Zum Hauptinhalt springen
Dekorationsartikel gehören nicht zum Leistungsumfang.
It Disaster Recovery Planning for Dummies
Taschenbuch von Peter H Gregory
Sprache: Englisch

28,60 €*

inkl. MwSt.

Versandkostenfrei per Post / DHL

Lieferzeit 1-2 Wochen

Kategorien:
Beschreibung
Create a safety net while you work out your major plan

Identify critical IT systems, develop a long-range strategy, and train your people

Some disasters get coverage on CNN -- some just create headaches for the affected organization. The right plan will get your business back on track quickly, whether you're hit by a tornado or a disgruntled employee with super hacking powers. Here's how to assess the situation, develop both short-term and long-term plans, and keep them updated.

Discover how to:
*

Select your disaster recovery team
*

Conduct a Business Impact Analysis
*

Determine risks
*

Get management support
*

Create appropriate plan documents
*

Test your plan
Create a safety net while you work out your major plan

Identify critical IT systems, develop a long-range strategy, and train your people

Some disasters get coverage on CNN -- some just create headaches for the affected organization. The right plan will get your business back on track quickly, whether you're hit by a tornado or a disgruntled employee with super hacking powers. Here's how to assess the situation, develop both short-term and long-term plans, and keep them updated.

Discover how to:
*

Select your disaster recovery team
*

Conduct a Business Impact Analysis
*

Determine risks
*

Get management support
*

Create appropriate plan documents
*

Test your plan
Über den Autor
Peter H. Gregory, CISA, CISSP, is the author of fifteen books on security and technology, including Solaris Security (Prentice Hall), Computer Viruses For Dummies (Wiley), Blocking Spam and Spyware For Dummies (Wiley), and Securing the Vista Environment (O'Reilly).
Peter is a security strategist at a publicly-traded financial management software company located in Redmond, Washington. Prior to taking this position, he held tactical and strategic security positions in large wireless telecommunications organizations. He has also held development and operations positions in casino management systems, banking, government, non-profit organizations, and academia since the late 1970s.
He's on the board of advisors for the NSA-certified Certificate program in Information Assurance & Cybersecurity at the University of Washington, and he's a member of the board of directors of the Evergreen State Chapter of InfraGard.
Inhaltsverzeichnis

