1 INFORMATION SYSTEMS DISASTER PLANNING Ch. Tsialtas 1 G. Kyrimis 2 G. Haramis 3 1.University of Piraeus, 2. University of Patras, 3. University of Macedonia Abstract-- Straight after a disaster that would have occurred in the computer centre caused by an earthquake, or by a fire, or by a flood, etc, the damage that would have occurred in the computer would only be actually one of the slightest problems that the company would have to deal with. The most important problem would be to achieve, in a short time, recovery of the information systems operation. I. INTRODUCTION The planning for the recovery from the disaster is internationally referred to 1 as contingency plan or disaster plan or recovery plan. 1 See J.C. Simon, Understanding and Using Information Technology, p. 318 Disaster recovery a plan of action used when a major disaster occurs (such as a hurricane, earthquake, or tornado), ensuring that critical computer systems can be available for use as quickly as possible. Also T. Elbra, Security Review Manual, p. 95 Contingency planning means the preparation and testing of the plans to deal with any contingencies. These should involve the means of continuing computer operations while the data processing capability is restored, and the recovery of the normal mode of operation. Also U.G. Gupta, Management Information Systems: A Managerial Perspective, p.387 Disaster recovery plans specifies how a company will maintain its information systems and services if a disaster strikes. Specifies the situations that warrant the declaration of a disaster and identifies the courses of action that employees must take when a disaster strikes. The possibility of a disaster in the computer centre, due to one of the aforementioned causes makes imperative the formation of a special plan of actions for the safety of information systems. For example, regarding systems safety, there is the need to keep backups of files, system programs and software. These backups will prove to be very useful in the case of a disaster; however alone they are not sufficient to allow the operation of the systems, in view of the fact that as a result of the disaster it is probable that many other necessary means will not any longer exist. This special plan of actions for the recovery of the operation of information systems should be posted on a noticeable point in the computer centre as well as on another place independent to the computer centre, a place that will be used in the case of a disaster. In this independent place, there should be kept safe and continuously updated backups of files, programs and software. The plan should be tested regularly and updated continuously. Lastly, within the plan there should be defined a place close to the computer centre, which will serve as the meeting point for executives in the case of a disaster. Following, a plan as such is proposed in general and analytical form (see Graph).
2 Analytical Plan II. PLAN OF ACTIONS
3 A. Specification of the impact from the pause. Estimation of the passed up income and expenses caused from the delay in the system s operation in the case of a: Great disaster Serious disaster Limited disaster B. Specification of the necessary means for the systems re-operation: a. Hardware Computer(s) Peripheral Units b. System documentation c. Updated backups of Files, Programs, and Software. d. Spare parts/consumables/magnetic means Installation of the aforementioned (a, b, c, d) into: Privately-owned or leased building, or Commonly privately-owned or leased building from enterprises of the same size, or Installation of b, c, d into a Building, with an appropriate Computer and Peripheral Units,: C. Activation of Services and Personnel: Immediate provision of information to the management of the enterprise and the management of the computer system. Immediate activation of the technical personnel for the maintenance of the building and the restoration of damages. Immediate activation of analysts, programmers, system programmers, communication engineers, computer users, and Provision for their transport to the backup computer centre. D. Testing of the Plan: Test the plan and realisation of the necessary improvements or changes. E. Launch the Establishment of the Plan. F. Continuous Monitoring/Updating of the Plan. Lastly, it should be stressed that just the plan is not enough to guarantee the re-operation of the computer centre after a disaster if the personnel is not fully aware and trained to be capable to implement the plan. Of the Supplier (Manufacturer) of the enterprise s computer/peripheral units, or Of a Service bureau Of another enterprise on a mutual agreement. It is imperative to say that there should be a provision for the safety of the building, the computer, the files, the software, the programs, the communication, etc.
4 III. THE KRYTIS RECOVERY TRIANGLE The notion of the KRYTIS 2 Recovery Triangle emphasizes the need for a spread-out deployment of back-up software, files and equipment, in such a way that will ensure the most rapid and successful recovery of system operations. By utilizing a separateindependent space that serves as a recovery centre as well as an independent-separate storage space for software, programs, and files. Communication of information and necessary updating between the main computer centre and the recovery system and between the main computer centre and the storage centre needs to be sufficient and regular. b) General Building Disaster In this case, we a have a total disaster of the enterprise s building (e.g. a terrorist attack). Herein, all rooms of the building where computers and backups are held are destroyed, hence the enterprise can utilise the storage centre which will be located in another building but in the same area (e.g. city) with the building that was damaged. (See Graph) a) Local Disaster In this simple case, there is a disaster (e.g. a fire) in the room where the computer centre is located in the enterprise s building. Herein, the computer centre and its communication is destroyed, but the system can be rapidly recovered by utilising the recovery system which is located in another room of the same building. (See Graph) 2 The name KRYTIS comes from the reversal of the last two of the first three letters of each of the authors KYRIMIS and TSIALTAS surname.
