Lighting a dark corner--disaster recovery for business continuity in higher education.ABSTRACT Information Technology (IT) challenges are intensifying. Among them, information system security, business continuity and disaster recovery planning (DRP (1) (Distribution and Replication Protocol) A W3C protocol for downloading only updated Web information (differential downloads). The Web site maintains an index of its files, including HTML pages, images and applications. ) have quickly become the top priorities of the IT industry. Compared with other areas of information technologies, the DRP development is relatively behind market needs, and has received little attention at institutes of higher education higher education Study beyond the level of secondary education. Institutions of higher education include not only colleges and universities but also professional schools in such fields as law, theology, medicine, business, music, and art. . It is very important for academic administrations and technology centers in higher education to readjust re·ad·just tr.v. re·ad·just·ed, re·ad·just·ing, re·ad·justs To adjust or arrange again. re their IT strategies in these areas. Meanwhile, to meet the growing challenges in the business world, universities must start to reform current IT education to cover the most updated DRP strategy and recent popular practices in information technologies. 1. INTRODUCTION The recent terrorist attacks on our country and the Homeland Security Noun 1. Homeland Security - the federal department that administers all matters relating to homeland security Department of Homeland Security executive department - a federal department in the executive branch of the government of the United States focus have propelled disaster recovery planning to the highest status in the information technology industry. Compared with other areas of information technologies, the development of disaster recovery planning for business continuity is relatively behind market needs, and has received little attention at institutes of higher education. The goal of this research is to provide our schools with critical information on how to prepare information systems for a major physical or electronic attack. As part of the reform in IT higher education, this article also advocates the integration of DRP and other emerging information technologies into our current technological curriculum. 2. LESSONS LEARNED FROM HISTORY 2.1 Disaster Threats Cross the Nation The whole world was shocked by the tragic events of September 11th. In addition to several thousands of casualties suffered from the attack, hundreds of business organizations were wiped out in just few hours. Business giants found themselves vulnerable and paralyzed par·a·lyze tr.v. par·a·lyzed, par·a·lyz·ing, par·a·lyz·es 1. To affect with paralysis; cause to be paralytic. 2. To make unable to move or act: paralyzed by fear. , with no offices, telephones, email, or computers. 250 of a total of 450 World Trade Center (WTC WTC World Trade Center, see there ) tenants declared business disaster and 150 went out of business. PriceWaterhouseCoopers estimated later that the overall WTC losses were approximately $40.2 billion. The WTC attack of 2001 was the worst disaster in the US history, but is not the only one. Manmade or natural disasters occur almost every year, anywhere in the country. According to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. the New York-based Insurance Information Institute, the 1992 man-made disaster man-made disaster Technological disaster Public health An event in which a significant number of people are injured or die as a result of human devices or activities, unrelated to conflicts, and attributed to operator error–eg, Exxon Valdez in Los Angeles Los Angeles (lôs ăn`jələs, lŏs, ăn`jəlēz'), city (1990 pop. 3,485,398), seat of Los Angeles co., S Calif.; inc. 1850. riots resulted in $775 million in losses. A NSU NSU Nonspecific urethritis, see there seminar reported that during the WTC bombing of 1993, 147 tenants' businesses were non-recoverable, and total losses were approximately $510 million. In the same year, the cost of the London Bishopsgate bomb explosion was estimated at $525m. In 1995, the Alfred P. Murrah Alfred Paul Murrah (October 27, 1904 - October 30 1975) was an American attorney and judge. The Alfred P. Murrah Federal Building, which was named after him, was destroyed in the April 19, 1995, Oklahoma City bombing. building in Oklahoma City Oklahoma City (1990 pop. 444,719), state capital, and seat of Oklahoma co., central Okla., on the North Canadian River; inc. 1890. The state's largest city, it is an important livestock market, a wholesale, distribution, industrial, and financial center, and a farm was bombed causing hundreds of casualties. Government work was crippled for days, and costs were about $1 billion (Michael Hedges Michael Hedges (December 31,1953 – December 2, 1997) was an American acoustic guitarist born in Enid, Oklahoma. Background Hedges was a Peabody Conservatory composition major who applied his classically trained musical background in combination with various unusual , "McVeigh financial tab likely runs into billions", Houston Chronicle Washington Bureau, 6/13, 2001). According to MSU's DRP report, in 1997, there were over 2000 bombing incidents reported in the US. Michigan had total 7,697 suspicious fires resulting in losses of $144 million in 1998. Besides manmade tragedies, natural disasters are always highly significant. According to Federal Emergency Management Agency The Federal Emergency Management Agency (FEMA) is the federal agency responsible for coordinating emergency planning, preparedness, risk reduction, response, and recovery. The agency works closely with state and local governments by funding emergency programs and providing technical (FEMA FEMA, n.pr See Federal Emergency Management Agency. ), during the 1976-2001 period, the US government declared 906 major disasters. Damage from more frequent and severe weather calamities and other natural phenomena during the 1990-99 decade required 460 major disasters to be declared, and FEMA paid more than $25.4 billion for the recovery. 