Anureet Kaur Individual Report Project Mgmt2

Anureet Kaur Individual report Project Mgmt2

Disaster Recovery Plan

Task 1: Element 4.1 Identify and document resources required for disaster recovery according to specifications and cost constraints

1. What would be a disaster for Star Gazer Video Store’s IT critical business systems?

Fire Hackers Stock theft Power Outage Financial Theft ISP failure Robbery

2. Why is it important to consider business requirements/specifications and cost constraints when developing a disaster recovery plan?

It is important to consider business requirements/specifications and cost constraints when developing a disaster recovery plan because it specifies the requirements for implementing, operating and improving a documented Business Continuity Management System (BCMS) within your organization and gives you confidence in business-to-business and business-to customer dealings. The cost of developing and implementing contingency planning strategies can be significant, especially if the strategy includes contracts for backup services or duplicate equipment. There are too many options to discuss cost considerations for each type.

One contingency cost that is often overlooked is the cost of testing a plan. Testing provides many benefits and should be performed, although some of the less expensive methods (such as a review) may be sufficient for less critical resources.

3. Identify and document resources required to support a disaster recovery plan according to Star Gazer Video Store’s business requirements/specifications and cost constraints

Resources That Support Critical Functions

Human Resources Processing Capability Computer-Based Services

1 DISASTER RECOVERY PLAN – STAR GAZER VIDEO STORE Anureet Kaur Individual report Project Mgmt2

Data and Applications Physical Infrastructure Documents and Papers

Task 2: Element 4.2 Identify and document processes required for disaster strategy, according to project standards

1. Why is it recommended to document processes for disaster recovery strategy according to project standards? The document processes for disaster recovery strategy recommended so that the standards, program development, and supporting policies, guidelines and procedures that needed to ensure a firm to continue without stoppage, irrespective of the adverse circumstances or events

2. Who is the main point of contact at Star Gazer Video Store if a disaster occurs? Identify other stakeholders important to documenting disaster recovery strategy processes?

The primary point of contact will be the owner Errol Finn or another person elected by the primary. Stakeholders can be identified as all of the supervising staff within Star Gazer Video.

3. Identify the policies/processes required to for the disaster strategy for Star Gazer Video Store according to project standards.

The following is a list of the most common policies/processes for disaster strategy:-

 Local mirrors of systems and/or data and use of disk protection technology such as RAID  Surge protectors — to minimize the effect of power surges on delicate electronic equipment  Uninterruptible power supply (UPS) and/or backup generator to keep systems going in the event of a power failure  Fire preventions — alarms, fire extinguishers  Anti-virus software and other security measures  Backups made to tape and sent off-site at regular intervals (preferably daily)  Backups made to disk on-site and automatically copied to off-site disk, or made directly to off-site disk

 Replication of data to an off-site location, which overcomes the need to restore the data (only the systems then need to be restored or synced). This generally makes use of storage area network (SAN) technology  High availability systems which keep both the data and system replicated off-site, enabling continuous access to systems and data

Task 3: Element 4.3 Identify cutover criteria to initiate disaster recovery plan

1. Why is it important to undertake a damage assessment before deciding to initiate the disaster recovery plan? A damage assessment lowers the risk of disruption and assesses the potential impacts of disruptions when they occur e.g.:- a business impact analysis report quantifies the importance of business components and suggests appropriate fund allocation for measures to protect them. The possibilities of failures are likely to be assessed in terms of their impacts on safety, finances, marketing, legal compliance, and quality assurance. Where possible, impact is expressed monetarily for purposes of comparison. For example, a business may spend three times as much on marketing in the wake of a disaster to rebuild customer confidence.

2. Identify cutover criteria relevant to Star Gazer Video Store

Loss of revenue for the business which falls below a threshold or period of time

3. When would a decision be made to initiate the disaster recovery plan?

As soon as the assessment of the situation has been undertaken

4. Who is responsible for activating the disaster recovery plan?

In the case of Star Gazer Video that would be Errol Finn.

