Writing Assignment: Module 10

Question 1

Why might some organizations abdicate all responsibility for DR planning to the IT department?

Answer 1

They are keenly interested in keeping IT systems available during and immediately following disasters.

Question 2

How can you classify disasters based on how they may emerge and become an issue for an organization?

Answer 2

The most common way is to separate natural disasters from man-made disasters. Another way of classifying disasters is by speed of development. Rapid-onset disasters are those that occur suddenly, with little warning, taking the lives of people and destroying the means of production. They may be caused by earthquakes, floods, storm winds, tornadoes, mud flows, and so on. Slow-onset disasters occur over time and slowly deteriorate the organization’s capacity to withstand their effects. These disasters include droughts, famines, environmental degradation, desertification, deforestation, and pest infestation.

Question 3

What entity is responsible for creating the DR team? What roles should the DR team perform?

Answer 3

The CPMT. They aim to reestablish business processes.

Question 4

Discuss the limitations on the number and type of CP teams to which any one individual should be assigned.

Answer 4

Disaster Management Team, Communications Team, Computer Recovery Team, System Recovery Team, Network Recovery Team

Question 5

What key elements should be included in the DR policy?

Answer 5

Risk Assessment, Recovery Objectives, Data Backup and Storage, Recovery Procedures, Communication Plan, Training and Testing, and Continuous Improvement.

Question 6

Why are the DR activity groups presented out of sequence (during, after, before) instead of in chronological order?

Answer 6

Activities that are during are the most urgent. After are the ones that have been resolved

Question 7

What are the major activities planned to occur during the disaster?

Answer 7

planning for the triggers, determining what must be done

Question 8

What are the major activities planned to occur after the disaster?

Answer 8

After action review, forensic analysis

Question 9

What are the major activities planned to occur before the disaster?

Answer 9

preparing by practicing proper security

Question 10

What is a DR plan addendum, and why will one or more of them be prepared?

Answer 10

DR plan addendum must be updated and revisited annually and you may have Multiple addendums to address specific scenarios or changes in the organization’s technology.

Question 11

What is a DR after-action review (AAR), and what are the primary outcomes from it?

Answer 11

Once the incident has been contained and all signs of the incident removed, the “actions after” phase begins. During this phase, lost or damaged data is restored, systems are scrubbed of infection, and everything is restored to its previous state. The IR plan thus must describe the stages necessary to recover from the most likely events of the incident. It should also detail other events necessary to the “actions after” phase, such as possible follow-on incidents, forensic analysis, and the after-action review (AAR).

Question 12

Why should DR planning documents be classified as confidential and have their distribution tightly controlled?

Answer 12

These plans can contain a wealth of sensitive data that would be a significant loss to the organization if the data fell into the wrong hands. Planners need to make arrangements for the ways that planning documents are copied and stored, to accommodate the availability requirement while making sure the necessary confidentiality is maintained.

Question 13

What is a worst-case scenario? What role does it play in an organization’s planning process?

Answer 13

Service disruptions that may last for weeks or months and the govt could declare a state of emergency. And organizations should educated their staff what is expected of them.

Question 14

What are the primary goals of the DR plan?

Answer 14

-Initiate implementation of secondary functions.
● Finalize implementation of primary functions.
● Identify additional needed resources.
● Continue planning for restoration

Question 15

What are the key features of the DR plan?

Answer 15

● Clear delegation of roles and responsibilities
● Execution of the alert roster and notification of key personnel
● Use of employee check-in systems
● Clear establishment and communication of business resumption priorities
● Complete and timely documentation of the disaster
● Preparations for alternative implementations

Question 16

Describe the phases in a DR plan.

Answer 16

a.Preparation — The planning and rehearsal necessary to respond to a disaster
b.Response — The identification of a disaster, notification of appropriate individuals, and immediate reaction to the disaster
c.Recovery — The recovery of necessary business information and systems
d.Resumption — The restoration of critical business functions
e.Restoration — The reestablishment of operations at the primary site, as they were before the disaster

Question 17

What is job rotation? Why is it a useful practice from a DR plan perspective?

Answer 17

The routine training of all employees for at least one other job, either vertically or horizontally prepares the organization to handle normal personnel shortages or outages

Question 18

What does it mean when operations are in degraded mode? Should organizations prepare to operate in this mode?

Answer 18

employees are operating under adverse conditions. When training, an organization should periodically try this variation, including the loss of power or lighting, the loss of communications,and so on, to see how employees can adapt to these conditions. During a disaster, it is very likely that some utilities will be unavailable.

Question 19

What should be the primary focus of the training that is provided to the network recovery team?

Answer 19

Much of their DR operations training should focus on establishing ad hoc networks quickly but securely.

Question 20

What are the primary duties of the business interface team?

Answer 20

This team is responsible for working with the remainder of the organization to assist in the recovery of nontechnology functions.

Question 21

Describe the various rehearsal and testing strategies that an organization can employ.

Answer 21

Use of an alert roster. Some organizations can make use of an auxiliary phone alert and reporting system. The use of the “I’m okay” automated emergency response line

Question 22

Why must the alert roster and the notification procedures that use it be tested more frequently than other components of the DR plan?

Answer 22

it is subject to continual change because of employee turnover

Question 23

What are the primary objectives of the response phase of the DR plan?

Answer 23

designed to:
Protect human life an dwell-being
Attempt to limit and contain the damage to the organization’s facilities and equipment
Manage communications with employees and other stakeholders

Question 24

What are the primary objectives of the recovery phase of the DR plan?

Answer 24

Recover critical business functions
Coordinate recovery efforts
Acquire resources to replace damaged or destroyed materials and equipment
Evaluate the need to implement the BC plan

Question 25

What are the primary objectives of the restoration phase of the DR plan?

Answer 25

Initiate implementation of secondary functions
Finalize implementation of primary functions
Identify additional needed resources
Continue planning for restoration