Page 747 - StudyBook.pdf
P. 747

Operational and Organizational Security: Policies and Disaster Recovery• Chapter 12  731

                 cause problems, as they would indicate that the old equipment is still part of the
                 system.The same applies to data, as failing to indicate that backup tapes have been
                 destroyed would provide false information in a backup inventory.

                 Disaster Recovery


                 After the events of September 11, 2001, the widespread effects of a disaster became
                 evident. Equipment, data, and personnel were destroyed, staggering amounts of
                 money were lost by individual businesses, and the economic ripples were felt inter-
                 nationally.While some companies experienced varying levels of downtime, some
                 never recovered and were put out of business.While this was an extreme situation,
                 a disaster recovery plan is used to identify such potential threats of terrorism, fire,
                 flooding, and other incidents, and provide guidance on how to deal with such
                 events when they occur.
                    Disasters can also result from the actions of people. Such disasters can occur as a
                 result of employee’s accidentally or maliciously deleting data, intrusions of the
                 system by hackers, viruses and malicious programs that damage data, and other
                 events that cause downtime or damage.As with environmental disasters, a disaster
                 recovery plan may be used to prepare and deal with catastrophes when they occur.
                    Preparation for disaster recovery begins long before a disaster actually occurs.
                 Backups of data need to be performed daily to ensure data can be recovered, plans
                 need to be created that outline what tasks need to be performed by who, and other
                 issues need to be addressed as well.While it is hoped that such preparation is never
                 needed, it is vital that a strategy is in place to deal with incidents.
                    The disaster recovery plan should identify as many potential threats as possible,
                 and include easy-to-follow procedures.When discussing disaster recovery plans in
                 greater detail, a plan should provide countermeasures that address each threat
                 effectively.

                 Backups

                 Backing up data is a fundamental part of any disaster recovery plan.When data is
                 backed up, it is copied to a type of media that can be stored in a separate location.
                 The type of media will vary depending on the amount of data being copied, but
                 can include digital audio tape (DAT), digital linear tape (DLT), compact disks
                 (CDR/CD-RW) and DVDs, or floppy disks. If unintended data is destroyed, it can
                 be restored as if nothing had happened.






                                                                              www.syngress.com
   742   743   744   745   746   747   748   749   750   751   752