Project Documentation Template ‫المملكة العربية السعودية‬

Kingdom
IT of Saudi Arabia
Department
‫وزارة التعليم‬
Ministry of Education
‫جامعة القصيم‬
Qassim University
College of Computer
‫كلية الحاسب‬
Information Technology Department ‫قسم تقنية المعلومات‬

DEVELOPING DISASTER RECOVERY

SYSTEM IN GOVERNANCE
APPLICATIONS

Students:
Raghad Aldahami 351200974
Hind Alharbi 361202830
Waad Almofadhi 351205683

Supervisor:
Dr. Ali Al Khalifah

A project report submitted in partial fulfillment of the requirements

for B.Sc. degree in Information Technology.

Qassim-Saudi Arabia
1434/1435 (2013/2014)
Project Documentation Template
IT Department

Table of Contents

1 INTRODUCTION 1.1

PROBLEM SPECIFICATION AND 1.2

2 MOTIVATION

2 GOALS AND OBJECTIVES 1.3

3 STUDY SCOPE 1.4

3 STUDY PLAN AND SCHEDULE 1.5

4 INTRODUCTION 2.1

4 BACKGROUND 2.2

4 GOVERNANCE ORGANIZATIONS 2.2.1

5 INFORMATION SECURITY 2.2.2
5 RISK MANAGEMENT 2.2.3
6 DISASTER RECOVERY PLAN 2.2.4
DISASTER RECOVERY PLAN AND BUSINESS 2.2.4.1
6 CONTINUITY
6 DISASTER RECOVERY PLAN AND DATA BACKUP 2.2.4.2
7 BUSINESS IMPACT ANALYSIS 2.2.5
7 DISASTER RECOVERY METRICS 2.2.5.1
HISTORY 2.2.6
8

9 RELATED WORK 2.3

9 TOP FIVE PROBLEMS 2.3.1

10 RECOVERY PROCESSES 2.3.2
12 PREVIOUS STUDIES 2.3.3
12 CAUSES OF DATA LOSS 2.3.3.1
13 DISASTER RECOVERY AS SERVICES 2.3.3.2
14 DISASTER RECOVERY CHALLENGES 2.3.3.3
15 EXISTING DISASTER RECOVERY APPLICATIONS 2.3.4
15 PROPOSED WORK 2.3.5

18 INTRODUCTION 3.1

18 METHODOLOGY APPROACH 3.2

18 RESEARCH APPROACHES 3.2.1

19 SELECTED RESEARCH APPROACH 3.2.1.1
Project Documentation Template
IT Department

19 TYPE OF STUDY 3.3

20 RESEARCH METHODS 3.4

20 SELECTED RESEARCH METHOD 3.4.1

Certificate

It is certified that project report has been prepared and written under my
direct supervision and guidance. The project report is approved for submission
for its evaluation.

Dr. Ali Al Khalifah

Project Documentation Template
IT Department

Dedication

We are Bachelor Students at Qassim University, College of Computer,

specialized in Information Technology department. We would like to dedicate
this project to all members of Information Technology Department in Qassim
University.

Raghad, Hind and Waad.

Project Documentation Template
IT Department

Acknowledgement

The success and final outcome of this project required a lot of guidance
and assistance from many people and we are extremely privileged to have got
this all along the completion of our project. All that we have done is only due to
such supervision and assistance by Dr.Ali AlKhalifah
Raghad, Hind and Waad.
Project Documentation Template
IT Department

Abstract

Disasters are unavoidable and unpredictable for these

companies and organizations must take the necessary measures to
avoid disasters and minimize their effects, and due to the
increasing dependence of organizations on information
technology systems has become the security of data and
information and ensure not to lose it is very important for them.
This is why organizations need a system that ensures capacity and
speed in disaster recovery. This project will develop a disaster
recovery system to automate disaster recovery plans help
companies in determining the incident impact, incident criticality,
plan process to handle the incident, mitigation for each incident
and resources will help companies to face the incident, then
automate reporting for the incident.
 1

CHAPTER ONE
INTRODUCTION

1.1 Introduction

Today many companies and organizations use information

technology to do their work in all areas More than ever. there are
many disasters that are impossible to avoid or predict it and that
may occur to these organizations. disasters can cause severe
losses due to system downtime even if for a short period of time
or because of the loss of data. Disasters in the worst cases may
cause the business to stop completely. This is will be the result of
unpreparedness and lack of a disaster recovery system.
Universities, government institutions, and banks around the world
depend on their information technology systems in most of their
work. For this any loss of data or system failure will have serious
consequences for the organization and the beneficiaries of the
system. Disasters, even if they do not have a significant financial
impact on the organization, the failure to deal with them in the
required form will lose the organization its reputation and the
confidence of its partners and customers. Disasters of security
attacks can be pose a major threat to the confidential information
of organizations, as the cyber penetration of a government system
can be a threat to the security of the entire state. Organizations
and companies in any field need a flexible and integrated disaster
 2

recovery system to ensure the continuity of their work and safety.

According to a survey conducted by [1] 46% SMEs surveyed had
no backup and recovery plan and 33% of them had some plans,
and only 21% had complete disaster recovery plan 1.1.

