Abstract
M.Com. (Informatics)
The-utilization of information technology is essential for an organization, not only to handle
daily business activities but also to facilitate management decisions. The greater the
dependence of the organization upon information technology, the greater the risk the
organization is exposed to in case of an information systems interruption. Computer
disasters, such as fires, floods, storms, sabotage and human error, constitute a security
threat which could prejudice the survival of an organization.
Disaster recovery planning is a realistic and imperative activity for each organization
whether large or small. In the light of the potential economic and legal implications o fa
disaster, it is no longer acceptable not to be prepared for such an occurrence today.A well
designed and tested disaster recovery plan, as part of the total information security strategy
of the organization, is therefore not only essential in the terms of the recovery of business
functions, but for the SURVIVAL of the organization.
In viewpoint above, it can be expected that disaster counterrevolutionary be standard
practice for all organizations. However that is not the case. The literature study undertook,
as well as exposure in practice, indicate clearly that disaster recovery planning enjoys low
priority in most organizations. The majority existentialists are superficial, unstructured
and insufficient and will not be successful when real disaster strikes.:The most important
single cause for the failure of an organization ~ disaster recovery plan, will be that too much
emphasis is being placed on the technical aspects rather than on the management or
organizational aspects. The solutions an integrated approach of strategies and the multiple
technologies which are available today. These strategies and technologies should be
combined to meet the specific needs of the individual organization.
The purpose of this dissertation was firstly to identify the most critical problems related to
disaster recovery planning and secondly to provide a methodology for the development and
implementation of a disaster recovery plan which addresses these problems. This
methodology constitutes an enhancement on an existing information security methodology
in order to establish a total information security strategy for a large organization with
disaster recovery as an essential aspect of this strategy. The final disaster recovery planning
methodology as proposed in this dissertation, was developed as a result of an extensive
literature study undertook as well as involvement during the development of a disaster
recovery system by the company which initiated this study.