- Email: [email protected]
Disaster recovery plan for medical records company
International Journal of Information Management 37 (2017) 622–626
Contents lists available at ScienceDirect
International Journal of Information Management journal homepage: www.elsevier.com/locate/ijinfomgt
Research Note
Disaster recovery plan for medical records company
MARK
Vincent Lozupone Northcentral University, 2488 Historic Decatur Rd. San Diego CA 92106
A R T I C L E I N F O
A B S T R A C T
Keywords: Restore Windows Server Disaster recovery Intrusion detection Threats Virus
Computer systems have become a critical part of many businesses. Businesses rely on computer systems to perform many daily tasks. It is important that businesses have a valid strategy to recover their data in the event of fires, hurricanes, other natural disasters, sabotage, or security incidents. This paper describes the concepts of a disaster recovery and data replication plan that The Medical Record Company will adhere.
1. Introduction The Medical Records Company depicted in this report can be any company, regardless of size, which deploys Windows servers that may choose to use this document as a guide for planning for a disaster recovery. Medical Records Companies are firms that offer Information Technology to hospitals, medical labs and other various healthcare organizations. It is important to note that even though a company of any size can use this strategy, a large company may use more resources that are needed to assure a plan that is sound and feasible. Although this report focuses on Microsoft products, facets can be applied generically, i.e. RAID, vulnerabilities, offsite storage, disaster recovery plan, and steering committee. The Medical Record Company’s (MRC) network is configured as a single Microsoft Active Directory Domain. Each client company is using Windows Professional as the operating system. There are four sites connected by broadband, and each site is managed by a LAN administrator. The company is also using WINS, DNS and DHCP at each site. The DNS configuration is using dynamic updates. There are also 20 file servers running the Server 2012R2. This report will identify vulnerabilities with a mitigation strategy, disaster recovery plan and finally present an effective intrusion detection design. 2. Identify the vulnerabilities in the current configuration and describe how to mitigate them A hardware failure can also be considered an exposure and MRC considers this type of failure a natural disaster. Manmade disasters can be sabotage, arson, strikes, bombings, and unavailability of key employees. MRC will obtain relevant information from insurance
E-mail address: [email protected]. http://dx.doi.org/10.1016/j.ijinfomgt.2017.05.015 Received 5 May 2017; Received in revised form 11 May 2017; Accepted 26 May 2017 0268-4012/ © 2017 Elsevier Ltd. All rights reserved.
companies, local weather service, law enforcement, and newspapers. This information should include statistical data from weather and site studies from the Government of an impact study. This should also include man-made risks (Sans Institute, 2002). Irrespective of the type of disaster, aside from a security incident, the disaster recovery will have the same plan. The 20 file servers will be backed up to tape backup system using an incremental configuration. See Fig. 1 for types of backups. An incremental backup only requires the last full backup and the last incremental backup to acquire a full recovery. The tapes will be stored off site at a company, for example, IronMountain.com or similar. This plan will also entail purchasing a server with a backup tape and software and assuring that there is a location to perform a restore if necessary. MRC will be purchasing Paragon Hard Disk Manager Suite 2011 (see Fig. 2). MRC will also have fault tolerant storage. RAID (Redundant Array of Independent Disks) configurations will be configured on all servers. The system drives will have RAID 1, disk mirroring. This will yield redundancy and excellent read and write performance. During a failure the alternate drive will take over (Cole, 2008). The remaining drives will have RAID 5, striping with parity. The workstations will be managed with Symantec Ghost Solution Suite 3.0. This software will deploy new workstations and restore in case of a disaster. MRC will use Symantec’s Data Loss Prevention as part of the suite. According to Developer Network (2015), most people think that defining security vulnerability would be easy. It is not. Security vulnerability can be a potential attack on a system, for example malware, incorrectly configured systems or passwords scribed on a pad. Vulnerabilities can be security exposures that may result from a product weakness by a business producer introduced by accident or an intended attack. MRC considers the lack of a plan, business impact assessment,
International Journal of Information Management 37 (2017) 622–626
V. Lozupone
Table 1 Severity Classifications. Severity
Type
1 2 3 4 5
A few users have received an email with a virus attachment Scans have detected possible targets Many scans detected on perimeter. Many computers affected A breach has occurred or a DOS (Denial of Service) was successful. A major impact on production has occurred. Financial or medical information at risk.