Figure 1.1: disaster recovery survey

1.2 Problem Specification and Motivation

With the growing reliance on IT systems and the growing need

for disaster recovery systems, Organizations need an easy-to-use
system that automates the disaster recovery plan and provides
organizations incident impact, incident criticality, plan process to
handle the incident, mitigation for each incident and resources
will help companies to face the incident, and way to automate
reporting of the incident. But existing systems do not provide this
an easy way for anyone to easily use it.
 3

1.3 Goals and Objectives

Based on what was mentioned in the identification of the

problem, there is a need to develop a flexible disaster recovery
system that ensures business continuity in the event of any type of
disaster, which will be easy to use and provides all the basic
services of data backup and disaster recovery servers and ensures
access Provides control over cloud services when disasters occur
and provides control of backup operations and ensures no loss of
communication between staff in emergencies.

1.4 Study Scope

This project develops a disaster recovery system for

governance organizations that provides an automated disaster
recovery plan to provide help for the company to face the incident
and reported it.

1.5 Study plan and Schedule

 4

Figure 1.2: project phase-1 chart

Task Duration Start date Finish date

/ Days
System Implementation 11 weeks 19.1.2020 3.4.2020

- Implementation phase 11 weeks 19.1.2020 3.4.2020

- Programming language
11 weeks 19.1.2020 3.4.2020
and development tools
- Documentation 2 days 5.4.2020 7.4.2020

Testing and Results 5 weeks 3.3.2020 6.4.2020

- Unit Testing 5 weeks 3.3.2020 6.4.2020

- Integration Testing 5 weeks 3.3.2020 6.4.2020
- Documentation 2 days 5.4.2020 7.4.2020
Conclusion and Future Work 2 days 30.3.2020 1.4.2020

- Conclusion 1 day 30.3.2020 31.3.2020

 5

- Limitation 1 day 30.3.2020 31.3.2020

- Future Work 1 day 31.3.2020 1.4.2020
Full Report Documentation 1 week 31.3.2020 7.4.2020

Phase 2 project tasks schedule

1.6 Organizing of the Chapters:

1.6.1 Chapter two: Literature Review

The second chapter discusses the background, which

includes concepts and definitions related backup applications, In
addition, reviews the existing and similar systems, assess them to
some pre-defined criteria in order to extract the advantages and
disadvantages of each one. Finally introduces the proposed
solution.

1.6.2 Chapter three: Methodology

Chapter three is talking about the methodology and the

selected methods. It includes the different types of research
methods in general and the type followed in this project in
particular, the main idea, the types of methods chosen, the
design and it is requirements.

1.6.3 Chapter four: System Design and Implementation

 6

This chapter describes the implementation phase,

programming languages and development tools. Also shows
the sampling procedures that shows some interfaces of users,
admin and support team.

1.6.4 Chapter five: Testing

This chapter deals with different types of testing like: unit

testing and integration testing that gives the ability to the final
users to evaluate the website.Moreover, it describes the major
findings and limits of the proposed solution.

1.6.5 Chapter six: Future Work

This chapter concludes the whole work done during the

graduation project. Also, it suggests some future work to
improve the proposed system. It describes some problems
faced, contributions and implications of the study.
 7

CHAPTER TWO
LITERATURE REVIEW

2.1 Introduction

This chapter will review the definition of disaster recovery

plan, the different between it and backup and business continuity,
business impact analysis, disaster recovery history, the process of
disaster recovery plan, top five problems with Disaster Recovery
Plans, Previous studies in disaster recovery, display some
applications that offer solutions for disaster recovery, and the
description to the idea of the proposed work.

2.2 Background

2.2.1 Governance organizations

Governance is the way in which rules, standards and

procedures are organized, sustained, organized and accountable.
[2] It relies heavily on the internal and external rules of a given
organization, together with its business partners. Governance
describes the ways in which the organization ensures that its
 8

components, processes and policies are clearly followed. It is an

important and key means of maintaining oversight and
accountability in a coherent organizational structure. Appropriate
governance strategy applies systems for recording and knowing
what is going on, some steps are taken to ensure that agreed
policies are applied, and actions are being taken to correct some
cases where rules are ignored or misunderstood. .[3]
Good governance organizations are working to provide their
leaders with information that must come from somewhere and the
importance of this information being good to help them make the
right decisions and also ask the right questions for that.
It is also known that increasingly modern governance is driven by
the entity and board management program which creates a central
repository of governance data , it is the guarantee that there is
only one source of truth for those who make decisions.

2.2.2 Information Security

Processes and tools designed to protect information

(physical - electrical)[4] Sensitive from disruption and destruction
as well as modification and inspection [5], and to prevent
.unauthorized access Also designed for the availability of
computer system data from people with malicious intentions [6].
It is very important that the information security department and
DR specialists work together in a company to provide more data
protection and more security. The security management team in
 9

most institutions conducts regular exercises and checks to ensure

good disaster recovery procedures are carried out by individual
management and the organization as a whole.[7] According to the
2018 Global Data Risk Report by [8], 30% of companies have
over 1000 sensitive folders open to everyone, 42% of companies
have over 1000 sensitive le open to everyone, 88% of companies
with over 1 million folders over 100000 folders open for
everyone, and 21% of all folders in a company are open to
everyone.

