IT Job Descriptions

Security Manual Template

Salary Survey

Disaster Plan

IT Infrastructure Strategy Charter

XML and RSS News Feeds
CIO Tools - Disaster Planning - Security
Infrastructure - Job Descriptions



Disaster Recovery Plan Ensures Survival

10/25/2009 

Every IT manager knows the importance of having an effective and fast disaster recovery plan (DRP) and Business Continuity Plan (BCP). Organizations without an adequate plan may find themselves out of business quickly after experiencing a major disaster. Janco Associates has found that over 80% of all enterprises that do not have these plans never open their doors after a disaster strikes.

Organizations that ensure survival following a disaster understand the basics of creating a good plan; however, there are many obstacles and pitfalls that can easily be avoided.

Based on working with thousands of customers, Janco Associates has developed a Disaster Recovery and Business Continuity Template that includes everything that you need to create a custom Disaster Plan.

You can download a full copy of the table of contents by going to http://www.e-janco.com/Register_drp.asp.

- more info



Apple bug distroys user data

10/17/2009 

Several posts on the Apple Support forums dating back to the middle of September indicate that some users have been losing all their data due to a nasty bug in Snow Leopard, a.k.a. Mac OS 10.6.

IT was reported that the bug which rears its head when a user logs into their Mac's Guest account and then tries to log back into their regular account.

In some cases, users have reported finding their regular account empty of data, as though it were a brand new account ...  The home directory still exists under "/Users/username" but is completely empty.

Affected users report that data is unrecoverable and cannot be found on the hard drive. The only way to recover is from a backup on external media. You do make regular backups, right?

Apple acknowledged the problem stating: "We are aware of the issue, which occurs only in extremely rare cases, and we are working on a fix," an Apple representative said in a prepared statement Monday.

Backup and Backup Retention Policy

Backup Policy & Backup RetentionThe Backup and Backup Retention policy is an 11 page sample policy that is a complete policy which can be implemented immediately. 

The document is provided in both Word 2003 and Word 2007 formats and is easily modified.  This policy is included in the Disaster Recovery / Business Continuity Template.

  

 

Below is a table from the policy.

Type of Data

Minimal Backup Policy

Backup Retention Policy

System software

Latest Version plus patches
 At Least Weekly

Annual (verified) Backup
Monthly Generations
Weekly Generations

Application software

Latest Version plus patches
At Least Weekly

Annual (verified) Backup
Monthly Generations
Weekly Generations

System data

Daily

Annual (verified) Backup
Monthly Generations
Weekly Generations
Daily Generations

Application Data

Daily with real time transaction files

Annual (verified) Backup
Monthly Generations
Weekly Generations
Daily Generations

Software licenses, encryption keys, & Protocol Data

Weekly

Annual (verified) Backup
Monthly Generations
Weekly Generations

- more info



Telecommuting workers add disaster recovery and business continuity requirments

10/11/2009 

Disaster Business ContinuityTelecommuting  is not just an arrangement; it is a way of life. It requires changes in behavioral patterns that go beyond the usual. It also requires a lot of creativity to stay in touch with people inside and outside the organization. Most telecommuting  workers have two lifelines to their organization - remote VPN access (for access to e-mail, calendar, and Intranet documents) and a telephone (for real-time communication). With no technical on-site support, a failure of even one of these lifelines leads to serious problems.

Experienced teleworkers therefore prepare for disaster planning and business continuity while all systems are working. For example, workers frequently:

  • Add redundancy to their communication links
  • Configure multiple VPN servers
  • Make sure they get e-mail on their PDAs (in case VPN over Internet fails).
  • Prepare for worst-case scenarios, such as a computer crash, due to a virus, bad configuration, or hardware failure by backing up data religiously and even keeping a backup computer in case something goes wrong with their primary one.
- more info



Backup requirments defined

10/10/2009 

CIOs, CSO's, Disaster Recovery Managers, and Business Continuity Mangers constantly are working to improve their recovery point objective (RPO) and recovery time objectives (RTO) by performing fast, non-disruptive backups, and by performing data restoration.  All comprehensive data protection solutions involve many considerations and contingencies.

