Disaster recovery is the process, policies and procedures related to preparing for recovery or continuation of technology infrastructure critical to an organization after a natural or human-induced disaster.

Disaster recovery planning is a subset of a larger process known as business continuity planning and should include planning for resumption of applications, data, hardware, communications (such as networking) and other IT infrastructure. A business continuity plan (BCP) includes planning for non-IT related aspects such as key personnel, facilities, crisis communication and reputation protection, and should refer to the disaster recovery plan (DRP) for IT related infrastructure recovery / continuity. This article focuses on disaster recovery planning as related to IT infrastructure.

Introduction

With the increasing importance of information technology for the continuation of business critical functions, combined with a transition to an around-the-clock economy, the importance of protecting an organization's data and IT infrastructure in the event of a disruptive situation has become an increasing and more visible business priority in recent years.

It is estimated that most large companies spend between 2% and 4% of their IT budget on disaster recovery planning, with the aim of avoiding larger losses in the event that the business cannot continue to function due to loss of IT infrastructure and data. Of companies that had a major loss of business data, 43% never reopen, 51% close within two years, and only 6% will survive long-term.

Classification of Disasters

Disaster can be classified in two broad categories. Viz, 1) Natural disasters- Preventing a natural disaster is very difficult, but it is possible to take precautions to avoid losses. These disasters include flood, fire, earthquake, hurricane, smog, etc 2) Man made disasters- These disasters are major reasons for failure. Human error and intervention may be intentional or unintentional which can cause massive failures such as loss of communication and utility. These disasters include walkout, sabotage, burglary, virus, intrusion, etc.

Security Holes

Security holes are the vulnerabilities in computing hardware or software. It provides indirect invitation to malicious brains to work on it and exploit it. It is achieved through flaws in network software which allows unintended control within the network. Components of network such as PCs and router hold these holes through their operating systems. Technical details of any systems should not be made public abundantly unless required. Once such holes are discovered, information about it should be immediately passed to security professional responsible for it. On the other hand such information is also passed quickly to hacker who might want to intercept into the network. Security professional should always work to heal such holes to eliminate possible attack.

General steps to follow while creating BCP/DRP