Disaster recovery Plan
Part 1: Required 2 pages
· Create a report detailing user access policies based on research.
· Explain the details of user policy creation in organizations.
Assignment Requirements
You are a security professional for a large, private health care organization. Users have access to file and application servers, as well as data storage facilities that contain customer health information and personally identifiable information (PII). Your organization needs to create user access policies and provide them to its employees.
Sean, your manager, asks you to write a report detailing relevant user access policies. He needs you to research a generic template and use that as a starting point from which to move forward.
For this assignment:
1. Research existing policy templates and examples from organizations of a similar type.
2. Write a report detailing at least three relevant user access policies based on your research.
. Create a table for the policies.
. Include a short summary explaining why you chose the policies.
. Include an introduction and conclusion.
. Provide citations for your sources.
Part 2: Required 4 pages
Review over the DR template and pick an industry such as (airlines, ecommerce, banking, etc.). Within that industry, pick a specific organization for the development of the Disaster Recovery Plan such as Healthcare – Physical Therapy Clinics - ATI
Pick an industry/company to focus on for this assignment. Based upon the given information you can find on the company and any past issues/breaches the company has gone through, create a Disaster Recovery plan using the template provided
Project selection is submitted for approval
INFORMATION TECHNOLOGY DISASTER RECOVERY PLAN
Revision History
|
Revision |
Change |
Date |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Official copies of the document are available at the following locations:
· Department of Information Technology Office
· Office and home of the Chief Information Officer
( 10 )
Contents
Revision History 1 Official copies of the document are available at the following locations: 1 Contents 2 Section 1: Introduction 3 Section 2: Scope 3 Section 3: Assumptions 3 Section 4: Definitions 3 Section 5: Teams 3 5.0.1 Incident Commander 3 5.0.2 Incident Command Team 3 5.1 Datacenter Recovery Team 3 5.2 Desktop, Lab, and Classroom Recovery Team 4 5.3 Enterprise Systems Recovery Team 4 5.4 Infrastructure and Web Recovery Team 4 5.5 Telecommunications, Network, and Internet Services Recovery Team 4 Section 6: Recovery Preparations 5 6.1 Data Recovery Information: 5 6.2 Central Datacenter and Server Recovery Information: 5 6.3 Network and Telecommunication Recovery Information: 5 6.4 Application Recovery Information: 5 6.5 Desktop Equipment Recovery Information: 5 Section 7: Disaster Recovery Processes and Procedures 5 7.1 Emergency Response: 5 7.2 Incident Command Team: 5 7.3 Disaster Recovery Teams: 5 7.4 General System/Application Recovery Procedures/Outline: 5 8.0 Network & Telecommunication Recovery Guidelines: 7 Appendix A. IT Contact List 7 Appendix B. Crisis Management Team Contact List 7 Appendix C: IT Recovery Priority List 7 C.1 IT Infrastructure Priorities: 7 C.2 IT System Priorities: 8 C.3 Consortium, Outsourced, and Cloud-based IT System Priorities: 8 C.4 IT Facility Priorities 9 Appendix D: Vendor Information 9 Appendix E: Disaster Recovery Signoff Sheet 10
Section 1: Introduction
Provide an introduction to the company/situation...
A copy of this plan is stored in the following areas:
· Department of Information Technology Office
· Office and home of the Chief Information Officer
Section 2: Scope
Determine/explain the scope of this plan.
Section 3: Assumptions
Section 4: Definitions
Section 5: Teams
5.0.1 Incident Commander
|
Chief Information Officer |
|
|
Home Phone: |
|
|
Cell Phone: |
|
5.0.2 Incident Command Team
|
Chief Information Officer |
|
|
Manager, User Support |
|
|
Manager, Infrastructure Services |
|
|
Manager, Information Systems |
|
|
Manager, Classroom and Media Services |
|
5.1 Datacenter Recovery Team
All Contact Information is located in Appendix A
|
Team Lead: |
Manager, Infrastructure Services |
|
Team Members: |
System Administrators (2) |
|
|
Desktop Systems Administrator |
|
|
Network Communications Technicians (2) |
5.2 Desktop, Lab, and Classroom Recovery Team
All Contact Information is located in Appendix A
Commander.
|
Team Lead: |
Manager, User Services |
|
Team Members: |
Manager, Classroom and Media Services |
|
|
Desktop Systems Administrator |
|
|
Computing Coordinators (7) |
|
|
Lab and Student Computing Coordinator |
|
|
Equipment Systems Specialist |
5.3 Enterprise Systems Recovery Team
All Contact Information is located in Appendix A
|
Team Lead: |
Manager, Information Systems |
|
Team Members: |
Manager, Infrastructure Services |
|
|
Programmer/Analysts (4) |
|
|
Web Programmer/Analyst |
|
|
System Administrator |
|
|
Computing Coordinators supporting affected areas (business services, payroll, enrollment services, etc.) |
|
|
Key Business Unit Personnel as needed by type of incident (payroll clerk, accountant, registrar, etc.) |
5.4 Infrastructure and Web Recovery Team
All Contact Information is located in Appendix A
Commander.
|
Team Lead: |
Manager, Infrastructure Services |
|
Team Members: |
System Administrators (2) |
|
|
Desktop Systems Administrator |
|
|
Web Programmer/Analyst |
5.5 Telecommunications, Network, and Internet Services Recovery Team
All Contact Information is located in Appendix A
Commander.
|
Team Lead: |
Manager, Infrastructure Services |
|
Team Members: |
Communications Technicians (2) |
|
|
System Administrator |
Section 6: Recovery Preparations
6.1 Data Recovery Information:
6.2 Central Datacenter and Server Recovery Information:
6.3 Network and Telecommunication Recovery Information:
6.4 Application Recovery Information:
6.5 Desktop Equipment Recovery Information:
Section 7: Disaster Recovery Processes and Procedures
7.1 Emergency Response:
7.2 Incident Command Team:
7.3 Disaster Recovery Teams:
7.4 General System/Application Recovery Procedures/Outline:
8.0 Network & Telecommunication Recovery Guidelines:
Appendix A. IT Contact List
Appendix B. Crisis Management Team Contact List
Appendix C: IT Recovery Priority List
The following priorities have been established by the department of Information Technology with consultation from the campus community.
C.1 IT Infrastructure Priorities:
C.2 IT System Priorities:
C.3 Consortium, Outsourced, and Cloud-based IT System Priorities:
|
Application/System Name |
Priority |
RTO |
RPO |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
(1) Critical – Basic infrastructure and must be restored as soon as possible.
(2) High – Systems of extreme importance, but do not provide infrastructure.
(3) Medium – Important systems and applications, but do not have university-wide impact.
(4) Low – Systems important to specific departments or specific small populations of users.
(5) Full –Systems that may not be restored to functional status until normal operations are reestablished.
Note: RTO is recovery time objective, RPO is recovery point objective
C.4 IT Facility Priorities
|
Building Name |
Priority |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Note: building list continues on next page.
(1) Critical, needed for maintenance of public health and safety, communications.
(2) High, needed for income maintenance for students, employees; payments to vendors; requirements for compliance or regulation; effect on cash flow; effect on production and delivery of services (housing, dining, student services).
(3) Medium, needed for mission of university, delivery of classes.
(4) Low, everything else
Appendix D: Vendor Information
Appendix E: Disaster Recovery Signoff Sheet
I have been briefed and given an overview of the Disaster Recovery Plan and I am familiar with my responsibilities.
|
Name |
Signature |
Date |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|