As described in the NIST, Computer Security Resource Center glossary – It is defined as a written plan for processing critical applications in the event of a major hardware or software failure or destruction of facilities. DRP is the second plan needed by the enterprise risk managers and is used when the enterprise must recover (at its original facilities) from a loss of capability over a period of hours or days. See continuity of operations plan (COOP) and contingency plan. According to John Vacca’s Computer Information and Security Handbook about DR – “All events must be considered, and the impact must also be reflected upon so that the organization has the ability to continue and deliver business as usual.
To put in simple words – A strategy that will enable a business/organization to continue to run in the event of any disaster whether it be a natural disaster or any sort of cyber-attack. It is needed to identify the risks and vulnerabilities a company might face in an event of a natural disaster or cyber-attack and how to face or mitigate them to get the business back up and running within limited amount of time.
It seems as though we are on the same page when it comes to understanding what a disaster recovery plan is and its importance. Essentially, it is an essential-function rebuilding of the entire company. Since the stakes are so high, it makes sense why the authors recommend that a DR team be made up of people with mostly senior positions given that they know the organization’s systems inside and out (best case scenario they have atleast 10 years of IT experience). Due to their experience, they should already be comfortable with taking charge if a disaster were to occur and helping the business recover from it because they plan this role in the company everyday; they are probably used to fixing systems when other employees can not get it right.
Shubham,
Recovering from a disaster is usually a gradual process for an organization without DRP. So NIST 800 – 34 r 1 identifies why Organization’s DRP is an information system-focused plan designed to restore operability of the target system, application, or computer facility infrastructure at an alternate site after an emergency disruption.
Disaster recovery plan should be validated and reviewed annually to keep the recovery plan updated to handle force majeures or any kind.
Disaster recovery plans and the preventative measures they contain are needed for preventing avoidable disasters from occurring in the first place or helping reduce the potential damage from disasters that are inevitable; the goal is to restore operations as quickly as possible. Things that are most likely to be destroyed in these instances often refer to equipment, data, or rendered communicants at a particular location unusable. Vacca Chapter 36 describes disaster recovery as “a sequence of events that, regardless of extenuating circumstances, will restore the full functionality of data, communications, or equipment, located at some one site or many sites, that has been rendered unusable by some event.” In order to implement one, a committee would have to assess conceivable risks to the organization that could result in the disasters or emergency situations themselves. Risks should be assessed on an inherent and residual basis based on their likelihood and impact. Considering environments are constantly evolving, it is recommended to continuously replicate and test the disaster recovery plan. The risks of not having a disaster recovery plan in place could result in high financial costs, reputation loss, and may pose a great risk for clients and customers.
You mentioned the key component of a DR plan. The committee has to assess conceivable risks to the organization that could result in the disasters or emergency situations themselves. All events must be considered, and the impact must also be reflected upon so that the organization has the ability to continue and deliver business as usual. Quantitative and qualitative risks are considered separately in a DR plan
Elizabeth,
I like the aspect of your comment “In order to implement one, a committee would have to assess conceivable risks to the organization that could result in the disasters or emergency situations themselves”, so it means the Disaster recovery plan in itself could be vulnerable, if not properly addressed.
The DRP assessment should be drawn up beforehand and agreed-to by all committee. In short, the test should be presented as a learning exercise that allows for problem-solving and business continuity.
Disaster recovery plan (DRP)
From the perspective contents from John Vacca, Disaster recovery plan is implemented to assess the business impact of a certain types of force majeure or human-induced or natural disaster which could hold the business to a catastrophic disruption. It is a recovery plan used to preserve business operations when faced with disruptions or disasters and how to re-establish operations. The important aspects are to identify resource values, perform a business impact analysis, and produce business unit priorities, contingency plans, and crisis management. It is important that the mission of the enterprise is sustained during emergency or human required for responding to a catastrophic event which may be caused by natural disaster, fire, act of terror, active shooter or cybercrime.
