Disaster Recovery Planning Paper
This paper is intended to give you basis principles of disaster recovery planning and understanding the process. The information presented is to help prepare you to respond to a disaster and restore normal operations afterward. There is a lot of information that goes into a disaster recovery plan, so we will discuss a few of the important steps that need to be approached. One of the first things a company should do is ask what types of requirements or pressures it faces when deciding how to prioritize business processes and facilities for a disaster recovery. What departments are most important when backing up data, organizing a planning team, assessing risks in the company, establishing roles across departments, developing policies and procedures,
…show more content…
documenting these procedures, documenting the disaster recovery procedures and finally training, testing and rehearsal for the real thing. Planning for disaster recovery is like implementing a new system which it actually is implementing a system. To successfully manage business continuity during a disaster and restore normal operation, a company must mobilize all the resources needed to continue their operations and return to a normal state as soon as possible. Time and money in today’s economy, an hour could be worth thousands of dollars. Some of the pressures organizations face start with getting the organization to focus on and fund business continuity, disaster recovery planning, and infrastructure. By placing business continuity and disaster recovery considerations within the business context of the IT department the contradictions are erased. This improves performance and profitability, although an investment is still required but the payoff will be worth while. What does continuity have to do with disaster recovery? This is the difference between what the business needs at the time of the disaster and the reality of what IT can provide in terms of information availability and business functionality at the time of the disaster. This takes a great deal of management and IT working together and planning, so that the investment and risk decisions can be made based on accurate information and realistic expectations. The key is arriving at an intimate understanding of what is really needed to sustain the business and what is possible to achieve. In developing and prioritizing a solid disaster recovery plan requires the support and participation of upper level managers, all business unit managers, may involve legal counsel and directors of all functional departments such as Human Resources, Facilities Management, IT and Corporate Security (Croy, 2007). When prioritizing the planning and deciding which departments are most critical you must identify the business functions, systems and processes. Obtain input from Executive and Functional Managers to determine each system’s critical points. The critical resources that are identified must include everything necessary to support the critical function, system and/or processes. Some examples of the critical resources are: servers, workstations and peripheral, applications and data, media and output, telecommunications connections, physical infrastructure such as electrical power, environmental controls and personnel. As a disaster planner you must analyze all the critical resources identified and determine the impact on the information system operations. This must include analysis for an allowable outage, i.e., how long can the organization afford to be without this resource? Once resources and information are prioritized you can start to organize the disaster recovery planning team.
The organizing team must be a well-rounded group that represents all the functions of the organization. The team represents and ensures that essential business processes are not overlooked during plan development. The team must have a designated leader or even two, which helps to maintain momentum and continuity if one leader is unavailable. Each participating department should assign a primary representative and an alternate to the team. The team should be trained in disaster recovery planning, either by attending outside training or an in-house session. Once the team is in place you will need to establish a schedule of activities for completing the project. The team should begin an awareness campaign about disaster recovery planning within the organization and all employees should be made aware that a plan is under way. To break this down in simpler terms the planning team includes the role of IT staff and network managers, creating interdepartmental subcommittees, organizing the team at the departmental level and IT staff and network managers should work with department teams creating an inventory of planning team …show more content…
skills. After you have established the planning team, assessing risks in the organization and collecting risk assessment data and documenting business processes is essential. All business processes must be identified and analyzed during a business impact analysis. Then these processes are ranked as critical, essential, necessary and desirable. Each process is evaluated to determine the potential loss that would be incurred in the event of disruption. This also determines the likelihood of disruptions by reviewing the types of threats an organization may face. Part of the analysis is the planning team should review legal and contractual requirements to determine the consequences of business disruption. Along with the analysis the team should review disaster related insurance to determine what coverage may be available and the requirements for eligibility. Some tests the planning team will need to focus on are: Do labor requirements affect the classification of systems and functions? Do competitive pressures affect the classification of systems and functions? Do financial pressures, social expectations and management requirements affect these functions? An organization should conduct a return on investment analysis to determine what types of backup systems and disaster recovery processes they need to lessen the damage. When you have finished assessing risks in the organization the next step would be establishing roles across departments. Cross-functional training is imperative when ensuring the overall plan will work in the face of disaster. The chief leaders or coordinators and key individuals from each department, per location, working in collaboration to ensure the proper information is stored and in what kind of period. By this point the priorities and system recovery requirements are already decided, it is now up to the individuals on the local level to ensure the proper information is handled per the specifications of the plan. It is also very important to have a backup individual trained on a cross-functional level as well. These individuals must know the pertinent information such as; passwords, location of keys, and who to contact immediately just incase the main individuals are unavailable in the time of need. The policies and procedures should be developed, implemented, and updated by a specific task group working very closely with human resources to ensure the proper amount of training is provided to those individuals responsible for any actions of recovery during a disaster. This would also include the process and method for emergency updates and mock emergencies, scheduled and unannounced. Just as the policies need to be accurate and up to date, the parameters for required updates needs to be established as well, as that is equally as important as the entire plan itself. “The top level of the organization should issue a clear policy statement on disaster recovery planning. At an absolute minimum, this statement should contain the following instructions:
• The organization should develop a comprehensive disaster recovery plan.
