Homework 1

Answer the following questions based on your reading of the text book, any supplemental material, and the instructor’s presentation this week. If you use an external source (i.e. a web-page, the required textbook, or an additional book) to help you answer the questions then be sure to cite that source. Hint: you should probably always be citing a source.

Questions

  1. [10 points] Compare and contrast “high availability” and “disaster recovery” for IT systems. Are they both possible at the same time?
  2. [10 points] A computer system consists of the following components with stated MTBF:

Component / MTBF
Hard drive / 600,000 hours
Network interface card / 300,000 hours
Motherboard / 300,000 hours
Power supply / 100,000 hours
Monitor / 75,000 hours
  1. What is the overall MTBF for this system?

Component / MTBF / AFR / Cumulative
  1. If our company owned 100 of these systems, how many would we expect to repair every year?
  1. Is it valid to say that a single system with an MTBF of 40,000 hours should last roughly 4.5 years between repairs? Why or why not?
  1. [10 points] How are recovery time objective (RTO) and recovery point objective (RPO) related in disaster recovery? Why are written and agreed to SLAs so critical?
  1. [10 points] Describe the Zachmann framework for enterprise architecture. What do the rows represent? What do the columns represent? How does enterprise architecture support business continuity and disaster recovery?
  1. [5 points] In two to three paragraphs of prose (i.e. sentences, not bullet lists) using APA style citations as needed, summarize and interact with the content that was covered for this week using the learning outcomes listed above for reference. In your summary, you should highlight the major topics, theories, practices, and knowledge that were covered. Your summary should also interact with the material through personal observations, reflections, and applications to the field of study. In particular, highlight what surprised, confused, enlightened, or otherwise engaged you. In other words, you should think and write critically not just about what was presented but also what you have learned through the session. Feel free to ask questions in this as well since it will be returned to you with answers.
  1. [10 points] How is the system model stack related to the concept of security “defense in depth?” Why are layers of security better?

The system model stack (see figure) shows the sets of dependencies in an information system architecture. At each stage in the system model stack, a different set of controls can be applied for the purposes of protecting the availability of the service. For example, everything depends on the physical environment in which the hardware resides. A disaster in the physical environment will affect all levels above it. Thus, a defense in depth strategy would have appropriate controls for the physical environment (i.e. uninterruptable power supplies, generators, fire suppression, cooling equipment, etc.) as the first line of defense for availability. As you move up the stack, different controls (i.e. disk and power supply redundancy at the hardware level, heartbeat monitors at the OS level, clustering at the middleware and application level, etc) that are further controls on risks to availability. The overall goal is to have no single points of failure, which is analogous to a defense in depth security strategy and why a layered security architecture is more secure.