A Network Disaster Recovery Plan Framework for Academic Computing Centre

This thesis presents a network disaster recovery plan (DRP) framework for academic computing centre. Universiti Utara Malaysia Computer Centre is taken as a case study. The proposed framework consists of seven phases of disaster recovery plan which has been enhanced and improved by researcher base...

Full description

Saved in:
Bibliographic Details
Main Author: Adibah Che Mat Daon, Mat Daon
Format: Thesis
Language:eng
eng
Published: 2004
Subjects:
Online Access:https://etd.uum.edu.my/1084/1/ADIBAH_CHE_MAT_DAON.pdf
https://etd.uum.edu.my/1084/2/1.ADIBAH_CHE_MAT_DAON.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
id my-uum-etd.1084
record_format uketd_dc
institution Universiti Utara Malaysia
collection UUM ETD
language eng
eng
topic QA76 Computer software
spellingShingle QA76 Computer software
Adibah Che Mat Daon, Mat Daon
A Network Disaster Recovery Plan Framework for Academic Computing Centre
description This thesis presents a network disaster recovery plan (DRP) framework for academic computing centre. Universiti Utara Malaysia Computer Centre is taken as a case study. The proposed framework consists of seven phases of disaster recovery plan which has been enhanced and improved by researcher based on past studies. The phases of the framework are risk assessment, prevention, preparedness, reaction, immediate recovery, restoration and review. The type of disaster in this study focuses on virus threats. In addition, the framework describes the virus management processes in each phases which is before, during and after virus occurs. The framework of network disaster recovery plan outlined here should provide the direction necessary for planning at any academic computing centre.
format Thesis
qualification_name masters
qualification_level Master's degree
author Adibah Che Mat Daon, Mat Daon
author_facet Adibah Che Mat Daon, Mat Daon
author_sort Adibah Che Mat Daon, Mat Daon
title A Network Disaster Recovery Plan Framework for Academic Computing Centre
title_short A Network Disaster Recovery Plan Framework for Academic Computing Centre
title_full A Network Disaster Recovery Plan Framework for Academic Computing Centre
title_fullStr A Network Disaster Recovery Plan Framework for Academic Computing Centre
title_full_unstemmed A Network Disaster Recovery Plan Framework for Academic Computing Centre
title_sort network disaster recovery plan framework for academic computing centre
granting_institution Universiti Utara Malaysia
granting_department Sekolah Siswazah
publishDate 2004
url https://etd.uum.edu.my/1084/1/ADIBAH_CHE_MAT_DAON.pdf
https://etd.uum.edu.my/1084/2/1.ADIBAH_CHE_MAT_DAON.pdf
_version_ 1747827066974240768
spelling my-uum-etd.10842013-07-24T12:10:19Z A Network Disaster Recovery Plan Framework for Academic Computing Centre 2004 Adibah Che Mat Daon, Mat Daon Sekolah Siswazah Graduate School QA76 Computer software This thesis presents a network disaster recovery plan (DRP) framework for academic computing centre. Universiti Utara Malaysia Computer Centre is taken as a case study. The proposed framework consists of seven phases of disaster recovery plan which has been enhanced and improved by researcher based on past studies. The phases of the framework are risk assessment, prevention, preparedness, reaction, immediate recovery, restoration and review. The type of disaster in this study focuses on virus threats. In addition, the framework describes the virus management processes in each phases which is before, during and after virus occurs. The framework of network disaster recovery plan outlined here should provide the direction necessary for planning at any academic computing centre. 