DOI QR코드

DOI QR Code

A Study on the Critical Success Factors and Practical Method of Information System Disaster Recovery : Assuring Business Continuity of Information System Interface Specification Modeling

정보시스템 재해복구의 핵심성공요인(CSF)과 실천방안에 관한 연구

  • 정영희 (딜로이트안진회계법인 기업리스크자문 본부) ;
  • 이정훈 (연세대학교 정보대학원) ;
  • 김은영 (연세대학교 정보대학원)
  • Received : 2011.10.20
  • Accepted : 2011.12.16
  • Published : 2011.12.31

Abstract

Since most of companies these days are utilizing the Information system actively, Information System is the most important factor which should be recovered in terms of Business Continuity. However, a lot of enterprises have been outsourcing their Disaster Recovery Center. Therefore, it is highly possible that the information system can not work well and result in the discontinuity of business when any trouble arises because of seperated plan of Business Continuity and Disaster Recovery. The study draws critical success factors for successful disaster recovery through researches of 42 documents. Then, factors are reviewed through interviews with consultants, experts of Business Continuity Plan and the information system officers of domestic banks. Domestic companies can make use of the study when they develop or renew Disaster Recovery Plan or Information System in terms of Business continuity.

Keywords

References

  1. 김기윤, "정보시스템에 대한 재난복구, 한국정보보호학회", 정보보호학회지, 제6권(1996), pp.103-120.
  2. 김대웅, "가용성 확보를 위한 재해복구 시스템구축 방안에 관한 연구", 동국대학교, 2003.
  3. 김용수, 백승문, "국내 금융권 재해복구 시스템의 문제점 분석", 한국컴퓨터정보학회논문집, 제10권(2005), pp.223-229.
  4. 김윤호, "IT기업의 재난 대비를 위한 업무연속성계획", 한국정보기술학회, 2009.
  5. 김정일, 유종기, "비즈니스 연속성 확보의 핵심-IT 재해복구(Disaster Recovery)", 전자공학회지, 제35권(2008).
  6. 김종기, 김기윤, 이경석, 김정덕, "정보시스템 재해에 대비한 업무 지속성 관리", 정보보호학회논문지, 제11권, 제1호(2001), pp.9-19.
  7. 서용원, "업무연속성 확보를 위한 재해복구센터의 최적거리에 관한 연구", 단국대학교, 2003.
  8. 유종기, "비즈니스 연속성 전략의 핵심-데이터센터 가용성 확보", 정보처리학회지, 제20권, 제1호(2009), pp.59-65.
  9. 이건용, "재해복구 시스템(DRS) 개선방안에 관한 연구", 고려대학교, 2008.
  10. 이동렬, "비즈니스 연속 계획을 이용한 재난복구 시스템 구축에 관한 연구", 석사학위논문, 건국대학교, 2005.
  11. 이민호, "자연적 인위적 재해로부터 정보시스템에 대한 재해복구 대책 수립 방안", 석사학위 논문, 연세대학교, 2002.
  12. 정창호, "금융기관의 업무 연속성계획 BCP 기반 하에서 재해복구 시스템 개선 방안에 관한 연구", 한양대학교, 2009.
  13. Bodnar, G. H., "Data security and contingency planning", Internal Auditing, Vol.8, No.3(1993), pp.74-80.
  14. BSI, "British Standard Institution", 2008.
  15. Coult, G., "Disaster recovery", Managing Information, Vol.6, No.3(1999), pp.31-35.
  16. Deloitte BCM Diagnostic, Deloitte, Deloitte Methodology.
  17. Douglas, W. J., "A systematic approach to continuous operations", Disaster Recovery Journal, (1998), pp.1-3.
  18. Ernest Jordan, "Paragraph Performance Measures in Business Continuity", ACIS 2003 Proceedings, (2004), p.37.
  19. Ferraro, A. and S. Hayes, "Auditors add value to the business continuity program", IS Audit and Control Journal, Vol.5(1998), pp.47-50.
  20. Gibb, F. and S. Buchanan, "A framework for business continuity management", International journl of Information Management, Vol.26(2006), pp.128-141. https://doi.org/10.1016/j.ijinfomgt.2005.11.008
  21. Gluckman, D., "Continuity … recovery", Risk Management, (2000), p.45.
  22. Hawkins, S. M., D.C. Yen, and D. C. Chou, "Disaster recovery planning : a strategy for data security", Information Management and Computer Security, Vol.8, No.5(2000), pp.222-229. https://doi.org/10.1108/09685220010353150
  23. Kanapaty, P., P. Samy, C. Mei-Ling Lim, T. N. Wei, M. Q. Xie, "Portfolio-Based Approach for Disaster Recovery Planning for IT", Pacific Asia Conference on Information Systems, 2007.
