Incident Response Plan

sepola
bd_ch_10_sect_03.html
Home>Computer Science homework help>Incident Response Plan

Disaster Recovery

The next vital part of CP focuses on disaster recovery (DR) An organization’s set of planning and preparation efforts for detecting, reacting to, and recovering from a disaster. . The IT community of interest, under the leadership of the CIO, is often made responsible for disaster recovery planning, including aspects that are not necessarily technology based.

Disaster recovery planning (DRP) The actions taken by senior management to develop and implement the DR policy, plan, and recovery teams. entails the preparation for and recovery from a disaster, whether natural or man-made. In some cases, actual incidents detected by the IR team may escalate to the level of disaster, and the IR plan may no longer be able to handle the effective and efficient recovery from the loss. For example, if a malicious program evades containment actions and infects and disables many or most of an organization’s systems and its ability to function, the disaster recovery plan (DR plan) The documented product of disaster recovery planning; a plan that shows the organization’s intended efforts in the event of a disaster. is activated. Sometimes, events are by their nature immediately classified as disasters, such as an extensive fire, flood, damaging storm, or earthquake.

As you learned earlier in this chapter, the CP team creates the DR planning team (DRPT). The DRPT in turn organizes and prepares the DR response teams (DRRTs) to actually implement the DR plan in the event of a disaster. In reality, there may be many different DRRTs, each tasked with a different aspect of recovery. These teams may have multiple responsibilities in the recovery of the primary site and the reestablishment of operations:

  • Recover information assets that are salvageable from the primary facility after the disaster.

  • Purchase or otherwise acquire replacement information assets from appropriate sources.

  • Reestablish functional information assets at the primary site if possible or at a new primary site, if necessary.

Some common DRRTs include:

  • DR Management Team—Coordinates the on-site efforts of all other DRRTs.

  • Communications Team—With representatives from the Public Relations and Legal departments, provides feedback to anyone who wants additional information about the organization’s efforts in recovering from the disaster.

  • Computer Recovery (Hardware) Team—Works to recover any physical computing assets that might be usable after the disaster and acquire replacement assets and set them up for resumption of operations.

  • Systems Recovery (OS) Team—Works to recover operating systems and may contain one or more specialists on each operating system that the organization employs; may be combined with the applications recovery team as a “software recovery team” or with the hardware team as a “systems recovery team” or “computer recovery team.”

  • Network Recovery Team—Works to determine the extent of damage to the network wiring and hardware (hubs, switches, and routers) as well as to Internet and intranet connectivity.

  • Storage Recovery Team—Works with the other teams to recover storage-related information assets; may be subsumed into other hardware and software teams.

  • Applications Recovery Team—Works to recover critical applications.

  • Data Management Team—Works on data restoration and recovery, whether from on-site, off-site, or online transactional data.

  • Vendor Contact Team—Works with suppliers and vendors to replace damaged or destroyed materials, equipment, or services, as determined by the other teams.

  • Damage Assessment and Salvage Team—Specialized individuals who provide initial assessments of the extent of damage to materials, inventory, equipment, and systems on-site.

  • Business Interface Team—Works with the remainder of the organization to assist in the recovery of nontechnology functions.

  • Logistics Team—Responsible for providing any needed supplies, space, materials, food, services, or facilities at the primary site; may be combined with the vendor contact team.

  • Other Teams as Needed.

Listen webReader by ReadSpeaker Open/close toolbar