Question 1

  1. Do the different methods of backing up your data have a dependency on the type of recovery site that you use? Justify your answer. (7 points)

The data is very important for any company; either it is a bank or an educational institution. The organizations and enterprises rely on the availability of their important data all the time. The companies cannot afford to lose even a bit of data from their data centers. The companies try hard to keep its data secure from different attacks like a virus or malicious software. The companies spend a lot of money on the security the data stored containing information about their employees, staff, customers and other sensitive information related to the future plans. However, there are certain cases when the measures taken to secure the data are useless. There can be natural disaster like, tornado, flood or fire causing the whole data center to vanish as it never existed. If the company faces such disaster, it will ruin and face billions of dollars. That is why the companies prefer to make a backup of all the data stored in their data centers to avoid loss. The companies and organization use different methods and techniques to keep a full record of all the data in a different location that can be accessed if there is loss of data at the data center.  Making a backup of the database by the enterprises and organizations, mainly depend on the storage devices and the methodologies being used.

There is no limitation of the data being stored at the data centers in the organizations. As the company grows and its business moves on, the amount of data also exceeds with the increasing number of transactions being done every day. However, the size of data becomes larger or smaller; the data needs to be backed up for the hard times. If the company holds terabytes of data and it relies on taking the backup on a daily basis, then it will be facing many challenges in order to do so daily. There are different types of backing up data, like normal, differential, incremental and daily. If the company needs to take a normal backup of data then it will need to have huge amounts of storage devices. The main issue in this normal backup is that, it backs up all the data either it is changed or not. It is like making an exact copy of data every day it will occupy hundreds of terabytes for making a backup on a daily basis. The other issue in making the daily normal backup is that, it will take a lot of time while doing so daily. Mostly, tape drives are used for backing up huge amounts of data. The speed of tape drives for storing data is faster than the capacity of the storing server being used. If the storage device that is being used is faster than the server, then there is no use of the faster speed of the storage device.

If the normal backup is being used, then a huge storage device will be used. As discussed, the normal backup creates backup of each file in the database either it is changed or not. On the other hand, incremental backup is better. In the incremental backup method, once a complete backup is made and later on, the files that have been edited or changed only. The files are marked as backed up. The next day, only those files are backed up which are added newly or changed. This backup method will not take so much time, and large storage capacity will not be needed as compared to the one used in normal backup.

  1. Discuss using the Internet to store your data backups. Will this approach have an effect on the type of backups you use? Justify your answer. (8 points)

The data is the backbone for any organization or the enterprise. It holds very important and sensitive information. The enterprises need to make a complete record of all the transactions in the enterprise. The reason for keeping a record is that, this record is used to take very serious decisions in the coming future. The organizations also prefer to keep a backup of all the data stored in data centers. This backup is meant for the backup recovery plan. If in certain conditions, the data center stops working, the backup site will be used so that the working of the enterprise is not interrupted. Different backing up methods has been used by different organizations and enterprises depending upon their needs. The most commonly backup storage media used was tape drives. They stored data using magnetic fields, and were considered long lasting as well because of their certain qualities. Other backup storage devices being used are CD’s, DVD’s, Blue Ray’s and USB or hard drives. These storage devices were insecure in one way or the other. The reason was, the CD’s or DVD’s can burn or get scratches leaving no data in them. In the same way, the USB drive is very small and it can lose easily. The data can be extracted from these lost devices if got by any unauthorized persons.

By taking the following points into consideration, the enterprises and the organization had started taking the backup on the internet. It is quite secure source of backing up the important information about the organization. There are many other reasons as well which will prefer the backing up of data on the internet rather than on different storage devices. The first reason is that the data stored on the internet is only accessible by the authorized persons. The persons who will have the username and the password will be able to access the data stored on the server. The data on the internet is being stored on the server that is far away from the enterprise or the organization. It is very hard for any intruder to get access to the data backed up on the internet. The other reason for storing backup data on the internet is that, you need not to worry about the availability of data. Your data can be accessed from anywhere with the use of internet service. The data stored on the internet is very secure and is not accessed by unauthorized persons.