• A formal risk assessment should be undertaken in order to determine the requirements for the disaster recovery plan.
• The disaster recovery plan should be periodically tested in a simulated environment to ensure that it can be implemented in emergency situations and that the management and staff understand how it is to be executed.
• The disaster recovery plan should cover all essential and critical business activities.
• The disaster recovery plan is to be kept up to date to take into account changing circumstances.
• All staff must be made aware of the disaster recovery plan and their own roles within.
• A similar policy statement to this should be communicated to all management and staff as part of its information security policy management process. “ (Disaster Recovery: A Preparation Checklist. 2002) The documentation of the Disaster Recovery Plan is very important to the success of the plan.
All daily business function documentation should be stored in the same location and backed up daily on and off site. This should also include a back up of the overall system as specified by the Disaster Recovery Plan requirements, as a daily back up is not as necessary and is based more on the volume and schedules of updates. For safety and restoration needs, all backup information must be stored on site and off. The business should always keep in mind that the main goal is to achieve minimal disruption to all IT systems and to restore back to normal business functions with out loss of
information. “The increase in technological based processes over the past ten years, and particularly within the last five, have significantly increased the level of dependency upon the availability of systems and information for the business to function effectively. These changes are likely to continue, and it is likely that the only certainty is that the pace of change will continue to increase. It is necessary for the disaster recovery plan to keep pace with these changes in order for it to be of use in the event of a disruptive emergency. To ensure this, the disaster recovery plan update process must be properly structured and controlled. Further, whenever changes are made to the plan they are to be fully tested and appropriate amendments should be made to the training materials. This will involve the use of formalised change control procedures under the control of the plan's owner. “(Disaster Recovery: A Preparation Checklist. 2002) By safeguarding the information housed off site, it is helping to ensure the portability of the entire system to be able to function outside of the normal office space. Thusly, through a bit of reorganization to a new location, essentially all systems would have the capability of being restored even if the current building burnt to the ground. The documentation of the procedures will be the responsibility of the Chief leaders of the task group. This should be the sole task of one individual w/ an alternate individual assigned as a backup, yet collaborating and working as one individual. This document will provide a step-by-step guide to any disaster involving IT functions. It will also cover the restoration instructions for a speedy recovery, emergency contacts, location of hard copies on site and off.
Disaster can strike at any time, in many different forms. Disaster can be at many differing levels of destruction. It can take out systems for several hours or it can completely decimate an entire system completely. Threats of disaster can be classified in several categories as follows:
1) Technological threats can be power failures, server overload crashes and viruses.
2) Natural threats can be storms, earthquakes, tornadoes, fires and blizzards.
3) Human threats can be terrorism, theft and vandalism.
It is imperative to take into account as many, or all of, these threats as possible in order to implement the scenarios into the Disaster Recovery Plan (DRP). Once disaster strikes there will not be sufficient time to analyze the situation, it must be an immediate response. In addition to the threats, The DRP must take into account each department along with the resources and personnel necessary in the event a disaster takes place. In addition, identification and prioritization of resources must take place to determine the level of the disaster, such as:
1) Is the recovery of the systems and resources necessary within minutes of the disaster?