2.2 No Campus is Immune From Disasters During the WTC attack, Pace University was hit hard. According to Frank J. Monaco, CIO CIO: see American Federation of Labor and Congress of Industrial Organizations. (Chief Information Officer) The executive officer in charge of information processing in an organization. of the university Pace lost dozens of people during the attack. Its World Trade Institute, which occupied the entire 55 floor of the WTC Tower One, was completely destroyed. The main New York City New York City: see New York, city. New York City City (pop., 2000: 8,008,278), southeastern New York, at the mouth of the Hudson River. The largest city in the U.S. campus, which is less than three blocks from the WTC site, was totally paralyzed with no public phones, dorm phones, or Internet connectivity. The lives of over 14,000 students and 2,500 staff, faculty were seriously interrupted with no academic activities or school services http://commons.wikimedia.org/wiki/Image:Schools_Collection_May_2007_2.JPGSchool Services are a business unit of the National Library of New Zealand (Te Puna Mātauranga o Aotearoa). They provide curriculum and advisory services to support New Zealand schools. for about 7 days. In the past ten years, campus disasters have occurred frequently throughout the country. Table 2-1 presents those cited by FEMA (2000) and MSU MSU Michigan State University MSU Mississippi State University MSU Montana State University MSU Minnesota State University MSU Morehead State University (Kentycky) MSU Montclair State University (2003): 2.3 Information Systems Disasters Destroyed property losses are comparably recoverable, However, business interruption losses, especially losing critical data, are immeasurable and usually non-recoverable. Above 30% of WTC losses in 2001 represent business interruption costs. Lighthouse Technology reported that annual data loss to PCs cost US businesses $11.8 billion in 1998. In 2001, the business downtime caused loss was $1,010,536 per hour for an average of all industries (Figure 1-1). Meta Group reported this statistic in major financial industries reached $16.6 million per hour in 2003 (Figure 1-2). A study shows, as much as 60% of corporate data resides unprotected on PC desktops and laptops, and more than 109,000 TB of unique enterprise PC data are not being regularly backed up. (Data Protection Facts and Figures, 7/2002, www.connected.com/) In order to provide the most up-to-date DRP status, the author made a brief survey through Educause higher education security/CIO network (called Survey for the rest of the citations in this article). The survey shows that in 1994 an electrical fire crashed the entire data center at Oakland University History Oakland University was created in 1957 when Matilda Dodge Wilson, widow of automobile magnate John Francis Dodge, and her second husband Alfred Wilson donated their 1,500-acre estate to Michigan State University, including Meadow Brook Hall, Sunset Terrace and all the with serious business interruptions. A huge power was created by a faulty discharged Halon ha·lon n. Any of several halocarbons used as fire-extinguishing agents. halon Any of several compounds consisting of one or two carbon atoms combined with bromine and one or more other halogens. system. As a result, all the dust was moved through the computer rooms and badly contaminated contaminated, v 1. made radioactive by the addition of small quantities of radioactive material. 2. made contaminated by adding infective or radiographic materials. 3. an infective surface or object. all running servers. In 2000, a flood damaged all the electrical equipment A piece of electrical equipment is a machine, powered by electricity and usually consists of an enclosure, a variety of electrical components and often a power switch. Examples of Electrical Equipment
In May 2001, the Center for Urban Horticulture Urban and peri-urban horticulture (UPH) includes all horticultural crops grown for human consumption and ornamental use within and in the immediate surroundings of cities. Although crops have always been grown inside the city, the practice is expanding and gaining more attention. at the University of Washington was accidentally caught fire. Many faculty members lost their research materials, on paper or in artifacts artifacts see specimen artifacts. , and some lost important information on hard drives that had never been backed up. Later last year, another incident occurred at the same campus--after eight hours of fire at a two-story Educational Outreach building, 17 main computer servers were damaged and many of them held student records and registration information for the university's online courses. The blaze caused about $1 million in damage, according to a recent report from The Chronicle of Higher Education. Besides disaster losses, information system vulnerability and site outage caused more losses. The Internet Worm (networking, security) Internet Worm - The November 1988 worm perpetrated by Robert T. Morris. The worm was a program which took advantage of bugs in the Sun Unix sendmail program, Vax programs, and other security loopholes to distribute itself to over 6000 computers on the of 1988 is a classic lesson of a security threat that used the Internet as a vehicle to travel around the world within minutes. It infected 6200 computers (10 percent of the computers on the Internet at the time) and caused widespread business interruptions (BI). Several sources estimated that lost computing time was worth $24 million and that direct costs to