2004 Thesis https://etd.uum.edu.my/1084/ https://etd.uum.edu.my/1084/1/ADIBAH_CHE_MAT_DAON.pdf application/pdf eng validuser https://etd.uum.edu.my/1084/2/1.ADIBAH_CHE_MAT_DAON.pdf application/pdf eng public masters masters Universiti Utara Malaysia Adshead, A. (2003, September). Only 60% of' firms have disaster recovery plans. Comuter Weekly, p.6. Ahmad, N.M.Z., & Zahri, Y. (2004). Computer virus: future cyber weapons. Retrieved April 4, 2004, from http://www.niser.org.my/resources/computer_virus.pdf Arnell, A. (1990). Handbook of effective disaster recovery planning. New York: McGraw-Hill Publishing. Bates, R.J. (1992). Disaster recovery planning: networks, telekommunications, and data communications. New York : McGraw-Hill, Inc. Belfast Institute and North West Institute of Further and Higher Education. (2002). Guidance on developing and maintaining computer disaster recovery plans in . further and higher education. Retrieved April 10, 2004, from http://www. rscni.ac.uk/technical/Disrec. pdf Boehm, B. W. (1988, May). A spiral model of software development and enhancement. IEEE Computer, pp. 61-72. Boehm, B. W., Egyed, A., Kwan, J., Port, D., Shah, A., & Madachy, R. (1998). Using the WinWin spiral model: a case study. Retrieved April 4, 2004, from http://sunset .usc.edu/publication/TECHRPTS/1998/usccse98-512/usccse98-512.pdf Boehm, B.W., & Hansen, W.J. (2001). Understanding the spiral models as a tool for evolutionary acquisition. Retrieved May 2, 2004, from http://www . software-engineer .org/downloads/Spiral%20Model%2Oa%20Tool%20for%20Evolutionary%20Acquisition.pdf Bruce, G., & Dempsey, R.(1997) Security in distributed computing: did you lock the door? New Jersey: Prentice Hall PTR. Center for Technology in Government.(2003). A survey of system development process model. Retrieved April 4, 2004, from http://www.ctg.albany.edu/publications/reports/survey_of_sysdev?chapter=9&PrintVersion=2 Chantico Publishing Company, Inc.(1991). Disaster recovery handbook. United States of America: TAB Professional and Reference Books. Cobb, C. (2003). Nefwork ,security for dummies:New York: Wiley Publishing. Cohn, E.R., Klinzing, G., Frieze, I.H., Sereika, S.M.,Stone, C.A., Vana, C.M. (2004). Academic computing vulnerabilities: another view of the roof. Educause Quarterly, pp. 57-61. Comprehensive Consulting Solutions, Inc. (2001). Define what types of disasters that need to be planned for. Retrieved April 10, from 2004, http://www.compsoln. com/DRP2_whitepaper. pdf Connor, D. (2003, September). Disaster-recovery plans still need work. NetworkWorld, p. 8. Cooley, A. (2003). Virus protection strategies to combat electronic attacks. Retrieved May 19, 2004, from http://www. astaro.com/data/pdf/whitepapers/Whitepaper_VirusProtection_en.pdf Coulthard, A., & Vuori, T.A. (2002). Computer viruses: a quantitative analysis. Logistics Information management, 15 (5/6), 400-409. Data Management and Communications. (2003). System engineering approach. Retrieved April 4, 2004, from http://dmac.ocean.us/dacsc/docs/dmac_partIII_app5_9_30_03.pdf Davies, H., & Walters, M. (1998). Do all crises have to become disasters? Risk and risk mitigation. Property Management, 16 (1), 5-9. Davis, K.(2001). Saving users from themselves: creating an effective student-oriented anti-virus intervention. Proceedings of the SIGUCCS, USA, 27-32. Disaster Recovery Journal. (2004). Business continuity glossary. Retrieved March 11,2004, from http:/www.drj.com/glossary/DRJ-Glossary.pdf Dix, A., Finlay, J., Abowd, G., and Beale, R.(1998). Human-Computer Interaction. 