2.2.3 Risk Management

Risk management is the process of identifying the

organization’s vulnerabilities and threats that can cause damage
and losses to the organization and then assessing and monitoring
them. [9] which helps the organization to avoid these risks or
minimize their impact to a minimum, and provide a safer
environment for employees and customers, as it contributes to
increasing the sense of confidence in the decisions taken related
to the work of the organization. The risk management process is
closely linked to the disaster recovery plan as the disaster
recovery plan result of risk management. [10]
 10

2.2.4 Disaster recovery plan

Due to the heavy reliance of organizations on their IT

systems, they must adopt a clear and structured disaster recovery
plan to ensure their business continuity. Disaster recovery plan is
a security document include the policies and procedures to protect
the organization against disasters and steps used to maintain the
system before disasters and ensure that it can recover its work as
quickly as possible. [11][12] Disasters divide into two main
categories: natural and man-made disasters. [13] Natural disasters
include hurricanes, foods, and earthquakes. It is impossible to
prevent or control this species, but good planning will minimize
losses. Man- made disaster includes infrastructure failures, IT
bugs, cyberattacks, and possibly errors by employees. This type of
organization is possible to avoid or minimize it by taking
precautions.

2.2.4.1 Disaster Recovery Plan and Business

Continuity

Disaster recovery is part of a business continuity focused on

IT systems, while business continuity involves planning to
maintain the organization in all aspects and plans to increase
services and products. [14]

2.2.4.2 Disaster Recovery Plan and Data Backup

 11

Although disaster recovery and backup operations work

hand in hand, many companies combine them in the solution to
business continuity after disasters without realizing the difference
between them. [15] Backup The process of storing an additional
copy of the data and les in another location to ensure the ability to
restore them when any problem occurs. [16] Disaster Recovery It
is much more than having a backup, it is working to maintain
basic functions before, during and after a disaster [17]

2.2.5 Business impact analysis

Business Impact Analysis endeavors to relate explicit

dangers to their potential effect on organization such as , business
tasks, budgetary execution, notoriety, workers and supply chains.
[18] BIA helps identify critical processes that must be recovery
quickly after disaster or failure.[19]BIA yields should exhibit an
unmistakable image of the real effects on the business, both as far
as potential issues and expenses.[18] The results of the BIA
should help figure out which zones require which levels of
security, the sum to which the business can endure disturbances
and the base IT administration levels required by the business.

BIA should identify [19]:

 Business processes
 Recovery Time Objective (RTO)
 Recovery Point Objective (RPO)
 12

 Computer systems, equipment, and applications

 Economic and physical effects when disaster strikes
 Link between each business unit and its the operations

2.2.5.1 Disaster Recovery Metrics

RTO and RPO are important Metrics in disaster recovery

plan. [20][21]Recovery Time Objective (RTO) defines the
maximum time required to recovery the IT system. In the case of
critical operations, RTO will be 0 hours, which means the system
should not stop for any reason. The value RTO increases when
the criticality less.Recovery Point Objective (RPO) defines the
amount of data loss that the organization can tolerate. Using RPO
the organization can determine the appropriate intervals between
backups to achieve a good disaster recovery plan, the
organizations must balance RTO and RPO. this will dependent in
the list of risks assess and Information collected about the
organization.

2.2.6 History

Disaster recovery has taken several decades to reach its

present state of development.[22] The 1970s was the period when
the first companies dedicated to disaster recovery emerged From
the beginning to the middle, IT engineers learned how to build
flexible computer systems , In the late Shared access to
 13

computing recovery environments was initiated by vendors,

During the 1980s it was the market entry for the companies
Offering operational recovery services ,Which represents
information technology In this period, [23] regulations were
enforced in the United States, which stipulated that national banks
should have a testable reserve plan [22] In the nineties,
specifically in the beginning IBM’s entry into the market was
widespread [23] The data was separated from the application
layer and user interface, which is called the development of a
three-layer structure, resulting in easy data maintenance and
backup[23] The beginning of the 2000s was the most important
event that occurred 9/11 on the World Trade Centers, which has a
profound impact on the disaster recovery strategy in both the
United States and abroad[23] In 2010, the emergence of disaster
recovery as a service (DRaaS) provided flexibility in disaster
recovery, reduced cost and reduced system recovery time. With
the significant advances in information technology, which in turn
help in the development of disaster recovery systems These
systems have become more effectiveness and flexibility, but new
threats always emerge. Working to develop and improve disaster
recovery systems is a prerequisite for the continued work of
organizations and ensure their security
 14

2.3 Related Work

2.3.1 Top Five Problems

As a result of the development of IT systems, disaster

recovery systems have evolved and become more important.
Although disaster recovery systems are di cult and complex, they
are becoming widely available, easy to use, and more practical
than ever. Due to the development of many IT systems and in
particular, the development of cloud systems such as cloud as a
service and cloud as a platform, but organizations still face many
problems in the development of disaster recovery systems. maybe
the most important problem is the following five problems. [24]

 There is no plan and this is like having a plan sensible in

mind but intangible in writing.

 Not getting the right plan, which is one of the most

important factors is clarity and shortcut, you may get the
wrong plan because it is very easy or very complex.

 The plan depends on the wrong techniques such as the use

of non-modern techniques.

 Failure to test the plan correctly, because it is the best way

to verify the possibility of carrying out a successful retrieval
process.
 15

 The lack of a plan for the most important factors of success,

is information and documentation.