a security incident (Cole, 2008). This plan will use the industry standard name of Computer Security Incident Response Plan (CSIRP). This plan will provide MRC with the precise information needed at the critical moment that an attack is recognized or suspected. The first step that MRC will do is to build a team called Computer Security Incident Response Team (CSIRT). Each member of the team will have a definite role to play. Each site administrator will be aware of the network topology, configuration of the servers and desktops and be aware of the applications installed on the workstations. MRC will determine the severity level assigned to each type of incident. MRC has created a table that will assign a severity to a designated type. Severity 5 is the most serious and has the potential of financial loss to the company as a result of the possibility of health records being comprised. This can also have a damaging effect on the image of MRC and must be taken very seriously. See Table 1 for severity classifications.
Fig. 1. Backup Types (Images, 2017).
3. Design and develop intrusion detection and prevention controls for this organization There are a few techniques and groups that make up intrusion detection systems. Also, there are signature-based and statistically anomaly-based systems. There are advantages and disadvantages to both. Effective IDS (Intrusion Detection System) systems can use both. A signature-based ID stores signatures of attacks as a reference. When data is collected in a log and if there is a match a response is initiated. One weakness of a signature-based ID is a failure to catch attacks over a long period. Other weaknesses include resource intensive to the system, and they are OS (Operating System), platform, and application dependent. Statistical anomaly-based IDs compare learned and normal behavior patterns and will trigger alarms when an anomaly occurs. To work correctly, the ID has to take a sample of network patterns over a long period. These patterns are memory usage, CPU utilization, and network packets. Some advantages are, it is dynamic, OS agnostic and can prevent abuse-of-privileges attacks. MRC will use both types. MRC will also implement a NIDS (Network–based). See Fig 4 for a comparison of NIDS vs. HIDS and Fig 5 for a depiction of NIDS flow. It resides on the network and monitors the entire network, and since MRC does not have network segments, it is a good solution. It works as an appliance in conjunction with a NIC (Network Interface Card). The NIC is configured in the promiscuous mode. This mode sees all traffic on the network. As packets pass through the network, the NIDS inspects and identifies packets that are suspect. It looks for a string, port and header condition signatures. An NIDS customarily provides reliability with the absence of consuming network or host resources. It also provides realtime information (Cole, 2008). Stallings (2007) stated that sensors can be either passive or inline. Most NIDS are deployed using the passive mode. A passive mode monitors a copy of the traffic and actually does not pass through the device. Therefore, no packet delay is realized. MRC will use the passive mode (Fig. 6). An IPS (Intrusion Prevention System) is very similar to the IDS. The difference is that the IPS will attempt to prevent attacks instead of only logging. MRC will install IPSSB (Intrusion Prevention System Software Blade) from Checkpoint at each site (Checkpoint, 2015). It has
Fig. 2. Paragon (Paragon, 2015).
business continuity plan, a security assessment and a detailed definition of requirements a vulnerability. It is imperative that MRC, from an economic and business strategy perspective focus on the activities that have the effect of reducing the likelihood of a disaster occurring rather than focusing on minimizing the impact of the disaster (DRP, 2013). Since there are four sites, there has to be a dedicated communications between all the sites. There also has to be replication existing for WINS, DNS, and DHCP. When configuring WINS replication, there are two issues that need to be considered, type of network and the length of time required for all replicated changes in the WINS database to converge (Technet, 2005). The Converge time is the time needed to replicate a new entry in a WINS database server. MRC will test the network throughput to determine this parameter. Dynamic DNS enables client computers to register and dynamically update their resource records with a DNS server upon changes. This alleviates the need for manual intervention. DNS will be configured on all the domain controllers. Server 2012R2 has a new feature that enables Microsoft DHCP servers to share service availability information providing DHCP with high availability. It works by replicating IP address leases and settings in one or more DHCP scopes from a primary to the failover server. All zone data will be replicated to all other domain controllers to each site (Fig. 3). Another vulnerability that MRC has to respond is a security incident. MRC will create a plan that deals entirely with recovering from
Fig. 3. DHCP Failover (Lozupone, 2015).
