Associate Level Material

Appendix D

Disaster Recovery Plan

Student Name: John Weathers

UNIVERSITY IT/244 INTRO

OF

PHOENIX IT SECURITY

TO

Instructors Name: Scott Sabo Date: April 8, 2012

Disaster Recovery Plan

1. Disaster Recovery Plan

Due in Week Three: For your selected scenario, describe the key elements of the Disaster Recovery Plan to be used in case of a disaster and the plan for testing the DRP.

1.1.

Risk Assessment

1.1.1. Critical business processes

List the mission-critical business systems and services that must be protected by the DRP.

You must ensure the safety of the computers and databases, service, level agreements, and have back-up plans in case of emergency and are unable to access network technology. The Mission-critical business systems that should be protected by the (DRP) should include, but are not limited to; Payroll, Human Resource Data, Point-of-Sale backup media, and the Web Servers.

1.1.2. Internal, external, and environmental risks

Briefly discuss the internal, external, and environmental risks, which might be likely to affect the business and result in loss of the facility, loss of life, or loss of assets. Threats could include weather, fire or chemical, earth movement, structural failure, energy, biological, or human.

Examples of the internal risks that may affect the business are unauthorized employees or any other unauthorized person having access to the individual stores computer systems, applications, and areas where servers and backup media are stored. Other external and environmental risks to the business include fire, floods, power outages, hardware or software failure, storms, and earthquakes

1.2.

Disaster Recovery Strategy

Of the strategies of shared-site agreements, alternate sites, hot sites, cold sites, and warm sites, identify which of these recovery strategies is most appropriate for your selected scenario and why.

IT/244 Intro to IT Security

Page 1

Disaster Recovery Plan

With only having four separate business locations within fairly close proximity to each other it is my opinion that a shared-site agreement would be the most effective one. Sunica Music and Movies will be using the same hardware and software in each of the separate locations, this alone will eliminate compatibility issues in the event of a disaster, Natural or otherwise.
Disaster Recovery Test Plan For each testing method listed, briefly describe each method and your rationale for why it will or will not be included in your DRP test plan.

1.2.1. Walk-throughs
Members of the key business units meet to trace their steps through the plan, looking for omissions and inaccuracies (Merkow and Brethaupt, 2006). This step will be used to ensure that key employees now what their need to do when a disaster occurs at their location and what they must do to support a sister store if they have a disaster. They will also provide feedback for any problems that they observe during this process.

1.2.2. Simulations
During a practice session, critical personnel meet to perform a dry run of the emergency, mimicking the response to a true emergency as closely as possible (Merkow and Brethaupt, 2006). This testing method will be used because it will give the most realistic idea of the possible outcome of an actual disaster and familiarize employees with the appropriate responses.

1.2.3. Checklists

A more passive type of testing, members of the key departments check off the tasks for which they are responsible and report on the

IT/244 Intro to IT Security

Page 2

Disaster Recovery Plan

accuracy of the checklist. This is typically a first step toward a more comprehensive test (Merkow and Brethaupt, 2006). This testing method would be important because it would provide documentation to ensure that all the necessary steps have been taken.

1.2.4. Parallel testing

The backup processing occurs in parallel with production services that never stop. This is a familiar process for those who have installed complex computer systems that run in parallel with the existing production system until the new system proves to be stable. An example of this might be when a company installs a new payroll system: Until the new system is deemed ready for full cut-over, the two systems are operated in parallel (Merkow and Brethaupt, 2006). This testing method is not necessary because Sunicas system is not complex and they are not implementing any new systems.

1.2.5. Full interruption

Also known as the true/false test, production systems are stopped as if a disaster had occurred to see how the backup services perform. They either work (true) or they fail (false) in which case the lesson learned can be as painful as a true disaster (Merkow and Brethaupt, 2006). This testing method would not be used because a interrupting the systems would prove to be devastating to the customer service of a retail business. The lowered level of customer service during this period would spread through word-ofmouth which could make the companys customer base smaller.

IT/244 Intro to IT Security

Page 3

Disaster Recovery Plan

2. References
Cite all your references by adding the pertinent information to this section by following this example.

Merkow, M., & Breithaupt, J. (2006). Information security: Principles and practices. Pearson/Prentice Hall

IT/244 Intro to IT Security

Page 4