Disaster Recovery Plan

Disasters that can cause hardware, software and data loss such as fire are
inevitable. One can minimize the losses by formulating a plan to recover from such
disasters and to keep the business operational. A disaster recovery plan is a method
of restoring computer processing operations and data files if operations are halted
or files are damaged by major destruction.

There are various approaches that a company can adapt in their disaster
recovery plan. These are: reverting to manual services, buying time at a service
bureau, mutual aid pact or forming consortiums. Reverting to manual services is not
recommended for businesses operating in a large scale such as banks and financial
institutions because of its slow processing ability. Companies can buy time at a
service bureau which is a company that provide services for a fee. A mutual aid
pack is an agreement between two or more companies to lend each other
computing power if one of them has a problem. A consortium is a joint venture to
support a complete computing facility. There are two kinds of facilities; hot site and
a cold site. A hot site is a fully equipped computer center with hardware,
environmental controls, security, and communications facilities while a cold site is
an environmentally suitable empty shell in which a company can install its own
computer system. All of these approaches have their own positive and negative
traits which a company can use in their own discretion.

Table of Various Approaches’ Pros and Cons

Various Approaches Pros Cons

Manual Services Immediate action Slow processing ability

Service Bureau Convenient for Inconvenient for companies in rural

 companies in urban or remote areas
areas

Not guaranteed when a regional

Mutual Aid Pact Inexpensive disaster occur

Fully equipped
Hot site Fast processing Most expensive to operate
ability
Consortium Immediate action

Cold Site Less expensive than It takes longer to get the enterprise
hot site in full operation after the disaster

Typical items stored in a backup site:

a. Program and data files
b. Program listings
c. Program and operating system documentation
d. Hardware inventory lists
e. Output forms
f. Copy of the disaster plan manual

A disaster recovery plan should include the following:

a. List of priorities identifying the programs that must be up and running first.
b. Plans for notifying employees of changes in locations and conditions.
c. List of needed equipment and where it can be obtained.
d. Procedures for handling input and output data in a different environment.

Software Security
Who owns custom-made software?

Employee
Owner
Programmer
= Organization
Programmer
of the
Consultant
Organization

The diagram above shows when a programmer can claim custom-made

software that he wrote as legally his. If the program is written for the organization of
which he is employed then he can’t use that same program in his other endeavours
aside from telling others that he/she is the one who made it.

Data Security

Data is one of an organization’s most important assets thus creating and

doing security measures for this asset is greatly needed. The following steps can be
taken to prevent theft or alteration of data:

• Secured Wastes
Discarded printouts, printer ribbons and the like can be sources of
information to unauthorized people. This can be avoided by using a
paper shredder and locked trash barrels.

An example of a paper shredder

• Internal Controls
These are controls that are planned as part of the computer system
and an example of this is a transaction log which is a file of all
accesses or attempted accesses to certain data. In this way,
unauthorized people found to access private files can be traced and
questioned.

• Auditor Checks
Auditors go over the financial books of the company and during the
course of their duties, they frequently review computer programs and
data. Through this, they can check some errors or alterations on the
data. They can also see who accessed these data when it is not usually
used to look for suspicious actions.

• Applicant Screening
Theft of data can be easily done by a person that can go within the
business’ premises easily. That’s why employers should do background
checks in their employees to help weed out dishonest applicants
reducing the risk of information leakage.

• Passwords
A password is a secret word, number or a combination of the two that
must be typed on the keyboard to gain access to a computer system.
Employees should be taught to formulate passwords that are hard to
break by a password breaking program. This can be done by combining
letters, numbers and symbols creating a non-existent word in any
language.

Example of a good password: “^$54gf^7Nb”

 • Built-in Software Protection
Softwares can be built into operating systems in ways that restrict
access to the computer system. These softwares are able to identify
authorized persons and let them gain access to the computer system.

Personal Computer Security

Personal computers have high money equivalent in the market that’s why it is
likely to be stolen by thieves. One can avoid this by securing personal computers in
place with locks and cables. Also, most personal computers have an individual cover
lock that prevents access to internal components. One should also avoid eating,
drinking, and smoking while using computers. Occasional cleaning is also
recommended.

Disk data can be protected by using surge protectors. It is a device that

prevents electrical problems from affecting computer data files. An example of this
is an uninterruptible power supply. UPS includes surge protection and battery
backup, which enables you to continue operating your PC during power loss or
brownouts enough to allow you to save and close all files and shut down the system
without loss of data.

Prepare for the Worst: Back up Your Files

Personal computer users are not as devoted as organizations in backing up

data files. There are many things that can go wrong that will cause data loss. There
is always the possibility that your important files such as reports, music and pictures
will be damaged because of hard disk failure, natural disasters or even your own
stupidity and carelessness.

There are many ways to back up files. Some people make another copy of
their hard disk files in diskette while others back up their files on tape. You can also
use a mirror hard disk, which is a second copy of everything you put on the original
disk, but can cost a lot of money. Back up softwares that can automatically back up
files at a certain time of day or on command are also available. Generally, backup
softwares provides three types of back ups. A full backup copies everything from the
hard drive. A differential back up copies all files that have been changed since the
last full backup. An incremental backup copies only those files that have been
changed since either the last full backup or the last incremental backup. A
comprehensive backup plan involves periodic backups, complemented by either
incremental or differential backups. These backup plans also differ in their
restoration process.

Restoration Process:
 Most recent
Last
differential
Differential
Full Backup
backup
Approach
A.)

Incremental
Incremental
Last
Incremental
Backup
Backup
Full Backup
Approach
B.)