eradicate the virus and bring computers back onto the Internet totaled $40 million. Other industry experts put the total cost of the worm closer to $100 million. (Gary Schneider, Electronic Commerce, Thomson Course Technology, p362, 2002) Due to web service outage, auction sites lost $2.8M and brokerage sites lost $5.2M within 8 business hours BUSINESS HOURS. The time of the day during which business is transacted. In respect to the time of presentment and demand of bills and notes, business hours generally range through the whole day down to the hours of rest in the evening, except when the paper is payable it a bank or by a . Meanwhile, slow performance costs e-commerce site $362M per month, according to The Industry Standard. EBAY, a major online auction firm, was crippled for nearly 24 hours due to site outage in June 1999. This led to a 26% stock drop in the company's stock price. In August 1999, a software glitch A temporary or random hardware malfunction. It is possible that a bug in a program may cause the hardware to appear as if it had a glitch in it and vice versa. At times it can be extremely difficult to determine whether a problem lies within the hardware or the software. See glitch attack. caused 3,000 MCI (1) (Media Control Interface) A high-level programming interface from Microsoft and IBM for controlling multimedia devices. It provides commands and functions to open, play and close the device. (2) (Microwave Communications Inc. WorldCom customers to lose Internet access See how to access the Internet. . The outage lasted for about 10 days. Amazon.com experienced a 13-minute service outage in September 1999. As a result, its stock was down $.63 on the day. A denial-of-service worm attacked Yahoo in February 2000. It took the site offline for at least 3 hours and cost millions of dollars in loss. The calamitous ca·lam·i·tous adj. Causing or involving calamity; disastrous. ca·lam  i·tous·ly adv. lessons learned from history teach us to not take chances. As disasters are hardly avoided, making effective disaster recovery plans is the only right choice to minimize losses and to quickly resume businesses. 3. MAJOR AGENDAS FACING HIGHER EDUCATION One asset many tenants avoided losing in the September 11th disaster was electronic data. As Morgan Stanley's technology team characterized, the WTC as "probably one of the best prepared office facilities from a systems and data recovery perspective." (Julia Scheeres Julia Scheeres (pronounced "shears"), is a journalist, nonfiction author and novelist. Born February 12, 1967 in Lafayette, Indiana, Scheeres received a bachelor's degree in Spanish from Calvin College in Grand Rapids, Michigan, and a master's in journalism from the , Attack Can't Erase Stored Data, 9/21, 2001; Wired News Wired News is an online technology news website, formerly known as HotWired, that split off from Wired magazine when the magazine was purchased by Condé Nast Publishing in the 1990s. Condé Nast later purchased Wired News on 2006-07-11. , www.wired.com/news/) The road to the disaster recoveries of the WTC tragedy in 2001 was paved in the wake of 1993 WTC bombing. It led most businesses firms to develop detailed plans that were crisply executed when disaster struck. Higher education, however, is not well prepared at many universities, enterprise-wide defensive strategies are generally lacking if they even exist. Due to traditional cultural and political factors, schools create difficult and complex settings to enact change of any kind. Plus, the mission (an emphasis on teaching and learning) at academic institutions is fundamentally different. DRP and "information security deficiencies at educational institutions are more pervasive than that at profit driven corporations." "New efforts to move to an improved level (of DRP) are not easy and don't happen quickly." (Stephen Reeder, Improve Higher Education Information Security, May 23, 2002; www.giac.org/practical/) Although "most universities are doing at least the minimum necessary to protect computer data, ... few have well-thought-out systems for recovery once a disaster happened." (Dan Carnevale, "Preparing for Computer Disasters", The Chronicle of Higher Education, 2/28, 2003) John W. Toigo, CEO (1) (Chief Executive Officer) The highest individual in command of an organization. Typically the president of the company, the CEO reports to the Chairman of the Board. of Toigo Partners international, says, "data recovery often isn't a big priority for institutions unless people there have already witnessed some major catastrophe." More realistically, higher education is facing tougher times in coming years. As Gartner indicated, more than 75 percent of institutions will face budget shortfalls in 2003, and the effects will linger for years after economic recovery. IT planning for higher education--how large, how distributed and how best to make use of budget--will be the "pain point" for many campus IT administrators for the next several years. (Michael Zastrocky, Ron Yanosky, "It's Time It's Time was a successful political campaign run by the Australian Labor Party (ALP) under Gough Whitlam at the 1972 election in Australia. Campaigning on the perceived need for change after 23 years of conservative (Liberal Party of Australia) government, Labor put forward a to Set 2003 IT Priorities for Higher Education", Gartner Research, 12/12, 2002) Several universities' IT administrators said to the survey, "Right now, the money is going to go into prevention rather than a plan to enact if there's failure." "The major constraints universities face are money and time. The pressures to do 'more new things' tends to distract folks from 'doing things well.'" Many schools are hesitating to expand their DR plans, placing it as part of logistic responsibilities and assigning to low-level IT personnel, according to the survey. As a typical