreliable data•Data lossData loss•Systems downSystems down•Loss of processing capacityLoss of processing capacity•Loss of system integrityLoss of system integrity•A re-imaging nightmareA re-imaging nightmarePrevention is the best Prevention is the best cure.cure.Disaster PreventionDisaster Prevention•GeneralGeneral•Reliable Reliable resources resources (power)(power)•Firewalls and Firewalls and security security protocolsprotocols•Intelligent Intelligent geographical geographical locationlocation•IT & ISIT & IS•Damaging Damaging surges/outagessurges/outages•Hackers & Hackers & unauthorized unauthorized use use •Location Location specific specific catastrophescatastrophes•IT & ISIT & ISNot everything can be Not everything can be foreseen or prevented. At foreseen or prevented. At which point, we go to “plan which point, we go to “plan B”… alias - “recovery.”B”… alias - “recovery.”Disaster RecoveryDisaster Recovery•GeneralGeneral•Backup Backup resourcesresources•Business Business continuity continuity planplan•RedundancyRedundancy•IT & ISIT & IS•Data/process Data/process backup. backup. •Transition and Transition and recovery recovery protocol protocol •Redundant and Redundant and mirrored mirrored backup.backup.•IT & ISIT & ISIT TechniquesIT Techniques•Data loss preventionData loss prevention•BackupsBackups•IncrementalIncremental•FullFull•DualDual•RedundantRedundant•Electronic vaultsElectronic vaultsIT TechniquesIT Techniques•Preventing data corruptionPreventing data corruption•Security protocolsSecurity protocols•Password/login protectionPassword/login protection•Properly delineated and maintained Properly delineated and maintained user profilesuser profiles•Layers of protection (bulls-eye)Layers of protection (bulls-eye)IT TechniquesIT Techniques•Prevention = Minimization of riskPrevention = Minimization of risk•Design decoupled, design simpleDesign decoupled, design simple•Off-site copies of backupsOff-site copies of backups•Over-internet streaming of backup to an Over-internet streaming of backup to an off-site locationoff-site location•Adequate architecture and storage of Adequate architecture and storage of hardware (server racks, etc)hardware (server racks, etc)IT TechniquesIT Techniques•Recovery: Minimize downtime (business Recovery: Minimize downtime (business continuity)continuity)•Off-site locations in case of disasterOff-site locations in case of disaster•Cold sitesCold sites•Without equipmentWithout equipment•Hot sitesHot sites•With equipmentWith equipment•Detailed recovery plansDetailed recovery plans•ContingenciesContingencies•Recognize risksRecognize risksSourcesSources•Northwestern Universty Information TechnologyNorthwestern Universty Information Technology. 04 . 04 2005. 28 Feb. 2006 2005. 28 Feb. 2006 http://http://www.it.northwestern.eduwww.it.northwestern.edu/security/securing-machine//security/securing-machine/..•Finan, Darrick. Finan, Darrick. Find ArticlesFind Articles. 2004. 28 Feb. 2006 . 2004. 28 Feb. 2006 <http://www.findarticles.com/>.<http://www.findarticles.com/>.•Vancil, Carl. Vancil, Carl. Surge Protectors vs. Uninterruptible Surge Protectors vs. Uninterruptible Power Supplies (UPS)Power Supplies (UPS). About. 28 Feb. 2006 . About. 28 Feb. 2006 http://pcsupport.about.com/cs/support101/a/powerprhttp://pcsupport.about.com/cs/support101/a/powerprotection_2.htmotection_2.htm..•Fonseca, Brian. Fonseca, Brian. NetApp Virtual Tape Libraries Look NetApp Virtual Tape Libraries Look to Ease Backupsto Ease Backups. eWeek. Accessed 3/01/2006. . eWeek. Accessed 3/01/2006. http://www.eweek.com/article2/0,1895,1918723,00.ahttp://www.eweek.com/article2/0,1895,1918723,00.aspsp..•Janco Associates, Inc. Janco Associates, Inc. Disaster Recovery PlanDisaster Recovery Plan. . Copyright 2005. Accessed 2/21/2006. Copyright 2005. Accessed 2/21/2006. http://www.e-janco.com/SamplePages/DisasterRecovhttp://www.e-janco.com/SamplePages/DisasterRecoveryPlanSample.pdferyPlanSample.pdf..•InfoBeagle. InfoBeagle. Disaster RecoveryDisaster Recovery. InfoBeagle.com. . InfoBeagle.com. Accessed 2/21/2006. Accessed 2/21/2006. http://www.infobeagle.com/business/disaster-recovehttp://www.infobeagle.com/business/disaster-recovery.htm?src=fwry.htm?src=fw..•Disaster Planning-prevention, preparedness, Disaster Planning-prevention, preparedness, response, recoveryresponse, recovery.. (1999). Available: (1999). Available: http://webworld.unesco.org/safeguarding/en/pdf/txt_http://webworld.unesco.org/safeguarding/en/pdf/txt_sini.pdf. sini.pdf. •Jones, Rama. Jones, Rama. Accounting Information Systems – A Accounting Information Systems – A Business Process ApproachBusiness Process Approach. Second Edition, . Second Edition, copyright 2006. pp 552-553.copyright