Disaster Recovery Planning News

Disaster Recovery Planning

Business Continuity - SOX Compliant

Disaster Recovery Planning and Business Continuity Template in WORD format

Disaster Recovery Planning and Business Continuity Template in WORD format.

You can download a copy of the table of contents by following this link and registering.

You can order you own copy by following this link.

GPS Track Stick is a GPS logging device. Utilizing Global Positioning System satellites, the track stick will accurately log its location in pre-set intervals. The GPS Track Stick works anywhere on planet earth. Built into every GPS Track Stick is a USB 1.1 connector, which makes downloading data onto your PC a breeze. The GPS Track Stick includes integration software that is amazing! Data can be exported in standard HTML, EXCEL, Google Earth KML, and RTF file formats. The data records the following parameters of the GPS Track Stick - Date, Time, Latitude, Longitude, Altitude, Speed, If the unit stopped and for what time frame, Direction of travel (N, W, E, S), GPS Fix and Signal Strength. Settings with the included software are adjustable. When integrated with Google Earth, the Track Stick gives the user an amazingly accurate view of where the device has been.

Disaster Recovery Security

The GPS Track Stick device will give you an accurate (within 15 meters) historical readout of where the tracking stick has been anywhere in the world. This is a GPS Logging device and does not track in real-time.

Know Where Anyone Or Anything Has Been

Employers - give to your employees; monitor routes and speeds

Parents - know where your children have been
Cars, Boats, Planes, Rockets (Altitude)

03/22/2008 Disaster Recovery and Compliance - Disaster recovery and remote backup strategies need to take into account not just technical issues, but also how to implement those strategies within the letter and spirit of applicable legislation. CFOs and CIOs need to take care that a seemingly simple plan for disaster recovery does not in turn create a potential legal disaster. A compliance-based managed services provider (CMSP) can reduce risk and cost for many businesses.

03/15/2008 Real World Disaster Recovery Tools -

Does your datacenter have the right procedures and equipment in place to recover your business from a disaster? Can your business survive extended downtime without your computing resources? Is your company prepared for a planned D/R event? What about an unplanned event? Janco and it template have helped hundres to recover from both types of events. The Disaster Recovery Planning / Business Continuity Template provides a place to start when considering D/R preparations for your organization.

03/05/2008 What Telephone Service Will You Have After the Disaster - The telephone industry is facing a very interesting quandary. On one hand, all-fiber builds offer elegant solutions and robust triple- and quadruple-play possibilities. Verizon clearly is opting for this approach. However, a good deal of money can be made by leveraging existing copper, though the resulting service platforms are more limited. AT&T is mixing its approach. The company released interesting results about its U-Verse fiber-to-the-node (FTTN) deployment at the Merrill Lynch Communications Services Forum this week. The company expects weekly customer additions to increase from 12,000 to 40,000 by the end of the week. That wasn't the only number of note. John Stankey, the president of the company's telecom operations said 60 percent of the new video customers are coming from cable operators, a percentage that exceeds expectations.

02/29/2008 Disaster Planning Requires Security Experts -

New research from CompTIA shows that security is seen as the most desirous IT skill worldwide, and many companies find their in-house security skills lacking.

When it comes to hiring qualified IT professionals, a large portion of U.S. companies want more highly skilled workers, especially in the areas of security, networking and operating systems.

For established countries like the United States, security was by far the most important skill requested, and the skill most likely to be lacking.

The study found that while 73 percent considered security skills like firewalls and data privacy most important, only 57 percent considered those skills adequate. Other security skills considered critical included data protection, regulatory compliance and identity management.

02/22/2008 Cracking GSM Phone Security - Disaster Recovery Implications -

(TechWorld.com) Two enterprising researchers claim to have figured out a way to eavesdrop on calls made using GSM mobile phones, cracking open its much-vaunted encryption.

GSM calls can now be recorded over long distances and cracked open in half an hour using only $1,000 worth of field-programmable gate array-aided computer equipment and a frequency scanner.

Although GSM's 64-bit A5 stream cipher has been theoretically vulnerable for some time, this is the first time anyone has demonstrated a way of doing it without investing in expensive, specialized equipment and without it taking years.

If one spends $100,000 on hardware and the crack can be done in only 30 seconds using massively parallel processing technology. Pico Computing Inc., is now developing the fast version to sell to agencies such as law enforcement, but plans to give away the slower version for free.