example, according to the Chronicle, a long-planned overhaul of administrative computing was planned throughout the Cal State University system. Now, deficits plague the state budget, and the $440-million computing effort has become a high-profile target for critics. All not yet installed new systems are pending until the administrations see what is going to happen with the economy. "My observation is that most universities will always have trouble finding the money to do even most of the planning and preparation they should do," says an anonymous state university administrator. Now, serious questions facing higher education--Strategically, should budget issues bog down bog down Verb [bogging, bogged] to impede physically or mentally Verb 1. bog down - get stuck while doing something; "She bogged down many times while she wrote her dissertation" bog disaster recovery planning? Are budget dilemmas the only threat facing higher education at the present time? Should universities do what they can, or do what they should? Concerning 2003 IT priorities for higher education, Gartner indicated that "A deepening public funding Public funding is money given from tax revenue or other governmental sources to an individual, organization, or entity. See also
n. (used with a sing. verb) 1. The study of the relationship among politics and geography, demography, and economics, especially with respect to the foreign policy of a nation. 2. a. climate will make BUDGETS and SECURITY the TWIN centerpieces of most institutional agendas." Considering DRP a core strategy of a security agenda, Anthony Cirillo, director of Academic Information Systems of Columbia University Columbia University, mainly in New York City; founded 1754 as King's College by grant of King George II; first college in New York City, fifth oldest in the United States; one of the eight Ivy League institutions. stated that the IT department should always have "basic contingency plans in place to enable critical University business processes to function in an emergency. Keeping our systems and equipment running and protecting the University's data have always been a priority for us". The need for disaster recovery plans and procedures should make it "even more urgent that all university business units should review, update, and test." (Anthony Cirillo, Disaster Recovery Plans Are More Important Than Ever, AIS News, Columbia University, May 2002, www.ais.columbia.edu/) Although Pace University faces a tougher budget issues, the school considers DRP is equally important--"We are trying to increase the dollar amount we allocate to DRP for IT", Monaco affirmed recently. Mary Finley, U.S. Document Librarian of California State University Enrollment  at Northridge, has a painful experience from 1994's earthquake. In addition to $407 million disaster caused losses, "uncountable uncountable - countable academic cost--for administrators, faculty, staff, and students alike--is one you will have trouble imagining." Finley added, "I would rate it as essential viewing for anyone writing a campus disaster plan." The importance of DRP makes it "more essential than ever that every institution consider what could happen, do what it can to prepare, and actively plan ahead for its recovery should the unthinkable happen." As the Chronicle reported, a fire damaged the Educational Outreach building of the University of Washington in later 2002. David Szatmary, Vice Provost of the school said after the disaster, that he had never paid much attention to the backup systems until the day of the fire. "The first fear when I saw the flames was, I hope that our data was backed up." Mark Elvy, the network manager of the school further added, "The cost of having the spare servers ready to use was $5000 each, and tapes for the regular backups cost $14 apiece.... As far as my position goes, this is what I plan for, even though I hope it doesn't happen." The article "Strategic Technology" raised an excellent point--educational institutions "must make strategic use of technology, typing its use to the institutional mission. We can no longer do what 'we can'--we must instead do what 'we should.'" (Milton D. Glick with Jake Kupiec, "Strategic Technology", Educause Review, Nov./Dec., 2001) If dealing with budget challenge is "do what we can," pursuing a sound DRP strategy would be" do what we should." 4. DRP CHALLENGES FACING HIGHER EDUCATION After the WTC attack, Frank J. Monaco of Pace University discussed important lessons he had leaned, "We only had one of everything important. Sure, we backed up our systems and took the tapes off site on a regular basis." Today, most people recognize the truth--no business is really secure until its data are recorded on two different sets of media. Nowadays, disaster recovery and crisis management are becoming more challenging, reflecting the rapidly growing complexity of information systems technology and pressures to keep e-commerce systems highly available 24 hours a day. Plus, an effective DRP must be able to protect a business from losing partial or entire physical locations within the shortest time as possible. In general, DRP covers two different types of business interruptions: Temporary business interruptions (TBI TBI 1. Thyroxine-binding index 2. Total body irradiation )--Hardware or software temporary failures caused by electrical problems, system errors, operation mistakes, application bugs, electronic hacking, or virus infections, while the primary site is not physically damaged. Major business interruptions (MBI MBI Management Buy-In MBI Moody Bible Institute MBI Mathematical Biosciences Institute MBI Modular Building Institute MBI Mechanical Breakdown Insurance MBI Molecular Biology Institute MBI Maslach Burnout Inventory (psychometrics) )--The primary site is either physically destroyed, or information systems are completely put out