Task 4: Element 4.4 Document disaster recovery plan and submit it to the appropriate person for review and sign-off

Refer to Appendix A the Disaster Recovery Plan Template and complete the following:

1. Purpose: Explain the purpose of the disaster recovery for Star Gazer Video Store

The purpose of this plan is to enable the sustained execution of mission critical processes and information technology systems for Star Gazer Video Store in the event of an extraordinary event that causes these systems to fail minimum requirements. The Star Gazer Video Store Contingency Plan will assess the needs and requirements so that Star Gazer Video Store may be prepared to respond to the event in order to efficiently regain operation of the systems that are made inoperable from the event.

2. Scope: Explain the scope of the disaster recovery plan. Which functions, operations and resources are necessary to restore and resume Star Gazer Video Store’s operations?

3. Responsibility: Why is the owner the person with responsibility for activating the contingency plan and leading a coordinated approach to disaster recovery?

For most systems, identification and authentication (I&A) is the first line of defense. I&A is a technical measure that prevents unauthorized people (or unauthorized processes) from entering a computer system.

There are three means of authenticating a user's identity, which can be used alone or in combination:

 something the individual knows (a secret -- e.g., a password, Personal Identification Number (PIN), or cryptographic key);

 something the individual possesses (a token -- e.g., an ATM card or a smart card); and

 something the individual is (a biometric -- e.g., such characteristics as a voice pattern, handwriting dynamics, or a fingerprint)

Business Impact Analysis:

4. Identify the mission critical IT functions for Star Gazer Video Store

Protecting the continuity of an organization's mission or business is very difficult if it is not clearly identified. Managers need to understand the organization from a point of view that usually extends beyond the area they control. The definition of an organization's critical mission or business functions is often called a business plan.

Since the development of a business plan will be used to support contingency planning, it is necessary not only to identify critical missions and businesses, but also to set priorities for them. A fully redundant capability for each function is prohibitively expensive for most organizations. In the event of a disaster, certain functions will not be performed. If appropriate priorities have been set (and approved by senior

management), it could mean the difference in the organization's ability to survive a disaster.

 Competition in DVD, blu-ray formats and online distribution  Providing and enforcing copyright protection for distributers  Internal security of held digital files  Adequate redundancy contingencies of held digital files  Ability to provide 24/7 service  Provision of secure online store transactions

5. Identify critical data, software and hardware including critical LAN components

Software

 Stock Database  Customer DB  Financial Packages  Operating Systems  Office SW  Antivirus Protection Hardware

 Backup Server or workstation hardware  Server  Workstations  Modems  Routers  Switches

Implementation Services

 Financial transactions  Store Transactions  Customer Data  Supplier Information  Store DB  Content Information

6. Include the analysis of the possible threats and risks to the system

 Fire  Hackers  Stock theft

 Power Outage  Financial Theft  ISP failure  Robbery

7. How long can Star Gazer Video Store function in the case of a disaster?

It depends on the size of the business. For small business like star Gazer video store disaster recovery would take from few hours or 2-3 days. If it’s more than that, then we need to use manual system instead of automatic system. That’s totally time wastage.

8. If a replacement system is required, how will Star Gazer Video Store fund this?

The best option would be Lease or on rent.

9. What kind of infrastructure, buildings and communications equipment will Star Gazer Video Store need in order to resume business and how easy will it be to access?