2.3.2 Recovery processes

The disaster recovery plan includes several processes that

must be taken care of each process and ensure that it is
functioning properly to ensure the effectiveness of the whole
disaster recovery plan. According to [25] there are eight steps of
the process of disaster recovery planning. Each step builds upon
the others. These steps are organizing the team, assessing risk,
establishing roles across departments and organizations,
developing policies and procedures, documenting disaster
recovery procedures, preparing to handle disasters, training,
testing, and rehearsal, ongoing management and monitoring.
These are shown in Figure2.1.

Figure 2.1: disaster recovery plan process

 Organizing the team

 16

In the first step, the team must be trained in disaster recovery

planting, determine the schedule of teams, and conduct awareness
campaigns. [25]

 Assessing risk

In this step, the business is analyzed to assess all possible risks,

determine their potential impact on the organization’s economy,
identify weaknesses and write risk assessment reports. [25]

 Establishing roles across departments and organizations.

In this step, the planning team determines the role of each

department within the organization during the disaster recovery
process. [25]

 Developing Policies and Procedures

In this step, disaster recovery procedures are written and

developed and approved after they are published. [25]

 Documenting Disaster Recovery Procedures

In this step, the policies and procedures adopted in the previous

policy and procedures development step are documented. [25]

 Preparing to Handle Disasters

In this step, the recovery plan is distributed to staff and

departments involved in the disaster recovery process and
communication procedures are established between those
 17

responsible for the disaster recovery process. [25]

 Training, Testing, and Rehearsal

In this step, test and rehearse the plan before putting it into
operation to ensure its efficacy, conducted live simulation of the
disaster recovery process, and trained staff to deal with the
disaster recovery plan. [25]

 Ongoing Management

In the final step, the team is constantly updating and developing

the plan to adapt to changes and risks that are recent. [25]

2.3.3 Previous Studies

2.3.3.1 Causes of Data Loss

In [26] the authors display the main six main causes of data
loss

• Natural disasters

Although natural disasters are unmanageable disasters, based on

the survey, data loss due to natural disasters is only 2%

• Mission critical application failure

Applications may be damaged when not in use for a prolonged

period of time, this will cause loss of data that may mission for
 18

organization.

• Network failure

Some organizations rely on cloud-based data and applications.

network failure will cause loss of connection with cloud which
will causes loss of this data and applications.

• Network intrusion

Virus attacks on applications, cause applications to crash, and

data loss.

• Hacking or malicious code

Viruses and malicious programs that attack computers cause data

theft or damage in whole or in part, organizations need to spend a
large amount of money to recover this data

• System failure

The collapse of the enterprise infrastructure causes the entire

operating system to fail, which in turn affects the ability to
complete the work.

• Human errors

Human errors are also considered to be the causes of disasters and

the loss of data so that they may be one of the most disasters
causing data loss.
 19

2.3.3.2 Disaster Recovery as Services

In [27][26][28], the authors discussed cloud computing and

its models and DRaaScloud computing is virtualized environment
technology that relies on shared resources. The growing use of
cloud computing these days is because it provides the user with
the benefit of globally distributed resources. There are three
models for cloud:

• Public Cloud is share the resources provided by cloud service

providers that anyone can access online.

• Private Cloud is cloud services for a single company or

organization may be indoors or outdoors. It provides more
security for companies.

• Hybrid Cloud is a mix environment of public and private cloud.

(DRaaS). A service that allows organizations to backup data and

copy services to servers and infrastructure based on cloud
services, by Provides a secure environment for storing data to
protect enterprises from the dangers of all forms of disasters and
ensures rapid recovery. DRaaS enables companies of all sizes to
design DR solutions tailored to their needs DRaaS provides many
additional features, most notably are responsiveness It reduces
RTO and RPO from a period that may exceed days to hours or
minutes, its cost is 64% lower than traditional disaster recovery
 20

solutions, resource conservation, security, scalability, and

flexibility.

2.3.3.3 Disaster Recovery Challenges

In [26] the authors discussed the most seven challenges face

disaster recovery in cloud-based system.

• Dependency

One of the problems of cloud services is that customers are unable

to control the system and their data because the service provider
controls the backup.

• Cost

Cloud services are the least expensive to recover from disasters,

which is a key factor in their preference over other services, but
disaster recovery is still costly. There are the start-up and
implementation cost, storage cost, processing cost and ongoing
operating costs of data transmission.

• Security

Protect data and ensure that it is not lost due to disasters that may
be natural or man-made disasters, this is the primary goal of
disaster recovery.

• Replication Latency

Backup replication techniques are also a challenge for disaster

 21

recovery. They are divided into two synchronous and

asynchronous types. Asynchronous replication is expensive and
asynchronous replication offers less quality in disaster recovery.

• Reliability

Cloud computing design ensures disaster recovery, it provides

multiple locations to save copied data

• Failure Detection

must ensure that the speed of Failure Detection to minimize

downtime.

• Data Storage

The data needs more storage space to ensure it is distributed in

different locations to ensure its security.

2.3.4 Existing Disaster Recovery Applications

Many similar applications do backups, protect data, and

provides automatic recovery to the system. there are the top 5
applications in this field with a description of each application
and identify the main advantages and disadvantages in it. [29]

Table 2.1: Disaster Recovery Applications

SYSTEMS ADVANTAGES DISADVANTAGES DESCRIBING

 22

Carbonite Server 1\fully restore systems and 1\Expensive Carbonite works on Provide all the tools
Backup devices that are required for comprehensive data
2\very flexible and smooth protection virtual server environments and
physical server environments

Plan B Disaster 1\technical support from 1\No fixed pricing has its own technology plan to provide IT
Recovery specialized engineers. 2\No free trial and recovery solutions to customers.
2\high security. Which takes a snapshot of systems and
data and immediately transforms them
into a virtual environment so you can work
at the time of a disaster.