of service, or destroyed due to disasters. Sprint, a major telecommunication developer further defined three DRP coverage ranges illustrated in the following chart: [FIGURE 3-1 OMITTED] As the chart shows, either TBI or MBI recovery can be ranged within Business Essential, Service Availability, or Zero Tolerance The policy of applying laws or penalties to even minor infringements of a code in order to reinforce its overall importance and enhance deterrence. Since the 1980s the phrase zero tolerance has signified a philosophy toward illegal conduct that favors strict imposition of , depending on the cost. 4.1 TBI Recovery On top of any business continuity and recovery plans, Information Security Systems (ISS ISS See Institutional Shareholder Services (ISS). ) should be always a primarily concern. ISS utilizes both hardware and software to ensure operating systems Operating systems can be categorized by technology, ownership, licensing, working state, usage, and by many other characteristics. In practice, many of these groupings may overlap. (OS) or applications reliability. Firewalls, Virtual Private Networks (VPN (Virtual Private Network) A private network that is configured within a public network (a carrier's network or the Internet) in order to take advantage of the economies of scale and management facilities of large networks. ), and Intrusion Detection Systems (IDS) are the most effective countermeasures. They prevent, detect and monitor unauthorized communication into and out of organizations' information systems. Antivirus and data security tools are considered mandatory parts of IT operations today. Normally, most universities have ISS installed with different complexities. However, ISS does not guarantee the planned results unless vulnerability testing (also called penetration testing) is performed and passed. It is a required part of the auditing process for most industries as well. However, some universities/colleges, especially small or mid-sized institutions, do not have the testing procedure enacted with their ISS policy. To cover essential business, an uninterrupted power supply (UPS), and systematic backup are affordable and the most commonly adopted measurements in our schools. While most large universities have daily back up for their main computer servers, some only save data on smaller servers once a week. To ensure service availability, fault-tolerant and high-availability (HA) systems, such as computer clustering, Redundancy Array Independent Disks (RAID), and Load Balancing The fine tuning of a computer system, network or disk subsystem in order to more evenly distribute the data and/or processing across available resources. For example, in clustering, load balancing might distribute the incoming transactions evenly to all servers, or it might redirect them (LB) are most effective practices. Cluster computing Cluster Computing: the Journal of Networks, Software Tools and Applications is a journal for parallel processing, distributed computing systems, and computer communication networks. , links two or more critical computers together that perform as one virtual system. When the primary node fails, the second one immediately takes over (or say Failover) to avoid system downtime. Since the last decade, RAID technology has been widely adopted. RAID packs multiple disks into a single logical unit. For most RAID systems, if a single disk fails, the data can be automatically restored with no system interruptions. As a newly developed technology, LB attracts many major financial firms. 4.2 MBI Recovery When a primary site gets seriously affected or destroyed, in order to recover essential business data, or service availability, either a "cold-site", "warm-site" or "hot-site" is needed. The critical data are backed up at a redundant storage site, and can be restored within different time period. Zero-tolerance requires a "hot-site" (standby-failover-site) mirrored with the primary site. So it is also called "site-mirroring", or "real-time-backup." Each site is configured with Storage Area Network (SAN), Direct Attached Storage (DAS), or Network Attached Storage (NAS (1) See network access server. (2) (Network Attached Storage) A specialized file server that connects to the network. A NAS device contains a slimmed-down operating system and a file system and processes only I/O requests by supporting the popular ) based storage networks and connected through fast link media. Global load balancing, and global replication systems are also needed. When the primary site failed, the hot-site could quickly failover with little interruption break. This feature allows companies to tap into a live system with little or no interruption when disaster strikes. Figure 3-2 shows a Cisco networking storage strategy--one of most powerful practices today: [FIGURE 3-2 OMITTED] A convincing story, "Lehman Brother's Network Survives" tells how an effective DRP with up-to-date storage technologies saved a company during a major disaster: On September 11th, at the moment when the Tower One of the WTC was on fire, as Bob Schwartz, managing director and CTO (Chief Technical Officer) The executive responsible for the technical direction of an organization. See CIO and salary survey. , made his way down the stairwell stair·well n. A vertical shaft around which a staircase has been built. stairwell Noun a vertical shaft in a building that contains a staircase Noun 1. , he decided to trigger Lehman's disaster-recovery plan. "We had completely redundant networks on both sides of the river (referring the primary site at WTC and the back-up site in Jersey City). When we lost access to everything in New York New York, state, United States New York, Middle Atlantic state of the United States. It is bordered by Vermont, Massachusetts, Connecticut, and the Atlantic Ocean (E), New Jersey and Pennsylvania (S), Lakes