2) Is the recovery of the systems and resources necessary within 24 hours of the disaster?
3) Is the recovery of the systems and resources necessary within days or weeks of the disaster?
Although it is not possible to take into account every possible scenario and situation, a checklist such as that in Table “A” will aide in preparation of the DRP.
Table “A”
• Analyze your business and rank your business needs in terms of priorities;
-- What business needs have to be back up and running within minutes or hours?
-- What can be down for 24 hours?
-- What services or functions could be down for a week or two weeks?
• Identify and prioritize risks, such as natural disasters, insider threats and physical, as well as cyber, terrorist attacks. Develop plans and policies to lesson those risks;
• Put together recovery teams with defined personnel, roles, functions and hierarchy;
• Do you have the backup systems in place to keep the business running?
• Are backups automatic and done in periodic intervals, such as every minute, every hour or every day? Figure out your backup priorities. Not everything needs to be backed up every hour but some things should;
• Don't have all your IT people working in the same place. If something happened to that building, you would lose all of your talent and it would cripple your ability to get the network up and running again;
• Figure out your biggest over potential failures. Is it power, Internet access, a building or phone lines?
• If you're a software company, is your source code spread around so if something happens to one server or one location, all isn't lost?
• Map out your network. Know what's on it and where it's located.
• Know the systems running on your network;
• Know where workers are supposed to be located and have contact information for them and their families. Set up notification procedures, such as calling trees;
• Have contact information for business partners, contractors, consultants and vendors at hand;
• Set up generators to keep your electronics functioning;
• Keep backups off site;
• Have mirrored data centers and servers;
• Do you have a backup ISP or teleco?
• Set up escape routes for your buildings and make sure employees are familiar with them;
• Establish quick-ship programs with vendors to get the equipment you might need to replace to get back in operation;
• Plan for remote access needs in case you suddenly can't work onsite. (Disaster Recovery: A Preparation Checklist. 2002) Upon the implementation of a DRP management tends to relax. In order to insure that a DRP functions correctly it must be tested. In a quote from Disaster Recovery Journal, “in an online poll conducted between May and June 2001, reported that 65.5% of 2223 respondents had not enacted their DRP in the past 10 years, and that a further 26.32% had enacted it only one to three time” (Disaster Recovery Plan Testing: Cycle the Plan, Plan the Cycle. n.d.). “…ten years from now, people may look back at 2001 as the year when disaster recovery shifted from ‘a good idea when you can afford it’ to ‘integral to the heart of your business’ ” (Rothstein, Nov 2001).
Management support or “buy-in” is essential for the DRP to work properly, correctly, and efficiently. Upon management acceptance, the determination of what needs to be tested must be decided along with the disaster recovery team. Upon completion of the test criteria, the testing methodology must be chosen, see table “B”, such that:
Table “B”
• The DRP is tested to the fullest extent possible
• The associated costs are not prohibitive
• Service disruptions are minimal or non-existent
• The tests provide a high degree of assurance in recovery capability
• Evaluation of test results provides quality input to DRP maintenance
All the necessary preparation and documentation will not assure a successful DRP though. Maintenance and execution of a successful DRP can be had through practice. Drills or simulated war games are one way in which the DRP can be successfully tested. In addition to familiarizing the responsible individuals involved with their specific responsibilities, the war games also contribute in the following ways:
• “Taming confusion, panic, and other negative emotional reactions during a disaster”.
• “Testing the effectiveness of the procedures in various real world scenarios”.
• “Identifying areas of the procedures and teams that need improvement or additions”.
• “Providing practical training to disaster recovery teams”.
• “Helping disaster recovery teams implement and simulate new crisis scenarios that may have been previously unknown”.
• “Benchmarking the response time of disaster recovery teams”.
• “Testing the amount of time required to recover various systems and resources”.
• “Allowing disaster recovery personnel to test the cohesion and teamwork within all levels of the organization's staff”.