Physical Infrastructure

 Infrastructure & buildings ------Hot sites and cold sites may also offer office space in addition to processing capability support. Other types of contractual arrangements can be made for office space, security services, furniture, and more in the event of a contingency. If the contingency plan calls for moving offsite, procedures need to be developed to ensure a smooth transition back to the primary operating facility or to a new facility. Protection of the physical infrastructure is normally an important part of the emergency response plan, such as use of fire extinguishers or protecting equipment from water damage the primary contingency strategy is usually backup onto magnetic, optical, microfiche, paper, or other medium and offsite storage. Paper documents are generally harder to backup than electronic ones. A supply of forms and other needed papers can be stored offsite.  Communications ----Service providers may offer contingency services. Voice communications carriers often can reroute calls (transparently to the user) to a new location. Data communications carriers can also reroute traffic. Hot sites are usually capable of receiving data and voice communications. If one service provider is down, it may be possible to use another. However, the type of communications carrier lost, either local or long distance, is important. Local voice service may be carried on cellular. Local data communications, especially for large volumes, is normally more difficult. In addition, resuming normal operations may require another rerouting of communications services.

10.Identify statutory requirements and commercial requirements which impact on this contingency plan

Operations: System Description, Threats, Impact of Threats, Back-Up and Maintenance:

11.Identify the operating environment, physical location, general location of users, the local area network, hardware and software of Star Gazer Video Store

This network includes the PCs, LAN, server, console, printers, modem pool, and router. The WAN is owned and operated by a large commercial telecommunications company that provides WAN services under a government contract. The mainframe is owned and operated by a federal agency that acts as a service provider for store and other agencies connected to the WAN.

12.Provide a diagram of the architecture, including security controls and telecommunications connections

13.Analyze the severity and the potential impact of the threats

Fraud and Theft

Computer systems can be exploited for both fraud and theft both by "automating" traditional methods of fraud and by using new methods. For example, individuals may use a computer to skim small amounts of money from a large number of financial accounts, assuming that small discrepancies may not be investigated. Financial systems are not the only ones at risk. Systems that control access to any resource are targets (e.g., time and attendance systems, inventory systems, school grading systems, and long-distance telephone systems).

Employee Sabotage Common examples of computer-related employee sabotage include:  destroying hardware or facilities,  planting logic bombs that destroy programs or data,  entering data incorrectly,  "crashing" systems,  deleting data,  holding data hostage, and  changing data.

Malicious Hackers

The term malicious hackers, sometimes called crackers, refers to those who break into computers without authorization. They can include both outsiders and insiders. Much of the rise of hacker activity is often attributed to increases in connectivity in both government and industry.

14.Determine the recovery times and costs – try to minimize disruption to Star Gazer Video Store’s business functions

 improving awareness of the need to protect system resources;

 developing skills and knowledge so computer users can perform their jobs more securely; and

 building in-depth knowledge, as needed, to design, implements, or operate security programs for organizations and systems

15.Include information on technical considerations that are important for recovery purposes

 user support,  software support,  configuration management,  backups, 9 DISASTER RECOVERY PLAN – STAR GAZER VIDEO STORE Anureet Kaur Individual report Project Mgmt2

 media controls,  documentation, and  maintenance.

16.Include the maintenance schedule (agreed with when determining DRP strategy)

System maintenance requires either physical or logical access to the system. Support and operations staff, hardware or software vendors, or third-party service providers may maintain a system. Maintenance may be performed on site, or it may be necessary to move equipment to a repair site. Maintenance may also be performed remotely via communications connections. If someone who does not normally have access to the system performs maintenance, then a security vulnerability is introduced.

In some circumstances, it may be necessary to take additional precautions, such as conducting background investigations of service personnel. Supervision of maintenance personnel may prevent some problems, such as "snooping around" the physical area. However, once someone has access to the system, it is very difficult for supervision to prevent damage done through the maintenance process.

17.Explain the following LAN recovery strategies and how they relate to Star Gazer Video Store:

 Documentation of the Local Area Network  The PCs are connected to a local area network (LAN) so that users can exchange and share information. The central component of the LAN is a LAN server, a more powerful computer that acts as an intermediary between PCs on the network and provides a large volume of disk storage for shared information, including shared application programs. The server provides logical access controls on potentially sharable information via elementary access control lists. These access controls can be used to limit user access to various files and programs stored on the server. Some programs stored on the server can be retrieved via the LAN and executed on a PC; others can only be executed on the server.  To initiate a session on the network or execute programs on the server, users at a PC must log into the server and provide a user identifier and password known to the server. Then they may use files to which they have access.  One of the applications supported by the server is electronic mail (e- mail), which can be used by all PC users. Other programs that run on the server can only be executed by a limited set of PC users.