The key areas in a properly designed DRP:
• Clear delegation of roles and responsibilities
• Execution of alert roster and notification of key personnel
• Clear establishment of priorities
• Documentation of the disaster
• Action steps to mitigate the impact
• Alternative implementations for various systems components
• DRP must be tested regularly
The key areas you mentioned in your response makes it easier to understand the required steps for creating well designed DRP. The plan should start with a statement of its purpose, scope, and expectations. Key roles, members, positions, and responsibilities should be well documented. The business services identified as critical should be listed as well as recovery priorities and objectives.
Hi Oluwaseun,
I like your detailed description of key points in a properly designed DRP. Basically, DRP is an organization’s formal document on how to protect and respond to data when unexpected things happen. Among the key areas you mentioned, clearly setting priorities, documenting disasters, and mitigating action steps are critical.
A disaster recovery plan (DRP) is a document which is a document created by an organization on how to respond to unexpected events (examples: natural disasters, power outages, cyber attacks, and any destructive events). DRP is an important part of the business continuity plan (BCP), which aims to effectively rebuild the system after a disaster and help organizations solve data loss problems and restore system functions so that it can be executed after the event. Also, the plan contains strategies to minimize disasters to ensure that the organization continues to operate or quickly resume critical operations.
When disaster strikes, organizations are faced with the task of restoring systems that are often completely destroyed from scratch. Its data recovery and protection strategy is very important. The ability to handle incidents quickly can reduce downtime and minimize financial and reputation losses. DRP enables organizations to ensure that all compliance requirements are met, while also providing a clear roadmap for recovery. If a disaster strikes the organization’s data center which does not have DRP, then this organization will suffer a large enough loss that the possibility of bankruptcy is high. Therefore, disaster recovery is a must.
Shubham Patil says
As described in the NIST, Computer Security Resource Center glossary – It is defined as a written plan for processing critical applications in the event of a major hardware or software failure or destruction of facilities. DRP is the second plan needed by the enterprise risk managers and is used when the enterprise must recover (at its original facilities) from a loss of capability over a period of hours or days. See continuity of operations plan (COOP) and contingency plan. According to John Vacca’s Computer Information and Security Handbook about DR – “All events must be considered, and the impact must also be reflected upon so that the organization has the ability to continue and deliver business as usual.
To put in simple words – A strategy that will enable a business/organization to continue to run in the event of any disaster whether it be a natural disaster or any sort of cyber-attack. It is needed to identify the risks and vulnerabilities a company might face in an event of a natural disaster or cyber-attack and how to face or mitigate them to get the business back up and running within limited amount of time.
Elizabeth Gutierrez says
Hi Shubham,
It seems as though we are on the same page when it comes to understanding what a disaster recovery plan is and its importance. Essentially, it is an essential-function rebuilding of the entire company. Since the stakes are so high, it makes sense why the authors recommend that a DR team be made up of people with mostly senior positions given that they know the organization’s systems inside and out (best case scenario they have atleast 10 years of IT experience). Due to their experience, they should already be comfortable with taking charge if a disaster were to occur and helping the business recover from it because they plan this role in the company everyday; they are probably used to fixing systems when other employees can not get it right.
Oluwaseun Soyomokun says
Shubham,
Recovering from a disaster is usually a gradual process for an organization without DRP. So NIST 800 – 34 r 1 identifies why Organization’s DRP is an information system-focused plan designed to restore operability of the target system, application, or computer facility infrastructure at an alternate site after an emergency disruption.
Disaster recovery plan should be validated and reviewed annually to keep the recovery plan updated to handle force majeures or any kind.