GSM is used all over the world by mobile phone companies, and is used in the U.S. by several networks, most notably AT&T and T-Mobile. It is considered to be secure enough that even criminals use it, simply cycling phones to avoid the theoretical risk of being tracked.

The attack depends on exploiting a vulnerability in the way GSM sets up calls. Assuming attackers were able to find out a phone's mobile subscription identification number and built-in hardware ID -- garnered by sending a text message to that phone, say -- they would have enough information to isolate calls from that phone.

Because networks set up some frames of the call security exchange using the same plain text scheme, throw enough hardware at the problem and the encryption can be forced open by using mathematical tables. "f we know the plain text, we can derive exactly what is coming out of A5.

02/05/2008 What if Your UPS Failed Today -

Most people do not even know they have a bad battery until it's too late. If your battery is 3-4 years old, you need to look at replacing it. When a disaster occurs UPS vendors will be in short supply and will not be able to deliver all of the units that are required. Part of your Disaster Recovery Plan needs to have spares in place before the diasaster occurs.

Energy resources are becoming scarcer and more expensive, making electrical efficiency in the data center an increasingly important consideration. When selecting large UPS systems for your data center, number of significant but often overlooked factors can increase your total cost of ownership due to operational inefficiencies.

01/27/2008 What is the total cost of a world class Disaster Plan? -

Business continuance and disaster recovery always sound great, that is, until management takes a look at the dollars involved. While it can be somewhat easy to justify the costs involved in providing complete duplication of a few key mission critical servers and applications, it becomes much more difficult to justify the next tier of applications requiring duplicate hardware for disaster recovery protection.

The first step the company took when it was formulating its plan was to calculate potential dollars lost.

If a natural or manmade disaster prevented it from shipping equipment its customers, the disaster would cost the company about $xx millions a day. That potential loss was then weighed against the $500,000 a year it costs to use disaster recovery services.

01/25/2008 New Blades Could Ease DRP Planning - A string of new blade server systems promises to hit new heights in processing capabilities, energy efficiency and ease of use, producing even more choices for enterprise users in what is turning into an increasingly crowded field. The latest entry comes from Dell, which introduced the new PowerEdge M1000e rack enclosure that the company claims can be installed and operational within 15 minutes. The 10U rack can hold up to 16 half-height blades, including the M600 and M605 units outfitted with quad-core Xeon or Opterons. The M1000e will replace the outgoing M1955 enclosure, although it will use the same OpenManage toolkit. IBM has added a new Power6 blade to its line-up, the JS22 Express, which matches a pair of the dual-core processors engineered with the Advanced Power Virtualization system to host up to 10 virtual servers per core. Unix users might be interested in the system's Live Partition Mobility feature that enables live migration of operating systems and applications among servers.

01/15/2008 Disk to Disk (D2D) Could be a Qucik Solution for Disaster Recovery and Business Continuity -

The last few years have seen a number of information technology trends converge, transforming disk-to-disk backup (D2D) from something merely feasible into an attractive addition to the IT portfolio.

D2D technology brings many key benefits to your IT infrastructure, including shorter backup windows, faster restores, quicker nearline access, investment protection by leveraging existing tape hardware, and better backup economy through incremental backups.

For several decades, tape drives and tape media have been the preferred enterprise backup solution. But now, modern backup software supports writing to a disk file as though it was another backup device. Often this is implemented by emulating a tape device with special characteristics, allowing the disk file to easily integrate into the rest of the existing software architecture. The common term for this is virtual tape. Some backup software also supports the creation of multiple emulated devices and combining them into virtual tape libraries, referred to as VTL. D2D backup uses these virtual tapes to save backup data by writing to the VTL, and restores the backup data by reading from the VTL. Using hard disk drives as the underlying storage media brings all the advantages of random access, high volume manufacturing, disk reliability, RAID, and familiar technology.

01/10/2008 Disaster Planning Considerations -

Many enterprises have taken a segmented approach to Business Continuity and Availability, adding point technology and reactive services to address disaster recovery. This approach can be very complex, time-consuming and costly. The task becomes much easier when a single vendor takes responsibility for architecting, implementing, testing and supporting the solution.

There is an increase in the number of companies and organizations requiring 24 x 365 days of IT uptime. In fact, ESG research indicates that 36% of enterprises indicate they will incur significant revenue loss or other adverse business impact if they have even an hour or less of downtime on their mission-critical applications. Almost 15% indicate they cannot tolerate any downtime.1 In the past, this type of business demand was only consigned to a relatively small group. However, many more organizations of all sizes, in all industries and located across the globe, now require applications to be running and data to be always available. The needs of these organizations go far beyond simply recovery, requiring an environment that maintains business continuity during and immediately after a disaster. To make it more interesting, the number and types of applications that require this level of protection is very diverse.