Erie and Ontario and the Canadian province of , we still had access through New Jersey to all our other 45 branches". Schwartz says, "The network was the hero. No information was lost. When we were attacked, we were able to keep all of our other offices up and running. They were able to continue their normal operations Generally and collectively, the broad functions that a combatant commander undertakes when assigned responsibility for a given geographic or functional area. Except as otherwise qualified in certain unified command plan paragraphs that relate to particular commands, "normal operations" of as if nothing had happened." (Sharon Gaudin, "Lehman Brothers' network survives", Special Report for Disaster Recovery & Business Continuity, 2001) 4.3 Challenges Facing Higher Education's DRP To improve existing DR plans, a few large universities are considering how to practically invest with advanced DRP strategy. Columbia University, as an example, "is investigating the possibility of leasing a 'hot site' that would allow us to produce a payroll cycle." "We are also investigating the cost, which would be significant, of sending critical business application data in 'real-time' to another set of disk storage devices in an offsite location." (Anthony Cirillo, Disaster Recovery Plans Are More Important Than Ever, AIS News, Columbia University, May 2002, www.ais.columbia.edu/). Although the benefits of using advanced backup technologies are evident, most educational institutions are still not passionate about them. Not only because of heavy costs, but because, it is a different timing point of view as well. A university IT administrator commented, "While many companies could be out of business if their BI went down for a few hours/days, a university doesn't require such an instantaneous response." Alternatively, some schools take advantage of having more than one campus, and can allocate a 'warm-site' to another campus. Practically, some state universities, like Montclair, Oakland, North Dakota, Maryland Baltimore County, and several other institutions, maintain their backup tapes at a fireproof fire·proof adj. Impervious or resistant to damage by fire. tr.v. fire·proofed, fire·proof·ing, fire·proofs To make fireproof. Verb 1. closet in campus. The planned SAN systems are also located in the same area of the primary IT center. As another practical solution, according to Finley, some universities are using "site-sharing-cross-firm" to back up each other. For example, after 1994's earthquake, some CA universities discussed "who had what and the virtue of more commonality in hardware/software so that other campuses' resources could be useful in the event of a disaster." To fully utilize limited IT budgets, some schools "are trying to recycle older servers to use in the Open Systems part of the DR Plan," says, Dr. Ed Dr. Doctor. dr. dram. Chapel, Director of Information Systems, Montclair State University History Montclair State was established in 1908 as "Montclair Normal School" in response to a growing need for teachers. It was renamed "Montclair State Teachers College" in 1927, when it developed a program of educating secondary school teachers through a Bachelor of Arts . Similarly, Northwestern University Northwestern University, mainly at Evanston, Ill.; coeducational; chartered 1851, opened 1855 by Methodists. In 1873 it absorbed Evanston College for Ladies. and some other institutions "save money by finding ways to make their backup systems productive long before disaster strikes. Instead of having backup servers sitting around doing nothing while they wait for a disaster, they use the equipment for low-priority tasks" (Dan Carnevale, "Preparing for Computer Disasters", The Chronicle of Higher Education, 2/28, 2003). As the increasing dependency on networking infrastructures, the creation of an efficient DRP is becoming a complex undertaking. It involves not only schools' own strategy, but also technology vendors, suppliers, outsourcing providers, and anyone who a school shares information with. Higher education is no longer an island. Interdependencies have become a new frontier New Frontier President John F. Kennedy’s legislative program, encompassing such areas as civil rights, the economy, and foreign relations. [Am. Hist.: WB, K:212] See : Aid, Governmental in business continuity and directly challenge higher education's DR plans. Blackboard.com, one of most popular online-learning vendors, supports many schools' academic activities. Montclair State University, for example, urges faculty members to use Blackboard as their teaching, learning and assessing tools. Since more weights are put onto Blackboard, the technical support and resource backup become new concerns of the school DRP. The Blackboard database contains not just course images, but many important course exams, students' grades and evaluations. The university data center keeps a close communication with Blackboard supporting group, sending requests to restore images or data when any interruptions may occur. As part of Montclair's DRP, the data center maintains a clear picture regarding how Blackboard should backup/recover university's information. No one can tell how well their DR plans will work until the plans get thoroughly tested. The schools fully or partially rely on outsourcing for DRP support, or never drilled their own DR plans, are taking a big risk. They may never know whether their data and IT systems can be correctly backed up/restored on time until an incident strikes. An IBM (International Business Machines Corporation, Armonk, NY, www.ibm.com) The world's largest computer company. IBM's product lines include the S/390 mainframes (zSeries), AS/400 midrange business systems (iSeries), RS/6000 workstations and servers (pSeries), Intel-based servers (xSeries) storage management director says, "During those drills, officials