Elizabeth Gutierrez says
Disaster recovery plans and the preventative measures they contain are needed for preventing avoidable disasters from occurring in the first place or helping reduce the potential damage from disasters that are inevitable; the goal is to restore operations as quickly as possible. Things that are most likely to be destroyed in these instances often refer to equipment, data, or rendered communicants at a particular location unusable. Vacca Chapter 36 describes disaster recovery as “a sequence of events that, regardless of extenuating circumstances, will restore the full functionality of data, communications, or equipment, located at some one site or many sites, that has been rendered unusable by some event.” In order to implement one, a committee would have to assess conceivable risks to the organization that could result in the disasters or emergency situations themselves. Risks should be assessed on an inherent and residual basis based on their likelihood and impact. Considering environments are constantly evolving, it is recommended to continuously replicate and test the disaster recovery plan. The risks of not having a disaster recovery plan in place could result in high financial costs, reputation loss, and may pose a great risk for clients and customers.
Shubham Patil says
Elizabeth,
You mentioned the key component of a DR plan. The committee has to assess conceivable risks to the organization that could result in the disasters or emergency situations themselves. All events must be considered, and the impact must also be reflected upon so that the organization has the ability to continue and deliver business as usual. Quantitative and qualitative risks are considered separately in a DR plan
Oluwaseun Soyomokun says
Elizabeth,
I like the aspect of your comment “In order to implement one, a committee would have to assess conceivable risks to the organization that could result in the disasters or emergency situations themselves”, so it means the Disaster recovery plan in itself could be vulnerable, if not properly addressed.
The DRP assessment should be drawn up beforehand and agreed-to by all committee. In short, the test should be presented as a learning exercise that allows for problem-solving and business continuity.
Oluwaseun Soyomokun says
Disaster recovery plan (DRP)
From the perspective contents from John Vacca, Disaster recovery plan is implemented to assess the business impact of a certain types of force majeure or human-induced or natural disaster which could hold the business to a catastrophic disruption. It is a recovery plan used to preserve business operations when faced with disruptions or disasters and how to re-establish operations. The important aspects are to identify resource values, perform a business impact analysis, and produce business unit priorities, contingency plans, and crisis management. It is important that the mission of the enterprise is sustained during emergency or human required for responding to a catastrophic event which may be caused by natural disaster, fire, act of terror, active shooter or cybercrime.
The key areas in a properly designed DRP:
• Clear delegation of roles and responsibilities
• Execution of alert roster and notification of key personnel
• Clear establishment of priorities
• Documentation of the disaster
• Action steps to mitigate the impact
• Alternative implementations for various systems components
• DRP must be tested regularly
Shubham Patil says
Oluwaseun,
The key areas you mentioned in your response makes it easier to understand the required steps for creating well designed DRP. The plan should start with a statement of its purpose, scope, and expectations. Key roles, members, positions, and responsibilities should be well documented. The business services identified as critical should be listed as well as recovery priorities and objectives.
Yangyuan Lin says
Hi Oluwaseun,
I like your detailed description of key points in a properly designed DRP. Basically, DRP is an organization’s formal document on how to protect and respond to data when unexpected things happen. Among the key areas you mentioned, clearly setting priorities, documenting disasters, and mitigating action steps are critical.
Yangyuan Lin says
A disaster recovery plan (DRP) is a document which is a document created by an organization on how to respond to unexpected events (examples: natural disasters, power outages, cyber attacks, and any destructive events). DRP is an important part of the business continuity plan (BCP), which aims to effectively rebuild the system after a disaster and help organizations solve data loss problems and restore system functions so that it can be executed after the event. Also, the plan contains strategies to minimize disasters to ensure that the organization continues to operate or quickly resume critical operations.
When disaster strikes, organizations are faced with the task of restoring systems that are often completely destroyed from scratch. Its data recovery and protection strategy is very important. The ability to handle incidents quickly can reduce downtime and minimize financial and reputation losses. DRP enables organizations to ensure that all compliance requirements are met, while also providing a clear roadmap for recovery. If a disaster strikes the organization’s data center which does not have DRP, then this organization will suffer a large enough loss that the possibility of bankruptcy is high. Therefore, disaster recovery is a must.