623
International Journal of Information Management 37 (2017) 622–626
V. Lozupone
Fig. 4. NIDS vs HIDS (Lozupone, 2015).
application control, granular control, and URL filtering. It also can be installed on MRC’s existing firewalls. Using IPS Software Blade in conjunction with SmartEvent Software Blade MRC will gain a dynamic management model for today’s increased volume of real-time and changing risk management. As shown in Fig. 7, threats are seen in realtime.
4. Create a comprehensive discovery recovery plan that should include the necessary steps required to protect the business in the event of a disaster The disaster recovery plan will provide MRC (Medical Record Company) a state of readiness that will allow personnel to act promptly in response to a disaster. This plan will provide a more effective and efficient means to recover from a natural disaster or security incident. Every disaster recovery plan should have eight phases. MRC will have, as every business should, management commitment. MRC will also perform a risk assessment as shown in Fig. 8. It shows the relationship between the probabilities of an event versus the impact. MRC needs to determine what information systems, data, and assets, for example, facilities, equipment and personnel are most critical. These are the objectives, in part, that MRC will strive to achieve: limit the magnitude of loss by minimizing the length of critical application interruption, assess the damage, repair the damage, recover the data, and prepare MRC technologists to respond effectively. According to Sans Institute (2002) two out of five companies that experience a disaster will go out of business in five years. A 3M study that was performed in 1995 revealed that in the course of “normal business operations” 30% of computer users recovering lost data (p. 8).
Fig. 6. Passive Mode (Lozupone, 2015).
The vulnerabilities can be categorized into natural disasters or manmade. Natural disasters can take the form of earthquakes, fire, flood, fluctuations in power and storms. Phase 1 of the plan is to create the project initiative. MRC needs to have a complete understanding of the computer environment. MRC will create a steering committee. It will have the complete responsibility for guidance and direction of the disaster recovery plan. Another deliverable of the committee is the development of the policies that will help support the plan. During phase two, MRC will do a vulnerability assessment. This was covered in a preceding section of this report. See Fig
Fig. 5. NIDS (Lozupone, 2015).
624
International Journal of Information Management 37 (2017) 622–626
V. Lozupone
Fig. 7. View Real-Time Threats (Checkpoint, 2015).
assumptions, and most importantly the scope. Phase five will entail MRC to create a development plan. This plan of this phase will document changes to user procedures, upgrading data processing required to support a recovery plan. MRC will also develop recovery standards. As part of phase 6, MRC will develop a test and exercise plan. During this phase, goals are created and evaluated. These goals are tailored to the environment and tested on regular schedule. MRC will create a maintenance program as part of phase 7. This program will reflect changes to the environment. In this phase, MRC will create a Change Management process that will adapt to changes in the environment so as to sustain a current Disaster Recovery Plan. In certain areas where there is a lack of change management, procedures will be suggested and then implemented. During phase 8, plan testing will be implemented. The activities during this phase are:
• Defining the test approach • Identifying teams • Creating the structure • Analyze test results • Modify test results if necessary Fig. 8. Risk Analysis (Sans Institute, 2002).
5. Responding to threats
9 for causes of interruptions. As part of phase three, MRC will perform a business impact assessment (BIA). This will enable the committee to identify critical systems, processes and functions and investigate the economic impact of a disaster. It is also critical that MRC determines the “pain threshold” that is the length of time MRC can survive with limited or no systems (DRP, 2013, para. 11). The business impact assessment will also be presented to the steering committee. This critical service functions and timeframes will be enabled first immediately after the recovery operation. In addition, the report will be used to identify systems and resources to support critical services by information processes. During phase four, MRC will determine a definition of requirements. MRC will create a list of hardware, software (vendor or created in-house), documentation, external support for networking, and facilities. Other deliverables of this phase that will be followed are the definitions, objectives,
Responding to threats and more importantly a computer virus infection involves certain steps:
• Identify the threat • Identify the computers • Quarantine • Clean • Post-op and prevent a recurrence To contain and to completely eliminate a threat the staff must be aware of the total threats that are on the computers and their capabilities. The engineers also must know which methods the exploit uses to traverse the network. Int certain situations companies are required to report breaches to the government i.e. security breach notification laws. Since the report entails a Medical Records Company, it is required to Fig. 9. Causes of Interruption (Sans Institute, 2008).
