Disaster Prevention and

Recovery
Evan Happel, Sheena McLeod,
Colin Millison

Aeneas Case Study

Internet and Telephone of Jackson
Tennessee
May 4, 2003 400 businesses hit by a
category F4 tornado with 200 mph
winds.
11 deaths and $50 million in damages
How did their disaster recovery plan
help?

Aeneas Case Study Cont.

Backup systems
Employees worked from remote
locations.
Less than 72 hours they were back,
fully serving the customers needs.
Most people never even lost service
Planned for the worst case scenario.

How Much Do You Know?

Take out a piece of paper and pencil.
Quiz time!
See how much you know, then we will
give you the answers at the end.

Quiz
1) True or False- Disaster recovery
planning is complex and expensive?
2) Which option is not a required item in
a disaster recovery plan?
A. Location of recovery facility
B. Computer equipment list
C. List of phone numbers of key people in the
company
D. Disaster recovery testing results
(www.paeinc.com/book/paefrm.html)

Quiz Continued
3) True or False- Why should you care
about disaster prevention. There is
nothing that can be done to prevent a
disaster.
(www.paeinc.com/book/paefrm.html)
4) Reviewing of a disaster recovery plan
should take place
A. Once
B. Once a year
C. Twice a year

(Total Contingency Planning for Disasters)

Quiz Continued
5) What are the three types of
disasters?
6) What percentage of business
organizations have a workable disaster
recovery plan?
(Total Contingency Planning for Disasters)

Disasters
Can fall into one of three types
1. Natural-Caused by a natural event
2. Environmental-Related to environmental
problems
3. Incited-Provoked and urged on

(Total Contingency Planning for Disasters)

Natural
Examples:
Flood
Earthquake
Tornado
Fire
Hurricane
(Total Contingency Planning for
Disasters)

Environmental
Examples:
Aircraft crash
Explosion
Contamination
Power
(Total Contingency Planning
for Disasters)

Incited
Examples:
Arson
Sabotage
Vandalism

(Total Contingency Planning for

Disasters)

Facts and Statistics

At least 1/4 of all businesses that close
because of disaster never reopen
(www.ibhs.org/business_prtection.com)

Current estimates put business losses as high

as several billion dollar each week to various
forms of cyber attacks (www.ready.gov)
A company loses around $1 million/hour due
to down time or idle employees (Disaster Recovery Planning)

Getting Started: Contingency

Planning
Objectives of a contingency plan
1)Prevent disaster from occurring
2)Contain the impact of a disaster if one does
happen
3)Provide an organized response to a disaster
4)Minimize disruptions to cash flow
5)Provide alternate ways to service customer
orders
6)Prevent a significant long-term loss of market
share (Total Contingency Planning for Disasters)

Contingency Planning Basics

Continued
Knowing what to plan for
Visit FEMAs website and explore are you
ready
Impact analysis-examine four areas
1)The relative value of the information of
infrastructure component
2)The possible public fallout
3)The denial of business potential
4)The ease of attack
(Total Contingency Planning for Disasters)

Cyber Protection:
12 Step Plan
1) Use strong passwords and change
them regularly
2) Look out for e-mail attachments and
internet download modules
3) Install, maintain, and apply anti-virus
programs
4) Install firewalls

Cyber Protection Continued

5) Remove unused software and user
accounts; clean out everything on
replaced equipment
6) Establish physical access controls for
all computer equipment
7) Create backups for important files,
folders, and software
8) Keep current software updates

Cyber Protection Continued

9) Implement network security with access
controls
10) Limit access to sensitive and confidential
data
11) Establish and follow a security financial
risk management plan; maintain adequate
insurance coverage
12) Get technical expertise and outside help
when you need it
(ready.gov)

After Plan Is Created

Communicate
Reassess annually

(Total Contingency Planning for Disasters)

Recovery Planning
Practical Reasoning
To avoid extended periods of downtime
Idle = big $
To avoid loss of data/information/physical goods
Due to uncontrollable situations, such as terrorist attacks

Legal Reasoning
Governmental agencies pass regulations and acts to ensure
companies implement a recovery plan
IRS (cross-industry)
Banking, Health Care, and Financial sectors
(source: Disaster Recovery Planning)

Recovery Planning:
Storage Options
Consolidated Storage
Multiple platforms using a Storage Area Network
(SAN) to put all their data into one
centralized/secure location
Sold at Dell.com, starting at $1000
Also sold by Hewlett Packard,
Hitachi Data Systems,
and Data Domain