Microsoft Azure 1\Powered by Microsoft. Technology Environment User information

Site Recovery 2\cloud-based DR system 1\Require technical is automatically replicated by this software
knowledge based on the policies that have been set and
predetermined. The recovery site
duplicates workloads on virtual and
physical machines (VMs)From the primary
site to the secondary site. In addition to the
possibility of using a secondary data center
for the recovery site of the user.

Arcserve UDP 1\high security. offers exceptional solutions for medium-

Cloud Direct 2\possibility of access to e-mail 1\Loss integrations sized and decentralized companies that
after disaster protect important data for these companies
and thus lead the industry forward

Zerto IT 1\Require technical Protects assets and data and reduces the
Resilience 1\multiple integrations knowledge cost of storage and facilitates recovery by
Platform 2\Automation of recovery providing synchronization and full
processes automation of the recovery process

2.3.5 Proposed Work

• Design web site using javascript (node.js for backend and

react.js for frontend)

• Home page: a. The upper part: Register and a Login button. b.

The middle part: Definition the website features c.The lower
part: support and contact us

• User needs a username, email and password for register and the
password will be hashing before saving in the database.
 23

• After login the plan and reports pages will appear to the user.

• When the user clicks the plan page they will see the steps of
incident handling, how they can choose incident criticality
and a flowchart to show the processes of handling incident.
The user will choose from 1 to 4 incidents that may happen
with them to show the impact, process, mitigation and
resources for the incident. Then start filling the report then
show the report and there will be the option to download the
report as a PDF file or save it in the database or both.

• In reports page user can show all saved report order by reporting
date. and they can download it as a PDF file.

• Contact us part will show phone numbers, location, social

networking sites to able users contact us.

• When user faces a problem they can choose the category and
write an email and the problem then it will be saved in the
database where we can read it and contact them by their
email address if there needed, or they can click in the send
email button to send an email to us.
24
 25

CHAPTER THREE

METHODOLOGY

3.1 Introduction
This chapter will review methodology approach used in this
project, The type of study, and selected research method. It briefs
different types of research methods in general and types of
studies. The type of study and methodology approach and type of
research methods for this project was determined.

3.2 Methodology Approach

3.2.1 Research Approaches

 Descriptive Research

Describes a problem or a phenomenon or program and tries to

provide adequate information about it.[30] This methodology
focuses more on the “what” of the research subject rather than the
“why” of the research subject.

 Explanatory Research
 26

It is often performed for a problem that has not been well

researched before. [30] The researcher starts with a general idea
and focuses on explaining the aspects of the study in a detailed
way where a small amount of information exists.

 Exploratory Research

Is defined as a research used to investigate a problem which

is not clearly defined. It is con- ducted to have a better
understanding of the existing problem, but will not provide
conclusive results. [30]

3.2.1.1 Selected Research Approach

This research follows the exploratory research approach

because it tries to explore new and effective ways to search for
solutions and innovative ways to solve the problem. Here, through
research and exploration.

3.3 Type of Study

Focuses through the search to solve a case of Socio-

Technical Approach business and organizations disasters and the
exploitation of the security of its recovery plan. It is a socio-
technical approach that has been selected and identified among
 27

other methods as being appropriate for the project. the focus on

technical and social issues when designing a program or new
system to achieve mutual improvement and achieve excellence
arguably this considered the primary goal of social technology.
[31] it can’t be understood or improved any organizational system
except in the case of integrating all technical and social aspects
are combined to increase acceptance for users of this program.
The research focused on resolving the issue of social issues and
data loss either through natural disasters or human disasters and
because As an approach that fully recognizes the interrelationship
between the social and technical aspects of institutions and
organizations, this technical approach has been chosen in the
social field. On the other hand, he chose this current approach to
programming because he would design and develop a special
program for disaster protection using the Visual Studio Code.

3.4 Research Methods

• Quantitative Research

It is a research based on the use of mathematical and

statistical methods to analyze numerical data. [32]its importance
lies in research based on numbers such as the study of change in
achievement in different stages of education, but not necessarily
be commensurate with all research for example will not be
appropriate to understand the detailed reasons for a particular
 28

behavior deeply. sources of quantitative data are Surveys,

Observations, and Secondary data.

• Qualitative Research

It is a search that analyzes words, language or even images

and notes to produce a lot of data that gives a deep and clear
picture.[32] This research answers the question of how and why
things happen. This method of research needs to spend a lot of
time collecting and validating data. Sources of qualitative data are
Interviews, Focus groups, ‘Postcards’, Secondary data, and
observations.

3.4.1 Selected Research Method

This research will follow the quantitative research method

by collecting data on disaster recovery plans and comparison
between existing disaster recovery systems.
 29

CHAPTER FOUR
SYSTEM DESIGN AND IMPLEMENTATION

4.1 Introduction

As mentioned earlier, we used javascript to develop the web page

using node.js and react.js. This chapter provides database used,
the web page programming, and finally designing the user
interface.