Foreword xix

Introduction 1

About This Book 1

How This Book Is Organized 2

Part I: Getting Started with Disaster Recovery 2

Part II: Building Technology Recovery Plans 2

Part III: Managing Recovery Plans 2

Part IV: The Part of Tens 3

What This Book Is - and What It Isn't 3

Assumptions about Disasters 3

Icons Used in This Book 4

Where to Go from Here 4

Write to Us! 5

Part I: Getting Started with Disaster Recovery 7

Chapter 1: Understanding Disaster Recovery 9

Disaster Recovery Needs and Benefits 9

The effects of disasters 10

Minor disasters occur more frequently 11

Recovery isn't accidental 12

Recovery required by regulation 12

The benefits of disaster recovery planning 13

Beginning a Disaster Recovery Plan 13

Starting with an interim plan 14

Beginning the full DR project 15

Managing the DR Project 18

Conducting a Business Impact Analysis 18

Developing recovery procedures 22

Understanding the Entire DR Lifecycle 25

Changes should include DR reviews 26

Periodic review and testing 26

Training response teams 26

Chapter 2: Bootstrapping the DR Plan Effort 29

Starting at Square One 30

How disaster may affect your organization 30

Understanding the role of prevention 31

Understanding the role of planning 31

Resources to Begin Planning 32

Emergency Operations Planning 33

Preparing an Interim DR Plan 34

Staffing your interim DR plan team 35

Looking at an interim DR plan overview 35

Building the Interim Plan 36

Step 1 - Build the Emergency Response Team 37

Step 2 - Define the procedure for declaring a disaster 37

Step 3 - Invoke the interim DR plan 39

Step 4 - Maintain communications during a disaster 39

Step 5 - Identify basic recovery plans 41

Step 6 - Develop processing alternatives 42

Step 7 - Enact preventive measures 44

Step 8 - Document the interim DR plan 46

Step 9 - Train ERT members 48

Testing Interim DR Plans 48

Chapter 3: Developing and Using a Business Impact Analysis 51

Understanding the Purpose of a BIA 52

Scoping the Effort 53

Conducting a BIA: Taking a Common Approach 54

Gathering information through interviews 55

Using consistent forms and worksheets 56

Capturing Data for the BIA 58

Business processes 59

Information systems 60

Assets 61

Personnel 62

Suppliers 62

Statements of impact 62

Criticality assessment 63

Maximum Tolerable Downtime 64

Recovery Time Objective 64

Recovery Point Objective 65

Introducing Threat Modeling and Risk Analysis 66

Disaster scenarios 67

Identifying potential disasters in your region 68

Performing Threat Modeling and Risk Analysis 68

Identifying Critical Components 69

Processes and systems 70

Suppliers 71

Personnel 71

Determining the Maximum Tolerable Downtime 72

Calculating the Recovery Time Objective 72

Calculating the Recovery Point Objective 73

Part II: Building Technology Recovery Plans 75

Chapter 4: Mapping Business Functions to Infrastructure 77

Finding and Using Inventories 78

Using High-Level Architectures 80

Data flow and data storage diagrams 80

Infrastructure diagrams and schematics 84

Identifying Dependencies 90

Inter-system dependencies 91

External dependencies 95

Chapter 5: Planning User Recovery 97

Managing and Recovering End-User Computing 98

Workstations as Web terminals 99

Workstation access to centralized information 102

Workstations as application clients 104

Workstations as local computers 108

Workstation operating systems 113

Managing and Recovering End-User Communications 119

Voice communications 119

E-mail 121

Fax machines 125

Instant messaging 126

Chapter 6: Planning Facilities Protection and Recovery 129

Protecting Processing Facilities 129

Controlling physical access 130

Getting charged up about electric power 140

Detecting and suppressing fire 141

Chemical hazards 144

Keeping your cool 145

Staying dry: Water/flooding detection and prevention 145

Selecting Alternate Processing Sites 146

Hot, cold, and warm sites 147

Other business locations 149

Data center in a box: Mobile sites 150

Colocation facilities 150

Reciprocal facilities 151

Chapter 7: Planning System and Network Recovery 153

Managing and Recovering Server Computing 154

Determining system readiness 154

Server architecture and configuration 155

Developing the ability to build new servers 157

Distributed server computing considerations 159

Application architecture considerations 160

Server consolidation: The double-edged sword 161

Managing and Recovering Network Infrastructure 163

Implementing Standard Interfaces 166

Implementing Server Clustering 167

Understanding cluster modes 168

Geographically distributed clusters 169

Cluster and storage architecture 170

Chapter 8: Planning Data Recovery 173

Protecting and Recovering Application Data 173

Choosing How and Where to Store Data for Recovery 175

Protecting data through backups 176

Protecting data through resilient storage 179

Protecting data through replication and mirroring 180

Protecting data through electronic vaulting 182