(Introduction to Disaster Recovery planning, 2005)
Conclusion There are countless events, or disasters, that may occur and wreak havoc on a company. Many can be prevented by the implementation of a DRP, while some may be only contained and monitored to lessen the damage. It would be virtually impossible to take account each and every scenario or event that can jeopardize the continuation of business on a daily basis. Companies musts asses their business, identify the critical assets of the company and continually monitor the implemented DRP. Although it can not be predicted, should a disaster occur the companies that have implemented and performed according to the above outline will inevitably stand a better chance at recovery than those that have not.
“…ten years from now, people may look back at 2001 as the year when disaster recovery shifted from ‘a good idea when you can afford it’ to ‘integral to the heart of your business’ ”. (Rothstein, Nov 2001) (Krocker, G.W. 2002)
Appendix
Figure “C” is the DRP testing circle adapted from the Disaster Recovery Journal DR Glossary (Krocker, G.W. 2002).
(Krocker, G.W. 2002).
documenting these procedures, documenting the disaster recovery procedures and finally training, testing and rehearsal for the real thing. Planning for disaster recovery is like implementing a new system which it actually is implementing a system. To successfully manage business continuity during a disaster and restore normal operation, a company must mobilize all the resources needed to continue their operations and return to a normal state as soon as possible. Time and money in today’s economy, an hour could be worth thousands of dollars. Some of the pressures organizations face start with getting the organization to focus on and fund business continuity, disaster recovery planning, and infrastructure. By placing business continuity and disaster recovery considerations within the business context of the IT department the contradictions are erased. This improves performance and profitability, although an investment is still required but the payoff will be worth while. What does continuity have to do with disaster recovery? This is the difference between what the business needs at the time of the disaster and the reality of what IT can provide in terms of information availability and business functionality at the time of the disaster. This takes a great deal of management and IT working together and planning, so that the investment and risk decisions can be made based on accurate information and realistic expectations. The key is arriving at an intimate understanding of what is really needed to sustain the business and what is possible to achieve. In developing and prioritizing a solid disaster recovery plan requires the support and participation of upper level managers, all business unit managers, may involve legal counsel and directors of all functional departments such as Human Resources, Facilities Management, IT and Corporate Security (Croy, 2007). When prioritizing the planning and deciding which departments are most critical you must identify the business functions, systems and processes. Obtain input from Executive and Functional Managers to determine each system’s critical points. The critical resources that are identified must include everything necessary to support the critical function, system and/or processes. Some examples of the critical resources are: servers, workstations and peripheral, applications and data, media and output, telecommunications connections, physical infrastructure such as electrical power, environmental controls and personnel. As a disaster planner you must analyze all the critical resources identified and determine the impact on the information system operations. This must include analysis for an allowable outage, i.e., how long can the organization afford to be without this resource? Once resources and information are prioritized you can start to organize the disaster recovery planning team.
The organizing team must be a well-rounded group that represents all the functions of the organization. The team represents and ensures that essential business processes are not overlooked during plan development. The team must have a designated leader or even two, which helps to maintain momentum and continuity if one leader is unavailable. Each participating department should assign a primary representative and an alternate to the team. The team should be trained in disaster recovery planning, either by attending outside training or an in-house session. Once the team is in place you will need to establish a schedule of activities for completing the project. The team should begin an awareness campaign about disaster recovery planning within the organization and all employees should be made aware that a plan is under way. To break this down in simpler terms the planning team includes the role of IT staff and network managers, creating interdepartmental subcommittees, organizing the team at the departmental level and IT staff and network managers should work with department teams creating an inventory of planning team …show more content…
