StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

A Plan for Restoration and Recovery for Information Systems - Case Study Example

Cite this document
Summary
This case study "A Plan for Restoration and Recovery for Information Systems" discusses the rise of cyber-terrorism and a plan for updating methods to restore damaged systems and recover corrupt or deleted files as the government information systems are in danger. …
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER92.7% of users find it useful
A Plan for Restoration and Recovery for Information Systems
Read Text Preview

Extract of sample "A Plan for Restoration and Recovery for Information Systems"

Running Head: RESTORATION AND RECOVERY PLAN Considering the Worst: A Plan for Restoration and Recovery for Information Systems Considering the Worst:A Plan for Restoration and Recovery for Information Systems The rise of cyber-terrorism and common occurrences of natural disasters prove that governmental information systems are in danger. Though convenient, information systems may be considered easy targets, as they lack adequate protection and are extremely vulnerable to widespread damage. With these facts in mind, systems operators should not only enhance security and devise risk management plans, but they should also plan for the worse by updating methods to restore damaged systems and recover corrupt or deleted files. Targeted Convenience Information systems act as the nucleus of interconnectivity and efficient communication (ISACA). Interconnected capabilities of information systems allow system operators instant feedback from an inquiry. Moreover, their interconnectedness provides added resources as they provide links to other databases with critical information. For those with harmful intentions, the interconnectivity of public safety systems represents an opportunity. One vile or deleted piece of information can easily infiltrate and corrupt or lock an entire system’s operations and subsequently infect connected systems. It is believed that government systems may become targets of attack (Wilmot, 2004; Wilson, 2003). Instead of using explosives, terrorists may resort to the destructive effects of data packets. According to Lieutenant General Kenneth A. Minihan, groups harboring hostility towards the United States are currently developing “offensive information warfare capabilities” (Wilcot, 2004, p. 284) making government computers and information systems targets (Wilson, 2003). As a connected subsidiary of the federal government (SafirRosetti, 2006), the Fort Lauderdale Police Department of Florida FLPD and its information systems are equally susceptible to attacks. Need for System Restoration and Data Recovery/ Adequate Systems Protection The Fort Lauderdale Police Department implements several strategies to combat imminent attacks against information systems; however, its strategies require added forethought and planning. Though the risks of information systems is known among systems operators, protection plans are far and few between. Scarce time is invested into the protecting systems. Wilcot (2004) points out the haphazard security of information systems: “In most agencies, security is relegated to someone in the information services (IS) department, who usually has many other duties.” (p 291) To ensure the safety of its information systems, FLPD relies on its staff (SafirRosetti, 2006) and the administrative department of the Risk Management Division (BCL). The person in charge of managing FLPD’s Information Systems Unit (ISU) observes and evaluates staff members who work with the information system (SafirRosetti, 2006). Since managing the ISU entails more duties than observing and evaluating staff members, observations and evaluations provide limited protection for the system. Performing a host of other duties undoubtedly interferes with supervisors’ competence while evaluating subordinates. One way or the other, systems operators will invest time into their information systems—either they will be proactive and devise risk management plans, or they will be forced to restore the entire system or recover deleted files in a feeble response to the aftermath of disturbance. Apparently, FLPD’s security measures for its information systems are mediocre, at best. Thus, the following plan to identify and provide information systems’ restoration and recovery is duly warranted. Methods of Restoration Strengths of current restorative methods. The task of system restoration appears to be an easy fix, as the same method is utilized to restore systems. Wilson (2003) states, “Highly skilled engineers and technical experts who understand the systems would, as always, work tirelessly to restore functions as quickly as possible.” (p. 6) Using human labor as a means of restoration is beneficial. Technicians’ knowledge accompanies their skill in dealing with the information systems. Since their work requires hands-on encounters with the