Upload
lykhuong
View
218
Download
0
Embed Size (px)
Citation preview
StarkMHAR.org
IT Disaster Recovery Planning
Aaron KutcherApril 11th, 2017
* The content of this presentation is for informational purposes only and not intended to be legal advice. Specific questions
regarding compliance should be referred to your legal counsel.
StarkMHAR.org/StarkMHAR
Outline
• Disasters• IT Disaster Recovery Plan• Steps to creating a DR Plan• Recovery
StarkMHAR.org/StarkMHAR
Lessons Learned
• Have a DR Plan• Backups• Keep Paper• Make Friends• Be Lucky• Be Supportive• Look Up• Full recovery takes a long time
StarkMHAR.org/StarkMHAR
Disasters
• A disaster is an occurrence that disrupts the functioning of the organization resulting in loss of data, loss of personnel, loss of business or loss of time.
StarkMHAR.org/StarkMHAR
Disasters
• Natural• Tornadoes, hurricanes, or earthquakes
• Man‐made• Fire, industrial incident, riots or civil unrest, vandalism
• Weather‐related• Ice storms, floods, lightning strikes, power outages
StarkMHAR.org/StarkMHAR
Planning
• Business Continuity (BC)• Disaster Recovery (DR)• Business Impact Assessment (BIA)• Recovery Time Objectives (RTO)• Recovery Point Objectives (RPO)
StarkMHAR.org/StarkMHAR
Why
• Reduce stress during a disaster• Detailed review of IT environment• Regulatory requirements• Customers• Good practice
StarkMHAR.org/StarkMHAR
Who
• The business• Systems and technologies• IT staff
• Networking• Platforms• Project management
StarkMHAR.org/StarkMHAR
IT DR Plan Structure
1. Develop the contingency planning statement
2. Conduct the BIA3. Identify preventive
controls4. Develop recovery
strategies
5. Develop and IT contingency plan
6. Plan testing, training and exercising
7. Plan maintenance
StarkMHAR.org/StarkMHAR
DR Plan Components (Sample)• Information Technology Statement of Intent• Policy Statement• Objectives• Key Personnel Contact Information• Plan Overview• Emergency Response• Disaster Recovery Team• Emergency Alert, Escalation and DRP Activation• Media• Insurance• Financial and Legal Issues• DRP Exercising• Appendices
StarkMHAR.org/StarkMHAR
Steps to a DR Plan
• Identify Vulnerabilities• Review History• Identify Critical Assets
StarkMHAR.org/StarkMHAR
Steps to a DR Plan
• Determine Maximum Outage Time• Identify Procedures• Determine Last Test Time• Identify Response Teams
StarkMHAR.org/StarkMHAR
Steps to a DR Plan
• Identify Vendor Capabilities• Compile Results• Management Review• Prepare IT Disaster Recovery Plans
StarkMHAR.org/StarkMHAR
Keys to Success
• Management Support• Be Serious• Keep it Simple• Review with Business Units• People are the Most Important
StarkMHAR.org/StarkMHAR
Event Levels
Minor EventAn operational disruption that generally does not require a declaration process. However it does require proper IT incident management. A minor disaster is usually one in which the outage is anticipated to last approximately one day or less. Damage due to a minor disaster is not extensive. It may consist of minor damage to facilities, hardware, software, or equipment from any cause.
StarkMHAR.org/StarkMHAR
Event Levels
Minor Event Examples:• Partial or total loss of hardware for a period of several hours;
• Recoverable loss of critical data – full recoverability in less than twenty‐four hours;
• Loss of an important computer application
StarkMHAR.org/StarkMHAR
Event Levels
Major Event
An Event in which the outage is anticipated to be greater than one day but not more than one week.
Damage due to a major event is more severe than that due to a minor event but not the extent that the operations affected could not be restored within a week.
StarkMHAR.org/StarkMHAR
Event Levels
Major Event Examples:
• Damage to Operations Center facilities;• Damage to the Data Center and/or hardware resulting in downtime of more than 24 hours;
• Loss of service (air conditioning, electrical power, etc.);• Recoverable loss of critical data; full recoverability taking more than twenty‐four hours.
StarkMHAR.org/StarkMHAR
Event Levels
Catastrophic Event
An outage that is anticipated to be in excess of seven days. Damage due to a Catastrophic Event is severe and could involve total destruction of the facilities or data Center, which necessitates major replacement of equipment and/or major renovation of the facility.
StarkMHAR.org/StarkMHAR
Event Levels
Catastrophic Event Examples:
• Loss of operation Center staff due to uncontrollable factors (outbreak of epidemic disease);
• Destruction of operations facilities;• Destruction of the data Center and/or hardware;• Major telecommunications failure;• Unrecoverable loss of critical data.
StarkMHAR.org/StarkMHAR
Responding to an Event
• MTO – Maximum Tolerable Outage: The longest period of time that your organization can be without its technology resources before it has a material affect on the organization’s finance or reputation.
• RTO – Recovery Time Objective: Time that the mission critical business function can survive without Technology resources before it has a material affect on the organization.
• Fix Window: Predetermined amount of time that is allocated to fix an issue before an official disaster is declared.
• Recovery: Processes and tasks invoked to restore critical IT components in a pre‐defined window before serious impact to the organization’s finances, reputation and customers.
StarkMHAR.org/StarkMHAR
Event Level Objectives
• Minor• Escalate• Monitor• Document
• Major/Catastrophic• DR Plan invoked• Escalate• Report• Recover
StarkMHAR.org/StarkMHAR
Recovery Steps
• Event Detection• Fix Window• Declare• Command Center• Communicate
StarkMHAR.org/StarkMHAR
Infrastructure
• Backup/Restore Process• Media Management plans• Media Backup History• System Security• Data Center Security• Event Detection and Notification Process• Data Transmission• Networking• Facility Management• All platform System Management• Backup Engineering
StarkMHAR.org/StarkMHAR
Post Mortem
• What Worked• Needs Help• Needs Update• Hardware• Staffing• Objectives
StarkMHAR.org/StarkMHAR
Nextgen
• Hosted or Local• Minor Major Catastrophic• Go Paper• Broadband cards and Hotspots.