Organization Cyber Disaster Recovery Plan Checklist

Calamity occurrence in any area, arising from natural or man-made causes, or by accident or negligence which results in substantial loss of asset or business, Flood: Any unplanned event that requires immediate redeployment of limited resources is defined as cyber Disaster Recovery Plan.

Natural Forces:

Fire
Environmental Hazards
Flood / Water Damage
Extreme Weather

Technical Failure:

Power Outage
Equipment Failure
Network Failure
Software Failure

Human Interference:

Criminal Act
Human Error
Loss of Users
Explosions

A management document for how and when to utilize resources needed to maintain selected functions when disrupted by agreed-upon incidents.

Other commonly used names:

Business Continuity Plan
Contingency Plans
Continuity Plans
Emergency Response Plans
Business Recovery Plans
Recovery Plans

When an incident occurs, the Disaster Recovery response activities are likely to be the following (at a high level).

Types of Controls:

Integrity Controls
Confidentiality Controls
Availability Controls

Integrity Controls:

Policy
Methodology
Staffing
Education
Division of Responsibility
Audit
Error and Change Control
Reporting and Resolution
Test
Quality Assurance

Confidentiality Controls:

Proprietary Information Policy
Ethics Statement
“Need to Know”, “Need to Withhold”
Records Management
Handling Procedures
Physical & Electronic
Security Measures

Availability Controls:

Asset Identification
Controls Review
Impact Analysis
Data Backup
Off-site Storage
Avoidance Strategies
Mitigation Strategies
Early Detection & Notification
Recovery Strategies
Alternate Locations
Plans and Procedures
Vendor Relationships
Training
Testing

An Example of Disaster Recovery Team:

Case Study- The CFlood: Impact

One of the worst business disasters
230 buildings lost power for a couple of days
Valuable government records were in jeopardy
Extensive impact on electrical and computing systems
The greatest financial impact on the CBOT, losing 25 billion in trading of 36 products

Case Study- The Chicago Flood: Disaster Recovery

Using Alternate Site Services approach
Providing the alternate site nearly identical to the customer’s damaged site
Implemented by Comdisco Continuity Service

Case Study- The Chicago Flood: Recovery Result

Helped 2 Chicago banks resume operation within hours of evacuation
17 customers from the financial, brokerage, government and service/ distribution industries, were supported at their hot sites within half a day.

Case Study- The World Trade Center Explosion: Impact

Building-wide power outage
Structural damaged and employee trauma, Businesses were down
Water problem due to pipes was severed
Injured and Dead reports, the building was considered a crime scene

Case Study- The World Trade Center Explosion: Recovery

Fiduciary Trust, a banking and financial institute’s Recovery Plan
The data center switched automatically to their secondary power system
Moved the operation to their alternate site in NJ which equipped with a computer network nearly identical to that of the bank

Case Study- The World Trade Center Explosion: Recovery Result

The system was down for Friday afternoon and was up and running by Monday morning as if nothing had happened
Employees retained their usual telephone numbers
Transactions went through the same as always
Customers couldn’t even detect that the bank was no longer operating from the World Trade Center.

Examples of Cyber Disaster Recovery Services:

Alternate Sites

Provide alternate site nearly identical to the customer’s damaged site

Business Impact Analysis

Provide services such as defining disaster plans and addressing exposures to business and recovery administrators

Certification

Provide services such as certifying qualified individuals in the discipline and promoting the credibility and professionalism of certified individuals

Education Classes

Creating a base of common knowledge for the business continuity/disaster recovery planning industry through education, assistance, and the promotion of international standards

On-Site Recovery Facilities

Manage the mobilization of an on-call response team, prepare a pre-designated site, erect temporary pre-engineered structures, install mechanical and electrical systems and coordinate move-in activities

Satellite Communication