Report Submission : The objective of this report is to do a critical analysis of a good IEEE/ACM publication in the area of Cyber Security controls and Management. Below is the list of research papers including the authors names and the journal/conference details. The papers are also uploaded on the Moodle. You can select any one from them to write summary report and confirm your paper with your instructor before start working in it. Note : Students are encouraged to work on report/presentation slides from the first week of the course. Here are the steps: 1. Chose one of the papers from given list (Page 2). 2. Download the full paper from the Moodle. 3. Study the paper. To enhance your understanding of the paper, you may also read related papers that you can find from the reference section of the paper that you have chosen. 4. Prepare a summary report in your own words (Plagiarism & integrity is the biggest element of the report writing). In the summary report provide the following section. a. Summary of the topic b. Identify the research problem c. Outline the solution proposed d. Present your critique e. References (provide a list of citations the assigned paper plus any other paper that you have used in your report.) Requirements : Length of the summary report: 2 typewritten pages, 12-point font size, single line spacing. References : should be on the 3rd Page. Style IEEE/ACM, Add citations inline in the text.

below is the paper

Are the Classical Disaster Recovery Tiers Still Applicable Today? Omar H. Alhazmi Dept. of Computer Science, Taibah University Medina, Saudi Arabia Yashwant K. Malaiya Dept. of Computer Science, Colorado State University Fort Collins, Colorado, USA

AbstractAs disaster recovery plans (DRPs) for IT systems have been improving over the past decades; some metrics became widely accepted such as recovery time objective (RTO) and recovery point objective (RPO). However, disaster recovery plans and solutions vary in their design, sophistication and their required RTO/RTO. Therefore, a need to categorize disaster recovery plans into tiers has become necessary. Fortunately, a number of classifications exist but sometimes they are not fully explained; so, independent researchers may find the classification confusing or inappropriate for the current state of technology with significant overlap among tiers. Moreover, advances in communication and technology and the introduction of disaster recovery as a service (DRaaS) by several cloud service providers (CSPs) has reshaped the area of disaster recovery and development of DRPs. Therefore, one can argue that the old classification of 7-tiers of DRPs is obsolete and a new classification is needed. Here, we try to survey these classifications, understand the common grounds and the differences and try to suggest some improvements to gap them. Key Words- Disaster Recovery Tiers, Disaster Recovery, Risk Analysis and Management, RPO, RTO

I. INTRODUCTION The most widely used seven-tier classification was developed in late 1980s by SHARE Technical Steering Committee, working with IBM. They developed a whitepaper that described levels of service for disaster recovery using Tiers 0 through 6. [1, 2]. The levels, Tier 0 to Tier 6 are discussed in detail in the IBM Red Book by Brooks et. Al is also [3]. The classification starts at Tier 0 where there is no disaster recovery plan going up to Tier 6 characterized with zero data loss level. Often, a Tier 7 is added to represent an integrated automated solution. The terminology reflects the technology before widespread use of the internet and with outdated terminology; for example, Tier 1 involves Pickup Truck Access Method (PTAM) and Tier 3 is termed Electronic vaulting. Since 1990, the hard drive costs have dropped by factor of about 100,000, internet access is faster by a factor of ten thousand, and concepts such as virtualization and public cloud become familiar. Hitachi has used a slightly different tier scheme [4] (see Table 1). Recently, some modern schemes were proposed; for example, the 7-tier scheme of Wiboonratr and Kosavisutte (W-K) [5] and the scheme of Xiaotech [6] which uses a simplified 4 tier scheme. Also, yet another classification was proposed by Novell with only 5-tiers [7] (see Table 1). A study by Wood et. Al. shows that improvements in virtualization and cloud computing has already changed how disaster recovery planning is done [8], this adds new parameters to costs and disaster recovery efficiency by incorporating cloud computing technology in disaster recovery and the term disaster recovery as a service (DRaaS) was introduced . To optimize cost and efficiently allocate resources a multi-tiered disaster recovery system can be a viable choice by mixing different tiers according to their criticality [9]. For such DR systems, it is needed to have a descriptive scheme that can represent the technological alternatives available today. We ask the question -Is the classical seventier still applicable today? Can it be related to the choices available today? This work aims at providing an independent study of existing classification schemes and explores the possible option to reconciling them among themselves and with the current technology. We discuss new factors and their implications. Then we recommend a new enhanced framework for classifications of disaster recovery plans to make it easier to identify and evaluate the possible DRPs. Here, we propose a new framework for disaster recovery classifications which gives clear distinction between different tiers and covers new technology and the new parameters in the environment.