625
International Journal of Information Management 37 (2017) 622–626
V. Lozupone
Table 2 Additional Resources. Link
Description
Microsoft Template (https://blogs.technet.microsoft.com/mspfe/2012/03/08/a-microsoft-word-documenttemplate-for-disaster-recovery-planning/) Ready.gov (https://www.ready.gov/business/implementation/IT)
A document that outlines a DR strategy.
Cio.com (http://www.cio.com/article/3090892/disaster-recovery/8-ingredients-of-an-effective-disasterrecovery-plan.html)
What to do when IT stops working? Assure a continuity plan and impact analysis. 8 Ingredients of an effective DR plan.
these costs.
notify Health and Human Services (HHS) under the Health Insurance Portability and Accounting Act (HIPAA) rule 45 CFR 164.400-414.
9. Conclusion 6. Scope and objective Although statistically the chances of a major disaster are remote, the consequences are dramatic if MRC lacks a Disaster Recovery Plan before an event occurring. It is also critical to establish a steering committee that includes a representative from key areas such as Information Systems, Tech Support, Development, Networking, and Key Business Areas as stated previously. It is also important to realize that a recovery plan is not a one month or 2-month project nor a project that is completed once. MRC will have to make sure that this recovery plan is a live recovery plan which has to be visited and tested on a regular basis.
The main purpose of recovery planning for MRC is to enable the company to survive a disaster and continue normal operations. For MRC to endure, MRC must make sure that the most critical operations can resume and continue normal business. During the entire recovery process, the plan that MRC establishes has to create clear lines of authority and create and follow priorities. The main objectives of MRC’s contingency plan will be:
• Provide safety and well-being for employees when the disaster happens • Continue critical operations • Minimize duration of the interruption • Minimize damage and losses • Establish management succession • Reduce the complexity of the effort of the recovery process • Identify critical elements of business along with associated support
10. Further considerations Designing a disaster recovery plan can be an overwhelming experience, but there are guides and a plethora of resources to help those that need advice and guidance. See Table 2 for additional resources that a company decision maker may use to assist with designing and implementing a DR plan.
functions
7. Steering committee
References
MRC’s steering committee will comprise associates of key business functions such as:
Checkpoint (2015). Intrusion prevention system software blade. Retrieved from http://www. checkpoint.com/products/ips-software-blade/. Cole, E. (2008). Network security fundamentals. Hoboken, NJ: Wiley. DRP (2013). Disaster recovery project plan. Retrieved from http://www. disasterrecoveryplantemplate.org/download/disaster-recovery-project-planexample/. Developer Network (2015). Definition of security vulnerability. Retrieved from https:// msdn.microsoft.com/en-us/library/cc751383. aspx. Images. (2017) Images. Retrieved from http://www.farstone.com/images/a/products/. Lozupone, V. (2015). Visio. Retrieved from https://www.microsoft.com/en-us/ evalcenter/evaluate-visio-professional-2013. Paragon (2015). Paragon software group. Retrieved from http://www.paragon-software. com/. Sans Institute (2002). Disaster recovery. Retrieved from http://itsecurity.gmu.edu/ Resources/upload/DisasterRecovery.pdf. Stallings, W. (2007). Introduction to network-based intrusion detection systems. Retrieved from http://www.informit.com/articles/article.aspx?p=782118. Technet (2005). Configuring WINS replication. Retrieved from https://technet.microsoft. com/en-us/library/cc786754%28v=ws.10%29. aspx.