Deciding where to keep your recovery data 182

Protecting data in transit 184

Protecting data while in DR mode 185

Protecting and Recovering Applications 185

Application version 186

Application patches and fixes 186

Application configuration 186

Application users and roles 187

Application interfaces 189

Application customizations 189

Applications dependencies with databases,operating systems, and more 190

Applications and client systems 191

Applications and networks 192

Applications and change management 193

Applications and configuration management 193

Off-Site Media and Records Storage 194

Chapter 9: Writing the Disaster Recovery Plan 197

Determining Plan Contents 198

Disaster declaration procedure 198

Emergency contact lists and trees 200

Emergency leadership and role selection 202

Damage assessment procedures 203

System recovery and restart procedures 205

Transition to normal operations 207

Recovery team 209

Structuring the Plan 210

Enterprise-level structure 210

Document-level structure 211

Managing Plan Development 212

Preserving the Plan 213

Taking the Next Steps 213

Part III: Managing Recovery Plans 215

Chapter 10: Testing the Recovery Plan 217

Testing the DR Plan 217

Why test a DR plan? 218

Developing a test strategy 219

Developing and following test procedures 220

Conducting Paper Tests 221

Conducting Walkthrough Tests 222

Walkthrough test participants 223

Walkthrough test procedure 223

Scenarios 224

Walkthrough results 225

Debriefing 225

Next steps 226

Conducting Simulation Testing 226

Conducting Parallel Testing 227

Parallel testing considerations 228

Next steps 229

Conducting Cutover Testing 230

Cutover test procedure 231

Cutover testing considerations 233

Planning Parallel and Cutover Tests 234

Clustering and replication technologies and cutover tests 235

Next steps 236

Establishing Test Frequency 236

Paper test frequency 237

Walkthrough test frequency 238

Parallel test frequency 239

Cutover test frequency 240

Chapter 11: Keeping DR Plans and Staff Current 241

Understanding the Impact of Changes on DR Plans 241

Technology changes 242

Business changes 243

Personnel changes 245

Market changes 247

External changes 248

Changes - some final words 249

Incorporating DR into Business Lifecycle Processes 250

Systems and services acquisition 250

Systems development 251

Business process engineering 252

Establishing DR Requirements and Standards 253

A Multi-Tiered DR Standard Case Study 254

Maintaining DR Documentation 256

Managing DR documents 257

Updating DR documents 258

Publishing and distributing documents 260

Training Response Teams 261

Types of training 261

Indoctrinating new trainees 262

Chapter 12: Understanding the Role of Prevention 263

Preventing Facilities-Related Disasters 264

Site selection 265

Preventing fires 270

HVAC failures 272

Power-related failures 272

Protection from civil unrest and war 273

Avoiding industrial hazards 274

Preventing secondary effects of facilities disasters 275

Preventing Technology-Related Disasters 275

Dealing with system failures 276

Minimizing hardware and software failures 276

Pros and cons of a monoculture 277

Building a resilient architecture 278

Preventing People-Related Disasters 279

Preventing Security Issues and Incidents 280

Prevention Begins at Home 283

Chapter 13: Planning for Various Disaster Scenarios 285

Planning for Natural Disasters...

Details
Erscheinungsjahr: 2007
Fachbereich: Datenkommunikation, Netze & Mailboxen
Genre: Importe, Informatik
Rubrik: Naturwissenschaften & Technik
Medium: Taschenbuch
Inhalt: 384 S.
ISBN-13: 9780470039731
ISBN-10: 0470039736
Sprache: Englisch
Herstellernummer: 14503973000
Einband: Kartoniert / Broschiert
Autor: Gregory, Peter H
Hersteller: Wiley
John Wiley & Sons
Verantwortliche Person für die EU: Wiley-VCH GmbH, Boschstr. 12, D-69469 Weinheim, amartine@wiley-vch.de
Maße: 235 x 191 x 21 mm
Von/Mit: Peter H Gregory
Erscheinungsdatum: 01.11.2007
Gewicht: 0,719 kg
Artikel-ID: 102216981
Über den Autor
Peter H. Gregory, CISA, CISSP, is the author of fifteen books on security and technology, including Solaris Security (Prentice Hall), Computer Viruses For Dummies (Wiley), Blocking Spam and Spyware For Dummies (Wiley), and Securing the Vista Environment (O'Reilly).
Peter is a security strategist at a publicly-traded financial management software company located in Redmond, Washington. Prior to taking this position, he held tactical and strategic security positions in large wireless telecommunications organizations. He has also held development and operations positions in casino management systems, banking, government, non-profit organizations, and academia since the late 1970s.
He's on the board of advisors for the NSA-certified Certificate program in Information Assurance & Cybersecurity at the University of Washington, and he's a member of the board of directors of the Evergreen State Chapter of InfraGard.
Inhaltsverzeichnis