systems, technicians can immediately assess and respond to the system’s malfunction. Weaknesses of current restorative methods. On the other hand, total dependency on human labor to complete such a critical task has an absolute disadvantage. Human labor is not instant. First, humans require time for arrival on site of the problem. Secondly, technicians must first perform a diagnostic assessment prior to implementing a possible solution. If that solution fails, technicians must reassess then apply a different solution. For the most part, the repair phase should not be trial and error, as a wrong could precipitate further damage. Combining strengths and weaknesses to maximize efficiency. Since most systems operators are dependent on the benefits of human labor, resolving the issue of damage in a timely manner proves to be challenging. To adequately protect its citizens, FLPD relies on the apt responses of its information systems and staff (flpd.org). To maximize the element of time, FLPD should plan to combine the benefits of human labor with the convenient basics of technology. Since technicians are equipped to deal with information systems, the proposed plan would require technicians to compile scenarios they have encountered and possible scenarios that would also warrant repairs. The compiled scenarios and repairs would be programmed into the operating systems so that sensors could check and instantly modify or regulate systems’ operations to rectify problems for resulted restoration. To further avoid manual restoration of services, Turoff et al (2003) suggest the creation of a virtual command center. A virtual command center would continue to utilize the efficiency of basic technology. In the event that the technology is disabled, it could be restored without requiring human presence at a particular site. Once systems have been restored using a timely method, however, files must still be recovered. Methods of Recovery Strengths and weaknesses of current recovery methods. Unlike the intricate methods of restoring an information system, recovering lost or deleted files could be less complicated. However, the task of recovering files is haphazard at best. In its commendable effort to plan for unforeseen disasters, FLPD partners with The Risk Management Division (BCF). The partnership between FLPD and The Risk Management Division serves as established effort to improve guards for information systems. The Risk Management Division acknowledges responsibility for responding to claims regarding hardware but omits specific detail about its efforts to recover corrupt or deleted data. Thus, the current use of forethought in risk management planning considers foreboding possibilities. However, current considerations should be examined to further scrutinize the consequential effects of internal and external threats, including a plan of recovery, should a calamity occur. Unfortunately, systems operators neglect to initiate adequate plans for recovery until after a disastrous event. A false sense of security allows system operators to think that nothing will happen that purchased software or the system itself cannot fix. Wilson (2003) reports that a simulation attempt to cripple a telecommunication system was unsuccessful because the “system redundancy [prevented] damage from becoming too widespread.” (p. 7) Though the system’s redundancy may be a beneficial component of the system, injected viruses or foreign elements designed to induce malfunction could alter the operation of the redundant component. Purchased software is another effort to secure information systems. Wilson (2003) comments about the process for software vendors illustrates security measures: Agencies operating national security systems must purchase software products from a list of lab-tested and evaluated products in a program that requires vendors to submit software for review in an accredited lab, a process (known as certification under the Common Criteria, a testing program run by the National Information Assurance Partnership…” (p. 21) Though commercial software companies strive to develop secured products, most software possesses the same features (Wilson, 2003). One mastermind could gain access to the securing features and sabotage the effectiveness of all software. In addition, more pressing matters provoke ill preparation in systems operators. Ulfelder (2004) points out that “disaster recovery takes a back seat to other IT [information technology] projects.” (p. 2) Blinded faith in security features and attention to more demanding projects deflect consideration from the recovery process, thereby, leaving the task of recovering lost or damaged data less of a priority and resulting in an unwary reactive effort of recovery. Plans of proposed recovery method. Based on Ulfelder (2004) and Mearian’s (2004) articles about past mistakes companies made when preparing or recovering from a disaster, the following is a proactive plan for recovering