skills. After you have established the planning team, assessing risks in the organization and collecting risk assessment data and documenting business processes is essential. All business processes must be identified and analyzed during a business impact analysis. Then these processes are ranked as critical, essential, necessary and desirable. Each process is evaluated to determine the potential loss that would be incurred in the event of disruption. This also determines the likelihood of disruptions by reviewing the types of threats an organization may face. Part of the analysis is the planning team should review legal and contractual requirements to determine the consequences of business disruption. Along with the analysis the team should review disaster related insurance to determine what coverage may be available and the requirements for eligibility. Some tests the planning team will need to focus on are: Do labor requirements affect the classification of systems and functions? Do competitive pressures affect the classification of systems and functions? Do financial pressures, social expectations and management requirements affect these functions? An organization should conduct a return on investment analysis to determine what types of backup systems and disaster recovery processes they need to lessen the damage. When you have finished assessing risks in the organization the next step would be establishing roles across departments. Cross-functional training is imperative when ensuring the overall plan will work in the face of disaster. The chief leaders or coordinators and key individuals from each department, per location, working in collaboration to ensure the proper information is stored and in what kind of period. By this point the priorities and system recovery requirements are already decided, it is now up to the individuals on the local level to ensure the proper information is handled per the specifications of the plan. It is also very important to have a backup individual trained on a cross-functional level as well. These individuals must know the pertinent information such as; passwords, location of keys, and who to contact immediately just incase the main individuals are unavailable in the time of need. The policies and procedures should be developed, implemented, and updated by a specific task group working very closely with human resources to ensure the proper amount of training is provided to those individuals responsible for any actions of recovery during a disaster. This would also include the process and method for emergency updates and mock emergencies, scheduled and unannounced. Just as the policies need to be accurate and up to date, the parameters for required updates needs to be established as well, as that is equally as important as the entire plan itself. “The top level of the organization should issue a clear policy statement on disaster recovery planning. At an absolute minimum, this statement should contain the following instructions:
• The organization should develop a comprehensive disaster recovery plan.
• A formal risk assessment should be undertaken in order to determine the requirements for the disaster recovery plan.
• The disaster recovery plan should be periodically tested in a simulated environment to ensure that it can be implemented in emergency situations and that the management and staff understand how it is to be executed.
• The disaster recovery plan should cover all essential and critical business activities.
• The disaster recovery plan is to be kept up to date to take into account changing circumstances.
• All staff must be made aware of the disaster recovery plan and their own roles within.
• A similar policy statement to this should be communicated to all management and staff as part of its information security policy management process. “ (Disaster Recovery: A Preparation Checklist. 2002) The documentation of the Disaster Recovery Plan is very important to the success of the plan.
All daily business function documentation should be stored in the same location and backed up daily on and off site. This should also include a back up of the overall system as specified by the Disaster Recovery Plan requirements, as a daily back up is not as necessary and is based more on the volume and schedules of updates. For safety and restoration needs, all backup information must be stored on site and off. The business should always keep in mind that the main goal is to achieve minimal disruption to all IT systems and to restore back to normal business functions with out loss of
information. “The increase in technological based processes over the past ten years, and particularly within the last five, have significantly increased the level of dependency upon the availability of systems and information for the business to function effectively. These changes are likely to continue, and it is likely that the only certainty is that the pace of change will continue to increase. It is necessary for the disaster recovery plan to keep pace with these changes in order for it to be of use in the event of a disruptive emergency. To ensure this, the disaster recovery plan update process must be properly structured and controlled. Further, whenever changes are made to the plan they are to be fully tested and appropriate amendments should be made to the training materials. This will involve the use of formalised change control procedures under the control of the plan's owner. “(Disaster Recovery: A Preparation Checklist. 2002) By safeguarding the information housed off site, it is helping to ensure the portability of the entire system to be able to function outside of the normal office space. Thusly, through a bit of reorganization to a new location, essentially all systems would have the capability of being restored even if the current building burnt to the ground. The documentation of the procedures will be the responsibility of the Chief leaders of the task group. This should be the sole task of one individual w/ an alternate individual assigned as a backup, yet collaborating and working as one individual. This document will provide a step-by-step guide to any disaster involving IT functions. It will also cover the restoration instructions for a speedy recovery, emergency contacts, location of hard copies on site and off.
Disaster can strike at any time, in many different forms. Disaster can be at many differing levels of destruction. It can take out systems for several hours or it can completely decimate an entire system completely. Threats of disaster can be classified in several categories as follows:
1) Technological threats can be power failures, server overload crashes and viruses.
2) Natural threats can be storms, earthquakes, tornadoes, fires and blizzards.
3) Human threats can be terrorism, theft and vandalism.
