Presentation is loading. Please wait.

Presentation is loading. Please wait.

Berry College Disaster Recovery Soft Exit

Published byLilian Kirkegaard Modified over 6 years ago

Similar presentations

Presentation on theme: "Berry College Disaster Recovery Soft Exit"— Presentation transcript:

1 Berry College Disaster Recovery Soft Exit
Jason Mays Rouying Tang Linlan Chen Karabo Ntokwane Chenhui Lai

2 Agenda Scope of audit Five findings Overall conclusion

3 Scope Disaster declaration RPO and RTO
Emergency telecommunications services Communication plan Responsibilities of members of DR management team Paper documents backup Training Review test plans and reports

4 RTO and RPO do not meet the MTD
Fact Berry College failed to appropriately identify critical information system assets supporting essential missions and business functions. Standards NIST Special Publication Rev. 1: Contingency Planning Guide for Federal Information Systems to 3.2.3 Root The committee responsible for approving the final disaster recovery plan voted to not use the recommended limited list of critical information systems. Instead, a list compiled from the faculty senate and administration was used.This list had many systems that were listed as moderate systems on the related IT risk assessment matrix. The new list used contains too many systems and data sets to allow achievement of the RTO and RPO recommended in the BIA. Impact (H/M/L) High- Critical systems are not prioritized which can result in downtime that exceeds the MTD (maximum tolerable downtime). Recommendations Reinstate recommended list of critical information systems submitted by IT risk analysis team. NIST SP A :Family: contingency planning, co cp-2(8) contingency plan | identify critical assets

5 Emergency telecommunications services not designated a priority
Fact Berry College’s telecommunications systems SLA does not designate priority for all telecommunications services used for national security emergency preparedness. Standards NIST Special Publication Rev. 1, Contingency Planning Guide for Federal Information Systems Crisis Communications Plan Root Cause The current Crisis Communications Plan relies on state communication procedures to provide communication. No internal system is dedicated to allow communication for college disaster recovery teams. Impact High-The failure of emergancy telecommunication systems would severily limit the ability of DR team members to coordinate recovery efforts. Recommendations Renegotiate telecommunications systems SLA Review Crisis Communications Plan

6 Paper Documents Backup
Fact The Berry College’s Data Backup haven’t been completed. The documents before 1980 back to 1902 was not digitalized, some of them don’t have any backup or second copies, and most of them are all placed in the same place of the library. Standards Under NIST For important data, we should follow 3,2,1 rules: 3 copies of the data, 2 local copies on different storage types, 1 backup off-site. Root Cause The Data backup was not conducted on time. Big volume of historic document need to be scanned, digitized and backup. The layout of library is inappropriate. Impact (H/M/L) High, facing high risk of data destroyed and unable to recovery those important historic documents. Recommendations Speed up the process of document digitization. Priority the single copy duplicated and backup according to its values Separate the copies to different document storage locations

7 Effective training of DR plan
Fact Berry College does not have a formal DRP training plan. Standards NIST SP Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities Root Cause Training is done through provision of information in the company intranet and posters but there is no formal training plan in place. Impact (H/M/L) Moderate- Downtime (unavailability of systems) Longer RTO and RPO Recommendations Develop a DR training plan and administer mandatory annual DR training to all stakeholders. This publication seeks to assist organizations in designing, developing, conducting, and evaluating test, training, and exercise (TT&E) events in an effort to aid personnel in preparing for adverse situations involving information technology (IT). The events are designed to train personnel, exercise IT plans, and test IT systems, so that an organization can maximize its ability to prepare for, respond to, manage, and recover from disasters that may affect its mission

8 Communication between DR Coordinator, Command Center, Team leaders and team members
Fact Berry College does not update contact information regularly Standards NIST Special Publication Rev. 1 Contingency Planning Guide for Federal Information Systems Roles and Responsibilities Root Cause The most common contact methods to IT disaster recovery team and department are using phone, text messages, and send s. But some people changed their phone numbers, address and didn’t update the contact lists. Impact Moderate- most of the time the college can connect with relative people timely Recommendations Data backup and update contact information regularly Connecting with team members’ families or friends Set up IT disaster recovery community, and post disaster information to notify DR team and command center When a disaster happens, the college cannot communicate between disaster recovery coordinator, command center, and IT recovery team members in time The ISCP Coordinator should also consider that a disruption could render some personnel unavailable to respond. In this situation, executing the plan may be possible only by using personnel from another geographic area of the organization or by hiring contractors or vendors. Root cause - human errors

9 Conclusion Critical information systems need to be prioritized in recovery efforts Effective training of disaster recovery plan The process of paper documents digitization should be speeded up Although all these 5 findings risks impact are high or moderate,

10

11

12 Citation https://www.ready.gov/business/implementation/IT
Jay Vrijenhoek, March 31st National Institute of Standards and Technology (NIST) Contingency Planning Guide for Federal Information Systems Special Publication Rev.1.