5 c) Area Total Disaster This is the worst-case scenario where all structure and infrastructure in a particular area is damaged. Herein is proposed, provision for the storage area to be located in an independent area far away from the main computer and recovery centres which will serve as a starting point for all safe recovery operations progressively. (See Graph) IV. BIBLIOGRAPHY  Air France, EDP Management Manual.  American Airlines, Inc., Electronic Data Processing Administration Manual.  Aucrbach Information Management Series, Data Processing Management, DP Administration.
6  D. Brandon M. Gray, Project Control Standards, Brandon/Systems Press, Inc..  C. Burriel L. Ellsworth, Modern Project Management, Burrill Ellsworth Associate Inc., Tenafly, N. J.  H. Gross D. Lowry A. Zipf G. Kosmetsky R. Anthony, Computers and Management, Harvard University, Graduate School of Business Administration.  Easter Air lines, Inc., Software Services Manual.  T. Elbra, Security Review Manual, The National Computing Centre Limited.  P. Elzer, An Integrated View on Project Management, International Federation on Autom. Control (IFAC).  P. Caroussos G. Haramis, Training on Managing the Information Systems Resources, (IATA).  IBM, Data Security Controls and Procedures A Philosophy for Dp Installations, For G  D. Smith, An Organization for Successful Project Management, AFIPS.  Swissair, Management of EDP Department (manual)  TWA, Systems and Services Dept., Systems Simulation Manual.  University of Cambridge, Computing Service, General Techniques in Program Development Manual.  E. Watson, Diagnosis of Management Problems, Harvard Business Review, vol. XXXVI. GREEK BIBLIOGRAPHY  Σ. Κάτσικα, Ασφάλεια Πληροφοριών, Εκδ. Ελληνικής Εταιρίας Επιστηµόνων Ηλεκτρονικών Υπολογιστών και Πληροφορικής (ΕΠΥ).  Γ. Χαραµή, ιοικητική Αναπτύξεως Πληροφοριακών Συστηµάτων, Εκδόσεις Ανικούλα, Θεσσαλονίκη.  IBM, Information Systems Management, Implementation Guide for an Information Centre.  L. A. Krauss, Administering and Controlling the Company Data Processing Function, Prentice Hall, Inc.  A. Macro, Software Engineering: Concepts and Management, Prentice Hall.  D. E. Mc Farland, Management: Principles and Practices, Mc Millan Co., N. Y.  NCC (The National Computing Centre), Guidelines for Computer Managers.  Th. R. Prince, Information Systems for Management Planning and Control, R. D. Irwin, Inc.
BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS DIRECTORATE OF BANKING SUPERVISION AUGUST 2009 TABLE OF CONTENTS PAGE 1.0 INTRODUCTION..3 1.1 Background...3 1.2 Citation...3
5-02-15 INFORMATION MANAGEMENT: STRATEGY, SYSTEMS, AND TECHNOLOGIES CONTINGENCY PLANNING FOR SMALL- TO MEDIUM-SIZED BUSINESSES Andres Llana, Jr. INSIDE Upper Management s Role; Delegating Responsibilities;
PUBLIC POWER CORPORATION S.A. INFORMATION TECHNOLOGY DIVISION CENTRAL SYSTEMS SUPPORT SECTION IT SYSTEMS SECURITY SUBSECTION PROCEDURE FOR SECURITY RISK MANAGEMENT IN PPC S.A. INFORMATION TECHNOLOGY SYSTEMS
Standards for Internal Control in New York State Government October 2007 Thomas P. DiNapoli State Comptroller A MESSAGE FROM STATE COMPTROLLER THOMAS P. DINAPOLI My Fellow Public Servants: For over twenty
Acceptance test Annual Business Information Management plan Annual information provisioning plan Application Application management ASL (Application Services Library) ASP (Application Service Providing)
ISMS User s Guide for Medical Organizations Guidance on the Application of ISMS Certification Criteria (Ver.2.0) ISMS: Information Security Management System 8 November 2004 Japan Information Processing
Emergency Management Guide for Business and Industry A Step-by-Step Approach to Emergency Planning, Response and Recovery for Companies of All Sizes FEMA 141/October 1993 EMERGENCY MANAGEMENT GUIDE FOR
