Disaster Recovery

Learning outcomes:

  • Describe the need for disaster planning
  • List concerns and prioritize
  • Describe disaster planning testing processes
  • Describe the responsibilities of the various roles in a disaster planning team

Would you like to download my PowerPoint to follow along?

  • What is Disaster Recovery
    • Disasters such as accidents, acts of nature etc. Need to have a plan in place to recovery from that
    • Assume nothing will work, you can't rely on your current system, communication, phone or anything
    • Think about natural disasters such as snow storms, hurricanes and what the plan is if your company is in the path of that
  • Who Makes this plan
    • C Suite people
    • IT people
    • Sales
    • Accounting and finance
    • Basically everyone from every place you picked for a CERT team you'll need here
    • Including an alternate (just like for CERT) in case of emergencies, to have a backup and make sure there are no bottlenecks of knowledge
  • What's on the plan
    • Hardware
      • What if the hardware disappears (fire, flood, etc)
      • Onsite vs Offsite
      • Rentable disaster recovery hardware
      • Companies making agreements with other companies as backups
    • Software
      • Backing up of software and programs not just the data
      • Byte by byte backups vs incremental backups
      • Different backups at different times
        • Such as once a day back up new data, once a week back up new data and programs, once a month back up everything byte by byte.
        • Backup what you're not willing to lose and set your backup to happen as often as you are willing to redo work (you're willing to redo a day of work? Backup once a day, willing to lose an hours' worth? Back up every hour
    • Backups
      • What medium are you using for the backup?
      • How long does that medium last?
      • How long do you need to keep your backup?
      • How is it protected/encrypted?
      • Who has access?
      • How is it verified and tested?
      • Do you back up your backups?
      • On site vs offsite backups
      • Third party vs in house backups
    • Testing
    • Who watches the watchers?
  • Note: We can have issues if everything isn't documented well and the person/people who made the agreements and plans aren't there or forget to pass along the message
  • People
    • Never have 1 person in charge of so much they are the single point of failure. Your plan should never be "that person"
    • Need info on each of the systems
    • Need passwords, who knows them? Who's the backup? Where are they written down? How often is the backup updated (Spoiler: Should be updated whenever the password or plan changes)
    • Need someone that knows the infrastructure
    • What's your business continuity plan?
  • Business Continuity planning
  • Testing
    • We need to run simulations and war games. We don't know if our plan works unless we test it
      • Example: We put our whole plan in a binder in a locked safe that we can all get to. Yay? What if there is a fire and we evacuate the building(s). Where is our backup of the plan? Who knows what we do next?
    • When we find errors we need to update the plan AND the documentation of the plan
    • We should test once a year at minimum.
  • Checklists

Suggested Activities and Discussion Topics:

  • In a group of 2-4 Come up with a Disaster Recovery plan for a local small Business following the documentation and best practices provided.
  • As a small group read pick a recent (within the last year) company disaster of some variety and discuss how they did in relation to the Cisco Best Practices Example
  • Write a Disaster Recovery Plan for yourself and your household. Remember to include all your assets and risks. This is likely to look different then a large company so you are going to have a shorter plan and no teams, but you can still put together a small checklist and plan for yourself/household

Would you like to see some more classes? Click here