It also reduces the cost of buying a storage device for storing terabytes of data. The company who is providing the services of online storing data will take care of the providing the storage capacity that is required by the organization. There is no limitation for storing data on the internet, as the companies will be storing data in different locations as well. The organization need not to worry about the storage location of the data because it will be available to the organization all the times needed.

  1. Does the location of your backups – hot disaster recovery site, cold disaster recovery site, warm disaster recovery site or the Internet affect the frequency of backup? Justify your answer. (10 points)

The frequency of the backup by different organizations varies depending on the needs of the organizations. There are organizations that need to take backup on the daily basis on the other hand; there are organizations that need to take a backup of the data weekly. This depends on the requirements and the change in the databases of the organizations. The organizations that have thousands of transactions need to take a backup of their data on a daily basis. The backup is done on a daily basis. In the evening, when there is no transaction being done, a scheduled backup is performed storing all the information and the transactions. The same procedure is run 5 times a week. It means that 5 back up is taken in a week, but the backup taken on the 5th day archives for the whole week as it will contain all the transactions done in a week. In the same way weekly backup is performed in a month. The backup on the last week of the month is archived covering all the transactions done in a month.

On the other hand, the backup frequency also depends on the disaster recovery site option adopted by the organizations. There are four different disaster recovery sites available to the organization that is hot disaster recovery site, cold disaster recovery site, warm disaster recovery site and the internet. The selection of the sites is also dependant on the budget that companies invests in disaster recovery planning.  Hot disaster recovery site is the most expensive site as the duplicate of the original data center of the organization. There is fully functional hardware available in hot disaster recovery center along with the complete backup of the data. It is a very expensive site as it includes the hardware as well. Cold disaster recovery site only includes the site without any hardware and the backup. It is relatively less expensive, but it takes time for setting up the place and recovering the lost data. Warm disaster recovery sites are among hot and cold disaster recovery sites. Warm disaster recovery sites contain the hardware less than the original data center and a backup of at least one week. The internet backup service is up all the times and is the cheapest method to be implemented in case of disaster recovery. The backup that is stored on the internet can be getting any time when needed. By looking at the above discussed, the backup should be taken on the daily basis. The enterprises, who have taken the hot disaster recovery site, will be able to recover all of their data in case of disaster. This approach will be implemented by the organizations who cannot afford to lose even bit of data and they will have allocated a huge budget for the security of data. On the other hand, those organizations that take backup on the internet, should also take backup of data on a daily basis. It will help in recovery of data without any delay. The daily basis backup is also beneficial for the organization that have got a warm disaster recovery site for disaster recovery management system. The location of backup site does affect the frequency of backup of the organization.

Question 2

  1. Discuss thoroughly downstream relationships. First, discuss this for a company like Chase Manhattan Bank and then discuss it for FDU. (15 points).

There are different relationships in organizations, upstream relationship and downstream relationship. The downstream relationship means the relation between the organizations and its customers. The customers while conducting any sort of business with the organization expect some of the service being provided for the organization as well. The organizations work hard to maintain their relationships with their customers, so that they can maintain a long term relationship with them. The organizations provide many services to facilitate their customers in every possible way. The facilitation to the customer in the possible way increases the business of the organization. The customer always hopes that the organization will help him in doing business with him or purchasing something. There are some service level agreements that focus on improving the services being provided to the customers. The service level to the customer can be in form a contact center. The call centers as the customers assume are always there to provide a solution to the customer relevant to the problem being faced in the product. The organizations often like to outsource such services in order to decrease their cost. By outsourcing, it does not mean that the organization is compromising with the services it is providing to their customers, but the outsourcing company also provides the quality level services and support to the customers.

This can be done easily by the mutual understanding between the organization and the outsourcing company. The outsourcing company should follow the guidelines being provided by the organization. The outsourcing company and organization need to get a deep knowledge about the requirements of the customer. Once the requirements and needs of the customers are known to the organization and the outsourcing company, it will be very easy for them to satisfy the customer in any way. This requirement knowledge is also helpful in the development of the new products and the service that the customers need for the organizations.

As the Chase Manhattan Bank is one of the leading banks in America. It has millions of customers in America and is working hard to provide best services to its customers. It has issued more than 64 million credit cards and 7 million home loans; it means it has got a huge customer database. The Bank was able to create new services to the customers by knowing about their requirements. Every customer is valuable to the bank so the bank keeps the information of the customer secure and uninterrupted by any unauthorized persons. In the same way, FDu is a leading university and there is a lot information about the teachers, students, staff and other employees of the university. The information is very important for the university; the university also strives hard to make the information secure and not accessible from unauthorized persons. The information about every student of the university and every customer of the bank is very important for them.

The customers and the students, staff of the university trust with them and believe that the information given to them will not be given to anyone else and they will be safe. They need to keep the information backup as well, in case of any disaster, the information and the data of the banks and the university should be saved. The customers of the bank also believe that they will be provided a service when they want.

  1. Discuss how technology can help Chase Manhattan Bank and FDU have confidence in safeguarding the downstream relationships. Be specific. ( 10 points)

As discussed earlier that Chase Manhattan Bank is a large bank with millions of customers around America, who have been benefitting with the services being provided. The customers have been doing business with the bank for years as well.  The bank has provided a number of services that have attracted a different kind of customer to do business with it. The customer can open his own account from the website, transfer funds from the website and moreover pay its utility and mobile bills using his internet banking service. By the utilization of such services by the customer, the customer trusts the information that the bank he is providing to the bank will be secure. The communication being done between the customer and the bank through internet is made secure so that there are no chances of any hacker to get access to the account of the customer.

The customer information is very important for the bank and it needs to be made secure so that no other bank or any other person can get access to it. On the other hand, the information is also very important for the bank. This information includes everything about the customer, its balance, and the transactions it has done in the past. Based on the information of the customer, the bank also facilitates the customer. If the information is lost because of any virus attack or any other natural disaster, the bank may face heavy losses, the customer will have to face the loss in the same way. If the bank takes care of the information, and create a regular schedule backup of all the information about the customers and the daily transactions relevant to each account holder, then the huge loss can be minimized. When the system of the Bank will be down, the backup will be there and the transactions of the customers will continue in the same way. It will not let the customer and the banks face any sort of face because of the loss of information.  The banks have already adopted disaster recovery plans that will help in making the information secure and safe if the original data center is affected by some disaster.

The same is the case with the information stored at the data centers in the FDU. The data center contains the information about the students, their address, course, their grades and teachers, their personal information and a lot more. The information is also very useful for the University for keeping a record about the fee of the students, the courses taken by them and their results. The university cannot afford the unauthorized access of this information. A proper backup must be taken on the daily basis so that the information is updated on the backup center that can be used in case of any disaster that can cause the whole data center crash. The technology can help the bank and the university in preserving the information about their clients and the students. It will save them from heavy losses. A proper disaster recovery plan should be there in order to avoid any loss.

 

 

Question 3.

  1. Discuss the gaps that can appear in the disaster recovery plan. (10 points)

The reason that every organization focuses on creating a scheduled backup is that the data can be recovered if there is any problem at the data center. Let us consider an example that the data center of the company is not working, in this case this first option available is to utilize the backup data that was created on a daily basis. In this way, the system of the organization will keep on running without any interruption. Every organization has created a disaster recovery plan that helps in bringing back the backed up data to maintain the working of the organization. This disaster recovery plan includes the steps that should be taken in case of any disaster to recover the system and the information. However, there are times when the disaster recovery plan, fails to recover the whole system into its last working condition it is called a disaster recovery gap. This gap is a failure of the disaster recovery plan and it should be taken into the notice before any disaster happens. There are different types of gaps in the disaster recovery plan:

Backup Gaps

The first gap to be identified in the disaster recovery plan is the backup gap. There are times when the backups that were taken last times are not enough that they can restore the system completely. This caused the whole system to crash at the time of disaster. The other reason behind this backup gap is that the backup methods implemented do not match with the hardware and resources being used for backing up data.

Testing Gaps

The second gap in the disaster recovery plan is the testing gap. These sorts of gaps are not normally found in the testing phase. These gaps are naturally identified when the disaster happens in actual. These gaps should be revealed by considering a situation that a real disaster has happened and to work on the remote site leaving the original site intact. This will reveal the gaps in the disaster recovery plan.

System Gaps

This gap is seen when the organization overlooks the system in the testing process. The reason behind this gap is that the organization is not aware of the difference between the primary system and the ones that are out of the administration circles. These gaps can be easily seen in the testing process.

 

People Gaps

This gap is not identified in the testing phase of the disaster recovery plan. This gap is because of the people who fail to create a successful disaster recovery plan. The reason behind this gap in disaster recovery plan is that the people who are involved in creating a plan are not aware of systems or are not experienced in taking the backup of the database.

  1. How can a company like Chase Manhattan Bank detect such gaps and prevent them? (8 points)

The bank should be very conscious in the creation of a disaster recovery plan so that it can face any sort of disaster. There certain ways that best disaster recovery plan can be created. The disaster recovery plan is not always same that can be implemented on every type of the organization. Every organization has its own way of running and it can be different from the other bank as well. Depending upon the different way of working each bank will need to create a disaster recovery plan as well. The first thing that Chase Manhattan Bank should do to detect the gaps in the disaster recovery is to adopt the bottom up approach of the model presented above.

The plan is very important in the disaster recovery plan. The bank should be sure that the people involved in the disaster recovery plan are well aware of the system and the architecture of working in the bank. If the people involved are not aware of the working sequence in the bank, they will never be successful in the creation of disaster recovery plan that will be implemented and restore the whole system. Moreover, the people should be aware of the methods being used for taking backups of the data every day.

The bank should never risk its data and important information about its customer. The bank must be sure of the thing that his disaster recovery will work perfectly in case of disaster. The best thing the Bank can do to avoid any mishap in disaster recovery plan is to implement the disaster recovery plan as if the disaster has happened in reality. As discussed earlier, there are many gaps in the disaster recovery plan that can be only detected when the plan is actually implemented.

The bank should implement the disaster recovery plan and check if there are any gaps in the plan or not. The best way of its implementation is to work on the remote site that will be used in the disaster recovery plan. The original site must be left as it is under disaster, and the disaster recovery plan should be implemented on the remote site. This will detect what kind of gaps exists in the disaster recovery plan. Once the gaps in the disaster recovery plans will be revealed it will be easy to eliminate those gaps as well.

It is best to complete a disaster recovery plan for the bank, but if the plan is not implemented, it will not be sure either there are any gaps in the plan or not. If there are gaps in the plan then it will be impossible to recover the data stored at the time of disaster. The bank should implement the disaster recovery plan twice a year so that there are no doubts in the plan. Even if there are doubts in the plan, they can be evacuated before time. But when the disaster hits the data center of the bank, there will be no use of this disaster recovery plan and the data lost will not be recovered.

  • How can a company like FDU detect such gaps and prevent them? (7 points)

The FDU is also maintaining the information about the students and the teachers at the data centers. It means that the university is also having a disaster recovery plan that will be implemented in case of emergency so that the loss information is not faced. A disaster recovery plan is complete till it is not tested under certain circumstances. There may be some gaps in the created recovery plan. The possibility of finding out the gaps in the disaster recovery plan is not possible without implementing the real conditions. If there is a backup gap in the recovery plan, it will not appear in the test plan. The testing will show that the data is being backed up on the remote site successfully. But the gap will reveal when this backup will be used to restore the system. The issues with the data backup will be shown only when the system will be restored. Mostly the problem is with the storage media and the methodologies being used to store data on the remote site. This gap can be easily detected and prevented by the implementation of a system restore on the remote site without working with the original site containing the data.

The same case is with the testing gaps, which do not show any gap in the testing phase. The gaps are only shown when a disaster recovery plan is implemented thinking that the disaster has happened in reality. If there is a gap in the testing phase, the original site is first backed up completely, and then the testing gap is solved on the remote site that will be used in the form of disaster. In the university, there may be many systems which are overlooked, and some are not noticed. When the disaster recovery plan is implemented, it can highlight those unnoticed system, they should be noted down and worked on. The people who are creating the disaster recovery plan should be well aware of the system and the working in the university. People gaps mostly occur in the disaster recovery plan because the people who are planning are not aware of the working of the university. Based on the bookish knowledge, it is not possible to create a successful disaster recovery plan. The CIO in the university should be looking over the plan meant for disaster recovery. The other threats to the universities are the attacks by the hackers and some other people who try to extract the student information from the data center. These vulnerabilities should be taken care as well. It is not possible to completely prevent such attacks on the data centers of the universities, however precautionary measures can be taken in order to minimize these attacks and secure the information stored in the data center. Even if the hackers are successful in accessing data center, the information should be made secure by keeping a backup and later in implementing disaster recovery plan.

Question 4

  1. Describe thoroughly how to test your disaster recovery plan. (10 points)

The disaster recovery plan is very important for every organization, as it is important to secure the data in case of any disaster. The organizations are always ready to face any sort of threat or disaster without losing the important information or data stored in their database. The information is very important for every organization as it holds some important data they can use to forecast their progress in the coming times or to improve their services. The organizations mostly refer their data before launching any new product by keeping the requirements of the customers in mind. The organizations have created a disaster plan but they are not aware of the success of the disaster plan. They are not sure if their disaster recovery plan will work or not at the time of disaster. It is mandatory for the organizations to test their disaster recovery plans. There are different methods to test your disaster recovery plan like, walk-throughs, table top, exercises, simulations or full tests. The management should be told about this testing process before conducting them. A proper risk evaluation must be done before the testing is started. The simulation process may cost more than the disaster in real. The impact of the disaster on the business should be assessed as well.

Every aspect of the plan should be tested in the disaster recovery plan testing. It will reveal if there is something weak in the plan. The end user must be involved in the testing of disaster recovery plan. The plan must be implemented in a situation that is relevant to the one that may happen in the real life.

Walkthroughs

In the walkthroughs, the stakeholders are told about their roles and duties during the plan. It is not about the demonstration of the technology in the recovery plan but it is about acknowledging them about their roles in the plans. These walkthroughs are not actually tests.

Tabletop Exercises

The second method to test the disaster recovery plan is the tabletop exercise. It is also not test but an exercise like walkthroughs, in which real disasters affecting the data centers are discussed. The loss during the disaster and the response of the team are discussed.

Simulation

In this testing situation, the data replication is stopped between the original site and the remote site being used for disaster recovery plan. The IT professionals then start working on the replicated data on the remote site. In this testing method, only few business processes are stopped that will not affect the system. Once the replicated data are taken and started working on, the data replication process is started again between the original site and the remote site.

Full Test

In the full test method, a complete breakdown in the organization is performed and the whole organization stops working. In this situation it seems as if the disaster has happened in reality. It is a very risky process because it is necessary to bring the processes to real working when the testing is completed.

The testing of the disaster recovery plan must be going as planned. The results of the disaster recovery plan should be documented as well. All the procedures should be taken as well in order to recover the system after the disaster testing. Later on, the results must be worked on and eliminate the drawbacks in the plan. The proper documentation will tell if the plan was useful for the disaster or not.

  1. Suppose you outsource the responsibility of testing your disaster recovery plan. Is this a good idea? Explain and justify your answer. (7 points)

Outsourcing has always been a good idea to the major organizations and the enterprises. The organizations have to rely on the outsourcing companies in order to maintain their budget in limit. Testing of the disaster recovery plan is very important for the organization, so that the organization can be aware of its safety and security of its assets like employees and the data stored at the data centers is safe. The organizations make number of disaster recovery plans to be implemented in case of different disasters. In most of the organizations, the persons are not always ready to work for the disaster recovery plan. The IT professionals are not ready to conduct the disaster recovery plan for the remote site. This is the reason that the disaster recovery plan is never tested to be able to perform well at the time of disaster. The other way that the organization can adapt for this purpose is to hire special staff that will take care of the disaster recovery plans. The organization will have to pay those employees in the whole year either the disaster happens or not. Therefore it is better for the organization to outsource the testing of the disaster recovery plan. The outsourcing company has a huge number of hardware that may be required for disaster recovery plan. They will be able to test the plan in a better way. They have all the equipments that can be used in creating a real situation.

The staff of the outsourcing company is aware of the different situations that can happen at the time of disaster. They will apply those conditions to the disaster recovery plan of the organization and will test if the plan can overcome those conditions or not. Those disaster recovery gaps can be better understood and those gaps can be eliminated from the disaster recovery plan. It is not an easy task to recover the system after the testing of plans meant for disaster recovery. The outsourcing companies are aware of all the methodologies that can be used in order to recover the system and avoid any loss in the testing process.

The outsourcing companies dealing with the disaster recovery will also guide and prepare a new disaster recovery plan as requested. It is better to outsource the testing of the disaster recovery plan in order to know the gaps and other issues in it.

  1. How can Chase Manhattan Bank respond to the lessons learned from the disaster recovery test? Explain your answer thoroughly. (8 points)

The banks have always been focusing on the protection of the customers and their information. The customers give their trust in banks and provide with all the information and assets they have. The banks always prefer the security of the customer first. If the customer does not feel secure with the bank, he will not work or do business with the bank. It is very important for the bank to make his customer feel secure in order to make a long business with the customer. The world has seen a number of incidents when the disaster does not give a moment to organizations to think what to do. In such situations, only those organizations and banks can survive who have already made a disaster recovery plans to meet hard times in the time of disaster.

Back in 1993, the world met with a great disaster in the history. The Chase Manhattan Bank was also in the world trade center. In this case, the bank needed to give protection and security to its customers. After the World Trade Center incident, all the companies gave more importance to the disaster recovery plans. It showed them how important is disaster recovery plan. The organizations need to keep secure all of its assets and the information. There are still such organizations and the banks that only make a disaster recovery plan on a piece of paper. However, there is a huge difference between drawing the disaster recovery plan on a paper and then implementing it in reality.

The small banks that are operating are mostly testing their disaster recovery plans once in a year. The testing of these plans also depends on the number of business the banks are doing. However, Chase Manhattan bank focuses on the testing of the plan, twice or thrice in a year to ensure the safety and security.  The bank should focus on making these plans even more strong and responsive in case of emergencies so that all the assets of the banks and the customers are safe during any kind of disaster. The bank should keep on testing its disaster recovery plan and work on the results taken from the testing of these plans. The plans can be well implemented if every piece included in the plan is a test. It is revealed that most of the problem occurs in the areas where the testing is not conducted. The bank should cover all the aspects of the plan and conduct every possible test recommended by the outsourcing company. The real results of the disaster recovery plans are truly shown in the case of real disaster. The testing phases of these plans do not show the desired results all the times. The bank should document the recovery plans and the results obtained from the testing of these plans.