Despite all the great work that can be done to reduce an organization's risk exposure, disasters still happen. As a result, organizations should have a well-developed disaster recovery and business continuity plan in place. These plans can be very extensive and include detailed recovery steps for each network component.

Imagine that you are the chief information security officer for a large corporation that uses its own data center. The data center comprises 100 Windows and UNIX servers for database, file, and application management as well as routers and switches to support the network architecture.

Develop an abbreviated disaster recovery and business continuity plan for a large organization. Although this plan will not be as extensive as an actual disaster recovery plan, it should provide an understanding of the elements that comprise one. List the assets that will need to be recovered, the threats to each asset, the recovery plan, and a timeline. In addition, list the tools and techniques that will be used in recovery.