Introduction Disaster Course Training Steps
Introduction Disaster Recovery Business Continuity
According to www.drj.com, “Disaster Recovery is the ability of an organization to respond to a disaster or an interruption in services by implementing a disaster recovery plan to stabilize and restore the organization’s critical functions.”
This module gives a brief introduction to the concepts, such as, disaster recovery, levels of data recovery, disaster recovery process, and business continuity. It also focuses on the concept of Business Continuity planning that helps to provide security and resilience to the organization. It mainly focuses on the topics, such as, how to be prepared before a disaster occurs and how to avoid disasters.
Laws and Acts
This module familiarizes with some of the laws and acts pertaining to disaster recovery such as, Applicable Acts in Disaster Recovery, Acts of U.S: Sarbanes-Oxley Act, Gramm-Leach-Bliley Act, HIPAA, Flood Disaster Protection Act of 1973, Robert T. Stafford Disaster Relief and Emergency Assistance Act and CAN SPAM Act 2003, etc.
Disaster Recovery Planning
A disaster recovery plan (DRP) describes how an organization should deal with potential disasters. Just as a disaster is an event that makes the continuation of normal functions impossible, a disaster recovery plan consists of the precautions taken so that the effects of a disaster will be minimized and the organization will be able to either maintain or quickly resume mission-critical functions. Typically, a disaster recovery planning involves an analysis of business processes and continuity needs; it may also include a significant focus on disaster prevention.
These modules describe the various steps for planning a disaster recovery process, mainly concentrating on the topics, such as, identifying and estimating the risks, defining a recovery strategy, and performing risk assessments and audits. Disaster recovery planning in a virtualized environment topic is also discussed in this module. It also familiarizes with ten tips for successful IT disaster recovery planning.
Business Continuity Management
A business continuity plan should provide an enterprise-wide risk-based approach, covering people, processes, technology, and extended enterprise to ensure the continuing availability of the business support systems and minimize the disruption risks.
This module mainly focuses on the elements of business continuity management and how to develop business continuity strategies. It also highlights the topics, such as, crisis communication plan, emergency response plan, and business continuity plan development, implementing and maintaining the plan.
Managing, Assessing, and Evaluating Risks
This module familiarizes with the importance of risk management, risk assessment, and risk mitigation. It also displays the keys for successful risk management program mainly focusing on the roles and responsibilities of the risk management team. It also familiarizes with all the risk variables, relative threats, vulnerabilities, attacks, and consequences related to the system. This module describes about the threats that may result in disclosure of the asset, modification of the asset, destruction or loss of the asset, the hardware it resides upon or the software that interacts with it, and interruption of the access to the asset. This module also covers the topics, such as, risk assessment methodology, threat analysis, vulnerability analysis, and vulnerability assessment methodologies
Risk management methodology process contains threat and vulnerability analysis. This process is used to find the vulnerabilities and threats to improve the system’s performance. This module familiarizes with the topics, such as, system disposition/reutilization, system administration, and audit mechanism processes, system acquisition, process of selecting and purchasing new IT, security product integration, maintenance of user accounts. It also highlights the processes for timely deletion of accounts, automated tool for security test, and security test and evaluation plan and procedure.
Risk Control Policies and Countermeasures
System security policy provides the guideline for each user to be provided a separate account to use a computer system, containing the password with minimum of six characters. This module helps the students in understanding the security policies and procedures implemented during risk analysis/assessment process. It mainly focuses on the topics, such as, general control policies, information security policy, and system acquisitions policies and procedures.
Data Storage Technologies
This module talks about various data storage technologies. It discusses the topics, such as, DAS, NAS or SAN, NAS disk-as-disk targets, backup of NAS servers and scalable NAS. It mainly focuses on implementation services for network attached storage systems, highlighting the benefits of network attached storage in small and mid-sized business networks
It also familiarizes with the topics, such as what is SAN, threats to a SAN, the benefits of SANs, and the technical topology of a SAN. It mainly focuses on the SAN security concerns. It also highlights the topics securing storage area networks with iSCSI and storage area networks over fibre channels.
Disaster Recovery Services and Tools
Disaster recovery services and software are fetching more significant aspect of enterprise computing. As devices, systems, and networks become ever more complex, there are more things that can go wrong. As a consequence, recovery plans have also become more complex.
This module familiarizes with the topics, such as, disaster recovery services and their needs, types of disaster recovery services, data loss prevention, etc. It explains the terminology of implementing offsite backup with the understanding of identifying backup requirements and its importance. It focuses on the topics such as, advantages of offsite data backup, tips for keeping data safe, and developing an effective data backup strategy. It highlights the list of disaster recovery service providers, will familiarize with various backup and recovery solutions, such as, Symantec Backup Exec System Recovery, Symantec Backup Exec, AmeriVault-EV, MozyPro, PC BackUp Pro, SyncBack Pro, etc.
Certification and Accreditation
System certifiers and accreditors assess the security assessment results credibility and ensure that the objectives are achieved in order to make an informed, risk-based, and accreditation decision.
This module discusses about the certification process that supports the risk management process in the information system security program. This module covers the topics, such as, system certifiers and accreditors, certification and accreditation guidelines, certification and accreditation documentation, vulnerabilities and attacks, physical security requirements, and information technology
security evaluation criteria.