12/14/2007 Cyber Attacks Can Impact Your Disaster Plan -

A cyber attack reported last week by one of the federal government's nuclear weapons laboratories may have originated in China, according to a confidential memorandum distributed Wednesday to public and private security officials by the Department of Homeland Security.

Security researchers said the memorandum, which was obtained by The New York Times from an executive at a private company, included a list

of Web and Internet addresses that were linked to locations in China. However, they noted that such links did not prove that the Chinese government or Chinese citizens were involved in the attacks. In the past, intruders have compromised computers in China and then used them to disguise their true location.

Officials at the lab, Oak Ridge National Laboratory in Tennessee, said the attacks did not compromise classified information, though they acknowledged that they were still working to understand the full extent of the intrusion.

- more info

12/05/2007 Security requirements demand that disk files be erased not just deleted - DRP backup security When you delete a file from your hard disk, it may seem as if it is gone forever In truth, however, this is not the case. You must wipe it clear "serveral" times or someone can find traces of the data that was there orginally.

The reason why file deletion is not as thorough as it can be is a simple one; resource management. Actually overwriting every bit of every file that is to be deleted will use more resources than would be practical, for everyday use. And in fact, this simple file deletion is usually sufficient for the basic users needs.

The seemingly permanent process of file deletion actually leaves the file data still on the hard disk. When a file is deleted, it is simply marked deleted, and the space that it occupies on the disk is accordingly marked ready for use. Hence, it may be overwritten when more disk space is required, but this is by no means certain, unless the entire hard disk is filled with data.

Now, the actual data that make up the file is still on the hard disk, even after deletion. This makes it available for recovery, usually done using specially designed data recovery programs. MSDOS, in fact, has a built-in UNDELETE command which may recover recently deleted files.

However, secur

ity considerations might necessitate the complete erasure of a given hard disk or collection of hard disks. When reassigning hard disks, for instance, or switching computers around, confidential data might need to be deleted. To lessen the possibility that this data is recovered, a hard disk wipe may be performed.

When a hard disk wipe is performed, the entire area of the hard disk is actually overwritten with random data. This means that the data that used to be on the hard disk becomes much harder (practically impossible) to recover after such a process. Almost no traces of the previous data that used to be on the disk is left, making a hard disk wipe a secure improvement upon ordinary file deletion.

The metadata or information on the data that used to be on the hard disk is also wiped clean, since the entire space of the hard disk is overwritten. The randomness of this data used to overwrite depends on the algorithm used to generate it. Some hard disk wipe programs give users the choice to select the algorithm they want the program to use. However this is not as necessary for hard disk wipe programs as it is for file shredder programs, which wipe individual files. This is because when it is the entire hard disk that is wiped, the degree of randomness of the overwriting data is not anymore as important.

Performing a hard disk wipe is often as easy as clicking a few buttons in a specially designed hard disk wipe program. Some programs are set to run automatically when a CD containing the program is placed into the computer containing the hard disk to be wiped. This makes it easier to perform batch wipes on many computers at once, and makes the hard disk wipe a feasible security solution for multiple hard disks.

12/05/2007 Erasing Files Is A Must For Secrutiy - DRP backup security When you delete a file from your hard disk, it may seem as if it is gone forever In truth, however, this is not the case. You must wipe it clear "serveral" times or someone can find traces of the data that was there orginally.

The reason why file deletion is not as thorough as it can be is a simple one; resource management. Actually overwriting every bit of every file that is to be deleted will use more resources than would be practical, for everyday use. And in fact, this simple file deletion is usually sufficient for the basic users needs.

The seemingly permanent process of file deletion actually leaves the file data still on the hard disk. When a file is deleted, it is simply marked deleted, and the space that it occupies on the disk is accordingly marked ready for use. Hence, it may be overwritten when more disk space is required, but this is by no means certain, unless the entire hard disk is filled with data.

Now, the actual data that make up the file is still on the hard disk, even after deletion. This makes it available for recovery, usually done using specially designed data recovery programs. MSDOS, in fact, has a built-in UNDELETE command which may recover recently deleted files.