II. DISASTER RECOVERY TIERS SCHEMES Table 1 shows the five schemes side by side. All these schemes are comparable except for Xiaotech which shall be discussed later. For the first four schemes, at tier 1: Share/IBM, Hitachi and Novell define this tier as tape backup, while at WK scheme is specified as point in time (PiT). Next, at tier-2: Share/IBM adds a hot site, while Hitachi adds an onsite backup, WK adds a provisional backup, and Novell adds manual image capture. When looking at tier-3, more automated electronic vaulting is used in both Share/IBM and Hitachi; however, Novell upgrades to flexible imaging, while WK make more frequent PiT capture at this level. 2014 IEEE International Symposium on Software Reliability Engineering Workshops 978-1-4799-7377-4/14 $31.00 2014 IEEE DOI 10.1109/ISSREW.2014.68 144 Authorized licensed use limited to: Dalhousie University. Downloaded on May 14,2022 at 12:59:44 UTC from IEEE Xplore. Restrictions apply. When looking at Tier 4 at Novells scheme the gap start to build up when the sophistication increases at Consolidated Recovery using Virtualization level; this tier needs to be implemented on the operating system/disk management level. Actually Novell tier 4 is equal to tier 5 of the other schemes. On the other hand, tier 4 of Share/IBM and Hitachi is still a low level solution with typical backup, while WK adds remote logging. At tier 5, Share/IBM, Hitachi and WK solution is based on operating system/ disk management level. Moreover, Hitachis tier 5, is 3-datacenter tier, involves having three data centers, an original site and local secondary site connected synchronously with the original; thus, the lag should be minimal. On the other hand, this is the server clustering top tier of Novell. Additionally, At tier 6, Share/IBM is defined broadly zero or little data-loss, while Hitachi and WK point to adding more sophistication and capabilities. TABLE I. DISASTER RECOVERY TIERS Ti er SHARE/ IBM Hitachi W-K Novell Xiaotech 0 No DRP 1 Data backup with no hot site Tape Backup (offsite) Point in Time Tape Backup /Manual System Rebuild Tier4: Scheduled Synchronous ReplicationStandard Recovery (Cold Site) 2 Data backup with a hot site Tape Backup (onsite) Tape to Provisiona l Backup site Traditional Image Capture 3 Electronic vaulting Electroni c Vaulting Disc PiT copy, Multi-Hop Flexible Imaging Tier 3: Fast Recovery (Warm Site)- Async. Replication or scheduled replication 4 Point-intime copies Single Disk Copy Remote Logging Consolidate d Recovery/ Virtualizatio n 5 Transactio n integrity Disk Consolid ation Concurren t ReEx (RRDF, ENet) Server Clustering Tier 2: Rapid Recovery (Hot Site)- Asynchronou s Replication 6 Zero or little data loss Shared Disk Remote Copy 7 Highly automate d Disk Mirrorin g Remote Copy with Failover Tier 1: Instant Recovery (Hot Site)- Synchronous Replication 8 Complet e Duplicati on At tier 7 and 8 (in case of Share/IBM), disaster recovery system at these tier are completely mirrored with state of the art recovery, synchronization and failover and also disaster detection capabilities. Here, it is not defined precisely to give room for future technology and innovations. Xiotech classification starts at tier 1 which is the highest and has the lowest RPO and RTO, this tier is said to be comparable to tiers 5 and 6 of the IBM/Share classification, then comes tiers 2, 3 and 4 which is the lowest. At tier 4 here we notice that this classification does not include a level compared to tier 1 of IBM/Share system which can be understandable because Xiotech classification is more recent and focused on the higher level. Almost all these classification combine RPO and RTO requirements within each tier; recently, there was a suggestion to separate RTO and RPO when looking at disaster recovery [10].

III. CONCLUSIONS Most of the classifications exists today are developed by the leading names in industry, especially industries building storage systems. Having an effective standard disaster recovery tiers will give industry a unified vision to look at disaster recovery and business continuity systems. Therefore, further studies are needed to suggest robust classifications that can be more accurate and vendorindependent and can be widely accepted. We can conclude that older approaches need to be updated by separating RPO and RTO and have a matrix-like classification that will make it meaningful and flexible.