(source: Disaster Recovery Planning)

Recovery Planning:
Storage Options
Tape Storage
Magnetic tapes/cassettes used to back up data
Most affective when stored off-site
Need to be checked regularly to
make sure they are storing data
properly
Sold at Dell.com ($699 to $20,000+)
Also at Hewlett Packard, Hitachi
Data Systems, and Data Domain
(Source: Disaster Recovery Planning)

Recovery Planning:
Storage Options
Remote Mirroring
Saving data simultaneously in two or more
locations using a high speed Local Area
Network (LAN)
Geographically separate to avoid destruction
a data by the same disaster
Service provided by RADirect.com
(no prices listed)
(source: Disaster Recovery Planning)

Recovery Planning:
Storage Options
Off-site Cooperative Storage
Sharing a warehouse or facility with another
company
Pro: less expensive
Con: less secure, can you trust who you are sharing
with?

(source: Disaster Recovery Planning)

Recovery Planning:
Storage Options
Off-site Commercial Storage
Moving-and-Storage Facilities (tangible files)
U-Haul $45 to $130 per month
Also offered by Secure Storage and Shurgard

Data and Records Storage (digital files)

US Data Trust; $119 to $2,763 per month
depends on level of service, amount of storage
Service providers: Iron Mountain, Global Data Vault,
Sure West, and Recall
(source: Disaster Recovery
Planning)

Off-Site Commercial Storage

Guidelines (6)
Reputation
How long have they been doing business?
check with Better Business Bureau
Reputation with other companies

Security
Should be as good or better than the
security at your facilities
(source: Disaster Recovery Planning)

Off-Site Commercial Storage

Guidelines
3.

Media Management
all magnetic media in same location
Separation between competitors

4.

Environmental Factors
Weather proof
Fire suppression
Temperature/atmosphere control
(source: Disaster Recovery Planning)

Off-Site Commercial Storage

Guidelines
5. Transportation
Is it safe in transit from your business to
theirs? (i.e. weather, damage, theft)

6. Fees
Are the fees for service more than it costs
to deal with the data on your own?
(source: Disaster Recovery Planning)

Quiz Answers
1) False-does not have to be expensive.
Best way to keep costs down is to apply
KISS keep it simple stupid
2) D-Disaster Recovery Results are not
needed in the plan but are nice to have.
If you do test the plan use the results to
modify the plan and correct problem
areas. (www.paeinc.com/book/paefrm.html)

Quiz Answers Continued

3) False-Disaster planning can prevent some
potential disasters. Many computer disasters
are caused by the facility itself. With proper
planning these problem areas can be
corrected before they become a disaster.
(www.paeinc.com/book/paefrm.html)

4) B-Review of disaster recovery plan should

take place once a year. (Total Contingency Planning for Disasters)

Quiz Answers Continued

5) Three types of disasters are natural,
environmental, and incited.
6) Less than 25% of businesses have a
workable disaster recovery plan.
(Total Contingency Planning for Disasters)

References
www.Ready.gov
www.FEMA.gov
www.FEMA.gov/kids
Myers, Kenneth. (1993) Total Contingency Planning For
Disasters; John Wiley and Sons Publ.,Canada
www.ibhs.org/business_protection
www.sba.gov
www.paeinc.com/book/paefrm.html
Toigo, Jon William. (1996) Disaster Recovery Planning;
Harris, Steve. (1992) PC Recovery and Disaster Prevention
Britt, Phillip. (2005) Taking Steps for Disaster Recovery;
Information Today, Vol 21, Issue 34, 83.

References Continued
Bowen, Ted Smalley. (1999) Planning for Recovery; Infoworld,
Vol 21, Issues 34, 83.
Greenberg, Eric (2002) Managing Risk; PC Magazine, Vol 21,
Issue 1, 66-68
Tennant, Roy. (2001) Coping with Disasters; Library Journal, Vol
26, Issue 19, 26-28
Rogers, James and Jack Smith. (2001) Advantages and
Challenges of Implementing ASPs; Plant Engineering, Vol 55,
Issue 10, 61
Stead, Eleanor and Clive Smallman. (1999) Understanding
Business Failure; Learning and Unlearning from Industrial
Crises; Journal of Contingencies and Crisis Management, Vol 7,
Issue 1, 1.