However, secur

11/03/2007 Disaster Planning for Server a Must -

Server Disaster Recovery Planning

Every enterprise with one or more servers should have a server room that is secured with a combination lock and a reinforced door with a deadbolt. If the room is not windowless, the windows should be barred. The room should have both fire/heat detection and water detection sensors which set off a local alarm and send a signal to an off-premises monitoring facility. At a minimum, it should have fire extinguishers suitable for electrical fires. Enterprises that have hundreds-of-thousands of dollars in equipment in its server room should consider a built-in fire suppression system.

Excess heat is, by far, the most commonly reported cause of server downtime and damage. An enterprise should augment its building air conditioning with a room-size air conditioner that kicks-in only when its thermostat shows that the temperature in the room has risen above a specified level, typically 68 degrees. An additional safeguard is available, a thermostat inside any cabinet which has a cooling fan. When a fan fails and the temperature rises, an alarm should be triggered.
Water damage is the second-ranking cause of server downtime and damage, although the damage is rarely greater than moderate. There should be no water pipes in the ceiling above the room, or in the walls that enclose it. The server(s) and associated peripheral equipment should be rack-mounted so that up to six inches of standing water will not affect the equipment.
Power irregularities are the third-ranking cause of server downtime and damage. An UPS (uninterruptible power supply) should be used to protect all servers against surges, spikes, brownouts, and blackouts. The UPS should have a rating which is it least twice the total KVA requirements of the devices it protects. KVA (Kilo Volt Amperes) is a rating that is calculated by multiplying the number of volts by the number of amperes and dividing by 1,000. While a library may not want to operate its servers on battery back-up for an extended period, the UPS should provide power long enough for an orderly shutdown of all servers.

The database server should be protected by its own firewall, preferably a proxy-server between it and the Web server on which the patron access catalog is mounted. A proxy server shields the database server from direct access by initiating a separate inquiry, rather than passing the external inquiry through to the database server. The firewall can be on the same hardware platform as the database server.

Each server should be configured with a logging tape drive or DVD (write once) so that all information written to disk is also written to that media. Each evening the logging tape should be removed and stored away from the server room and a new tape mounted for database back-up. Overnight, the content of the disk drives should be written to tape. The next morning, the back-up tape should be removed and stored away from the server room and a new tape mounted for logging that day's transactions. It will then be possible to restore all files using the most recent back and logging tapes. Magnetic media can become unstable with repeated use, therefore, seven logging tapes (one for each day of the week) should be used.

An enterprise may choose to do a full back-up only once a week. If so, all of the logging tapes for the week should be saved so that they and the previous weeks back-up tape can be used to restore the files. The logging tapes and the previous week's back-up tape should be stored away from the server room. In a large facility than may be at the opposite end of the building, but for smaller facilities it should be off-site.

At least once per week, a current back-up media should be sent to an off-site storage facility to protect against the loss of the on-site back-up tape.

Enterprises that can afford RAID (Reduced Array of Inexpensive Disks) should configure their servers with them. RAID technology mirrors everything written to one disk on another disk. If a disk fails, the mirroring disk provides access to the information without resorting to the rebuilding of files from the combination of back-up and logging tapes.

The database server for the automated library system should be available only to enterprise staff in the enterprise facility and the vendor of the automated library system.

Disaster Recovery Planning News

Janco Associates, Inc. has a number of web sites that it maintains. On many of them there are feeds. Below is a brief description of them.

www.e-janco.com has several feeds that focus on the issues of Disaster Recovery Planning for enterprises of all sizes. . All of the feeds, including that one are subset of the Janco Historical feed. The feeds are:

Normal Feed - Latest 50 items

Medium Feed - Latest 25 items

Short Feed - Latest 10 items

Mini Feed - Latest 5 items

Historical Feed - all of the items in the feed

Current News

07/22/2008 Disaster Plan & Business Continuity Infrastructure -

The key technology elements of a Disaster Recovery Plan and Business Continuity Plan (DRP/BCP) infrastructure are the prima¬ry data center, a remote site that duplicates the resources in that primary location and the method used to get files (master and transaction) between the two sites such as high-bandwidth network connections. The best DRP/BCP strategies follow a "redundant every¬thing" philosophy throughout the data center. Multiple mainframes and servers should run in the production and backup data facilities. Then, if a component in the production system encounters problems, it immediately fails over to the local backup as a first line of defense.

Power supplies and communication links are one of the most critical components in a DRP/BCP strategy.

07/18/2008 What To Do When Disaster Strkes -

A natural or man-made disaster can strike anywhere, anytime, with ruthless and devastating results - that's the awful essence of a disaster.