Here are some of the things that can go wrong with your data and the backup requirements that need to be addressed:

  • Accidental or malicious deletion of critical data - Requirement that provides the ability to quickly and easily restore individual files and folders.
  • Data that is lost or corrupted over a period of time - Requirement to roll back individual records to fix  database corruptions. The ability to recover data from any previous point in time, and have it as granular as possible.
  • A crashed disk - Requirement to recover a disk volume is different than recovering a single file, but it should be done just as quickly, and with automation to help keep operational disruptions to a minimum.
  • A server failure - Requirement to restore operations when replacing a broken server may be complicated by the need to install different drivers on the new system if the hardware is not an exact match. It helps to have the capability to move the application workload to a standby server (with different hardware) or virtual server while the system is being replaced or repaired.
  • A local or regional disaster - Requirement when you lose an entire office to fire, flood, or other disaster, have a current copy of your important information in another location that is outside the disaster zone.
  • Remote offices and branch offices - Requirement  to have a process in place to restore with minimal technical support as remote and branch offices often do not have the luxury of having an on-site technical resource to assist in backups and restores.
  • Resource-intensive backup processes - Requirement frequent or even continuous backup that is not resource-intensive .
  •  Security breaches - Requirement to secure data. When moving data between sites, it needs to be protected from potential security breaches. A breach of data security, whether actual damage is done or not, can be devastating to your company's reputation, as dozens of large enterprises and government agencies have found in recent years.
- more info



DRP Critical Component of Risk Management

10/05/2009 

Disaster Recovery (DR) is a critical component of IT and risk mitigation strategies, and compounded in difficulty by ever growing data volumes, distributed computing, and new technologies. How can you get creative in protecting more data, recovering more swiftly, but also saving some money?

Download this outline learn how the Janco Disaster Recovery Business Continuity Template can reduce RPOs and RTOs even more. 

Disaster Business Continuity

Disaster Recovery Guide
Business Continuity Planning

ISO 27001, ISO 27002, ISO 17799, Sarbanes-Oxley, and HIPAA Compliant

    Buy      Table of Contents

What is Disaster Recovery and how does the Disaster Recovery Planning Template help?

This DRP Template can be used for any sized enterprise.  

The template and supporting material have been updated to be Sarbanes-Oxley compliant.  The complete package includes:

  • Disaster Recovery Planning and Business Continuity Template
  • Business and IT Impact Analysis Questionnaire
  • Work Plan
  • Disaster Recovery / Business Continuity Audit Program

With lost data being a competitive liability, there is no room for downtime in today's business world.

- more info



Disaster Recovery Business Continuity Basics

10/01/2009 

The basics of a Disaster Recovery Business Continuity Plan are defined in the Janco Disaster Recovery Business Continuity Template. They are:

  • Develop the contingency planning policy statement. A formal department or agency policy provides the authority and guidance necessary to develop an effective contingency plan.
  • Conduct the business impact analysis (BIA). The BIA helps to identify and prioritize critical IT systems and components.
  • Identify preventive controls. Measures taken to reduce the effects of system disruptions can increase system availability and reduce contingency life cycle costs.
  • Develop recovery strategies. Thorough recovery strategies ensure that the system may be recovered quickly and effectively following a disruption.
  • Develop an IT contingency plan. The contingency plan should contain detailed guidance and procedures for restoring a damaged system.
  • Plan testing, training and exercises. Testing the plan identifies planning gaps, whereas training prepares recovery personnel for plan activation; both activities improve plan effectiveness and overall agency preparedness.
  • Plan maintenance. The plan should be a living document that is updated regularly to remain current with system enhancements.
- more info



Successful Disaster Planning and Business Continuity Planning Processes

09/25/2009 

DRP/BCP Security Templates

The success of most business depends on Information Technology. However, business and technology environments are becoming more complex. Being prepared to respond to non-typical events - both planned and unexpected - that threaten to disrupt essential business systems and processes, is a major corporate concern.

A recent survey found that disaster recovery planning is a priority for many organizations. Eighty-six percent of IT executives said they have a disaster recovery plan in place at their organization. While the economy has affected IT budgets overall, 43 percent of IT respondents indicated the economy has not affected their disaster recovery investment (including planning) - with another 33 percent, saying investment in disaster recovery has become more important.

Organizations cannot control whether or not they will be affected by a natural disaster, power outage or other unplanned incident, but they can work to help ensure their business is prepared to respond to and recover from these events with minimal impact. Disaster recovery planning is an organizational requirement that can help reduce risk and help companies effectively respond to situations that threaten to disrupt essential business processes.