20 Documentation of the System Configuration and Vendor Information

The group includes the PCs, LAN, server, console, printers, modem pool, and router. The WAN is owned and operated by a large commercial telecommunications company that provides WAN services under a government contract. The mainframe is owned and operated by a federal agency that acts as a service provider for HGA and other agencies connected to the WAN.

21 Coordination of LAN contingency solutions with network security policies and security controls

GA's Computer Operations Group (COG) is responsible for controlling, administering, and maintaining the computer resources owned. Only individuals holding the job title System Administrator are authorized to establish log-in ID's and passwords on multiuser HGA systems (e.g., the LAN server). Only those employees and contract personnel may use the system, and only after receiving written authorization from the department supervisor (or, in the case of contractors, the contracting officer) to whom these individuals report.COG issues copies of all relevant security policies and procedures to new users. Before activating a system account for new users, COG requires that they (1) attend a security awareness and training course or complete an interactive computer-aided-instruction training session and (2) sign an acknowledgment form indicating that they understand their security responsibilities.

22 Impact of disaster on network connecting devices e.g hubs, routers etc

Most of the human threats of concern to HGA originate from insiders. Nevertheless, HGA also recognizes the need to protect its assets from outsiders. Such attacks may serve many different purposes and pose a broad spectrum of risks, including unauthorized disclosure or modification of information, unauthorized use of services and assets, or unauthorized denial of services.

Systems are connected to the three external networks: (1) the Internet, (2) the Interagency WAN, and (3) the public-switched (telephone) network. Although these networks are a source of security risks, connectivity with them is essential to HGA's mission and to the productivity of its employees; connectivity cannot be terminated simply because of security risks.

In each of the past few years before establishing its current set of network safeguards, HGA had detected several attempts by outsiders to penetrate its systems. Most, but not all of these, have come from the Internet, and those that succeeded did so by learning or guessing user account passwords. In two cases, the attacker deleted or corrupted significant amounts of data, most of which were later restored from backup files. In most cases, HGA could detect no ill effects of the attack, but concluded that the attacker may have browsed through some files. HGA also conceded that its systems did not have audit logging capabilities

11 DISASTER RECOVERY PLAN – STAR GAZER VIDEO STORE Anureet Kaur Individual report Project Mgmt2 sufficient to track an attacker's activities. Hence, for most of these attacks, HGA could not accurately gauge the extent of penetration.

In one case, an attacker made use of a bug in an e-mail utility and succeeded in acquiring System Administrator privileges on the server--a significant breach. HGA found no evidence that the attacker attempted to exploit these privileges before being discovered two days later. When the attack was detected, COG immediately contacted the HGA's Incident Handling Team, and was told that a bug fix had been distributed by the server vendor several months earlier. To its embarrassment, COG discovered that it had already received the fix, which it then promptly installed. It now believes that no subsequent attacks of the same nature have succeeded.

Although HGA has no evidence that it has been significantly harmed to date by attacks via external networks, it believes that these attacks have great potential to inflict damage. HGA's management considers itself lucky that such attacks have not harmed HGA's reputation and the confidence of the citizens its serves. It also believes the likelihood of such attacks via external networks will increase in the future.

23 Monitoring LAN functionality

The PCs are connected to a local area network (LAN) so that users can exchange and share information. The central component of the LAN is a LAN server, a more powerful computer that acts as an intermediary between PCs on the network and provides a large volume of disk storage for shared information, including shared application programs. The server provides logical access controls on potentially sharable information via elementary access control lists. These access controls can be used to limit user access to various files and programs stored on the server. Some programs stored on the server can be retrieved via the LAN and executed on a PC; others can only be executed on the server.

