8 Steps to disaster recovery planning

April 4, 2009 by · 1 Comment 

It’s been some time since I’ve delved in disaster recovery planning, so I thought I’d create this post as a short refresher on the planning process.  Every organization, whether small or large, should have a disaster recovery plan. Depending on the size, it may take some organizations several months to fully document an effective plan. In such cases, it’s important to understand the 8 steps to disaster recovery planning.

  • Step 1 in disaster recovery planning: organize the disaster recovery planning team. The team should consist of a primary representative and an alternate from each participating department. Organizing the disaster recovery team begins by creating a group consisting of members that represent all functions of the organization. The team must also include a high-level manager, or CEO, to endorse the plan and eliminate obstacles. The team should attend training by a reputable source in disaster recovery. Once arranged, the team will start an awareness campaign and create a schedule of their anticipated activities.
  • Step 2 in disaster recovery planning: assess the risk in the Enterprise. The goal in this step is to assess the potential economic loss that could occur as a result of the determined risks. The team will use a business impact analysis to assess risk. In the analysis, all business processes should be identified and analyzed. As with any assessment, business processes should be ranked as critical, essential, necessary, and desirable. Legal and contractual requirements should also be assessed for consequences of business disruption.
  • Step 3 in disaster recovery planning: establish roles across department organizations. The disaster recovery planning team determines the role each department and external party must play in disaster recovery. This ensures that all resources and expertise are properly utilized. The team must contact local departments and authorities, emergency services, law enforcement, public utilities, etc. to determine their roles.
  • Step 4 in disaster recovery planning: develop policies and procedures. Procedures are the step-by-step methods, while policies are the guidelines. Both are very important in recovering from a disaster. This step requires attention to detail. Procedures must be in place for every step in disaster recovery and response. Each function must be spelled out in black and white to ensure continuity.
  • Step 5 in disaster recovery planning: document disaster recovery procedures. Policy and procedures must be documented and sent through the proper channels for approval before being stored for future implementation. Each policy and procedure must be drafted, reviewed, and approved by management and all departments and organizations responsible for implementation. The plan must be available at all times during the testing phase, and especially during disaster response.
  • Step 6 in disaster recovery planning: prepare to handle disasters. An “information campaign” is the word that works here. Get the information out, make everyone aware, and ensure they all know the plan. All parties must be aware of the plan from executives to general staff.
  • Step 7 in disaster recovery planning: train, test, and rehearse. Practice makes perfect! During this step, the organization conducts a live simulation including all departments and supporting organizations–as if a real disaster is taking place. Observers are in place to monitor and evaluate the procedures being implemented. Weaknesses are determined so updates and modifications can be made.
  • Step 8 in disaster recovery planning: ongoing management. Maintenance is the key here. Continual assessment of threats, changes in structure, and impact of new technology and recovery procedures. This step requires continual monitoring of laws, political climate, and social conditions. Any changes are documented, and updated training is given.

The threat of short-lived malware

April 2, 2009 by · Leave a Comment 

New article:

Recently, security software vendor AVG Technologies asserted that Web-based malware attacks are now so prevalent that attackers craft them to be “secretive, short-lived and fast-moving. It’s an acceptable premise, but why the sudden shift? Is it because more active and open attacks aren’t as successful or noteworthy? Well, not quite. Let’s explore why attackers do this, how they do it, and how enterprises can defend against short-lived Web malware.

Read the rest of my article here


Warning: Unknown: open(/home/content/30/5076530/tmp/sess_a2a0jhu6hof0b7fh2vkcsuf3l6, O_RDWR) failed: No such file or directory (2) in Unknown on line 0

Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct () in Unknown on line 0