Information Technology Reference
In-Depth Information
Subsequent abstraction of operating states will assist in providing more flexible
disaster management plans:
n
n
Business as usual
Alert states (potential trouble; known virus traversing Internet—has not hit
here yet)
Post-disaster transition
COOP-active/BC-active
DR-active
Resumption
Recovery
n
n
n
n
n
DR planners may define workflows, SLAs, security issues, key personnel, etc.,
according to operating state categorizations; such categorizations and preplan-
ning remove the panic factor in the heat of adverse operating conditions or when
attempting to resume normal operations.
8.15.5
Commentary
Disaster recovery is a subset of business continuity. Address the broader issue of BC
first, and then DR as a series of steps beyond the high-availability focus of BC. The
first objective of BC is high availability—essentially rendering the disaster to be a
nonevent. The next priority is resumption, even if at a reduced capacity. The next
priority is restoration of full capacity, even if under chaotic operating conditions,
and the next priority is recovery—same operating state as prior to the disaster.
Caveat:
Information and information technology security do not
become less important during a disaster; quite the contrary, vulner-
abilities to sensitive information increase in unfamiliar operating con-
ditions. All DR and related planning should clearly address secure
emergency operations.
Internal operations never function in a vacuum. BC and DR are strongly affected
by nonlinear cause and effect. The feedback loop among internal processes, the
feedback loop to the organization from external relationships, and the effect of ran-
dom influences can alter operations. Information assurance architecture attempts
to put order to this chaotic model by enumerating operational classifications and
constructs to allow for a variety of contingencies. Figure 8.15 shows a high-level
view of a nonlinear cause-effect model representing the myriad recursive cause-
effects on internal operations and, by extension, disaster recovery operations.
Continuity and disaster management is a dynamic, evolving process. It is
important to identify what aspects are under the control of the organization. Fur-