Description
Develop a Complete Disaster Recovery Plan to be submitted to the executive board of your company(You can choose any company).
Only MS Word (.doc, .docx) and Adobe Acrobat (PDF) formats are acceptable.
- Please note that this is a formal writing, all references (peer-reviewed) mostly must be cited appropriately within the text and clearly avoid plagiarism.
- The paper should have a minimum of 10 pages, 1.5 spacing and Times New Roman font.
- A minimum of 5 peer review references must be provided. Reference style is APA.
- You can also have some web references alongside the stated requirement.
- The plan Should address the following:
- Critical Operations
- Evaluate Disaster Scenarios
- Test the plan
- Create a communication plan
- Develop a backup and recovery plan
Unformatted Attachment Preview
Purchase answer to see full attachment
Explanation & Answer
View attached explanation and answer. Let me know if you have any questions.
1
Disaster Recovery Plan for Thumbtack Company
Student's Name:
Institutional Affiliations:
Due Date:
2
Disaster Recovery Plan for Thumbtack Company
Introduction
Thumbtack Company is an online company that connects customers to particular
professionals who are close to the customers over the web (Hata et al., 2021). The company uses
a web application that had been outsourced, despite having complete control of its database,
online hosting account, and applications. The company database, applications, and hosting
account are associated with many threats and risks, with the organization carrying out its online
operations from its San Francisco, California headquarters. The organization's head office faces
several threats that would arise from activities of cybercriminals that can shut down its head
offices that may negatively affect the company's operations. The scope of this disaster recovery
plan will ensure the Thumbtack Company can recover its database, applications, hosting account
and restore its administrative functions. On the other hand, this disaster recovery plan will ensure
that the company experiences minimum market and financial losses, train its employees on how
to respond to disasters, reduce internet interruptions, and help in a timely restoration of business
services company (Yaji & Bayyapu, 2020).
The company faces many risks and threats such as hurricanes, tsunamis, power failures,
disasters associated with cyberattacks, volcanic eruptions, and sabotage, among other forms of
disasters that would negatively affect the company's business operations. The tragedies
associated with cyberattacks have the capability of causing significant impacts to the
organization as they target the company's applications, database, and hosting account, which is
crucial to the company's operations (Yılmaz & Gönen, 2018).
Critical Operations
The main goal of starting Thumbtack company was ensuring that customers are
connected with specific professionals. It was a more significant challenge for customers to find
movers, electricians, cleaners, and plumbers for small businesses and individual people. They
were forced to make several calls, apart from being forced to carry out research extensively. The
Thumbtack Company designed a solution to this issue by introducing a virtual service that
requires professionals and customers to create their accounts, enabling the customers to connect
with a necessary professional when they need any assistance. The business operations of this
organization mainly depend on computer technology. This implies that in case of a disaster
destroying the organization's vital information technology (IT) infrastructures, all of its
3
operations will be halted, leading to the initial problem of customers connecting with necessary
professionals. Apart from millions of professionals and many customers being negatively
affected by a disaster, especially a data breach, the organization would also lose its revenues.
Therefore, this disaster recovery plan will be helpful to Thumbtack Company; it will
significantly aid a rapid recovery of the organization from disaster, which will be essential in
ensuring that the company continues with its normal operations.
Thumbtack clients can access company services from a website application through
mobile applications on either IOS App or Android App or using web browsers. The company
stores its vital data in a database which is later transferred or stored in an internet-connected
server. Based on the nature of services that the organization is providing to its clients, it is
required that the network and server connected to the internet always be on for professionals and
customers to access the company services during any time of the day. Therefore, this disaster
recovery plan will address the fronted infrastructure mainly composed of Mobile Apps and the
backend infrastructure, including applications, hosting account, and company database.
Additionally, it will be essential for the plan to address Thumbtack Company's headquarter
threats (Chakraborty, 2019).
Disaster Scenarios
The online services of Thumbtack Company have been outsourced to an external service
provider or third party, which means that another organization is hosting the organization's
online services. Therefore, Thumbtack Company does not control or own physical servers in
which its applications and databases are being stored and is not also managing the network that is
connected to the servers, which has been linked to the web. The company bought space with a
web hosting firm and later uploaded its applications and database. This means that the company
can only modify, administer, and control its online operations by ensuring that it is connected to
its hosting organization using an internet connection. Outsourcing the hosting services is that the
company does not require maintaining and procuring physical infrastructures, which are
expensive. The second benefit of this strategy is that the third party manages disaster recovery
and mitigation concerning its physical infrastructures. However, the company should be aware of
the hosting service provider's efficacy based on mitigation against risks and recovery protocols
and plans as the provider's side downtimes would negatively affect the company's operations
(Yılmaz & Gönen, 2018).