will be able to tell whether the stored data are easily accessible and compatible with other equipment. Drills also make people realize that they need spare copies of the software to run the data they've been storing." (Dan Carnevale, "Preparing for Computer Disasters", The Chronicle of Higher Education, 2/28, 2003) Oakland University removed UPS from the entire server room after they had a sudden electrical shutdown while doing battery maintenance on their original UPS systems. It caused more than 80 servers to crash. The university tested return order and other procedures during this "practice drill". The survey shows that drills are performed very differently and informally at most schools. Some schools run limited drills when they first set up a new system, and some play drills at backup sites occasionally, testing loaded data from tape, and running production jobs. siness recovery drills should train people how to protect the safety for both their lives and business and personal data. Drills make public personnel familiar with DRP processes and procedures. "The familiarity facilitates the rapid work speed needed in disaster recovery." (Raymond R. Panko, Corporate Computer and Network Security, Prentice Hall Prentice Hall is a leading educational publisher. It is an imprint of Pearson Education, Inc., based in Upper Saddle River, New Jersey, USA. Prentice Hall publishes print and digital content for the 6-12 and higher education market. History In 1913, law professor Dr. , 2003) 5. WHAT HIGHER EDUCATION BEHIND DRP SENSE As disaster recovery planning is no longer only an IT department's responsibility, it should be a publicly recognized task. To meet this goal, DRP study should be offered as a general education in higher institutions. In addition, DRP strategy and technology should be taught as a dedicated course for information systems, technology, and business major students. The course curriculum should be updated and enhanced with more technical aspects and business practices. 5.1 DRP Awareness People usually don't pay attention on DRP unless they have already witnessed some major disasters. Pace University, a victim of the WTC attack, is perhaps the only one entirely undergoing a professional Risk Assessment study. To make faculty, staff and students aware of DRP importance, these courses should be universal and should include the following topics: * Lessons Learned--Major tragedies caused by natural or manmade disasters. Movies, slides, pictures, guest speakers would be the most convincing methodologies * Overview of Organizational IT Infrastructure--It is necessary to specifically introduce how public, administrative, academic, and important vendors' services are served and how they communicate with a school's IT systems * Overview of Organizational Business Continuity Plan--Introducing DRP team and member's responsibilities, how DRP reacts and is triggered by disasters * DRP Drills--What each department and individuals do during normal times and when a disaster occurs 5.2 DRP Issues Within Normal IT Education Traditionally, IT instructors have been adequately educated in the fundamental theories and hands-on skills required for their classrooms. Today however, much of the academic curriculum in higher education no longer closely matches the latest IT concerns. Some curricula may not address the current developmental needs of the technology--others may not provide sufficient teaching and/or research content for students. Typically, the topics of disaster recovery and business continuity have received little attention. So far, major Information Technology, Management Information System, or e-Commerce related textbooks only spent less than one chapter addressing system continuity and recovery issues. Some of them mentioned none of these issues. Moreover, the following core DRP practices and emerging technologies are introduced very lightly or even omitted within current IT curriculum: * High Availability--Besides traditional Cluster Computing and RAID technologies, Load Balancing, especially Geographic LB are moving quickly. * Storage Technology--In particular, Remote Storage technologies, like SAN, DAS, or NAS, providing "hot, warm, or cold site-backups" solutions, and business continuity strategies for management. In addition, several up-to-date data communication technologies are evolving to connect tape libraries. Such as fiber, ISCSI, or Gigabit Ethernet An Ethernet standard that transmits at 1 Gbps. Used mostly to connect high-end workstations and servers as well as for network backbones, Gigabit Ethernet transmits full duplex from point to point using switches and half duplex in a shared environment (CSMA/CD) using a hub. channels, are also worth teaching. * Zero-Tolerance/Site-Mirroring--The highest DRP coverage strategy using Standby-Failover-Site with Active/Passive Servers and Databases. * Information System Security--Information Security System is important to IT and all other industries. It is being offered as a dedicated IT course at some technology institutions. Intrusion Detection Systems, Antivirus Systems, Internet/Remote Access Controls, Wireless Security, and Data Security Control are essential concepts of IT security. Systems vulnerability and penetration testing are rarely introduced in detail, and they should be added into the security part of a DRP course. * Operation Administrations--Concerning System Maintenance, Risk Assessment, Integration Policy Control, and Command Center Management. In order to keep our students up to date, and competitive, reassessing, redesigning or partially modifying the existing IT curriculum is necessary. Developing a dedicated DRP course should be an important agenda for future IT education. 