altered, stolen, or destroyed data. First, the FLPD will determine which software and information will be initially restored and store a replica of the software and information in alternate locations, thereby reducing data recovery from days to hours. Secondly, the department will identify and include personnel who are critical to the recovery process and make them an integral part of the recovery planning process. However, the department will be careful not to overlook other personnel, as the department will train others, as well. According to Elbert Lane, a lead software developer, documents should be “fashioned so anyone in the business should be able to restart and application” (Ulfelder, 2004, p. 2). Lane adds that even someone from the mailroom should have the same capabilities to restart and restore applications. Ensuring efficiency of proposed plan. To avoid obstruction of the recovery process, the proposed plan will also ensure that basic items are in place. Accessibility to the critical areas will be preplanned, as an emergency contact tree, which includes numbers for other emergency personnel (i.e. fire, town officials, etc.) and mobile numbers of officers and supervisors will be created, circulated, and stored in alternate areas. Crisis-only overrides will allow selected low-level staff members authorization to passwords. Most importantly, backup generators and flashlight batteries will be checked periodically to ensure the presence of light. Though menial and seemingly unimportant in comparison to other preparations for recovery, basic necessities sometimes sabotage the most meticulous plans to reinstate operability of information systems. To further enhance the entire recovery process, regular surprised tests will be conducted to evaluate the proficiency and efficiency of the recovery process. Exercised recovery plans prove beneficial. On the other hand, dormant recovery plans may complicate the overall recovery process. Results of survey illustrate of exclusion of end users: In a recent survey of 283 Computerworld readers, 81% of the respondents said their organizations have disaster recovery plans. But 71% of the respondents at the companies with plans said the plans hadn’t been exercised in 2003. (Mearian, 2004, p. 2) A plan only runs smoothly if trained personnel remain. However, what are the odds that people will continue working with an organization for more than five years? Companies must depend on the plan, not the people. Thus, the recovery plan should be reviewed and tested regularly. Instead of a feeble reaction to a calamitous event that disables the entire system or corrupts or delete important files, the outlined plan will implement proactive measures that will adequately plan for effects of crises. References Broward County Florida. Risk management division. Retrieved January 16, 2007, from http://www.broward.org/riskmanagement/welcome.htm. Fort Lauderdale Police Department. Communications center. Retrieved January 7, 2007, from http://www.flpd.org/commcenter.html. ISACA: Serving IT Governance Professionals. ISACA overview and history. Information Systems Audit and Control Association. Retrieved January 3, 2007, from http://www.isaca.org/PrinterTemplate.cfm?section=overview_and_History&Template=Co... Mearian, L. (2004). Rising from disaster. Computerworld. Retrieved February 4, 2007, from EBSCOhost via Academic Search Premier: http://web10.epnet.com/DeliveryPrintSave.asp?tb=1&_ug=sid+72415389-46B3-45EB-9F3... SafirRosetti (2006) Staffing Study of Fort Lauderdale Police Department. Retrieved January 5, 2007, from http://ci.ftlaud.fl.us/documents/safir_study071505.pdf. Ulfelder, S. (2004). Classic mistakes. Computerworld. Retrieved February 4, 2007, from EBSCOhost via Academic Search Premier: http://web10.epnet.com/DeliveryPrintSave.asp?tb=1&_ug=sid+72415389-46B3-45EB-9F3... Wilmot, R. (Ed.) (2004). Domestic and international terrorism. Boston, MA: Pearson Custom Publishing. Wilson, C. (2003). Computer attack and cyber terrorism: vulnerabilities and policy issues for congress. Congressional Research Service Reports and Issue Briefs. Retrieved January 29, 2007, from InfoTrac OneFile via Thomson Gale: http://find.galegroup.com/itx/printdoc.do?&prodId=ITOF&userGroupName=21667_hbplc... Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(A Plan for Restoration and Recovery for Information Systems Case Study - 2, n.d.)
A Plan for Restoration and Recovery for Information Systems Case Study - 2. https://studentshare.org/information-technology/1539140-restoration-recovery-plan
(A Plan for Restoration and Recovery for Information Systems Case Study - 2)
A Plan for Restoration and Recovery for Information Systems Case Study - 2. https://studentshare.org/information-technology/1539140-restoration-recovery-plan.
“A Plan for Restoration and Recovery for Information Systems Case Study - 2”. https://studentshare.org/information-technology/1539140-restoration-recovery-plan.
  • Cited: 0 times