• Information systems • Technology Support • Systems Development • Network Operations 8. Capital costs During the planning phases, there will be an enormous amount of data collected and will have to be maintained on an ongoing basis. There are products that MRC has to decide to purchase that will be an aid in this effort. There are also other one-time costs that MRC will have to incur that they are voice and data communications. Data processing equipment including servers and PC’s if necessary are also included in
626
Contents lists available at ScienceDirect
International Journal of Information Management journal homepage: www.elsevier.com/locate/ijinfomgt
Research Note
Disaster recovery plan for medical records company
MARK
Vincent Lozupone Northcentral University, 2488 Historic Decatur Rd. San Diego CA 92106
A R T I C L E I N F O
A B S T R A C T
Keywords: Restore Windows Server Disaster recovery Intrusion detection Threats Virus
Computer systems have become a critical part of many businesses. Businesses rely on computer systems to perform many daily tasks. It is important that businesses have a valid strategy to recover their data in the event of fires, hurricanes, other natural disasters, sabotage, or security incidents. This paper describes the concepts of a disaster recovery and data replication plan that The Medical Record Company will adhere.
1. Introduction The Medical Records Company depicted in this report can be any company, regardless of size, which deploys Windows servers that may choose to use this document as a guide for planning for a disaster recovery. Medical Records Companies are firms that offer Information Technology to hospitals, medical labs and other various healthcare organizations. It is important to note that even though a company of any size can use this strategy, a large company may use more resources that are needed to assure a plan that is sound and feasible. Although this report focuses on Microsoft products, facets can be applied generically, i.e. RAID, vulnerabilities, offsite storage, disaster recovery plan, and steering committee. The Medical Record Company’s (MRC) network is configured as a single Microsoft Active Directory Domain. Each client company is using Windows Professional as the operating system. There are four sites connected by broadband, and each site is managed by a LAN administrator. The company is also using WINS, DNS and DHCP at each site. The DNS configuration is using dynamic updates. There are also 20 file servers running the Server 2012R2. This report will identify vulnerabilities with a mitigation strategy, disaster recovery plan and finally present an effective intrusion detection design. 2. Identify the vulnerabilities in the current configuration and describe how to mitigate them A hardware failure can also be considered an exposure and MRC considers this type of failure a natural disaster. Manmade disasters can be sabotage, arson, strikes, bombings, and unavailability of key employees. MRC will obtain relevant information from insurance
E-mail address: [email protected]. http://dx.doi.org/10.1016/j.ijinfomgt.2017.05.015 Received 5 May 2017; Received in revised form 11 May 2017; Accepted 26 May 2017 0268-4012/ © 2017 Elsevier Ltd. All rights reserved.
companies, local weather service, law enforcement, and newspapers. This information should include statistical data from weather and site studies from the Government of an impact study. This should also include man-made risks (Sans Institute, 2002). Irrespective of the type of disaster, aside from a security incident, the disaster recovery will have the same plan. The 20 file servers will be backed up to tape backup system using an incremental configuration. See Fig. 1 for types of backups. An incremental backup only requires the last full backup and the last incremental backup to acquire a full recovery. The tapes will be stored off site at a company, for example, IronMountain.com or similar. This plan will also entail purchasing a server with a backup tape and software and assuring that there is a location to perform a restore if necessary. MRC will be purchasing Paragon Hard Disk Manager Suite 2011 (see Fig. 2). MRC will also have fault tolerant storage. RAID (Redundant Array of Independent Disks) configurations will be configured on all servers. The system drives will have RAID 1, disk mirroring. This will yield redundancy and excellent read and write performance. During a failure the alternate drive will take over (Cole, 2008). The remaining drives will have RAID 5, striping with parity. The workstations will be managed with Symantec Ghost Solution Suite 3.0. This software will deploy new workstations and restore in case of a disaster. MRC will use Symantec’s Data Loss Prevention as part of the suite. According to Developer Network (2015), most people think that defining security vulnerability would be easy. It is not. Security vulnerability can be a potential attack on a system, for example malware, incorrectly configured systems or passwords scribed on a pad. Vulnerabilities can be security exposures that may result from a product weakness by a business producer introduced by accident or an intended attack. MRC considers the lack of a plan, business impact assessment,
International Journal of Information Management 37 (2017) 622–626
V. Lozupone
Table 1 Severity Classifications. Severity
Type
1 2 3 4 5
A few users have received an email with a virus attachment Scans have detected possible targets Many scans detected on perimeter. Many computers affected A breach has occurred or a DOS (Denial of Service) was successful. A major impact on production has occurred. Financial or medical information at risk.
