security planning and disaster recovery pdf

Security Planning And Disaster Recovery Pdf

File Name: security planning and disaster recovery .zip
Size: 1464Kb
Published: 19.05.2021

It will be periodically reviewed and updated as necessary to meet emerging threats, changes in legal and regulatory requirements, and technological advances. In order to facilitate the recovery and restoration of university IT systems that support critical business functions, units shall engage in disaster recovery planning efforts. Disaster recovery planning is the ongoing process of developing, implementing, and testing disaster recovery management procedures and processes to ensure the efficient and effective resumption of critical functions in the event of an unscheduled interruption, irrespective of the source of the interruption. Engaging in disaster recovery planning ensures that system dependencies have been identified and accounted for when developing the order of recovery, establishing recovery time and recovery point objectives, and documenting the roles of supporting personnel. In addition, data backup is an integral component of disaster recovery planning.

Disaster Recovery Plan Template

It will be periodically reviewed and updated as necessary to meet emerging threats, changes in legal and regulatory requirements, and technological advances. In order to facilitate the recovery and restoration of university IT systems that support critical business functions, units shall engage in disaster recovery planning efforts.

Disaster recovery planning is the ongoing process of developing, implementing, and testing disaster recovery management procedures and processes to ensure the efficient and effective resumption of critical functions in the event of an unscheduled interruption, irrespective of the source of the interruption. Engaging in disaster recovery planning ensures that system dependencies have been identified and accounted for when developing the order of recovery, establishing recovery time and recovery point objectives, and documenting the roles of supporting personnel.

In addition, data backup is an integral component of disaster recovery planning. Data backup protects against the loss of data in the event of a physical disaster, database corruption, error propagation in resilient systems, hardware or software failure, or other incident which may lead to the loss of data.

The backup requirements found in this Standard will allow university business processes, teaching and learning activities, research projects, and clinical operations to be resumed in a reasonable amount of time, based on criticality, with minimal loss of data. It further applies to:. Each campus unit that maintains or is responsible for a mission critical system or service must have a disaster recovery DR plan that documents the critical recovery functions and tasks that can be executed to enable mission critical system recovery following a significant event or disaster.

Mission Critical: Mission critical IT systems and applications provide essential IT functions and access to data and whose unavailability will have an immediate and significant detrimental effect on the university and campus units if the system fails or is interrupted. A system or application may be designated mission critical if it meets one or more of the following conditions:. Loss of particular systems or applications may be originally assessed as not mission-critical, but may become more critical after an extended period of unavailability.

Recovery Time Objective RTO : The duration of time within which a business process must be restored and a stated service level achieved following a disruption in order to avoid unacceptable consequences associated with a break in service. Disaster Recovery Planning: The process, policies and procedures related to preparing for recovery or continuation of technology infrastructure, systems and applications which are vital to an organization after a disaster or outage.

Business Continuity Planning: Business continuity planning, as opposed to disaster recovery planning, is the process of developing detailed plans, processes, and strategies that will enable an organization to respond to an event in such a manner that critical business functions can continue within planned levels of disruption and fully recover as quickly as possible.

The following are the core components required of all U-M information technology disaster plans:. Data backup and restoration should include a documented process for recovery, accounting for data dependencies or relationships where data from multiple systems must be in sync or share common data elements.

System resiliency is a desirable objective, but is not a substitute for, and does not negate the necessity to perform, data backups and have a disaster recovery plan. Data intended to be temporary in nature, i. However, those data must still be properly secured until the temporary files are deleted. It is the responsibility of U-M units, research programs, and individual faculty, staff, and workforce members to:. The following table should be used to determine disaster recovery and backup requirements for systems or machines that create, process, maintain, or store Restricted , High , or Moderate data and for mission critical systems irrespective of data classification.

It is the responsibility of system or business owners and U-M Procurement Services to ensure that contracts with U-M vendors that maintain, protect or provide access to U-M mission critical or Restricted or High data—whether on-premises or cloud-based—include disaster recovery and data backup Service Level Agreements. Discipline SPG Violations of this policy by faculty may result in appropriate sanction or disciplinary action consistent with applicable university procedures.

If dismissal or demotion of qualified faculty is proposed, the matter will be addressed in accordance with the procedures set forth in Regents Bylaw 5.

In addition to U-M disciplinary actions, individuals may be personally subject to criminal or civil prosecution and sanctions if they engage in unlawful behavior related to applicable federal and state laws.

