Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Management
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Proximity of DR Sites & U.S. City Hazards

from [Joe . Dauncey] Network Security [Permanent Link]
Subject: Re: Proximity of DR Sites & U.S. City Hazards
Date: Wed, 8 Mar 2006 11:44:24 +0000 
Erm... I think that people are missing the point with proximity.

It's all about Risk Management

You decide what disasters you are prepared to accept, and which disasters 
you need to protect yourself against. You then build your DR plan 
accordingly.

Typically, the more disasters you want to protect yourself against, the 
further apart the sites are, and the more expensive the solution becomes. 
You also factor in the probability that want to be able to recover - i,.e. 
Do you want a 99% probability of recovery or just 50% etc. ... You also 
factor in geographical issues - e.g. are you located near a power plant, 
or an area of seismic activity, or near a flood plain.

There's no such thing as a common distance to locate to, it's going to 
depend on specific factors!

Joe

*** Views are my own and not my companies ***




Packet Man <packetman@altsec.info> 
07/03/2006 16:36

To
Jonathan.Bloomquist@chase.com
cc
security-management@securityfocus.com, lists@infostruct.net
Subject
Re: Proximity of DR Sites & U.S. City Hazards






Jonathan.Bloomquist@chase.com wrote:

I'm going to have to disagree with that distance estimate. We recovered
from Hurricane Wilma just under 200 miles from the primary facility to a
hot site in Orlando. The hurricane damage affected mostly south Florida 

and

in Orlando there was gasoline, street power, and (sparse) lodging to
accomodate the business. Unfortunately, lots of other people did the 

same

thing, so things like gas cans and generators were still hard to find.


I'm glad to hear your experience with Wilma was not a
devastating blow.  But, that particular storm was not
on the upper scale of dangerous.

My look at the NOAA graphs show peak winds of 115 mph,
with a relatively fast moving storm that crossed
South Florida on a northeast track, minimizing its
time over land.

See:  http://www.nhc.noaa.gov/pdf/TCR-AL242005_Wilma.pdf

A category 4 or 5, slow moving hurricane coming straight
up the Florida penisula would probably put almost everyone
in the state offline for at least 3 to 4 days, many much
longer.

Take for example my evacuation from Rita.  Almost the
entire coast of Texas evacuated.  Going from the Galveston
area to Corpus Christi, I actually had problems finding a
motel room there due to the lack of employees. Many gas
stations, stores, and other establishments were closed
for 2 to 3 days, even though the hurricane actually went
through the Beaumont to Lake Charles area.

As a side note, for Texas DR planners, our state is at
the beginning of a 10 year high hurricane activity
cycle.  See the last paragraph with the title:
"Long term trends/hurricane cycles", in this URL:

http://www.srh.noaa.gov/lch/research/txhuclimo2.php

Lots of things to consider, huh?

My personal strategy:

1.  mirror data at a large, well run data center
     like Rackspace

2.  do as much telecommuting as possible, without
     actually keeping sensitive data on the PC's

3.  put together mobile resources, based on the
     reasonable minimum it takes to stay in business

4.  have a plan, brainstorm with experienced folks
     who have been through disasters

5.  once you have a plan that takes all the factors
     into consideration, get it reviewed by others

6.  then, (here's the scary part):  at least once a
     year, pull the plug and see if the plan works

But, back to the original question of "how far is
far enough?".  If the last power blackout in the
East had happened during a major winter storm, how
far away would you have to be to have electricity?

Or, how about Canada in 1998?

http://www.msc-smc.ec.gc.ca/media/icestorm98/icestorm98_the_worst_e.cfm

Lastly, DR planning is always, at best, a gamble.
Most budgets will allow you to plan only for the
"most likely".  But, with some ingenuity and use
of low cost technology, even a "worst case" event
can be survived.

Mark Stingley

-- 
Excellence in InfoSec and Linux
http://www.altsec.info

**********************************************************************
The information in this e-mail is confidential and may be legally 
privileged. It may not represent the views of Scottish and Southern 
Energy Group.

It is intended solely for the addressees. Access to this e-mail by 
anyone else is unauthorised. If you are not the intended recipient, 
any disclosure, copying, distribution or any action taken or omitted 
to be taken in reliance on it, is prohibited and may be unlawful. 
Any unauthorised recipient should advise the sender immediately of 
the error in transmission. Unless specifically stated otherwise, this 
email (or any attachments to it) is not an offer capable of 
acceptance or acceptance of an offer and it does not form part of a 
binding contractual agreement.

Scottish Hydro-Electric, Southern Electric, SWALEC, Atlantic 
Electric and Gas, S+S and SSE Power Distribution are trading names of 
the Scottish and Southern Energy Group.
**********************************************************************
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Proximity of DR Sites & U.S. City Hazards, Packet Man
Next by Date:  Directory Services Teams, Adam Gardner
Previous by Thread:  Re: Proximity of DR Sites & U.S. City Hazards, Packet Man
Next by Thread:  How do top SOX compliance software vendors cheat ?, Michael Mallon
Indexes:  [Date] [Thread] [Top] [All Lists]