4.2 Building the Database

4.2.1 Database Types

There are two types of databases: relational databases and non-

relational databases. The difference is how they are built, what
type of information they store, and how to store it. Relational
database is structured, however, Non-relational database is
document-oriented and distributed.

SQL - Relational Database:

This database is less flexible, and more structured of the way that
stores data. To make your database more effective, your data must
be structured. A good designed scheme will reduce the
redundancy and increase consistency. It is declarative, and
 30

lightweight language executes queries, retrieve and manage data

by creating, updating and deleting data. [33]

NoSQL - Non-Relational Database:

This type is used for databases when the requirements are not
defined clearly, or you have huge amount of unstructured data.
The main feature that NoSQL provide is ease of access.
Relational database has an oscillating relationship with
applications written in object-oriented programming languages.
NoSQL database solve this issue through APIs. [33]

4.2.1.2 Selected Database

We used the type relational database with mongo database.

Because we wanted to link the users database with the incident
database to allow the users to present every incident report they
wrote.

4.3 Selected environment

4.3.1 Node.js
It is a software system that uses JavaScript on the server,
designed to create dynamic page content and files that have read,
write, open and close enabledand network applications are subject
to development and expansion such as web servers. [36][37] One
 31

of its most prominent characteristics is that it is an open source

server environment and its work on most different platforms in
addition to being free. [38]

Among the most prominent reasons for preferring to use the

Node.JS which can be limited to benefits:

Easy: Being using JavaScript is one of the easiest and most

popular languages, as the user will not face major problems
adding it to his resources.

freedom: being completely undeclared allows the user to build

what he wants from scratch and give him more space when
creating. [39]

4.3.2 react.js
It is an open source library by Facebook based on JavaScript

Their purpose simplicity, speed and scalability it’s dedicated to:

• build user interfaces that work to develop single page

applications as well as mobile. • Build UI components that
are more than once reusable. [39][40]

One of the most prominent features of react.js: [41]

• Simplicity where React uses the JSX formula, which allows

the developer to integrate HTML with javascript with the
ability to write only in the javascript language.
 32

• Ease of learning where any user with previous basic knowledge

of programming can easily understand React.

• Use one-way data linking where the flow structure controls the
flow of data to components through a single control point.

• Support wide code reuse.

• Ease of testing ReactJS applications.

4.4 Implementation Procedure

We started designing the main interface. We wanted it to be

simple and easy to understand. In the following, we will describe
each interface and related processes.

 Home Page
When the user enters the website, the homepage will appear.
And the home page includes the contact information and
support
 33

 Sign Up and Sign In

In the login page, login and registration page will appear, where
the user will be able to create their own account. If the
“Remember me” was checked the user will able to logout any
time, if not it’ll automatically logout after 1 hour.
 34

 Plan page

In the interface of the page there will be some instructions to

handle the incident and the criticality levels and its criteria. Also
there’s a flowchart to clarify handling the incidents.
 35

And in the left side we present the possible incidents to be

reported, the user selects the needed incident. Every incident has
three steps:
1. First step automatically shows the incident’s impact,
process, mitigation and resources for help.
36
 37

2. Second step is filling the report with the needed information

about the incident.
 38

3. Last step shows the final report to be downloaded as a

document.
 39

 Reports page
Here we present all the reports of the same user. Choose the
wanted report in the left to be seen.
 40

 Missing page
This page appears if the link of the page is wrong.

 Logout

This is to logout from your user.

 41

CHAPTER FIVE
TESTING

5.1 Introduction

This chapter deals with different types of testing like: unit

testing that describes some problems faced in the development
phase, integration testing and acceptance testing that gives the
ability to the final users to evaluate the website.Moreover, it
describes the major findings and limits of the proposed solution.

5.2 Testing procedure

System testing is the process of examining the website to

ensure it fulfills the requirements for which designed to meet
quality expectations. More importantly, testing the website
ensures it’s meets basic requirements.

The main target of the system was to provide an easy way of

disaster recovery plan for users and an electronic communication
channel between users and their supervisor.

5.3 Type and steps of testing

 42

Before putting the system in production, it must follow some

testing steps to ensure that covers all required goals. The most
common types of testing involved in the testing process are: Unit
Testing, Integration tests and Acceptance testing.

5.3.1 Unit Testing

The goal of unit testing is to validate that each unit of the

system performs as it’s designed. It consists on testing that each
part of the system is working correctly then integrating them into
modules to test the interfaces between modules.

5.3.2 Integration Testing

Integration testing tests integration or interfaces between

components. After integrating two different components together
we do the testing. The purpose of Integration testing is to test
combinations of pieces and if it is working as we plan with each
other. At the end all pages was tested and integrated together.

• Test registration page

• Test login page

• Test home page

• Test plan page

• Test report page

 43

• Test not found page

• Test logout page

5.4 Major Finding

The main result of our graduation project is the design of the

disaster recovery plan for governance organizations, an online
disaster recovery system and its five main components: disaster
recovery website, Users, Support page and the Administrator. The
outcomes and features that our website provides for organizations
are summarized as follows:

 Allows the user to create a number of reports in case of a

disaster
 The site also allows to communicate via email with the
support team
 The website allows the administrator to add/delete or
modify the information of users registered in the website
database

5.5 System Testing

This section will test the system by implementation some of the

functions to show the functionality of the system.