Hurricane Katrina and the Sept. 11, 2001, attacks loom large in the collective memory for the magnitude of their destruction, but smaller-scale, localized disasters happen all the time: a fire in a building, human error that erases a server, a power outage in a town. Each can wreck a business in minutes and is much more likely to happen than a terrorist attack or a hurricane.

As gloomy as those scenarios may be, the name of the game for companies is "prepare for the worst; hope for the best." Companies can minimize the worst possible disruptions to their businesses and the lives of their employees by creating disaster recovery and business continuity plans. Such plans are not just for large and well-connected companies, but for small and midmarket companies as well.

These plans can protect company data and applications, and they can have a company back in business within 48 hours or less after a disaster. That's where Janco's Disaster Recovery / Business Continuity Template comes into play. The Templates provice the expertise to help companies craft their plans and then flesh out those plans with technology solutions.

07/06/2008 Disaster Causes Many Businesses to Close Doors Forever -

Consider this, almost 40% of small businesses that close due to a disaster event never re-open. What would you do if the building your business is located within was damaged or destroyed in a disaster? Where would you go to continue providing your customers with your business services? Would you be prepared and have the correct resources, databases, contact information and other necessary items to adapt to these changes? Having a disaster plan that identifies these important items will help ensure your business is prepared to survive during unexpected and difficult times!

As historic floodwaters start to recede along the Mississippi and other Midwestern rivers, local businesses in affected communities like Cedar Falls, Iowa, are busy assessing the impact on IT equipment and whether disaster recovery plans stood the test.

A maker of computer games in Cedar Falls, may be permanently displaced after Cedar River floodwaters reached 6 feet in its administrative offices and 5.5 feet in an adjoining warehouse. The company sustained about $250,000 in damage to inventory.

The firm's president said all 65 employees are now working temporarily in borrowed offices in three facilities.

As the floodwaters approached on June 9, employees scurried to save 120 PCs, 80 monitors and eight servers. Three high-end printers could not be removed in time.

The company plans to revise his disaster recovery plan. "When a river comes up 6 feet higher than it ever has before, it's tough to have that foresight," they said. "But it is probably going to happen again."

A software development company has plans to deal with tornados and electrical outages, but executives never dreamed they would have to contend with the Cedar River surpassing 500-year-flood levels. "Going through this experience [will] make those plans [more] than just part of an IT checklist," he said.

A key lesson learned was that companies must prepare for employees to miss work to help families and communities after natural disasters.

06/11/2008 Amazon Business Continuity Problems Are a Reality -

Amazon suffered some disaster recovery and business continuity issuse as online shoppers struggled to enter Amazon.com's main e-commerce site for the second time in two days.

Only about 30% of visitors managed to enter Amazon.com, according to mobile and Internet management firm which tracks Web site performance.

The problem was not limited to the US as Amazon's U.K. storefront had similiar problems.

The U.K. site first experienced problems when its availability dropped as low as 38%.

Amazon said, "Some customers reported intermittent problems accessing Amazon retail Web sites. Amazon is working to resolve the issues, and Amazon's Web services are not affected."

Average load times jumped to 15 seconds versus 6 seconds.

During the period of site unavailability most shoppers having access problems got the cryptic error message "Http/1.1 Service Unavailable, which means little to nontechnical people. That message indicates that whatever caused the problem proved hard to isolate, making it impossible for the company to configure its system to trigger a more intelligible alert acknowledging the problem in plain English.

The more complex a system is, the more challenging it is to maintain, and a configuration problem here can cause problems somewhere else.

05/28/2008 Data Loss a Real Disaster Planning Concern - Consider the Herculean efforts today to protect the network from threats: Intrusion prevention systems scan packets for potentially damaging content; email security systems check for viruses in email content and firewalls block unsolicited connections. To stop the onslaught of threats to corporate and government networks, a host of software and appliances are being deployed daily . In general, these border police applications are doing a fairly decent job of stopping unauthorized intrusion at the door to your network.

But what about organizational insiders? Which applications or appliances are scrutinizing the information being passed out of the network? Intrusion prevention systems and firewalls arent looking for intellectual property sliding out the door right under their virtual noses. Specifically in healthcare organizations, what about patient information sent unprotected over the Internet to another provider? Add in the always-changing regulatory environment, and security is a unique challenge. All it takes is one misstep to compromise sensitive information. These are legitimate, authorized users communicating in an above-board way but potentially exposing sensitive data in the process. This is the core of the immensely complex problem of data loss.