6. CONCLUSIONS Information Technology challenges are intensifying. Among them, information system security, disaster recovery and business continuity planning Business Continuity Planning (BCP) is an interdisciplinary peer mentoring methodology used to create and validate a practiced logistical plan for how an organization will recover and restore partially or completely interrupted critical function(s) within a predetermined have quickly become the top priorities of the IT industry. It is very important for academic administrations and technology centers in higher education to readjust their IT strategies in these areas. Meanwhile, to meet the growing challenges in the business world, universities must start to reform current IT education to cover the most updated ISS/DRP strategy and recent popular practices in information technologies. REFERENCES * Anthony Cirillo, Disaster Recovery Plans Are More Important Than Ever, AIS News, Columbia University, May 2002, www.ais.columbia.edu/ais/html/body_disasterrecovery.html * Data Protection Facts and Figures, July 2002, Connected, www.connected.com/downloads /Facts%20figures%20on%20data%20protection_Q4_02.pdf/ * Dan Carnevale, "Preparing for Computer Disasters", The Chronicle of Higher Education, 2/28, 2003 * David M. Smith David M. Smith (November 10 1926 - May 20 1951) was a soldier in the U.S. Army during the Korean War. He was awarded the Medal of Honor for his actions on September 1, 1950. Medal of Honor citation Rank and organization: Private First Class, U.S. , The Cost of Lost Data, Lighthouse Technology, September 1999, www.lht.com/Products /TapeBackup/Software/LostDataCosts/CostOfLostData.html * FEMA, "Building a Disaster-Resistant University", Draft-5/10, 2000 * FEMA Library, 2003, www.fema.gov/library * Frank J. Monaco, Educause Quarterly, No.4, 2001 * Gary Schneider, Electronic Commerce, Thomson Course Technology, p362, 2002 * Julia Scheeres, Attack Can't Erase Stored Data, 9/21, 2001; Wired News, www.wired.com/news/business/0,1367,47004,00.html. * Maryann Jones Thompson, The Financial Impact of Site Outages, The Industry Standard, 1999 * Michael Hedges, "McVeigh financial tab likely runs into billions", Houston Chronicle Washington Bureau, 6/13, 2001 * Michael Zastrocky, Ron Yanosky, "It's Time to Set 2003 IT Priorities for Higher Education", Gartner Research, 12/12, 2002, * Michigan State University Michigan State University, at East Lansing; land-grant and state supported; coeducational; chartered 1855. It opened in 1857 as Michigan Agricultural College, the first state agricultural college. Disaster Recovery Planning, 2003; www.drp.msu.edu/WhyPlan.htm * Milton D. Glick with Jake Kupiec, "Strategic Technology", Educause Review, Nov./Dec., 2001. * NSU (Network Storage University), "The Zero Tolerance", Seminar, 2002 * NSU (Network Storage University), "Disaster Recovery Planning", Seminar, 2001 * PricewaterhouseCooper Report, 9/25, 2002, www.pwcglobal.com/extweb/ncpressrelease.nsf /DocID/A13966C300D22DFB DFB acronym for dark, firm, dry meat. Called also dark cutting beef. 85256C460057EF8F * Raymond R. Panko, Corporate Computer and Network Security, Prentice Hall, 2003 * Sprint Seminars, Business Continuity Solutions for Financial IT, March 6, 2003, www.webseminarslive.com * Sharon Gaudin, "Lehman Brothers' network survives", Special Report for Disaster Recovery & Business Continuity, 2001 * Stephen Reeder, Improve Higher Education Information Security, May 23, 2002; www.qiac.org/practical/Stephen Reeder GSEC GSEC GIAC Security Essentials Certification (computer security certification designation) GSEC Geophysical Survey and Exploration Contract GSEC Generalized Switch-And-Examine Combining .doc Ruben Hsing, Montclair State University, New Jersey Richard L. Peterson, Montclair State University, New Jersey Edward V Edward V, 1470–83?, king of England (1483), elder son of Edward IV and Elizabeth Woodville. His father's death (1483) left the boy king the pawn of the conflicting ambitions of his paternal uncle, the duke of Gloucester (later Richard III) and his maternal . Chapel, Montclair State University, New Jersey AUTHOR PROFILES Dr. Ruben Hsing received his Doctor of Computer Education from Columbia University, New York in 1992. Currently he is an assistant professor of MIS, leader of DRP project at School of Business, Montclair State University. Dr. Hsing has held senior IT engineer and management positions at several major financial firms in metropolitan New York for more than 15 years. His current research interests include wireless communications wireless communications System using radio-frequency, infrared, microwave, or other types of electromagnetic or acoustic waves in place of wires, cables, or fibre optics to transmit signals or data. , Internet security, information systems high availability, and business disaster recovery. Dr. Richard L. Peterson received his Ph.D from Pennsylvania State University Pennsylvania State University, main campus at University Park, State College; land-grant and state supported; coeducational; chartered 1855, opened 1859 as Farmers' High School. in 1974. Dr. Peterson is Chairperson of the Department of Information Decision Sciences at Montclair State University; responsible for a staff of sixteen serving nearly 300 hundred undergraduate and graduate student in MIS, Business Education, or Quantitative Methods. Dr. Edward V. Chapel received his Ph.D from New York University New York University, mainly in New York City; coeducational; chartered 1831, opened 1832 as the Univ. of the City of New York, renamed 1896. It comprises 13 schools and colleges, maintaining 4 main centers (including the Medical Center) in the city, as well as the in 1983. Ed is Associate Vice President for Information Technology at Montclair State University. For the past several years, Dr. Chapel has focused his professional efforts on the strategic uses of technology in higher education environments. |
|
||||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion