Calamity occurrence in any area, arising from natural or man-made causes, or by accident or negligence which results in substantial loss of asset or business, Flood: Any unplanned event that requires immediate redeployment of limited resources is defined as cyber Disaster Recovery Plan.
Types of Cyber Disaster:
Natural Forces:
- Fire
- Environmental Hazards
- Flood / Water Damage
- Extreme Weather
Technical Failure:
- Power Outage
- Equipment Failure
- Network Failure
- Software Failure
Human Interference:
- Criminal Act
- Human Error
- Loss of Users
- Explosions
Also Read Most Important Consideration for Industrial Control System(ICS) Cyber Defense
What is a Disaster Recovery Plan?
A management document for how and when to utilize resources needed to maintain selected functions when disrupted by agreed-upon incidents.
Other commonly used names:
- Business Continuity Plan
- Contingency Plans
- Continuity Plans
- Emergency Response Plans
- Business Recovery Plans
- Recovery Plans
When an incident occurs, the Disaster Recovery response activities are likely to be the following (at a high level).
Types of Controls:
- Integrity Controls
- Confidentiality Controls
- Availability Controls
Integrity Controls:
- Policy
- Methodology
- Staffing
- Education
- Division of Responsibility
- Audit
- Error and Change Control
- Reporting and Resolution
- Test
- Quality Assurance
Confidentiality Controls:
- Proprietary Information Policy
- Ethics Statement
- “Need to Know”, “Need to Withhold”
- Records Management
- Handling Procedures
- Physical & Electronic
- Security Measures
Availability Controls:
- Asset Identification
- Controls Review
- Impact Analysis
- Data Backup
- Off-site Storage
- Avoidance Strategies
- Mitigation Strategies
- Early Detection & Notification
- Recovery Strategies
- Alternate Locations
- Plans and Procedures
- Vendor Relationships
- Training
- Testing
An Example of Disaster Recovery Team:
Case Study- The CFlood: Impact
- One of the worst business disasters
- 230 buildings lost power for a couple of days
- Valuable government records were in jeopardy
- Extensive impact on electrical and computing systems
- The greatest financial impact on the CBOT, losing 25 billion in trading of 36 products
Case Study- The Chicago Flood: Disaster Recovery
- Using Alternate Site Services approach
- Providing the alternate site nearly identical to the customer’s damaged site
- Implemented by Comdisco Continuity Service
Case Study- The Chicago Flood: Recovery Result
- Helped 2 Chicago banks resume operation within hours of evacuation
- 17 customers from the financial, brokerage, government and service/ distribution industries, were supported at their hot sites within half a day.
Case Study- The World Trade Center Explosion: Impact
- Building-wide power outage
- Structural damaged and employee trauma, Businesses were down
- Water problem due to pipes was severed
- Injured and Dead reports, the building was considered a crime scene
Also Read An approach to Tackle Internet Security Issues at Work
Case Study- The World Trade Center Explosion: Recovery
- Fiduciary Trust, a banking and financial institute’s Recovery Plan
- The data center switched automatically to their secondary power system
- Moved the operation to their alternate site in NJ which equipped with a computer network nearly identical to that of the bank
Case Study- The World Trade Center Explosion: Recovery Result
- The system was down for Friday afternoon and was up and running by Monday morning as if nothing had happened
- Employees retained their usual telephone numbers
- Transactions went through the same as always
- Customers couldn’t even detect that the bank was no longer operating from the World Trade Center.
Examples of Cyber Disaster Recovery Services:
Alternate Sites
- Provide alternate site nearly identical to the customer’s damaged site
Business Impact Analysis
- Provide services such as defining disaster plans and addressing exposures to business and recovery administrators
Certification
- Provide services such as certifying qualified individuals in the discipline and promoting the credibility and professionalism of certified individuals
Education Classes
- Creating a base of common knowledge for the business continuity/disaster recovery planning industry through education, assistance, and the promotion of international standards
On-Site Recovery Facilities
- Manage the mobilization of an on-call response team, prepare a pre-designated site, erect temporary pre-engineered structures, install mechanical and electrical systems and coordinate move-in activities
Satellite Communication
- Provide satellite telecommunications products and services.
The business continuity plan is a more proactive approach, as it describes how an organization can maintain operations during an emergency.