Janco Associates has found that enterprises that are successful:

  • Focus on employee safety. Every disaster recovery plan needs to begin by addressing the physical safety and psychological well-being of employees. That means the plan must include alternative locations where employees can go if a primary work site is unavailable, as well as incident notification and escalation strategies. In addition, the plan needs to be well communicated throughout the organization so everyone knows how to respond in a disaster situation.
  • Business and IT Impact  Conduct a business and IT impact analysis. Carry out a thorough analysis of people, information, application, and other resources to build an understanding of the consequences - financial and operational - of losing vital components. Take particular care to uncover interdependencies across the organization that is critical to staying in business. This analysis will provide a solid foundation for establishing recovery priorities and timeframes in your plan, allowing you to make informed decisions on where and how much to invest in disaster recovery.
  •  Plan with business operations in mind. Involve all key stakeholders in the planning process, including IT, business leaders, human resources, corporate communications, and physical and information security managers. Be sure that in planning you coordinate with other business units in your organization to avoid potential conflicts, such as multiple business units depending on the same facility as a secondary site in response to an interruption.
  •  Make the disaster recovery plan a living document. Business processes and IT systems undergo constant change in every organization. Your disaster recovery plan needs to keep pace with new workflows, business applications, and computer systems. Disaster recovery planning software can provide best practice methodologies to help you navigate through planning decisions and plan updates. In addition, regular testing will help you demonstrate your ability to recover and pinpoint areas for plan improvements.
- more info



Disaster recovery and business continuity planning issues

09/22/2009 

Disaster recovery and business continuity management and contingency planning are essential especially in these economic times. However, the creation, testing, and updating  of a sound disaster recovery and continuity and contingency plan is costly and complex.

For example, initially it is necessary to understand the underlying risks and the potential impacts of disaster. This is the primary building block upon which sensible and cost effective business continuity plan or disaster recovery plan is built. When the plan itself is created, there are the maintenance and testing phases, to ensure that the plan remains current. Even having arranged all these matters there are the external auditors to consider - and of course, there is the not so small matter of ISO 27000, SOX, HIPAA, and PCI-DSS compliance.

The industry standard solution is the Disaster Recovery and Business Continuity Template by Janco Associates. The template includes all of the right tools to assist with business impact analysis and risk analysis. You can quickly create a core plan (some of Janco’s clients have created an operational plan in less than thirty days), maintain the plan, audit the DRP BCP, and create a cost effective budget to support the disaster recovery business continuity process.

- more info



How to request funding for DRP BCP

09/19/2009 

In these tough economic times how can CIOs get the budget necessary to support Disaster Recovery and Business Continuity Planning.

The following steps should be taken when planning a presentation seeking to gain management support of a Disaster Recovery and Business Continuity program.

  • Define the scope, objectives, and requirement - It is not enough to have an objective of getting more funding or gaining executive support.  Define exactly how much funding is needed, or exactly what form the executive support should take.
  • Verify expectations - Define what management's expectations for the meeting are.
  • Focus on business continuity - It makes more sense to get the commitment for resources to achieve a 24-hour recovery time objective (RTO) than to demand the resources for a two-hour RTO and get nothing.
  • Anticipate objections - realize that the number one objection is the cost, and prepare accordingly. Let the results of the business impact analysis (BIA) justify the "investment" (not "cost").
  • Prepare a competitive analysis - Executives care what their competition is doing. Annual benchmark studies and surveys are good sources of information on the investments in DPR/BCP being made by industry, by size of organization, etc.
  • Prepare examples of what has happened to others - Remind the executives of the regulations that affect their business, and the impact of not complying with them. Examples of such regulations are Sarbanes-Oxley, HIPAA, Foreign Corrupt Practices Act, and Gramm-Leach-Bliley. In addition,  research companies that have been damaged significantly in highly publicized news stories because of their failure to act responsibly.
  • Define the Risk/Reward of DRP/BCP - Research and develop the business continuity program's return on investment.
  • Package Resources - Work with vendors like Janco Associates who can package infrastructure solutions like the Disaster Recovery Business Continuity Template to accelerate the process and minimize the cost.
  • Get buy-in for key decision makers before you meet to ask for a decision - The effort will have greater success if key decision makers and other departments within the organization support the DRP/BCP program. The power of a presentation supported by key executives, marketing, IT security, physical security, human resources, facilities, and risk management is highly significant.
- more info



Simple factors can cause a business interruption

09/17/2009 

Gmail was down for over 30 minutes. Isn't Gmail supposed to have multiple points of failure? Well yes, Gmail has thousands and thousands of overlapping mail servers that can pick up the slack if any one fails because the data is replicated and spread all around. Nevertheless, there are also request servers that do nothing but route the requests for email to whichever server (with the right emails on it) happens to be available.

Disaster Recovery Planning Template  Threat Vulnerability Assessment Tool  Business & IT Impact Analysis 

It turns out that Google took down some regular email servers for routine maintenance, and because of some recent changes, that overloaded the request servers.   A VP at Google said, "...we had slightly underestimated the load which some recent changes placed on the request routers, ... a few of the request routers became overloaded and in effect told the rest of the system 'stop sending us traffic, we're too slow!.' This transferred the load onto the remaining request routers, causing a few more of them also to become overloaded, and within minutes nearly all of the request routers were overloaded. "

 

- more info