2nd Edition, Hertfordshire: Prentice Hall. Eden and Matthews. (1996). Disaster management in libraries. Library Management,17 (3),5-12. Edwards, B. (1994). Developing a successful network disaster recovery plan. Information Management & Computer Security, 2(3), 37-42. Edwards, B, and Cooper, J. (1995). Testing the disaster recovery plan. Information Management & Computer Security, 3(1),21-27. Eklund, B. (2001, December). Multi-faceted "continuity" plans are replacing simple data-recovery services in the wake of September 11. Business Unusual, pp. 20-25. Ernst & Young. (1996). The Emst & Young International Information Security Survey 1995. Infomation Management & Computer Security, 4(4), 26-33. Farrokh, M. (2002). Evaluation and selection of an antivirus and content filtering software. Information Management and Computer Security, 10(I), 28-32. Ferrarini, E. M. (2001). How to create a disaster recovery plan before trouble strikes. Retrieved March 28, 2004, from http://www.naspa.corn/PDF/2001/1201%20PDF/70112006.pdf Fites, P., Johnston, P., & Kratz, M. (1992). The computer virus crisis. New York: Van Nostrand Reinhold. Fites, P.E., & Kratz, M.P.J. (1993). Information systems security: a practitioner's reference. New York: Van Nostrand Reinhold. Furnell. S. M., & Warren, M.J. (1997). Computer abuse: vandalizing the information society. Electronic Networking Applications and Policy, 7 (I), 61-66. Goh, M.H. (1996). Developing a suitable business continuity planning methodology. Izformation Management & Computer Securiv, 4(2), 11-13. Grance, T., Kent, K., & Kim, B. (2004). Computer security incident handling guide: recommendations of the National Institute of Standards and Technology. Retrieved May 19, 2004, from http://csrc.nist.gov/publications/nistpubs/800- 61/sp800-61.pdf Hannaford, C.S. (1995). Can computer security really make a difference? Managerial Auditing Journal, 10(5), 10-15. Hawkins, S.M., David, C.Y., & David, C.C. (2000). Disaster recovery planning: a strategy for data security. Information Management & Computer Security, 8(5),222-229. Heikkinen, D., & Sarkis, J. (1996). Disaster recovery issues for EDI systems. Logistics Information Management, 9 (6), 27-34. Hendrix, T.D., & Schneider, M.P. (2002). NASA's TReK project: a case study in using the spiral model of software development. Cbmmunications of the ACM, 45(4), 152- 159. Hiat, C.J. (2000). A primer for disaster recovery planning in an IT environment. Hershey: Idea Group Publishing. Hopkins, K. (2003). Ensuring network securiry. Retrieved April 21, 2004, from http://www.businessweek.com./adsections/2003/pdf/0530security.pdf Hruska, J. (1992). Computer viruses and anti-virus warfare. Great Britain: Ellis Horwood. Hubbard, J.C., & Forcht, K.A. (1998). Computer viruses: how companies can protect their systems. Industrial Management & Data Systems, 98(1), 12-16. HyperDictionary. (2003). Framework: dictionary entry and meaning. Retrieved May 19,2004, from http://www.hyperdictionary.com/dictionary/framework Ibrahim M.S., Fakharu'l-razi A., & Aini M.S. (2003a). A review on disaster and crisis.Disaster Prevention and Management, 12(1),24-32. Ibrahim M.S., Fakharul-razi A., & Sa'ari M. (2003b).Technological disaster's criteria and models. Disaster Prevention and Management, 12(4),305-311. Infotech Research Group.(2003). Building a comprehensive disaster recovery plan. Retrieved April 10,2004, from http://www.infotech.com/drp/full_sample.pdf Jaring Internet Magazine. (2004). MyDoom-F worm poised to attack Microsoft and record industry websites. Retrieved April 19, 2004, from http://www.magazine.jaring.my/2004/february/index_stay.html?id=598&month=february&year=2004. Jordan, E. (1999). IT contingency planning: management roles. Information Management & Computer Security, 7(5),232-238. Karakasidis, K.