Disaster Recovery Plan Disasters that can cause hardware, software and data loss such as fire are inevitable. One can minimize the losses by formulating a plan to recover from such disasters and to keep the business operational. A disaster recovery plan is a method of restoring computer processing operations and data files if operations are halted or files are damaged by major destruction. There are various approaches that a company can adapt in their disaster recovery plan. These are: reverting to manual services, buying time at a service bureau, mutual aid pact or forming consortiums. Reverting to manual services is not recommended for businesses operating in a large scale such as banks and financial institutions because of its slow processing ability. Companies can buy time at a service bureau which is a company that provide services for a fee. A mutual aid pack is an agreement between two or more companies to lend each other computing power if one of them has a problem. A consortium is a joint venture to support a complete computing facility. There are two kinds of facilities; hot site and a cold site. A hot site is a fully equipped computer center with hardware, environmental controls, security, and communications facilities while a cold site is an environmentally suitable empty shell in which a company can install its own computer system. All of these approaches have their own positive and negative traits which a company can use in their own discretion.
Table of Various Approaches’ Pros and Cons
Various Approaches
Pros
Cons
Manual Services
Immediate action
Slow processing ability
Service Bureau
Convenient for
Inconvenient for companies in rural
companies in urban
or remote areas
areas
Not guaranteed when a regional Mutual Aid Pact
Inexpensive
disaster occur
Fully equipped Hot site
Fast processing
Most expensive to operate
ability Consortium
Immediate action
Cold Site
Less expensive than
It takes longer to get the enterprise
hot site
in full operation after the disaster
Typical items stored in a backup site: a. Program and data files b. Program listings c. Program and operating system documentation d. Hardware inventory lists e. Output forms f.
Copy of the disaster plan manual
A disaster recovery plan should include the following: a. List of priorities identifying the programs that must be up and running first. b. Plans for notifying employees of changes in locations and conditions. c. List of needed equipment and where it can be obtained. d. Procedures for handling input and output data in a different environment. Software Security
Who owns custom-made software? Employee Owner Programmer = Organization Programmer of the Consultant Organization
The diagram above shows when a programmer can claim custom-made software that he wrote as legally his. If the program is written for the organization of which he is employed then he can’t use that same program in his other endeavours aside from telling others that he/she is the one who made it. Data Security Data is one of an organization’s most important assets thus creating and doing security measures for this asset is greatly needed. The following steps can be taken to prevent theft or alteration of data: •
Secured Wastes Discarded printouts, printer ribbons and the like can be sources of information to unauthorized people. This can be avoided by using a paper shredder and locked trash barrels. An example of a paper shredder
•
Internal Controls These are controls that are planned as part of the computer system and an example of this is a transaction log which is a file of all accesses or attempted accesses to certain data. In this way, unauthorized people found to access private files can be traced and questioned.
•
Auditor Checks Auditors go over the financial books of the company and during the course of their duties, they frequently review computer programs and data. Through this, they can check some errors or alterations on the data. They can also see who accessed these data when it is not usually used to look for suspicious actions.
•
Applicant Screening Theft of data can be easily done by a person that can go within the business’ premises easily. That’s why employers should do background checks in their employees to help weed out dishonest applicants reducing the risk of information leakage.
•
Passwords A password is a secret word, number or a combination of the two that must be typed on the keyboard to gain access to a computer system. Employees should be taught to formulate passwords that are hard to break by a password breaking program. This can be done by combining letters, numbers and symbols creating a non-existent word in any language. Example of a good password:
“^$54gf^7Nb”
•
Built-in Software Protection Softwares can be built into operating systems in ways that restrict access to the computer system. These softwares are able to identify authorized persons and let them gain access to the computer system.
Personal Computer Security Personal computers have high money equivalent in the market that’s why it is likely to be stolen by thieves. One can avoid this by securing personal computers in place with locks and cables. Also, most personal computers have an individual cover lock that prevents access to internal components. One should also avoid eating, drinking, and smoking while using computers. Occasional cleaning is also recommended.
Disk data can be protected by using surge protectors. It is a device that prevents electrical problems from affecting computer data files. An example of this is an uninterruptible power supply. UPS includes surge protection and battery backup, which enables you to continue operating your PC during power loss or
brownouts enough to allow you to save and close all files and shut down the system without loss of data.
Prepare for the Worst: Back up Your Files Personal computer users are not as devoted as organizations in backing up data files. There are many things that can go wrong that will cause data loss. There is always the possibility that your important files such as reports, music and pictures will be damaged because of hard disk failure, natural disasters or even your own stupidity and carelessness. There are many ways to back up files. Some people make another copy of their hard disk files in diskette while others back up their files on tape. You can also use a mirror hard disk, which is a second copy of everything you put on the original disk, but can cost a lot of money. Back up softwares that can automatically back up files at a certain time of day or on command are also available. Generally, backup softwares provides three types of back ups. A full backup copies everything from the hard drive. A differential back up copies all files that have been changed since the last full backup. An incremental backup copies only those files that have been changed since either the last full backup or the last incremental backup. A comprehensive backup plan involves periodic backups, complemented by either incremental or differential backups. These backup plans also differ in their restoration process.
Restoration Process:
Most recent Last differential Differential Full Backup backup Approach
A.)
Incremental Incremental Last Incremental Backup Backup Full Backup Approach
B.)