CHECK THESE SAMPLES OF A Plan for Restoration and Recovery for Information Systems

Network Security Mechanisms

Methods to evaluate the operational impact and recovery activation are also determined.... This essay also refers to some systems, that are used to establish network security and plan it's proper work.... lternative recovery strategies are also planned and important data and information of the business units are copied and stored in a safe location.... A large corporation is supposed to have a large volume of data and information that needs to be protected from any kind of theft and any kind of loss due to natural disasters....
5 Pages (1250 words) Essay

Business Continuity, Backup and Disaster Recovery Plan

That is, whether risk pose within the resource department, or systems, processes, or suppliers.... To protect against data-driven risks, the business solution will focus on a delivery of an efficient backup and quick retrieval of critical data and information.... Contents Business continuity, Backup and Disaster recovery Plan 1 Analysis 2 Solution design 3 Implementation 4 Testing and Acceptance 5 Maintenance 5 Back-Up 6 Disaster recovery 8 Conclusion 10 References 12 Business continuity, Backup and Disaster recovery Plan Disasters are bound to happen....
8 Pages (2000 words) Research Paper

Restoration and Recovery Plan: Ceramic Manufacturing Company

"restoration and recovery Plan: Ceramic Manufacturing Company " paper attempts to understand the restoration and recovery plan employed by an organization in case of any of an attack or failure of its Information System.... nbsp;… The evolution of information systems has come a long way, since an almost ad-hoc approach in their deployment of yore days to their current sophisticated, managed, planned, and well-engineered approach.... Contingency Management is one essential element in the planning of the information System....
5 Pages (1250 words) Case Study

The Effectiveness of Network Management Tools

Structure of Management information (SMI) is a component that is used in network management and provides the rules required in network management.... Furthermore, the writer will examine the strategies used for recovery in cases of disasters.... The purpose of this assignment is to assess the existing approaches to computer network management....
27 Pages (6750 words) Assignment

Restoration and Recovery of Information Systems and Data

This case study "restoration and recovery of Information Systems and Data" focuses on the recovery and restoration of information services by the Palm Beach Sheriff's Office.... nbsp;… restoration and recovery of information system operations have become one of the most important concerns in information systems management.... restoration and recovery fall under risk management of information systems and entails identifying managing minimizing risks and assessment and evaluation....
6 Pages (1500 words) Case Study

Disaster Recovery Planning for NIST

Even these cause many problems to the organizations that include data loss, increased response time, network congestions, and un-timely break up of systems and temporary stagnation of work (Cooper, 1995).... A single quake can destroy entire business information in no time and nullify its existence.... Continuous monitoring of this information and assessing the risks that these factors cause, becomes an important issue.... It is common for crackers to find useful information in used tape drives, disks and discarded print outs....
8 Pages (2000 words) Essay

Disaster Recovery Plan to Recover IT systems of ABC Inc

The paper "Disaster Recovery Plan to Recover IT systems of ABC Inc" gives the advice to perform damage assessment to identify the requirement for software, hardware, and database, acquisition of required software/hardware/network sources, the configuration of ESXi installation and configuration.... hellip; The Disaster Recovery Plan establishes procedures to recover the IT systems of ABC Inc.... recognizing their operational dependency on IT systems, and the potential loss that may occur in the event of a disaster; authorized the preparation, implementation, and maintenance of a comprehensive disaster recovery plan....
7 Pages (1750 words) Case Study

Important and Critical Data of Business

The disasters can be of many types, which are given below: A DRP contains the plan for guarding against the above disasters.... Backup plan: Backup plans are an essential part of any company's disaster recovery plan for backing up important business information.... Disaster Recovery Plan (DRP): DRP can be defined as a plan that helps a business recover data and restores operations after a disaster.... It is a plan that is made before the disaster happens and it can be from a simple plan to create a backup of server every night to the kind of technological redundancies and procedures....
9 Pages (2250 words) Term Paper
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us