1. Registration page
 44

All of the options are required. As shown below we

tried to skip some of them and didn’t provide the extension
of the email, did not matched the passwords and short
password but it’s not able to submit.
 45

Here it’s using an email that already exists

As you can see we entered all the information needed and

it’s saved in the database
 46

2. Login page
 47

and here after the login was successful

3. Home page

Here we tested the support section, the problem category

must be chosen and written, also the Email address must be
written. If not it won’t be able to send the message.
 48

Now the message will be in the database.

 49

4. Plan page
Here we filled the incident report and we opened it as pdf
file to be able to download it and it’s saved in the
database as shown.
50
 51

5. Report page
The report we filled earlier is saved here with other
reports and they are ordered by the latest date and it’s
saved in the database
 52

5.6 Summary

At the end of this chapter, we covered the most important steps of

testing the system and the errors that might occur.
 53

CHAPTER SIX
CONCLUSION AND FUTURE WORK

6.1 Conclusion

Here we conclude the whole work done during the

graduation project. Also, some suggestions for future work to
improve the proposed system. It describes some problems faced,
contributions and implications of the study.

6.2 Limitations of the study

During work on this project sometimes, we encountered some

limitations like:

• Use of lifecycle functions for react components, to update

the component or fetch data from server.
• Our first time to setup the server and the problem with the
error codes took us time to understand them.
• Problem with saving the information of the signed in user to
use it with any component we need.
• Inside the pdf file elements couldn’t use the html elements.

6.3 Challenges

The experiment was a big challenge. A challenge we have

 54

faced while working on the project is time management. We did

not have full time to work on it. Also with the high pressure under
the current situation to suspend education due to the current
health crisis "COVID19". And with the virtual meetings between
us, instead of being at the university and communication
problems, have increased pressure in balancing our efforts
between this project and new projects presented from other
courses.

6.4 Contribution

This project contributes to help organizations with plan

process and reports. A website was developed to provide a
disaster recovery plan for helping the organizations.

6.5 Future work

In the future, we want to complete what was planned, such as the

site being supportive of more than one language and more
incidents which was mentioned and dealt with on the site. Having
a better support for the incidents, by collecting the information
about the incident from the report and analyze them.
 55

APPENDIX

Project Installation:
 56

REFERENCES

• [1]  “Riverbanks Annual BDR Report | Riverbank,” Nov 2019,

[Online; accessed 13. Nov. 2019]. [Online]. Available:
https://www.riverbank.co.uk/it-blog/riverbank-annual-bdr-report

• [2]  “What Is Governance?” Jun 2017, [Online; accessed 16. Nov.

2019]. [Online]. Available: https://nonprofitquarterly.org/what-
is-governance-definition
• [3]  “What Is Organizational Governance? | Diligent Insights,” Jun
2019, [Online; accessed 16. Nov. 2019]. [Online]. Available:
https://insights.diligent.com/entity-governance/ organizational-
governance
• [4]  “What is Information Security? - GeeksforGeeks,” Jun 2018,
[Online; accessed 16. Nov. 2019]. [Online]. Available:
https://www.geeksforgeeks.org/what-is-information-security
• [5]  “What is Information Security?” Oct 2019, [Online; accessed
16. Nov. 2019]. [Online]. Available:
https://www.cisco.com/c/en/us/products/security/ what-is-
information-security-infosec.html
• [6]  “What is Information Security (IS)? - De nition from
Techopedia,” Nov 2019, [Online; accessed 16. Nov. 2019].
[Online]. Available: https://www.techopedia.com/definition/
10282/information-security-is
[7] J. Why
Edwards, you
“Disaster recovery vs. security recovery plans: need separate
strategies,” CSO Online, Aug Available:
https://www.csoonline.com/article/3218083/
2017. disaster-recovery-vs-security-recovery-plans-why-you-need-
separate-strategies.html
[Online].
 57

. [8]  Apr 2018, [Online; accessed 14. Nov. 2019]. [Online].

Available: https://info.varonis.com/ hubfs/2018%20Varonis
%20Global%20Data%20Risk%20Report.pdf
. [9]  M. Rouse, “risk management,” Oct 2019, [Online; accessed 12.
Nov. 2019]. [Online]. Available:
https://searchcompliance.techtarget.com/definition/risk-
management
. [10]  P. Dorion, “Risk management for disaster recovery planning,”
Apr 2009, [Online; accessed 12. Nov. 2019]. [Online].
Available: https://searchdisasterrecovery.techtarget.com/tip/
Risk-management-for-disaster-recovery-planning
. [11]  M. Rouse, “What is disaster recovery (DR)? - De nition from
WhatIs.com,” Oct 2019, [Online; accessed 26. Oct. 2019].
[Online]. Available: https://searchdisasterrecovery.
techtarget.com/definition/disaster-recovery
. [12]  S. A. binti Mohd Kasim and I. bin Mohamed, “Level of
readiness in it disaster recovery plan,” in 2018 Cyber Resilience
Conference (CRC), Nov 2018, pp. 1–4.
. [13]  M. S. Fernando, “It disaster recovery system to ensure the
business continuity of an or- ganization,” in 2017 National
Information Technology Conference (NITC), Sep. 2017, pp. 46–
48.
• [14]  “Disaster Recovery,” Oct 2019, [Online; accessed 26. Oct.
2019]. [Online]. Available: https://continuity.georgetown.edu/dr

