IT/244 Intro to Security
Week 3 – Assignment – DRP – Disaster Recovery Plan
Date: 10/6/2013
Disaster Recovery Plan
I. Risk Assessment
a. Critical Business Process
a.i. The mission-critical business systems and services that must be protected by this DRP are as follows: Payroll, Human Resource Data, POS backup media, and Web Servers and their services.
b. Internal, External, and Environmental Risks
b.i. Examples of internal risks that may affect business are unauthorized access by individuals who are employed by the company, and those who aren’t employed by the company but still have access to individual store’s computer systems, applications, or areas where the servers and backup media are located. Other external and environmental risks include fire, floods, power outages, hardware failure, software glitches and failure, storms, and other acts of nature.
II. Disaster Recovery Strategy
a. Most cases, having an alternative site (a hot site, or cold site depending on the disaster) would be the correct way of dealing with most disasters. As well as having a backup and retention site to work from, and recover from for the main servers and web services.
b. Unwanted access can be turned off, or excluded when logged in via a monitoring service, as well as time restricted login. Any unauthorized logins will be recorded and terminated as well as site information and tracing information. Security measures are implied (camera, onsite security, etc.).
III. Disaster Test Plan
a. Monthly walkthroughs of the equipment, as well as quality assurance through the electric company, Internet Service providers, will ensure upkeep of the facilities main sources of outside connection as well as power. Weekly walkthroughs from management will keep the records up to date, as well as daily walkthroughs by IT will keep day to day evaluations up to date.
b. Working with the electric company, as well as the internet service provider for the company will