The previous chapter looked at how an attack can be investigated to understand the cause of an attack and prevent similar attacks in the future. However, an organization cannot fully rely on the assumption that it can protect itself from every attack and all the risks that it faces. The organization is exposed to a wide range of potential disasters, such that it is impossible to have perfect protective measures against all of them. The causes of a disaster to the IT infrastructure can either be natural or man-made. Natural disasters are those that result from environmental hazards or acts of nature; these include blizzards, wildfires, hurricanes, volcanic eruptions, earthquakes, floods, lightning strikes, and even asteroids falling from the sky and impacting the ground. Man-made disasters are those that arise from the actions of human users or external human actors; these include fires, cyber warfare, nuclear explosions, hacking, power surges, and accidents, among...

The disaster recovery (DR) plan is a documented set of processes and procedures that are carried out in the effort to recover the IT infrastructure in the event of a disaster. Because of many organizations' dependency on IT, it has become mandatory for organizations to have a comprehensive and well-formulated DR plan. Organizations are not able to avoid all disasters; the best they can do is plan ahead regarding how they will recover when disasters inevitably happen. The objective of the plan is to protect the continuity of business operations when IT operations have been partially or fully halted. There are several benefits of having a sound DR plan:

• The organization has a sense of security. The recovery plan assures it of its continued ability to function in the face of a disaster.
• The organization reduces delays in the recovery process. Without a sound plan, it is easy for the DR process to be done in an uncoordinated way, thereby leading...

Organizations need to protect their networks and IT infrastructure from total failure. Contingency planning is the process of putting in place interim measures to allow for quick recovery from failures and, at the same time, limit the extent of damage caused by the failures [5]. This is the reason why contingency planning is a critical responsibility that all organizations should undertake.

The planning process involves the identification of risks that the IT infrastructure is subject to and then coming up with remediation strategies to reduce the impact of the risks significantly. There are many risks that face organizations, ranging from natural disasters to the careless actions of users. The impacts that these risks may cause range from mild, such as disk failures, to severe impacts, such as the physical destruction of a server farm. Even though organizations tend to dedicate resources toward the prevention of the occurrence of such risks, it is impossible...

There are times when a disaster will affect a system that is still in use. Traditional recovery mechanisms mean that the affected system has to be taken offline, some backup files are installed, and then the system is brought back online. There are some organizations that have systems that cannot enjoy the luxury of being taken offline for recovery to be implemented.

There are other systems that are structurally built in a way that they cannot be brought down for recovery. In both instances, a live recovery has to be done.

A live recovery can be done in two ways. The first involves a clean system with the right configurations and uncorrupted backup files being installed on top of the faulty system. The end result is that the faulty system is removed, together with its files, and a new one takes over.

The second type of live recovery is where data recovery tools are used on a system that is still online. The recovery tools may run an update on all the existing...

The aforementioned processes that form part of the DR plan can achieve better results if certain best practices are followed. Here are the most important ones:

• Have an offsite location to store archived backups. The cloud is a ready-made solution for safe off-site storage.
• Keep recording any changes made to the IT infrastructure to ease the process of reviewing the suitability of the contingency plan against the new systems.
• Have proactive monitoring of IT systems so as to determine when a disaster is occurring early enough and be able to start the recovery process.
• Implement fault-tolerant systems that can withstand a certain degree of exposure to a disaster. Implementing a redundant array of independent disks (RAID) for servers is one way of achieving redundancy.
• Test the integrity of the backups that are made to ensure that they have no errors. It would be disappointing for an organization to realize after a disaster that...

In the event of a disaster, there are best practices to adhere to on-premises, on the Cloud, and within hybrid systems. We'll deal with them in sequence:

On-Premises

After the occurrence of a disaster, on-premises DR can help salvage the organization from total system failure and data loss in a cost-effective way. The best practices include:

• Acting fast: without off-site backups or hot sites where operations can be shifted to, it could take an attacker a few minutes to bring down the whole organization. Therefore, DR teams should be on standby to respond to any events at all times. They should always have executable DR plans and a means of quickly accessing the organizational network and system.
• Replicated backups: one of the main concerns during disasters is the permanent loss of data. Organizations should adopt a strategy where they keep replicated backups on the computers or servers as well as external disks. These backups...

In this chapter, we have discussed ways in which organizations prepare to ensure business continuity during disasters. We have talked about the DR planning process. We have highlighted what needs to be done to identify the risks faced, prioritize the critical resources to be recovered, and determine the most appropriate recovery strategies.

In this chapter, we have also discussed the live recovery of systems while they remain online. We have focused a lot on contingency planning, and discussed the entire contingency planning process, touching on how a reliable contingency plan needs to be developed, tested, and maintained.

Lastly, we have provided some best practices that can be used in the recovery process to achieve optimal results.

This chapter brings to a conclusion the discussion about the attack strategies used by cybercriminals and the vulnerability management and DR measures that targets can employ. The next chapter will move us into our final section of the...

1. Computer Security Resource Center: National Institute of Standards and Technology(NIST), https://csrc.nist.gov/publications/sp.
2. Ready National public service for education: Business Continuity Plan: https://www.ready.gov/business/implementation/continuity.
3. International Standards Organization (ISO) When things go seriously wrong: https://www.iso.org/news/2012/06/Ref1602.html.
4. Check list of ISO 27001: Mandatory Documentation: https://info.advisera.com/hubfs/27001Academy/27001Academy_FreeDownloads/Clause_by_clause_explanation_of_ISO_27001_EN.pdf.
5. Dr. Erdal Ozkaya's Personal Blog: ISO 2700x: https://www.erdalozkaya.com/category/iso-20000-2700x/.

1. C. Bradbury, DISASTER! Creating and testing an effective Recovery Plan, MManager, pp. 14-16, 2008. Available: https://search.proquest.com/docview/224614625?accountid=45049.
2. BB. Krousliss, DR planning, Catalog Age, vol. 10, (12), pp. 98, 2007. Available: https://search.proquest.com/docview/200632307?accountid=45049.
3. S. Drill, Assume the Worst In IT DR Plan, National Underwriter. P & C, vol. 109,(8), pp. 14-15, 2005. Available: https://search.proquest.com/docview/228593444?accountid=45049.
4. M. Newton, LINUX TIPS, PC World, pp. 150, 2005. Available: https://search.proquest.com/docview/231369196?accountid=45049.
5. Y. Mitome and K. D. Speer, "Embracing disaster with contingency planning", Risk Management, vol. 48, (5), pp. 18-20, 2008. Available: https://search.proquest.com/docview/227019730?accountid=45049.
6. J. Dow, "Planning for Backup and Recovery", Computer Technology Review, vol. 24, (3), pp. 20-21, 2004. Available:...

1. Ransomware hobbles the city of Atlanta: https://www.nytimes.com/2018/03/27/us/cyberattack-atlanta-ransomware.html.
2. Atlanta was not prepared to respond to a ransomware attack: https://statescoop.com/atlanta-was-not-prepared-to-respond-to-a-ransomware-attack.
3. NHS Cyber Attack England: https://www.telegraph.co.uk/news/2017/05/13/nhs-cyber-attack-everything-need-know-biggest-ransomware-offensive/.
4. T Mobile rapidly restores service after fire: https://www.t-mobile.com/news/cal-wildfire.