  24. Khorasani, R., "Business continuity and disaster recovery : PACS as a case example", J Am Coll Radiol, Vol.5, No.2(2008), pp.144-145. https://doi.org/10.1016/j.jacr.2007.11.002
  25. Korzeniowski, P., "How to avoid disaster with a recovery plan", Software Magazine, (1990), pp.46-55.
  26. Krousliss, B., "Disaster recovery planning", Catalog Age, Vol.10, No.12(1993), p.98.
  27. Lee, S. and S. Ross, "Disaster recovery planning for information systems", Information Resources Management Journal, (1995), pp.18-23.
  28. Lerro, R. J., "Why disaster recovery and case study", SK C&C Business Continuity Seminar, 2001.
  29. Miller, H. J., "A guide to planning for the business recovery of an administrative business unit", EDPACS, (1997), pp.9-20.
  30. Murphy, J. H., "Taking the disaster out of recovery", Security Management, (1991), pp.61-66.
  31. Myers, K. N., "Manager's Guide to Contingency Planning for Disasters : Protecting Vital Facilities and Critical Operations", 2nd ed., Wiley, New York, NY, 1999.
  32. Norman, G., "Disaster recovery after downsizing", Computers and Security, Vol.12, No.3(1993), pp.225-229. https://doi.org/10.1016/0167-4048(93)90108-H
  33. Owen, J., "Network disaster recovery", Datapro. IS38-400, (1995), pp.401-410.
  34. Paton, D. and R. Flin, "Disaster stress : an emergency management perspective", Disaster Prevention and Management, Vol.8, No.4(1999), pp.261-267. https://doi.org/10.1108/09653569910283897
  35. Pember, M. E., "Information disaster planning : an integral component of corporate risk management", Records Management Quarterly, (1996), pp.31-37.
  36. Harris, R. and M. Grimalia, "Information Technology Contingency Planning", AIS Electronic Library, 2008.
  37. Rothstein, P. J., "Disaster recovery : in the line of fire", Managing Office Technology, (1998), pp.26-30.
  38. Salzman, T., "An audit work program for reviewing IS disaster recovery plans(conclusion)", EDPACS, Vol.25, No.7(1998), pp.8-20. https://doi.org/10.1201/1079/43235.25.7.19980101/30183.2
  39. Sauter, M. and J. J. Carafano, "Homeland security: a complete guide to understanding, preventing, and surviving terrorism", McGraw-Hill, 2005.
  40. Snedaker, S., "Business Continuity and Disaster Recovery Planning for IT Professionals", 2007.
  41. Solomon, C. M., "Bracing for emergencies", Personnel Journal, (1994), pp.74-83.
  42. SPRING Singapore, "Singapore Standard for Business continuity management", 2008.
  43. Swartz, E., D. Elliott, and B. Herbane, "Out of sight, out of mind. The Limitations of Traditional Information Systems Planning", Vol.13, No.9/10(1995), pp.20-21.
  44. Tilley, K., "Work area recovery planning: the key to corporate survival", Disaster Prevention and Management, Vol.13, No.9/10(1995), pp.49-53.
  45. Turner, D., "Resources for disaster recovery", Security Management, (1994), pp.61-67.
  46. Wing, S. C. and W. O. Ha, "Determinants of the critical success factor of disaster recovery planning for information systems", Information Management and Computer Security, Vol.17, No.3(2009), pp.248-275. https://doi.org/10.1108/09685220910978103
  47. Wong, B. K., J. A. Monaco, and C. L. Sellaro, "Disaster recovery planning : suggestions to top management and information systems managers", Journal of Systems Management, (1994), pp.28-32.
  48. Wrobel, L. A. (Ed.), "Writing disaster recovery plans for telecommunications neworks and LANs", MA : ARTECH House, INC, 1993.
  49. Zolkos, R., "To rebound from disaster requires advance plans", Business Insurance, Vol.34, No.9(2000), pp.2-4.