To initiate a session on the network or execute programs on the server, users at a PC must log into the server and provide a user identifier and password known to the server. Then they may use files to which they have access.

One of the applications supported by the server is electronic mail (e-mail), which can be used by all PC users. Other programs that run on the server can only be executed by a limited set of PC users.

Identify the most critical server. Develop a maintenance schedule for backing up the critical server at Star Gazer Video Store. In developing the server backup schedule, address the following issues:

24 Where will media be stored? Media controls include a variety of measures to provide physical and environmental protection and accountability for tapes, diskettes, printouts, and other media. From a

12 DISASTER RECOVERY PLAN – STAR GAZER VIDEO STORE Anureet Kaur Individual report Project Mgmt2 security perspective, media controls should be designed to prevent the loss of confidentiality, integrity, or availability of information, including data or software, when stored outside the system. This can include storage of information before it is input to the system and after it is output.

25 How frequent are backups conducted?

Users of smaller systems are often responsible for their own backups. However, in reality they do not always perform backups regularly. Some organizations, therefore, task support personnel with making backups periodically for smaller systems, either automatically (through server software) or manually (by visiting each machine).

26 How quickly are the backups to be retrieved in the event of an emergency?

Marking- Controlling media may require some form of physical labeling Logging- . Logs can include control numbers (or other tracking data), the times and dates of transfers, names and signatures of individuals involved, and other relevant information.

Physical Access Protection

Media can be stolen, destroyed, replaced with a look-alike copy, or lost. Physical access controls, which can limit these problems, include locked doors, desks, file cabinets, or safes.

27 Who is authorized to retrieve the media?

Store owner

28 Who will restore the data from the media?

Store owner

29 Use of different off-site storage facilities: What is the difference between a cold, warm and hot site backup facility and what facility would you use for backing up critical information from the server at Star Gazer Video Store? Justify your answer.

Off-site data protection To protect against a disaster or other site-specific problem, many people choose to send backup media to an off-site vault. The vault can be as simple as a system administrator's home office or as sophisticated as a disaster hardened, temperature controlled, high security bunker that has facilities for backup media storage. Importantly a data replica can be off- site but also on-line (e.g., an off-site RAID mirror). Such a replica has fairly limited value as a backup, and should not be confused with an off-line backup.

Cold database backup During a cold backup, the database is closed or locked and not available to users. The data files do not change during the backup process so the database is in a consistent state when it is returned to normal operation. Hot database backup Some database management systems offer a means to generate a backup image of the database while it is online and usable ("hot"). This usually includes an inconsistent image of the data files plus a log of changes made while the procedure is running. Upon a restore, the changes in the log files are reapplied to bring the database in sync.[

I would use for Off-site data protection backing up critical information from the server at Star Gazer Video Store.

Restoration Phase - Return to Normal Operations:

30. Develop procedures for restoring the original site so that normal operations may be fully resumed at Star Gazer Video Store. These procedures should include:

Testing the restored system- A review can be a simple test to check the accuracy of contingency plan documentation. For instance, a reviewer could check if individuals listed are still in the organization and still have the responsibilities that caused them to be included in the plan. This test can check home and work telephone numbers, organizational codes, and building and room numbers. The review can determine if files can be restored from backup tapes or if employees know emergency procedures.

Restoring or replacing IT equipment at Star Gazer Video Store - Materials, equipment, and backup media should be properly packaged, labeled, and shipped to the appropriate location. Restore the applications to the primary recovery site utilizing a Recovery and Restoration Checklist

Appendix B Approval/Sign-Off Form Star Gazer Video Store

Please sign below if you approve this disaster recovery report

Project Sponsor Project Sponsor Signature: (Print name) (teacher) Anureet Kaur IT Manager IT Manager Signature: (Print name) (student)

Date: 17__/__11_/___ 2010

(Note: Include a bibliography of sources for the project)

16 DISASTER RECOVERY PLAN – STAR GAZER VIDEO STORE