Download ppt "Berry College Disaster Recovery Soft Exit"

Similar presentations

Business Continuity and Disaster Recovery Planning.

Business Continuity and Disaster Recovery Planning.
Crises in Schools.  Increase knowledge of planning and preparing for school crises  Increase ability of schools to create and implement crisis plans.

Crises in Schools.  Increase knowledge of planning and preparing for school crises  Increase ability of schools to create and implement crisis plans.
1 Disaster Recovery “Protecting City Data” Ron Bergman First Deputy Commissioner Gregory Neuhaus Assistant Commissioner THE CITY OF NEW YORK.

1 Disaster Recovery “Protecting City Data” Ron Bergman First Deputy Commissioner Gregory Neuhaus Assistant Commissioner THE CITY OF NEW YORK.
Business Continuity Planning and Disaster Recovery Planning

Business Continuity Planning and Disaster Recovery Planning
TEL382 Greene Chapter 11. 10/27/09 2 Outline What is a Disaster? Disaster Strikes Without Warning Understanding Roles and Responsibilities Preparing For.

TEL382 Greene Chapter /27/09 2 Outline What is a Disaster? Disaster Strikes Without Warning Understanding Roles and Responsibilities Preparing For.
Business Services Emergency Preparedness. Agenda Emergencies Emergencies Business Continuation Business Continuation University Plan University Plan Building.

Business Services Emergency Preparedness. Agenda Emergencies Emergencies Business Continuation Business Continuation University Plan University Plan Building.
Planning for Contingencies

Planning for Contingencies
Business Continuity & Disaster Recovery Planning at The Chicago Board of Trade Presented By: Bryan Durkin Sr. Vice President The Chicago Board of Trade.

Business Continuity & Disaster Recovery Planning at The Chicago Board of Trade Presented By: Bryan Durkin Sr. Vice President The Chicago Board of Trade.
Gulf Coast Energy International Business Continuity / Disaster Recovery Planning and Design Proposal Prepared by Andrew Rolf, Felipe Torres, Pranay Jaiswal.

Gulf Coast Energy International Business Continuity / Disaster Recovery Planning and Design Proposal Prepared by Andrew Rolf, Felipe Torres, Pranay Jaiswal.
Business Continuity and You! The Ohio State University Business & Finance Enterprise Continuity Program Quarterly Update October 2008Business and Finance.

Business Continuity and You! The Ohio State University Business & Finance Enterprise Continuity Program Quarterly Update October 2008Business and Finance.
EASTERN MICHIGAN UNIVERSITY Continuity of Operations Planning (COOP)

EASTERN MICHIGAN UNIVERSITY Continuity of Operations Planning (COOP)
Continuity of Operations Planning COOP Overview for Leadership (Date)

Continuity of Operations Planning COOP Overview for Leadership (Date)
Discovery Planning steps (1)

Discovery Planning steps (1)
RBTC: Business Continuity 101 July 18, 2013. What is Business Continuity? Scenario Part 1 Why is BC important? What types of plans are needed? How do.

RBTC: Business Continuity 101 July 18, What is Business Continuity? Scenario Part 1 Why is BC important? What types of plans are needed? How do.
Module 3 Develop the Plan Planning for Emergencies – For Small Business –

Module 3 Develop the Plan Planning for Emergencies – For Small Business –
ISA 562 Internet Security Theory & Practice

ISA 562 Internet Security Theory & Practice
David N. Wozei Systems Administrator, IT Auditor.

David N. Wozei Systems Administrator, IT Auditor.
Business Continuity & Disaster Recovery

Business Continuity & Disaster Recovery
1. 2 Cost to Recover Time to Recover Last Backup Work Backlog Created Lost Data Recovery Operations Time Cost Disaster Recovery Time Frame Reconstruct.

1. 2 Cost to Recover Time to Recover Last Backup Work Backlog Created Lost Data Recovery Operations Time Cost Disaster Recovery Time Frame Reconstruct.
Business Continuity and Disaster Recovery Planning.

Business Continuity and Disaster Recovery Planning.

Similar presentations

Ads by Google