Introduction: Why I Chose This Project
Mexico is one of the countries that is most afflicted by earthquakes in the world. Disaster Recovery Plans are needed for all the institutions, schools, hospitals and companies in the region. The 2017 earthquake destroyed more than 5100 schools across the country. When schools reopened, only about 1% of Mexico City's schools were opened. Nearly all schools in the region do not have disaster recovery plans. One such institution is the National Polytechnic Institute (NIP) of Mexico. NIP is among the largest institution of higher learning in Mexico. It has more than 170,000 students who are in the high school, undergraduate and postgraduate levels. Whenever an earthquake occurs, students have to be sent home for several weeks, and this affects the education learning process negative. The proposed disaster recovery plan for NPI is a guide to carry out the procedures and measures that will be used in case a disaster or an earthquake strikes.
A DRP is a plan that indicates the actions that must be carried out in a specified period of time in the event that any contingency (disaster, disaster) makes it impossible for the computer resources to work partially or totally in an organization. critical services of the organization. Therefore, it is the obligation of the same to control the effects that disasters could produce, that is, each of the personnel must commit to minimize and manage the risks that could be generated by computer disasters. The Disaster Recovery Plan must be implemented by the management of the organization with the firm intention of obtaining the benefits that are obtained after a successful fulfillment of objectives. Within the objectives of a Disaster Recovery Plan, one of the most important is finding the degree of vulnerability that the organization in the matter of interruption of important services to act in. Therefore, define what preventive measures will be taken to reduce the probability of a disaster occurring and the impact that may generated. A DRP identifies and analyzes the possible cost in the service and the public image among others consequences that generate interruptions, whether brief or prolonged in the activities and fulfillment of objectives of the organization that have been impacted by the disaster.
It also has the objective of determining what the needs are for the short, medium and in the long term, the recovery and what will be the necessary resources to achieve normality and conditions for the optimal performance of the organization. A Disaster Recovery Plan identifies possible alternatives and courses of action that can be taken, as well as selecting the most profitable methods and with greater reliability to provide the function of backup operations and the restoration of a service on time. The DRP is responsible for developing and implementing contingency plans that address the immediate and long-term needs for the data center and other business services. By combining all these elements meets the main objective of a Disaster Recovery Plan, which is to minimize the time of technological inactivity as well as the loss of data and information from the organization through a well-planned, orderly and consistent recovery after having had the misfortune of being hit by a contingency or disaster.
An Overview of the Problem Discussed in My Project
One of the most earthquake-prone countries in the world is Mexico. Disaster Recovery Plans are needed for all the institutions, schools, hospitals and companies in the region. The 2017 earthquake destroyed more than 5100 schools across the country. When schools reopened, only about 1% of Mexico City's schools were opened. Nearly all schools in the region do not have disaster recovery plans. One such institution is the National Polytechnic Institute of Mexico. It is one of the largest public universities in the region. It has more than 170,000 students who are in the high school, undergraduate and postgraduate levels. Whenever an earthquake occurs, students have to be sent home for several weeks, and this impacts the education learning process negatively. The current capstone project proposes a disaster recovery plan for the institution. For the development of the proposal, the structure of a Disaster Recovery Plan will be obtained from the National Institute of Standards and Technology (NIST). NIST provides a disaster recovery plan with several activities that are essential for the optimal and effective performance of a DRP.
Mexico City is geographically and geographically susceptible to earthquakes, where every year on average since 1990 there have been 1466.5 earthquakes of 3 to 5 degrees Richter, 18.16 earthquakes of 5 to 7 Richter degrees and 0.5 earthquakes with greater intensity than the 7 degrees. That is why this Disaster Recovery Plan proposal is developed with the recommendation and invitation to the National Polytechnic Institute, to implement this valuable tool that allows returning to the normality and protecting the valuable information when a disaster occurs.
What My Project Consists Of
The project consists of seven phases with several sub-phases included in each. The phases include system audit, requirement gathering, design, development, implementation, testing and quality assurance, and post-implementation. The project phases will be as listed below:
- Preparation of the policy statement for the contingency plan. Having formal directives provides the authority and guidance needed to develop an effective contingency plan.
- Carrying out the impact analysis of the business. The analysis of the impact on the business helps to identify and prioritize the critical systems and components of Information technologies.
- Identification of preventive controls. Measures that reduce the effects of disruptions to the system and can increase their availability and reduce the costs of the contingency of the life cycle.
- Development of recovery strategies. Having a comprehensive strategy guarantees that the system will recover quickly and effectively after a disruption.
- Development of a contingency plan. The contingency plan should contain detailed guidelines and procedures for the restoration of the damaged system.
