This content is part of the Essential Guide: Essential guide to disaster recovery and business continuity

Developing technology scenarios for BC/DR exercise planning

The most effective BC/DR exercise plans begin with choosing disaster scenarios for technology issues, particularly IT-focused ones.

Perhaps the easiest kind of disaster simulation is one that affects technology. However, an event that makes data unavailable can be devastating to many business' operations. As such, DR testing for essential technology should be considered a critical part of any disaster recovery plan. Don't be content to look at a failed server scenario in your business continuity/disaster recovery exercise planning; tests should be more ambitious, like an accidental release of overhead sprinklers in the equipment room that damages multiple devices, many of which are running critical applications and processing protected data.

Another possibility would be to consider a networking scenario in your DR exercise planning, as it could have a farther-reaching impact on multiple company locations, which in itself makes for a more interesting challenge. A distributed denial of service (DDOS) attack can work, as it affects multiple locations, each of which may be running mission-critical systems.

Introduce the element of a timed sequence of attacks occurring over a four-hour period to your disaster recovery exercise planning process. Just when one incident appears to be addressed, another, far worse, attack occurs. Given the pervasive nature of technology today, almost anything is possible in terms of a potentially destructive incident. 

These BC/DR exercise planning scenarios focus on disruptions that affect systems, networks, software, data, and support infrastructures.

Scenario Description Why Use It
Server failure due to improper maintenance and installation of untested circuit board Despite all normal precautions, server outages do occur, and may happen for reasons other than a failed circuit board or power loss This is a key scenario for technology disaster recovery plans, because servers handle so many different functions
Malfunctioning network router causes cascading outage across a large multipoint network Today's networks are so densely interconnected that any errant code, such as an incorrect IP address, could bring down an entire network All elements in a network -- whether voice or data -- must be regularly tested to ensure they are performing properly
Software glitch introduced in IP signaling network causes massive network disruption Such an event occurred in AT&T's network back in 1991; such a threat is always possible, despite improved network software This is a fairly severe example, but a private voice/data network could be compromised by damaging the signaling infrastructure
Failure of SAN infrastructure results in inability to back up critical data Loss of SAN technology could make it very difficult to perform daily backups as well as emergency DR backups Many medium to large organizations link their storage assets via SANs, so this scenario should be considered
Distributed denial of service attack shuts down global network Despite numerous available network security safeguards, a DDOS attack could still occur, threatening a firm's operations Network perimeter security is a key business requirement, considering that most firms are vulnerable since they connect to the Internet
Burst water pipe located above a server area damages multiple critical servers Proper location of electronic device areas is very important; planners must examine the infrastructure both above a prospective equipment room and below it for possible threats and vulnerabilities This is an often overlooked activity that could result in serious and unplanned outages


Dig Deeper on Disaster recovery planning - management