a security incident (Cole, 2008). This plan will use the industry standard name of Computer Security Incident Response Plan (CSIRP). This plan will provide MRC with the precise information needed at the critical moment that an attack is recognized or suspected. The first step that MRC will do is to build a team called Computer Security Incident Response Team (CSIRT). Each member of the team will have a definite role to play. Each site administrator will be aware of the network topology, configuration of the servers and desktops and be aware of the applications installed on the workstations. MRC will determine the severity level assigned to each type of incident. MRC has created a table that will assign a severity to a designated type. Severity 5 is the most serious and has the potential of financial loss to the company as a result of the possibility of health records being comprised. This can also have a damaging effect on the image of MRC and must be taken very seriously. See Table 1 for severity classifications.
Fig. 1. Backup Types (Images, 2017).
3. Design and develop intrusion detection and prevention controls for this organization There are a few techniques and groups that make up intrusion detection systems. Also, there are signature-based and statistically anomaly-based systems. There are advantages and disadvantages to both. Effective IDS (Intrusion Detection System) systems can use both. A signature-based ID stores signatures of attacks as a reference. When data is collected in a log and if there is a match a response is initiated. One weakness of a signature-based ID is a failure to catch attacks over a long period. Other weaknesses include resource intensive to the system, and they are OS (Operating System), platform, and application dependent. Statistical anomaly-based IDs compare learned and normal behavior patterns and will trigger alarms when an anomaly occurs. To work correctly, the ID has to take a sample of network patterns over a long period. These patterns are memory usage, CPU utilization, and network packets. Some advantages are, it is dynamic, OS agnostic and can prevent abuse-of-privileges attacks. MRC will use both types. MRC will also implement a NIDS (Network–based). See Fig 4 for a comparison of NIDS vs. HIDS and Fig 5 for a depiction of NIDS flow. It resides on the network and monitors the entire network, and since MRC does not have network segments, it is a good solution. It works as an appliance in conjunction with a NIC (Network Interface Card). The NIC is configured in the promiscuous mode. This mode sees all traffic on the network. As packets pass through the network, the NIDS inspects and identifies packets that are suspect. It looks for a string, port and header condition signatures. An NIDS customarily provides reliability with the absence of consuming network or host resources. It also provides realtime information (Cole, 2008). Stallings (2007) stated that sensors can be either passive or inline. Most NIDS are deployed using the passive mode. A passive mode monitors a copy of the traffic and actually does not pass through the device. Therefore, no packet delay is realized. MRC will use the passive mode (Fig. 6). An IPS (Intrusion Prevention System) is very similar to the IDS. The difference is that the IPS will attempt to prevent attacks instead of only logging. MRC will install IPSSB (Intrusion Prevention System Software Blade) from Checkpoint at each site (Checkpoint, 2015). It has
Fig. 2. Paragon (Paragon, 2015).
business continuity plan, a security assessment and a detailed definition of requirements a vulnerability. It is imperative that MRC, from an economic and business strategy perspective focus on the activities that have the effect of reducing the likelihood of a disaster occurring rather than focusing on minimizing the impact of the disaster (DRP, 2013). Since there are four sites, there has to be a dedicated communications between all the sites. There also has to be replication existing for WINS, DNS, and DHCP. When configuring WINS replication, there are two issues that need to be considered, type of network and the length of time required for all replicated changes in the WINS database to converge (Technet, 2005). The Converge time is the time needed to replicate a new entry in a WINS database server. MRC will test the network throughput to determine this parameter. Dynamic DNS enables client computers to register and dynamically update their resource records with a DNS server upon changes. This alleviates the need for manual intervention. DNS will be configured on all the domain controllers. Server 2012R2 has a new feature that enables Microsoft DHCP servers to share service availability information providing DHCP with high availability. It works by replicating IP address leases and settings in one or more DHCP scopes from a primary to the failover server. All zone data will be replicated to all other domain controllers to each site (Fig. 3). Another vulnerability that MRC has to respond is a security incident. MRC will create a plan that deals entirely with recovering from
Fig. 3. DHCP Failover (Lozupone, 2015).
623
International Journal of Information Management 37 (2017) 622–626
V. Lozupone
Fig. 4. NIDS vs HIDS (Lozupone, 2015).
application control, granular control, and URL filtering. It also can be installed on MRC’s existing firewalls. Using IPS Software Blade in conjunction with SmartEvent Software Blade MRC will gain a dynamic management model for today’s increased volume of real-time and changing risk management. As shown in Fig. 7, threats are seen in realtime.
4. Create a comprehensive discovery recovery plan that should include the necessary steps required to protect the business in the event of a disaster The disaster recovery plan will provide MRC (Medical Record Company) a state of readiness that will allow personnel to act promptly in response to a disaster. This plan will provide a more effective and efficient means to recover from a natural disaster or security incident. Every disaster recovery plan should have eight phases. MRC will have, as every business should, management commitment. MRC will also perform a risk assessment as shown in Fig. 8. It shows the relationship between the probabilities of an event versus the impact. MRC needs to determine what information systems, data, and assets, for example, facilities, equipment and personnel are most critical. These are the objectives, in part, that MRC will strive to achieve: limit the magnitude of loss by minimizing the length of critical application interruption, assess the damage, repair the damage, recover the data, and prepare MRC technologists to respond effectively. According to Sans Institute (2002) two out of five companies that experience a disaster will go out of business in five years. A 3M study that was performed in 1995 revealed that in the course of “normal business operations” 30% of computer users recovering lost data (p. 8).
Fig. 6. Passive Mode (Lozupone, 2015).
The vulnerabilities can be categorized into natural disasters or manmade. Natural disasters can take the form of earthquakes, fire, flood, fluctuations in power and storms. Phase 1 of the plan is to create the project initiative. MRC needs to have a complete understanding of the computer environment. MRC will create a steering committee. It will have the complete responsibility for guidance and direction of the disaster recovery plan. Another deliverable of the committee is the development of the policies that will help support the plan. During phase two, MRC will do a vulnerability assessment. This was covered in a preceding section of this report. See Fig
Fig. 5. NIDS (Lozupone, 2015).
624
International Journal of Information Management 37 (2017) 622–626
V. Lozupone
Fig. 7. View Real-Time Threats (Checkpoint, 2015).
assumptions, and most importantly the scope. Phase five will entail MRC to create a development plan. This plan of this phase will document changes to user procedures, upgrading data processing required to support a recovery plan. MRC will also develop recovery standards. As part of phase 6, MRC will develop a test and exercise plan. During this phase, goals are created and evaluated. These goals are tailored to the environment and tested on regular schedule. MRC will create a maintenance program as part of phase 7. This program will reflect changes to the environment. In this phase, MRC will create a Change Management process that will adapt to changes in the environment so as to sustain a current Disaster Recovery Plan. In certain areas where there is a lack of change management, procedures will be suggested and then implemented. During phase 8, plan testing will be implemented. The activities during this phase are:
• Defining the test approach • Identifying teams • Creating the structure • Analyze test results • Modify test results if necessary Fig. 8. Risk Analysis (Sans Institute, 2002).
5. Responding to threats
9 for causes of interruptions. As part of phase three, MRC will perform a business impact assessment (BIA). This will enable the committee to identify critical systems, processes and functions and investigate the economic impact of a disaster. It is also critical that MRC determines the “pain threshold” that is the length of time MRC can survive with limited or no systems (DRP, 2013, para. 11). The business impact assessment will also be presented to the steering committee. This critical service functions and timeframes will be enabled first immediately after the recovery operation. In addition, the report will be used to identify systems and resources to support critical services by information processes. During phase four, MRC will determine a definition of requirements. MRC will create a list of hardware, software (vendor or created in-house), documentation, external support for networking, and facilities. Other deliverables of this phase that will be followed are the definitions, objectives,
Responding to threats and more importantly a computer virus infection involves certain steps:
• Identify the threat • Identify the computers • Quarantine • Clean • Post-op and prevent a recurrence To contain and to completely eliminate a threat the staff must be aware of the total threats that are on the computers and their capabilities. The engineers also must know which methods the exploit uses to traverse the network. Int certain situations companies are required to report breaches to the government i.e. security breach notification laws. Since the report entails a Medical Records Company, it is required to Fig. 9. Causes of Interruption (Sans Institute, 2008).