Foreword xix

Introduction 1

About This Book 1

How This Book Is Organized 2

Part I: Getting Started with Disaster Recovery 2

Part II: Building Technology Recovery Plans 2

Part III: Managing Recovery Plans 2

Part IV: The Part of Tens 3

What This Book Is - and What It Isn't 3

Assumptions about Disasters 3

Icons Used in This Book 4

Where to Go from Here 4

Write to Us! 5

Part I: Getting Started with Disaster Recovery 7

Chapter 1: Understanding Disaster Recovery 9

Disaster Recovery Needs and Benefits 9

The effects of disasters 10

Minor disasters occur more frequently 11

Recovery isn't accidental 12

Recovery required by regulation 12

The benefits of disaster recovery planning 13

Beginning a Disaster Recovery Plan 13

Starting with an interim plan 14

Beginning the full DR project 15

Managing the DR Project 18

Conducting a Business Impact Analysis 18

Developing recovery procedures 22

Understanding the Entire DR Lifecycle 25

Changes should include DR reviews 26

Periodic review and testing 26

Training response teams 26

Chapter 2: Bootstrapping the DR Plan Effort 29

Starting at Square One 30

How disaster may affect your organization 30

Understanding the role of prevention 31

Understanding the role of planning 31

Resources to Begin Planning 32

Emergency Operations Planning 33

Preparing an Interim DR Plan 34

Staffing your interim DR plan team 35

Looking at an interim DR plan overview 35

Building the Interim Plan 36

Step 1 - Build the Emergency Response Team 37

Step 2 - Define the procedure for declaring a disaster 37

Step 3 - Invoke the interim DR plan 39

Step 4 - Maintain communications during a disaster 39

Step 5 - Identify basic recovery plans 41

Step 6 - Develop processing alternatives 42

Step 7 - Enact preventive measures 44

Step 8 - Document the interim DR plan 46

Step 9 - Train ERT members 48

Testing Interim DR Plans 48

Chapter 3: Developing and Using a Business Impact Analysis 51

Understanding the Purpose of a BIA 52

Scoping the Effort 53

Conducting a BIA: Taking a Common Approach 54

Gathering information through interviews 55

Using consistent forms and worksheets 56

Capturing Data for the BIA 58

Business processes 59

Information systems 60

Assets 61

Personnel 62

Suppliers 62

Statements of impact 62

Criticality assessment 63

Maximum Tolerable Downtime 64

Recovery Time Objective 64

Recovery Point Objective 65

Introducing Threat Modeling and Risk Analysis 66

Disaster scenarios 67

Identifying potential disasters in your region 68

Performing Threat Modeling and Risk Analysis 68

Identifying Critical Components 69

Processes and systems 70

Suppliers 71

Personnel 71

Determining the Maximum Tolerable Downtime 72

Calculating the Recovery Time Objective 72

Calculating the Recovery Point Objective 73

Part II: Building Technology Recovery Plans 75

Chapter 4: Mapping Business Functions to Infrastructure 77

Finding and Using Inventories 78

Using High-Level Architectures 80

Data flow and data storage diagrams 80

Infrastructure diagrams and schematics 84

Identifying Dependencies 90

Inter-system dependencies 91

External dependencies 95

Chapter 5: Planning User Recovery 97

Managing and Recovering End-User Computing 98

Workstations as Web terminals 99

Workstation access to centralized information 102

Workstations as application clients 104

Workstations as local computers 108

Workstation operating systems 113

Managing and Recovering End-User Communications 119

Voice communications 119

E-mail 121

Fax machines 125

Instant messaging 126

Chapter 6: Planning Facilities Protection and Recovery 129

Protecting Processing Facilities 129

Controlling physical access 130

Getting charged up about electric power 140

Detecting and suppressing fire 141

Chemical hazards 144

Keeping your cool 145

Staying dry: Water/flooding detection and prevention 145

Selecting Alternate Processing Sites 146

Hot, cold, and warm sites 147

Other business locations 149

Data center in a box: Mobile sites 150

Colocation facilities 150

Reciprocal facilities 151

Chapter 7: Planning System and Network Recovery 153

Managing and Recovering Server Computing 154

Determining system readiness 154

Server architecture and configuration 155

Developing the ability to build new servers 157

Distributed server computing considerations 159

Application architecture considerations 160

Server consolidation: The double-edged sword 161

Managing and Recovering Network Infrastructure 163

Implementing Standard Interfaces 166

Implementing Server Clustering 167