4
The online hosting service provider has a valuable and detailed disaster recovery plan.
The third-party has many disaster mitigation centres connected to a power supply and the
internet. There is also a distribution of information to all centres to ensure that other centers will
handle the required task if any center has issues. This has led to a reduction of Thumbtack
online operation interruptions. However, the organization is supposed to maintain its cooperation
with the third party as it will further ensure that the company's business is protected
(Chakraborty, 2019). Despite these safety strategies, there are threats associated with online
operations that the company should focus on to create its recovery plan for smooth business
continuity in case of a disaster.
Cyber-attack-related Disasters
The company's applications and databases are essential to operations and service
delivery. A disaster destroying them will lead to the firm being unable to continue its normal
functions (Yaji & Bayyapu, 2020). Both applications and databases face the threats of cyberattacks because they have been connected to the internet. Therefore, any attack from malicious
cyber criminals through the internet has the potential of Thumbtacks infrastructures. The scope
of the company's web hosting security, which has been outsourced to a third party, has been
limited to the company's network and physical infrastructure. Protecting and securing the
company's accounts, database, and applications used to administrate the vital online services has
been tasked to the Thumbtack organization. This means that the company employees should
understand how the database, accounts, and applications can become targets for cyber attackers.
How this will affect the organization will be vital as it will be essential to secure the same
(Udofot & Topchyan, 2020).
There are many strategies that cyber attackers can use to compromise Thumbtack
Company's accounts, applications, and databases. For instance, computer viruses may be used to
attack the company applications, which may halt the processing of professionals' and customers'
access and requests. The online accounts and databases may be subjected to compromise by the
attackers through phishing and brute force techniques. Suppose attackers have to the company's
reports or databases that are used in the administration of services. In that case, they may decide
to delete or modify data that has been stored within the databases. Deleting the data may lead to
halting service delivery, with modifications negatively affect data integrity. The company will be
forced to stop its operations and correct the modified database before following its usual
5
procedures. Because cyber-attacks have been on the rise, so it will be essential for Thumbtack
Company to ensure a practical disaster recovery plan (Yaji & Bayyapu, 2020).
Sabotage
Sabotage threat may arise from the Thumbtack side, leading to a disaster. Sabotage refers
to intentional destructions aimed at achieving certain desired ends, where the sabotage of the
company's applications and databases may result in halting services. Despite the probability of
Thumbtack Company experiencing sabotage being very low, it can lead to devastating outcomes.
Workers of the organization with access to its applications and databases also can destroy these
applications and databases, with this threat being challenging to identify and defend against
because the employees are always trusted with administering and accessing the company
systems. Therefore, it is the role of the company's senior management to ensure that measures
are in place for safeguarding the company's applications and database from any form of sabotage
from its internal environment (Tampubolon, 2019).
Possible Disasters to the Company Headquarters
Thumbtack Company administers its online services from its headquarters. Even though
some of the company's services may be run without administrative control, the operations cannot
extend for more extended periods. If the company headquarters are negatively affected by any
disaster, its customers will not carry on with their services. This implies that its headquarters are
essential to its operations despite outsourcing some of its services (Tampubolon, 2019).
The company headquarters face several threats, with these risks being human-made and natural.
Its headquarters are located in San Francisco, California, bordering the Pacific Ocean. This has
exposed the company offices to natural disasters like flooding, hurricanes, and tsunamis.
Test Plan
Walk Trough's
When the disaster recovery plan is implemented first, an initial test should be performed,
usually carried out by conducting a walk-through. This will involve collecting additional
information, which plays an essential role in working on any bug in the plan. After the walkthrough has been performed, any other information based on the plan's steps that are supposed to
be part of the plan will be added, with changes required to be carried out in the disaster recovery
procedures. The Thumbtack Company disaster recovery plan will require regular updates
because of the company's growth and technological advancements, which may give cyber-
6
attackers an advantage over the company leading to an attack. Finally, the company will be
required to perform its first tests to the plan during the regular business hours department wise.
Simulations
Thumbtack Company must be able to involve all the procedures and steps in the disaster
recovery plan. Therefore, the company will be required to employ a monthly strategy of
simulating its disaster recovery plan, which will help the company discover any weaknesses...