Any U-M department or unit found to have violated this Standard may be held accountable for the financial penalties, legal fees, and other remediation costs associated with a resulting information security incident and other regulatory non-compliance. Information Assurance is responsible for the implementation, maintenance and interpretation of this Standard. Skip to main content. Overview In order to facilitate the recovery and restoration of university IT systems that support critical business functions, units shall engage in disaster recovery planning efforts.

It further applies to: Critical core IT infrastructure and other services which facilitate the transport, authentication and security of systems and data. Critical core infrastructure is defined as components which, when they experience degradation or failure, compromise all other services e. Information technology systems that process or store mission critical data managed by, or on behalf of, the University of Michigan, as determined by the unit that maintains the system; this specifically excludes desktop devices and workstations which do not require disaster recovery plans but may require data backup.

The processes, policies and procedures related to preparing for recovery or continuation of technology infrastructure, systems and applications which are vital to an organization after a disaster or outage.

Units or research projects that maintain information technology systems system or business owner Identify mission critical systems. Maintain adequate infrastructure resiliency and data backup and restoration processes for mission critical data and the IT systems assigned to them. Develop, implement, document, maintain, and test disaster recovery plans. Update the status of their DR planning to IA every two years. Work with unit IT to review unit DR plans at least annually or whenever significant system architecture or personnel changes occur.

Brief unit leadership on status of DR efforts and resources needs. Definitions Mission Critical: Mission critical IT systems and applications provide essential IT functions and access to data and whose unavailability will have an immediate and significant detrimental effect on the university and campus units if the system fails or is interrupted.

A system or application may be designated mission critical if it meets one or more of the following conditions: Risk to human and research-animal life or safety.

Significant legal, regulatory or financial costs. Serious impediment to a campus unit carrying out its critical business functions within the first 48 hours following an event 48 hour Recovery Time Objective — RTO. Loss of access to data with defined availability requirements. Service Tier Criticality Levels: Platinum: Services and systems that have the highest requirement for availability, the shortest required recovery time and the quickest required incident response time.

Gold: Services and systems that have a high availability requirement, fast recovery time, and fast incident response time. Silver: Services and systems that have a moderate availability requirement, can take some time to recover, and moderate incident response time. Bronze: Services and systems that have the lowest availability requirement, will accept data loss up to entirely, and a very drawn out incident response time.

Standard The following are the core components required of all U-M information technology disaster plans: Critical Systems: All units and research programs that maintain critical information technology systems will develop, implement, and regularly test exercise disaster recovery plans for those systems; Disaster Recovery Plan Template: Disaster recovery plans should follow the general content and guidelines identified in the U-M Disaster Recovery Plan Template.

New System Evaluation: New applications or systems will be evaluated; systems determined to be critical require a disaster recovery plan to be documented and tested prior to go-live; Risk Assessment: Environments designated as mission critical must have a RECON see Information Security Risk Management Standard, DS performed at least every four years or in accordance with the regulatory requirements of the system.

Disaster recovery plans need to include mitigation of potential negative impacts to the mission critical system. Data Backup: Backups are the result of copying or archiving files for the purpose of restoring them to a specific point-in-time or in the event of data loss resulting from computer viruses, hardware failures, file corruption, accidental or intentional destruction, etc.

Backups preserve data integrity in the event of data corruption or other loss of the primary copy. Table 1. Disaster Recovery Performance Objectives by Service Tier Criticality Level Level RPO RTO Performance Objective Platinum No data loss except data in transit 4 hours Best possible performance, required robust real-time transaction speed monitoring Gold 0—24 hours 24—48 hours Better performance, some transaction monitoring Silver 1—7 days 7—30 days No performance targets, not monitored Bronze 1 month or risk of entire loss 1 month or non-recoverable Economy performance, not monitored Data Backup Requirements Data backup and restoration should include a documented process for recovery, accounting for data dependencies or relationships where data from multiple systems must be in sync or share common data elements.

In addition to system criticality requirements, data backups are: Required for all mission critical systems and for any system or machine that creates, processes, maintains, or stores data classified as Restricted or High. Recommended for Moderate data, and for data that cannot be recreated in a timeframe satisfactory to the owner. Optional for all other systems or data. It is the responsibility of U-M units, research programs, and individual faculty, staff, and workforce members to: Identify primary responsibility within the unit or research program for data backup; appropriate roles and responsibilities must be defined for data backup and restoration to ensure timeliness and accountability.

Classify institutional data based on U-M data classifications , and determine the backup method best suited to their classification level see Table 2 below. Ensure that backups containing data classified as Restricted and High are encrypted both in transit and at rest; it is recommended that Moderate data are also encrypted.

All primary backups of data required to be backed up must be to U-M owned and managed devices or servers, not a personally owned device. Table 2: Data Backup Requirements Based on Data and RTO Classification The following table should be used to determine disaster recovery and backup requirements for systems or machines that create, process, maintain, or store Restricted , High , or Moderate data and for mission critical systems irrespective of data classification.

Implementation Information Assurance is responsible for the implementation, maintenance and interpretation of this Standard.

Security Policy

Contingency and disaster recovery refers to the criteria and procedures used to guide management and technical staff in the recovery of computing and network facilities operated by the College of Public Health Office of Information Technology in the event that a disaster destroys all or part of the facilities. The contingency and disaster recovery plan is composed of a number of sections that document resources and procedures to be used in the event that a disaster occurs at the College of Public Health, Office of Information Technology. Each supported computing platform has a section containing specific recovery procedures. There are also sections that document the personnel that will be needed to perform the recovery tasks and an organizational structure for the recovery process. The contingency and disaster recovery plan is applicable to all College of Public Health system administrators, department administrators, and supervisors responsible for managing critical facilities, including server hardware, software, and data.

Introduction to Nursing Informatics pp Cite as. Disaster recovery planning DRP is many things to many people. Unable to display preview. Download preview PDF. Skip to main content.

Disaster Recovery Planning

We rarely get advance notice that a disaster is ready to strike. Even with some lead time, though, multiple things can go wrong; every incident is unique and unfolds in unexpected ways. This is where a business continuity plan comes into play.

Disasters of any kind — natural and man-made alike — pose significant threats to every business and organization. According to research from Keeper Security, Inc. In its Global Risks Report , the World Economic Forum WEF ranks extreme weather events and natural disasters as the top two most likely global risks, followed immediately by cyber security attacks and data theft. Natural disasters that affect businesses include hurricanes , tornadoes, floods and monsoons yes, we have them in the Southwestern United States as well , earthquakes, wildfires, and blizzards.

Disaster Recovery Plan Template Word

From cyber-attacks and equipment failure, through hurricanes or other natural disasters — DR needs to cover any possible scenario that threatens the availability of IT infrastructure. A disaster recovery plan DRP delineates how an organization will respond to any given disaster scenario, with the goal of supporting time-sensitive business processes and functions, and maintaining full business continuity. On the preventative side, a DRP aims to minimize the negative effects of specific scenarios by defining what the organization needs to do in order to avoid them.

Site Main Navigation

К счастью, поскольку сотрудникам шифровалки приходилось иметь дело с огромным количеством достаточно неопределенных материалов, они разработали сложную процедуру так называемого неортодоксального поиска. Такой поиск, по существу, представляет собой команду компьютеру просмотреть все строки знаков на жестком диске, сравнить их с данными громадного по объему словаря и пометить те из них, которые кажутся бессмысленными или произвольными. Это сложнейшая работа, заключающаяся в постоянном отсеивании лишнего, но она вполне выполнима. Сьюзан понимала, что, по всей логике, именно ей предстояло решить эту задачу. Она вздохнула, надеясь, что ей не придется раскаиваться в том, чем она собиралась заняться.

Security Policy

Беккер зашагал по комнате. - На руке умершего было золотое кольцо. Я хочу его забрать.

Сьюзан шла вперед, повторяя это имя, ее глаза неотрывно смотрели на экран. - Дэвид! - воскликнула она, еле держась на ногах.  - О, Дэвид… как они могли… Фонтейн растерялся: - Вы знаете этого человека.

В течение нескольких секунд ни он, ни она не произнесли ни слова. Наконец Стратмор откинулся на спинку стула, и Сьюзан поняла, что он постепенно успокаивается. Когда он наконец заговорил, голос его звучал подчеркнуто ровно, хотя было очевидно, что это давалось ему нелегко.

3 comments

Melinda F.

Security Planning & Disaster Recovery. Eric Maiwald. William Sieglein. McGraw-​Hill/Osborne. Tenth Street. Berkeley, California

REPLY

Daniel T.

Actively scan device characteristics for identification.

REPLY

Edelia A.

Types of specifications and their examples pdf gcse physics aqa revision guide pdf

REPLY

Leave a comment

it’s easy to post a comment

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>