(1997). A project planning process for business continuity. Information management and Computer Security, 5(2),72-78. Kelly, C. (1995). A framework for improving operational effectiveness and cost efficiency in emergency planning and response. Disaster Prevention and Management, 1(3), 25-31. Kundu, S.C. (2004). Impact of computer disasters on information management: a study Industrial Management & Data Systems, 104(2), 136-143. Maiwald, E., & Sieglein, W. (2002). Security planning & disaster recovery. California: McGraw-Hill Osborne MAMPU (2002a). Rangka dasar keselamatan teknologi maklumat dan komunikasi kerajaan. Retrieved April 5 , 2004, from http://www.mampu.gov. my/ICT/MyMIS/AppendixA.PDF MAMPU. (2002b). The Malaysian Public Sector ICT Management Security Handbook. Retrieved April 5 , 2004, from http://www.mampu.gov.my/ICT/MyMIS/chapter3.PDF Manecksha, F. (2004). Warnings of more worm attacks. Retrieved April 19,2004, from http://www.niser.org.my/news/2004_05_10_01.html Maslen, C. (1996). "Testing the plan is more important than the plan itself'. Information manqgemcnt & Computer Security, 4(3), 26-29. McIvor, R. (2000). A practical framework for understanding the outsourcing process. Supply Gain Management: An International Journal, 5(1), 22-36. Mills, A. (1995). Inadequate security encourages the thief. Industrial Management & Data Systems, 95(2), 3-5. Muir, A., & Shenton, S. (2002). If the worst happens: the use and effectiveness of disaster plans in libraries and archives. Library management, 23 (3), 115-123. MyCERT. (2004). Situational report on major worms outbreaks up to year 2003 in Malaysia. Retrieved April 5 , 2004, from http://www.mycert.org. myiother - resourcesf NISER-MYC-PAP-7070-1.pdf MyCERT, & NISER. (2004). Incidents statistics. Retrieved April 13, 2004, from http://www.mycert.org.my/ Nemzow, M. (1997). Business continuity planning. International Network of Management,7,127-136. Neubauer, B.J., & Hams, J.D. (2002). Protection of computer systems from computer viruses: ethical and practical issues. Journal of Consortium for Computing Sciences in Colleges, 18(1), 270-279. Paton, D.(1999). Disaster business continuity: promoting staff capability. Disaster Prevention and Management, 8 (2), 127-133. Polk, W.T., Wack, J.P., Bassham, L.E., & Carnahan, L.J. (1995). Anti-virus tools and techniques for computer systems. New Jersey: Noyes Data Corporation. Raja, K.I., & Kakoli, B. (2000). Managing technology risk in the healthcare sector. Disaster Prevention Management, 9 (4),257-270. Records Management. (2003). What is a disaster? Retrieved January 1, 2004, from http://www. umsystem.edu/records/dpa1.html Reese, R.L.R. (2003). Incident handling an orderly response to unexpected events. Proceedings of the SIGUCCS.USA, 97-1 02. Reuters (2004). Doomjuice worm aims at Microsoft. Retrieved April 19, 2004,from http://www.wired.com/news/infostructure/0,1377,62229,00. html Robbins-Gioia. (2003). Preparing for the worst: u best-pracices guide to disaster recovery. Retrieved March 1, 2004, from http://www.gcn.corn/Resource/disaster.pdf Rohde, R., & Haskett, J.(1990). Disaster recovery planning for academic computing centers. Commuzication of the ACM, 33(6), 652-657. Ruslan, R., Norazuwa, M., & Norazila, M.(2001). The implementation of disaster recovery planning (DRP) for information technology in Malaysia: a case of higher learning institutions. The 2nd International Conference on Disaster Management, 2001, Preparing and Planning for the Future, Surabaya, 1-10. Sanderson, E., & Forcht, K.A. (1996). Information security in business environment. Information Management and Computer Security, 4 (1), 32-37. Savage, M. (2002). Business continuity planning. Work Study, 51(5),254-261. Schneiderman,B (1998). Desiging the user interface. strategies for effective human computer interaction. 