• [15]  G. Crump, “Data backup and disaster recovery made simple,”
Oct 2019, [Online; accessed 26. Oct. 2019]. [Online]. Available:
https://searchdatabackup.techtarget.com/ tip/Data-backup-and-
disaster-recovery-made-simple
• [16]  “Introduction to Backup and Disaster Recovery,” Aug 2019,
[Online; accessed 28. Oct. 2019]. [Online]. Available:
https://www.ibm.com/cloud/learn/backup-disaster-recovery
• [17]  S. Climer. (2018) Mind sight:the di erence between disaster
recovery and back- ups: Why you need both. [Online].
 58

Available: https://www.gomindsight.com/blog/ difference-

between-disaster-recovery-and-backups/
• [18]  M. S. Fernando, “It disaster recovery system to ensure the
business continuity of an or- ganization,” in 2017 National
Information Technology Conference (NITC), Sep. 2017, pp. 46–
48.
• [19]  Business impact analysis. [Online]. Available:
https://webcache.googleusercontent.com/ search?q=cache:-
6XJUPXJ4bIJ:https://www.oregon.gov/das/Procurement/Guidd
oc/ BusImpAnalysQs.doc+&cd=1&hl=en&ct=clnk&gl=sa
• [20]  J. Watters, Business Continuity Management. Berkeley, CA:
Apress, 2014, pp. 3–20. [Online]. Available:
https://doi.org/10.1007/978-1-4302-6407-1_1
• [21]  (2014) Techadvisory.org:the di erence between rto and rpo.
[Online]. Available: https://www.techadvisory.org/2014/07/the-
difference-between-rto-and-rpo/
• [22]  N. Cornish. (2016) Compare the cloud:a brief history of
disaster recovery. [Online]. Avail- able:
https://www.comparethecloud.net/articles/a-brief-history-of-
disaster-recovery/ amp/
• [23]  Oct 2019, [Online; accessed 26. Oct. 2019]. [Online].
Available: https://www.sans.org/ reading-
room/whitepapers/recovery/disaster-recovery-plan-1164
• [24]  K. Palachuk. Storage craft: 30 the ve biggest problems with
disaster recovery plans. [Online]. Available:
https://blog.storagecraft.com/ five-biggest-problems-disaster-
recovery-plans/
• [25]  M. Mohammadian, “Arti cial intelligence applications for risk
analysis, risk prediction and decision making in disaster
recovery planning,” in Arti cial Intelligence Applications and
Innovations, L. Iliadis, I. Maglogiannis, H. Papadopoulos, K.
Karatzas, and S. Sioutas,
Eds. Berlin, Heidelberg: Springer Berlin Heidelberg, 2012, pp. 155–
165.
 59

. [26]  A. A. Tamimi, R. Dawood, and L. Sadaqa, “Disaster recovery

techniques in cloud comput- ing,” in 2019 IEEE Jordan
International Joint Conference on Electrical Engineering and
Information Technology (JEEIT), April 2019, pp. 845–850.
. [27]  S. Hamadah and D. Aqel, “A proposed virtual private cloud-
based disaster recovery strat- egy,” in 2019 IEEE Jordan
International Joint Conference on Electrical Engineering and
Information Technology (JEEIT), April 2019, pp. 469–473.
. [28]  A. H. Al-Sharidah and H. A. Al-Essa, “Toward cost e ective
and optimal selection of it disaster recovery cloud solution,” in
2017 9th Computer Science and Electronic Engineering
(CEEC), Sep. 2017, pp. 43–48.
. [29]  N. Fearn and B. Turner. (2019) techradar.pro:best disaster
recovery (dr) and disaster recovery as a service (draas) providers
of 2019. [Online]. Available:
https://www.techradar.com/best/best-disaster-recovery-service
. [30]  A. Bhat, “Descriptive Research: De nition, Characteristics,
Methods, Examples and Advantages | QuestionPro,” Aug 2018,
[Online; accessed 1. Dec. 2019]. [Online]. Available:
https://www.questionpro.com/blog/descriptive-research
. [31]  “What is the Socio-Technical System Approach?” Feb
2011, [Online; accessed 1. Dec. 2019]. [Online]. Available:
https://cptransform.wordpress.com/2011/02/10/sociotechnicalsy
stem
. [32]  c. C. skillsyouneed. c. 2011-2019, “Quantitative and
Qualitative Research Methods | SkillsYouNeed,” Nov 2019,
[Online; accessed 1. Dec. 2019]. [Online]. Available:
https://www.skillsyouneed.com/learn/quantitative-and-
qualitative.html
. [33] https://www.upwork.com/hiring/data/sql-vs-nosql-databases-
whats-the-difference/

. [34]
https://www.w3schools.com/nodejs/nodejs_intro
.asp
 60

. [35] https://nodejs.org/en/about/

. [36]
https://www.w3schools.com/REACT/default.asp

. [37] ‫جي_إس‬.‫نود‬/https://ar.wikipedia.org/wiki
. [38] https://hostpresto.com/blog/should-i-learn-
django-or-node-js/
. [39]
https://www.w3schools.com/REACT/default.asp

. [40] https://www.arageek.com/l/ ‫الرياكت‬-‫هي‬-‫ما‬-

react-js

. [41] https://www.c-sharpcorner.com/article/what-
and-why-reactjs/