625
International Journal of Information Management 37 (2017) 622–626
V. Lozupone
Table 2 Additional Resources. Link
Description
Microsoft Template (https://blogs.technet.microsoft.com/mspfe/2012/03/08/a-microsoft-word-documenttemplate-for-disaster-recovery-planning/) Ready.gov (https://www.ready.gov/business/implementation/IT)
A document that outlines a DR strategy.
Cio.com (http://www.cio.com/article/3090892/disaster-recovery/8-ingredients-of-an-effective-disasterrecovery-plan.html)
What to do when IT stops working? Assure a continuity plan and impact analysis. 8 Ingredients of an effective DR plan.
these costs.
notify Health and Human Services (HHS) under the Health Insurance Portability and Accounting Act (HIPAA) rule 45 CFR 164.400-414.
9. Conclusion 6. Scope and objective Although statistically the chances of a major disaster are remote, the consequences are dramatic if MRC lacks a Disaster Recovery Plan before an event occurring. It is also critical to establish a steering committee that includes a representative from key areas such as Information Systems, Tech Support, Development, Networking, and Key Business Areas as stated previously. It is also important to realize that a recovery plan is not a one month or 2-month project nor a project that is completed once. MRC will have to make sure that this recovery plan is a live recovery plan which has to be visited and tested on a regular basis.
The main purpose of recovery planning for MRC is to enable the company to survive a disaster and continue normal operations. For MRC to endure, MRC must make sure that the most critical operations can resume and continue normal business. During the entire recovery process, the plan that MRC establishes has to create clear lines of authority and create and follow priorities. The main objectives of MRC’s contingency plan will be:
• Provide safety and well-being for employees when the disaster happens • Continue critical operations • Minimize duration of the interruption • Minimize damage and losses • Establish management succession • Reduce the complexity of the effort of the recovery process • Identify critical elements of business along with associated support
10. Further considerations Designing a disaster recovery plan can be an overwhelming experience, but there are guides and a plethora of resources to help those that need advice and guidance. See Table 2 for additional resources that a company decision maker may use to assist with designing and implementing a DR plan.
functions
7. Steering committee
References
MRC’s steering committee will comprise associates of key business functions such as:
Checkpoint (2015). Intrusion prevention system software blade. Retrieved from http://www. checkpoint.com/products/ips-software-blade/. Cole, E. (2008). Network security fundamentals. Hoboken, NJ: Wiley. DRP (2013). Disaster recovery project plan. Retrieved from http://www. disasterrecoveryplantemplate.org/download/disaster-recovery-project-planexample/. Developer Network (2015). Definition of security vulnerability. Retrieved from https:// msdn.microsoft.com/en-us/library/cc751383. aspx. Images. (2017) Images. Retrieved from http://www.farstone.com/images/a/products/. Lozupone, V. (2015). Visio. Retrieved from https://www.microsoft.com/en-us/ evalcenter/evaluate-visio-professional-2013. Paragon (2015). Paragon software group. Retrieved from http://www.paragon-software. com/. Sans Institute (2002). Disaster recovery. Retrieved from http://itsecurity.gmu.edu/ Resources/upload/DisasterRecovery.pdf. Stallings, W. (2007). Introduction to network-based intrusion detection systems. Retrieved from http://www.informit.com/articles/article.aspx?p=782118. Technet (2005). Configuring WINS replication. Retrieved from https://technet.microsoft. com/en-us/library/cc786754%28v=ws.10%29. aspx.
• Information systems • Technology Support • Systems Development • Network Operations 8. Capital costs During the planning phases, there will be an enormous amount of data collected and will have to be maintained on an ongoing basis. There are products that MRC has to decide to purchase that will be an aid in this effort. There are also other one-time costs that MRC will have to incur that they are voice and data communications. Data processing equipment including servers and PC’s if necessary are also included in
626