Understanding cluster modes 168

Geographically distributed clusters 169

Cluster and storage architecture 170

Chapter 8: Planning Data Recovery 173

Protecting and Recovering Application Data 173

Choosing How and Where to Store Data for Recovery 175

Protecting data through backups 176

Protecting data through resilient storage 179

Protecting data through replication and mirroring 180

Protecting data through electronic vaulting 182

Deciding where to keep your recovery data 182

Protecting data in transit 184

Protecting data while in DR mode 185

Protecting and Recovering Applications 185

Application version 186

Application patches and fixes 186

Application configuration 186

Application users and roles 187

Application interfaces 189

Application customizations 189

Applications dependencies with databases,operating systems, and more 190

Applications and client systems 191

Applications and networks 192

Applications and change management 193

Applications and configuration management 193

Off-Site Media and Records Storage 194

Chapter 9: Writing the Disaster Recovery Plan 197

Determining Plan Contents 198

Disaster declaration procedure 198

Emergency contact lists and trees 200

Emergency leadership and role selection 202

Damage assessment procedures 203

System recovery and restart procedures 205

Transition to normal operations 207

Recovery team 209

Structuring the Plan 210

Enterprise-level structure 210

Document-level structure 211

Managing Plan Development 212

Preserving the Plan 213

Taking the Next Steps 213

Part III: Managing Recovery Plans 215

Chapter 10: Testing the Recovery Plan 217

Testing the DR Plan 217

Why test a DR plan? 218

Developing a test strategy 219

Developing and following test procedures 220

Conducting Paper Tests 221

Conducting Walkthrough Tests 222

Walkthrough test participants 223

Walkthrough test procedure 223

Scenarios 224

Walkthrough results 225

Debriefing 225

Next steps 226

Conducting Simulation Testing 226

Conducting Parallel Testing 227

Parallel testing considerations 228

Next steps 229

Conducting Cutover Testing 230

Cutover test procedure 231

Cutover testing considerations 233

Planning Parallel and Cutover Tests 234

Clustering and replication technologies and cutover tests 235

Next steps 236

Establishing Test Frequency 236

Paper test frequency 237

Walkthrough test frequency 238

Parallel test frequency 239

Cutover test frequency 240

Chapter 11: Keeping DR Plans and Staff Current 241

Understanding the Impact of Changes on DR Plans 241

Technology changes 242

Business changes 243

Personnel changes 245

Market changes 247

External changes 248

Changes - some final words 249

Incorporating DR into Business Lifecycle Processes 250

Systems and services acquisition 250

Systems development 251

Business process engineering 252

Establishing DR Requirements and Standards 253

A Multi-Tiered DR Standard Case Study 254

Maintaining DR Documentation 256

Managing DR documents 257

Updating DR documents 258

Publishing and distributing documents 260

Training Response Teams 261

Types of training 261

Indoctrinating new trainees 262

Chapter 12: Understanding the Role of Prevention 263

Preventing Facilities-Related Disasters 264

Site selection 265

Preventing fires 270

HVAC failures 272

Power-related failures 272

Protection from civil unrest and war 273

Avoiding industrial hazards 274

Preventing secondary effects of facilities disasters 275

Preventing Technology-Related Disasters 275

Dealing with system failures 276

Minimizing hardware and software failures 276

Pros and cons of a monoculture 277

Building a resilient architecture 278

Preventing People-Related Disasters 279

Preventing Security Issues and Incidents 280

Prevention Begins at Home 283

Chapter 13: Planning for Various Disaster Scenarios 285

Planning for Natural Disasters...

Details
Erscheinungsjahr: 2007
Fachbereich: Datenkommunikation, Netze & Mailboxen
Genre: Importe, Informatik
Rubrik: Naturwissenschaften & Technik
Medium: Taschenbuch
Inhalt: 384 S.
ISBN-13: 9780470039731
ISBN-10: 0470039736
Sprache: Englisch
Herstellernummer: 14503973000
Einband: Kartoniert / Broschiert
Autor: Gregory, Peter H
Hersteller: Wiley
John Wiley & Sons
Verantwortliche Person für die EU: Wiley-VCH GmbH, Boschstr. 12, D-69469 Weinheim, amartine@wiley-vch.de
Maße: 235 x 191 x 21 mm
Von/Mit: Peter H Gregory
Erscheinungsdatum: 01.11.2007
Gewicht: 0,719 kg
Artikel-ID: 102216981
Sicherheitshinweis

Ähnliche Produkte

Ähnliche Produkte