- Test, training, and execution of the plan. The test of the plan identifies gaps in the planning, while the training prepares the recovery personnel for the activation of the plan; both activities improve the effectiveness of the plan and the general preparation of the entity.
- Maintenance of the plan. The plan should be a living document that is regularly updated to keep it up to date with system improvements.
Special Strategies Used
Some of the special strategies that I used in the current project include:
- Active Directory integration
- Configure Network Intrusion Protection Device
- Training for IT staff
- User awareness training
- Implementation and review
- Successes in Achieving the Milestones Outlined in The Project
The milestones coincide with the completion of individual phases of the project and are listed below:
- Completion of Legacy System Audit
- Completion of Requirement Document
- Completion of Design Documentation
- Design Implemented
- Testing and Quality Assurance completed
- Post Implementation documentation and support guidance completed.
- Issues or Obstacles Encountered
Some of the main obstacles that I encountered include:
- Timeline for project
- Project design problems
- Training requirements for applications
- Transparency and acceptance
Cyber Law, Regulations, And Compliance
The adoption of ISO 27001 aims to guarantee the conformity and efficacy of the ISMS and therefore the information security in the round (physics, logic, information technology, organization, etc.). Furthermore, it aims to eliminate, reduce and prevent threats to confidentiality, integrity and availability to process information. The information stored by computer means represents al today, over 60% of the company's intellectual capital. In a context where the risks of breach of security systems are constantly increasing, piracy and computer fraud, the espionage, the action of viruses, hacking (only demonstration intrusions) and cracking (intrusion to create damage) have become everyday reality and exploit ever more sophisticated techniques. Safety means to guarantee:
- Confidentiality: access to information only by those who have the necessary authorizations;
- Integrity: safeguarding the accuracy and completeness of data and methods processing (they must be able to modify only those authorized);
- Availability: guarantee authorized users access to information, systems and services when requested (access in real time without delay in case of need).
Some of the critical services needed include:
- Analysis of processes and business organization;
- Study, design and construction of the Information Security Management System Quality in compliance with the UNI CEI ISO / IEC 27001 standard;
- Annual service for the management of the system;
- Internal system audits;
- Second Party Audits to Suppliers;
- Development of Control Plans;
- Assistance for the certification of the System by accredited third parties;
- Assistance for maintaining system certification.
Information Security
The information is made up of the data and their meaning, to which we attribute a specific value to the achievement of our mission. The protection of information, whether for internal use or connected to services provided to customers, is implemented by safeguarding the requirements of confidentiality, integrity and availability. Based on these requirements, we designed and implemented our Information Security Management System (ISMS) and achieved certification of compliance with the ISO / IEC 27001 standard by an accredited institution. The certification covers both the entire corporate ISMS and more limited areas related to the most critical services provided on behalf of the Public Administration. The ISMS is subject to constant monitoring and evaluation of the effectiveness of the countermeasures implemented. Improvement actions are implemented against the results of internal audits and feedback from the security incident management processes.
Privacy
For all organizations, the protection of personal data is a central objective: for this reason, institutions should provide themselves with an organizational model for the efficient and efficient management of privacy obligations in line with current regulations. The European Data Protection General Regulation 2016/679, better known as the General Data Protection Regulation (GDPR), establishes the rules that must be respected by all the subjects involved in the processing of personal data, with particular reference to the Data Controllers (natural person or legal entity that determines the purposes and means of processing) and to the Managers (natural or legal person who processes personal data on behalf of the Data Controller). In compliance with the aforementioned rules, institutions should develop an organizational model that constitutes a real Privacy Management System (SGP).
All corporate activities are carried out in coherence with this System which defines, among other things, the roles and responsibilities of all the subjects involved in data processing and the organizational procedures to be followed, according to the accountability principle referred to by the GDPR. Employees as persons authorized to process, are informed about the skills, responsibilities and limitations that such authorization entails. In particular, all are referred to the obligation to process data in a lawful and correct manner, in compliance with the principles mentioned in art. 5 of the GDPR. The organizational procedures to which everyone must abide to ensure, in particular, the integrity and confidentiality of personal data, ranging from the rules of use of credentia...
Cite this page
Disaster Recovery Plans Research Paper. (2022, Mar 29). Retrieved from https://proessays.net/essays/disaster-recovery-plans-research-paper
If you are the original author of this essay and no longer wish to have it published on the ProEssays website, please click below to request its removal:
- Syphilis and Confidentiality Essay
- Personal Statement: For Dental School Admission
- Patient Care Assistant Paper Example
- Research Paper on Service Line Development in Trinity Community Hospital
- Improve the World Essay
- Essay Sample on ANA: A Lifeline for Nurses & Healthcare Providers Dealing with Ethical Dilemmas
- Essay Sample on Protecting Health Info & Public Safety: HIPAA Rules & Business Associates