A disaster recovery plan has instructions which outline how an organization, major or

not, responds to any disruptive attack, which could be cyber attack, natural disasters or
more. The results of these could impact the organization as a whole as it could lose the
customers trust, the authority of the organization, confidential data and financial loss.

The plan has strategies which allow minimization of the impacts of a disaster and
allows the IBM organization to continue its business operations efficiently. Moreover,
before the creation of a disaster recovery plan, IBM performed a business impact
analysis and a risk analysis.

Backup is basically keeping all the vital data for the workload that the organization is
running on. It could be documents, configuration files, and media files/images.

1. Fully mirrored site: This is the backup technique where the operations can
be transferred the same way like how it was at the official site, so the data
which is used and processed can be retrieved easily where there has been a
disaster. This backup technique is the most expensive out of all.

2. Warm Site: This technique is somewhat like a hot site. These are partially
equipped, and so they assist normal operations for functions which are not
critical which are then taken over by IT to resume the operations.

3. Cold Site: This site is the one which is put instantly after an attack. Proper
planning has not been done here, and there is no standby. A cold site gives
the slowest time of recovery and the organization will go through
repercussions.

4. Cloud Based Recovery Site: This is the go-to backup technique for various
organizations as they store the important data in cloud storage. There is no
need for installation of physical equipment for the server since it can be
handled by the cloud host.

5. RAID: This consists of ways to store the data in various hard drives and
put together as 1 unit. It assists users to store the backups of the confidential
data if 1 of them fails and then helps improve the efficiency of the drives.

6. SAN (Storage Area Network): This is a storage device which provides

multiple users access to files which have high performance. It has multiple
arrays so the data is accessible even if server goes down.
7. NAS (Network attached storage): NAS utilizes a network interface which
allows users to have access to the data which is connected to the
switch/router.
  Shadowing: Shadow copies are an alternative backup option to normal
backups. It is beneficial to utilize this if the files are frequently modified in the
computer system. These copies only save the changes which are made to the
files.
 Clustering: This is when 2 or more systems are in connection at the same time.
The clusters are called nodes with each having its individual property, such as
hard drives or RAMS. These nodes work under 1 host name and one assigned
IP address but as individual systems.

8. Electronic Vaulting: This means that the data is backed up and the output is
transmitted to a secure location which is offsite electronically.

It is vital for IBM to have data backup strategies available and ongoing since it
ensures that the organization has the complete copy of the systems in case of a disaster
or a cyber-attack, and the data would be ready to restore no matter the case of loss.

Key Steps:

Step 1: The initial step is to outline the major goals of the plan

Step 2: The second step is to have a personnel record plan which includes the copy of
the organization chart alongside the disaster recovery plan.

Step 3: Various applications should be listed and whether they are vital and need
assets or not.

Step 4: The inventory profile which is the manufacturer, model, serial number, and if
the item is owned or not.

Step 5: Service backups procedures include data such as the modification of the
services done within the organization.

Step 6: 3 elements need to be addressed such as emergency response procedures,

backup operations, and recovery actions in disaster recovery procedures.

Step 7: The plan for a mobile setup includes a communication disaster plan along with
wiring and electrical diagrams.

Step 8: A hot site plan should be made as a sort of an alternative backup site. This is
for temporary utilization.
Step 9: Restorage of the system the way it was before the disaster had taken place.
Step 10: The reconstruction and rebuilding of the data center must be assessed and
then put in place.

Step 11: Using contingency planning to test the disaster recovery plan in order to
evaluate and assess it.

Crisis Management

 The specificities of a cyber-crisis

Cyberattacks do not affect a sole department of the organization, it impacts the

reputation and image of the whole organization. Within IBM, it is necessary for all
departments such as communication & legal, HR and others to join together and
pursue the redemption for the disaster encountered. All security systems must be in
check, as to avoid late detection of the attack.

 Cyber crisis: knowing your weak points

It is vital to know IBM’s own vulnerabilities which involves organizational audits and
technical and security loopholes. Determining events which could have the most
disrupting impact is also important to recognize in order to avoid and be ready for it.

 Cyber-crisis: anticipatory measures

Anticipatory measures within IBM would be to minimize the risks that could occur
and be prepared. Upstream simulations should be carried out in order the determine
any attack and respond with appropriate measures.

 Building a crisis management organization

A risk analysis should be conducted for IBM as to evaluate and determine the risks
which could effect it. After which, a crisis management policy and documentary kit is
to be put in place. The documentary kit contains defense plans, trigger matrix, reflex
cards, checklists and legal documents, all of which would be beneficial towards IBM.

 Crisis management units

IBM has 2 multidisciplinary units, one of which is decisional, and it determines which
response strategy is to be adapted whilst minimizing the impact on IBM and the other
is tactical which coordinates the response by the decisions.

 Crisis management exercises

In other words, these are simulations of the cyber attack. These are necessary for
different aims ranging from educational purposes towards IBM employees to a
alerting them. These help to prepare for further future attacks.
  Create realistic crisis scenarios

These scenarios are created in order to be ready for what may come ahead. It should
be made in a way that all departments within the organization can come into action.
IBM’s crisis scenarios can be based on leakage of personal data or extortion in order
to educate and involve all employees to do their part.

Problematic Event or incident Affected Business Processes Impact Classification & Effect on
finance, legal and reputation

Phishing Website (personal information of Crisis

customers, clients)
 Reputational Damage
Modifications in operations  Business disruption
 Loss of company value.
 Loss of clients and
customers.

SQL Injection Website of IBM would be Major

unavailable
 Leakage of data
Modifications on it which could  Business Disruptions.
affect the data of  Loss of customer trust.
customers/clients/employees  Loss of employees

Leakage of personal data of the

company

Ransomware Emails of the company Crisis

(customers/clients)
 Financial Credibility
Employees systems hijacked  Data withheld
 Unavailable
website/servers

IBM Server Network Major, Crisis at times

Denial of service attack Website unavailable  Unavailability of Services

 Customers/clients not
able to access resources
Service Recovery point Recovery time Critical resources Special notes Critical
objective(hours) objective(hours) rating

IT department 5 hour 7 hours All servers since High priority at all Mission
everything is times. critical
connected to the IT
department.

Personnel/HR 10 hours 30 hours Software installed, Will be needed medium

which contain data within 4-5 days.
regarding clients and
employees

Operations 9 hours 42 hours Operations running Business disruption important

Management on servers to manage if not taken care of
the clients within 2-3 days.

Marketing 2 day 1 week Marketing files and Needs to be fixed medium

personnel within 7 days.

Finance 4 hours 12 hours Financial systems Leakage/loss of Mission

record data would result in critical
no payment to/from
Client banking clients and impact
profiles employees.

Employees data

Criticality Ratings
Mission Critical 4
Important 3
Medium 2
Minor 1