05/13/2008 Data Bacup Takes Bandwidth -

Whether backing up remote data onto centralized tape or disk backup systems, or replicating company assets between redundant data centers, wide-area data services (WDS) solutions enable organizations to move data between sites without the constraints of distance and throughput. One optimization system accelerates applications typically by five to 50 times and in some cases up to 100 times faster than conventional transport mechanisms with up to a 95% reduction in WAN bandwidth utilization.

05/01/2008 What is a Disaster? -

(Computerworld) Disaster planning traditionally focuses on three variables: data center replication, building design and backups. Analysts have maintained for years that the most common disaster is outright hardware failure because of faulty data center design, for instance, when the emergency power off button is hit, either accidentally or on purpose. Yet, for many enterprises throughout the U.S., the reality is that recovery plans should be customized for whichever type of major disaster is most likely to occur in any given area.

There are really two kinds of disasters that can affect your data center, says the executive director of The Uptime Institute in Santa Fe, N.M. Those that do not affect your data center directly but do affect your region. Another is a disaster that affects your building directly; you will not recover until you recover the building. One of the most important decisions, but one that is often given little thought, is where to put the data center.

04/25/2008 Backup Window Must be Planned For -

Rather than add more bandwidth, or invest in expensive, dedicated storage networks, WAN optimization can improve IP network performance sufficient to turn recovery into continuity. To help meet the objectives outlined above, a WAN optimization solution must be able to do three separate tasks for true business continuity: restrict bandwidth to backup applications during the allowed window and allocate it to critical applications in the event of a disaster, overcome latency and bandwidth limitations on the wire, and provide acceleration to roaming or displaced users redirected to alternative data sources.

Regardless of whether the data is being replicated from a massive cabinet, over IP-based storage or off a users hard drive for compliance purposes, during the backup window maximum bandwidth should be available to ensure completion. This requires granular bandwidth management that can isolate applications on the network and provide a predictable, policy-based service level. Further, the solution should be able to distinguish between a user initiated file copy and one started by the backup daemon, and apply different bandwidth allocations to each.

Also, the solution must remove latency and protocol inefficiencies that constrain current WAN backups. Caching and compression technology combined with inline protocol optimization of commonly used file transfer protocols form a technology suite that improves the performance characteristics of a WAN, adding bandwidth and reducing the time needed to complete backups and restores. Moreover, it should be able to do this for individual devices and accommodate displaced and roaming users without the need for bulky appliances.

04/19/2008 What is a Chief Security Officer - the CSO Who is it? -

What is the Chief Security Officer (CSO)? The title Chief Security Officer (CSO) was first used inside the information technology department and function to identify the person responsible for IT security. At many enterprises, the term CSO is still used in this way.

The CSO title is also used in many enterprises to describe the leader of the "corporate security" function, which includes the physical security and safety of employees, facilities and assets. This individual often holds a title such as Vice President or Director of Corporate Security. Historically, corporate security and information security have been handled by separate departments.

IT Job Descriptions

The CSO is the executive responsible for the organization's entire security posture, both physical and digital. CSOs also frequently own or participate closely in related areas such as business continuity planning, loss prevention and fraud prevention, and privacy.

At a tactical level, technology is being infused into physical security tools, which are increasingly database-driven and network-delivered. At a strategic level, CEOs and corporate boards, motivated in part by regulations such as the Sarbanes-Oxley Act, HIPAA, and ISO 27000 (formerly ISO 17799) 27001 & 27002 standards, desire an enterprise-wide view of operational risk.

The Chief Security Officer (CSO) is responsible for overall direction of all security functions associated with Information Technology applications, communications (voice and data), and computing services within the enterprise. At the same time the CSO must be aware of the implications of legislated requirements that impact security for the enterprise. This includes but is not limited to Sarbanes Oxley Section 404 requirements.

The CSO has the responsibility for global and enterprise-wide information security; he/she is also responsible for the physical security, protection services and privacy of the corporation and its employees.

04/13/2008 How minimize your backup exposure -

Are you taking the right steps, or could you reduce your backup window further?

Are you setting the right data protection goals?
Have you established the best benchmarks?
How can you optimize your backup model to meet your SLAs?
Have you projected your data growth accurately?
Will your technology fit all your needs?

To accomplish this you should:

Set data protection goals based on buisness needs
Establish performance benchmarks
Optimize backup performance to exceed your benchmarks
Forecast the capacity needs for both hardware and software
Build a modular data protection architecture

04/02/2008 Keeping track of resources in a disaster -