ITIL V3 Application Support Volume 1 Service Management For Application Support ITIL is a Registered Trade Mark and Community Trademark of the Office of Government and Commerce. This document may contain
AN ENTERPRISE INFORMATION SECURITY MODEL FOR A MICRO FINANCE COMPANY: A CASE STUDY by MORNÉ OWEN 9203958 TREATISE Submitted in partial fulfilment of the requirements for the degree M TECH: Business Information
Vanderbilt University Medical Center Project Implementation Process (PIP).......... Project Implementation Process OVERVIEW...4 PROJECT PLANNING PHASE...5 PHASE PURPOSE... 5 TASK: TRANSITION FROM PEP TO
Federal Office for Information Security 1 BSI Standard 100-4 2009 by Federal Office for Information Security (BSI) Godesberger Allee 185-189, 53175 Bonn, Germany 2 Table of Contents Table of Contents 1
Introduction to the Position Classification Standards (Also See The Classifier s Handbook) TABLE OF CONTENTS SECTION I. BACKGROUND... 2 A. Statutory Basis...2 B. Classification Standards Issuances... 2
Cyber Security: Guidelines for Backing Up Information A Non-Technical Guide Essential for Executives, Business Managers Administrative & Operations Managers This appendix is a supplement to the Cyber Security:
Security Policy: Best Practices White Paper Document ID: 13601 Introduction Preparation Create Usage Policy Statements Conduct a Risk Analysis Establish a Security Team Structure Prevention Approving Security
EMR Incorporation: Evaluating the Benefits for Your Organization BHM Healthcare Solutions Measurable Results. Sustainable Solutions Learning Objectives To evaluate the pros and cons of electronic medical
MINISTERIO DE ADMINISTRACIONES PÚBLICAS MAGERIT version 2 Methodology for Information Systems Risk Analysis and Management Book I The Method MINISTERIO DE ADMINISTRACIONES PÚBLICAS Madrid, 20 June 2006
Final version of 23/02/2009 COCOF 09/0002/01-EN EUROPEAN COMMISSION DIRECTORATE-GENERAL REGIONAL POLICY GUIDANCE NOTE ON THE CONCEPT OF RELIANCE ON THE WORK OF OTHER AUDITORS DISCLAIMER This is a Working
December 18, 2008 Dear NIMS Stakeholders: Homeland Security Presidential Directive (HSPD)-5, Management of Domestic Incidents, directed the development and administration of the National Incident Management
BUREAU OF HOMELAND SECURITY IDAHO EMERGENCY OPERATIONS PLAN November 2012 THIS PAGE INTENTIONALLY LEFT BLANK November 2012 ii EMERGENCY CONTACT NUMBERS If immediate state assistance is required, contact
CITY OF SALEM DATA CENTER INFORMATION SYSTEMS SPECIALIST SERIES 0854 INFORMATION SYSTEMS SPECIALIST 1 0858 INFORMATION SYSTEMS SPECIALIST 5 0855 INFORMATION SYSTEMS SPECIALIST 2 0859 INFORMATION SYSTEMS
JIOS, VOL. 35, NO. 1 (2011) SUBMITTED 02/11; ACCEPTED 06/11 UDC 004.75 Comparison of Cloud vs. Tape Backup Performance and Costs with Oracle Database University of Ljubljana Faculty of Computer and Information
VirtuousIT Ltd 1 Table of Contents 1 Introduction 3 The Data Explosion 3 The Importance of Rapid System Recovery 3 2 The VirtuousIT Solution 4 3 RecoveryShield - Solutions 5 Large Business 5 Small Medium
2008 by Bundesamt für Sicherheit in der Informationstechnik (BSI) Godesberger Allee 185-189, 53175 Bonn Contents Contents 1 Introduction 1.1 Version History 1.2 Objective 1.3 Target group 1.4 Application
Job Family Standard for Administrative Work in the Information Technology Group, 2200 TABLE OF CONTENTS INTRODUCTION... 2 COVERAGE... 2 MODIFICATIONS TO AND CANCELLATIONS OF OTHER EXISTING OCCUPATIONAL
ITIL glossary and abbreviations English This glossary may be freely downloaded. See www.itil-officialsite.com/internationalactivities/itilglossaries.aspx for details of licence terms. 1 Acknowledgements
Introduction Succession Planning Succession planning is a process through which an enterprise prepares for and implements the transition of responsibilities and the transferral of ownership of its business.