3rd Edition, USA Addison Wesley Longman,Inc. Sherif, J.S., & Gilliam, D.P.(2003). Deployment of anti-virus software: a case study. Information Management & Computer Security, 11 (1), 5-10. Shread, P.(2003). Disaster recovery still just an IT responsibility. Retrieved November 18, 2003, from http://www.enterprisestorageforum.com/industrynews/article.php/3072518 Sophos Plc.(2004). Mystery surrounds tip-off to Microsoft about Sasser orm culprit, Sophos comments. Retrieved May 18, 2004, from http://www.sophos.com/virusinfo/artic1es/sasserrewardh.html Swann, J. (2004, February). Be prepared: disaster recovery strategies. Communiy Banker, pp. 40-44. Swanson, M., Wohl, A., Pope, L., Grance, T., Hash, J., & Thomas, R. (2002). Contingency planning guide for information technology systems: recommendations of the National Institute of Standards and Technology. Retrieved May 19, 2004, from http://csrc.nist.gov/publications/nistpubs/800-34sp800-34.pdf Sybase, Inc. (2003). When disaster strike, recovery isn 't enough. Retrieved Mac 28,2004, from http://www. sybase.com./content/102631715856_Disaster_Recovery_WP8.pdf TechTarget.(2003). Spiral model. Retrieved April 24, 2004, from http://searchvb.techtarget.com/sDefinition/0,,sid8_gci755347.html Tipton, H.F., & Krause, M.(2000). Information security management. United States of America: Auerbach Publications. Toigo, JW. (1989). Disaster recovery planning: managing risk and catastrophe in information systems. New Jersey: Yourdon Press Computing Series. Trend Mico, Inc. (2003). Beyond luyers and peripheral antivirus security. Retrieved May, 29 from http://www.t rendmicro.com/NR/rdonlyres/BD8EAA1F-477A-470A-9C19-4AlD347A9F4D/7870/WPOlAVNP030703US.pdf Universiti Utara Malaysia Computer Centre (2002a). Dasar Keselamatan Rangkaian.Retrieved April 4, 2004, from http://pkomputer.uum.edu.my/doc/DICT-04-2002.pdf Universiti Utara Malaysia Computer Centre (2002b). Objective and mission. Retrieved Apri1 4, 2004, from http://www.pkomputer.uum.edu.my/eng/index.php?page=pengenalan.php Universiti Utara Malaysia Computer Centre (2003c). 10 virus terhanyak menyerang sistem komputer di UUM. Retrieved April 15, 2004, from http://virus.uum.edu.my/utama.htm Universiti Utara Malaysia Computer Centre. (2003d). Gangguan Email, Serangan virus. Retrieved April 4,2004, from http://pkomputer.uum.edu.my/index.php?page=baitgengarah-sum.php Weaver, J. (2003). Disaster response and recovery.Retrieved May 23, 2004, from http://wwwhill..com/archive/pub/papers/2003/09/paper.pdf Weckman, J., Colvin, T., Gaskins, R.J., & Mackulak, G.T. (1999). Application of simulation and the Boehm spiral model to 300-mm logistics system risk reduction. Proceeding of the 31st Conference on Winter Simulation: Simulation - A Bridge to the Future, USA, 1,912-917. Weichselgartner, J. (2001). Disaster mitigation: the concept of vulnerability revisited.Disaster Prevention and management, 10(2),85-94. Wen, H.J. (1998). Internet computer virus protection policy. Information ,management & Compute Security 6(2), 66-71. Whitman, M.E. (2003). Enemy at the gate: threats to information security. Comunications of the ACM.46(8),91-95. Williams, R., & Cummings, S. (1993). Jargon: an informal dictionary of computer terms. Barkely: Peachpit Press. Wing, S.C. (2000). Success factors for IS disaster recovery planning in Hong Kong. lnformation management & Computer Security, 8(2), 80-86. Wood, C.C. (1996). A computer emergency response team policy. Information management & Computer Security, 4(2),4. Zahri, Y., & Ahmad, N.M.Z. (2003). Cyber threats: myths or reality? Retrieved April 1, 2004, from http://www.niser.org.my/resources/cyber_threats.pdf