It is imperative to take into account as many, or all of, these threats as possible in order to implement the scenarios into the Disaster Recovery Plan (DRP). Once disaster strikes there will not be sufficient time to analyze the situation, it must be an immediate response. In addition to the threats, The DRP must take into account each department along with the resources and personnel necessary in the event a disaster takes place. In addition, identification and prioritization of resources must take place to determine the level of the disaster, such as:
1) Is the recovery of the systems and resources necessary within minutes of the disaster?
2) Is the recovery of the systems and resources necessary within 24 hours of the disaster?
3) Is the recovery of the systems and resources necessary within days or weeks of the disaster?
Although it is not possible to take into account every possible scenario and situation, a checklist such as that in Table “A” will aide in preparation of the DRP.
Table “A”
• Analyze your business and rank your business needs in terms of priorities;
-- What business needs have to be back up and running within minutes or hours?
-- What can be down for 24 hours?
-- What services or functions could be down for a week or two weeks?
• Identify and prioritize risks, such as natural disasters, insider threats and physical, as well as cyber, terrorist attacks. Develop plans and policies to lesson those risks;
• Put together recovery teams with defined personnel, roles, functions and hierarchy;
• Do you have the backup systems in place to keep the business running?
• Are backups automatic and done in periodic intervals, such as every minute, every hour or every day? Figure out your backup priorities. Not everything needs to be backed up every hour but some things should;
• Don't have all your IT people working in the same place. If something happened to that building, you would lose all of your talent and it would cripple your ability to get the network up and running again;
• Figure out your biggest over potential failures. Is it power, Internet access, a building or phone lines?
• If you're a software company, is your source code spread around so if something happens to one server or one location, all isn't lost?
• Map out your network. Know what's on it and where it's located.
• Know the systems running on your network;
• Know where workers are supposed to be located and have contact information for them and their families. Set up notification procedures, such as calling trees;
• Have contact information for business partners, contractors, consultants and vendors at hand;
• Set up generators to keep your electronics functioning;
• Keep backups off site;
• Have mirrored data centers and servers;
• Do you have a backup ISP or teleco?
• Set up escape routes for your buildings and make sure employees are familiar with them;
• Establish quick-ship programs with vendors to get the equipment you might need to replace to get back in operation;
• Plan for remote access needs in case you suddenly can't work onsite. (Disaster Recovery: A Preparation Checklist. 2002) Upon the implementation of a DRP management tends to relax. In order to insure that a DRP functions correctly it must be tested. In a quote from Disaster Recovery Journal, “in an online poll conducted between May and June 2001, reported that 65.5% of 2223 respondents had not enacted their DRP in the past 10 years, and that a further 26.32% had enacted it only one to three time” (Disaster Recovery Plan Testing: Cycle the Plan, Plan the Cycle. n.d.). “…ten years from now, people may look back at 2001 as the year when disaster recovery shifted from ‘a good idea when you can afford it’ to ‘integral to the heart of your business’ ” (Rothstein, Nov 2001).
Management support or “buy-in” is essential for the DRP to work properly, correctly, and efficiently. Upon management acceptance, the determination of what needs to be tested must be decided along with the disaster recovery team. Upon completion of the test criteria, the testing methodology must be chosen, see table “B”, such that:
Table “B”
• The DRP is tested to the fullest extent possible
• The associated costs are not prohibitive
• Service disruptions are minimal or non-existent
• The tests provide a high degree of assurance in recovery capability
• Evaluation of test results provides quality input to DRP maintenance
All the necessary preparation and documentation will not assure a successful DRP though. Maintenance and execution of a successful DRP can be had through practice. Drills or simulated war games are one way in which the DRP can be successfully tested. In addition to familiarizing the responsible individuals involved with their specific responsibilities, the war games also contribute in the following ways:
• “Taming confusion, panic, and other negative emotional reactions during a disaster”.
• “Testing the effectiveness of the procedures in various real world scenarios”.
• “Identifying areas of the procedures and teams that need improvement or additions”.
• “Providing practical training to disaster recovery teams”.
• “Helping disaster recovery teams implement and simulate new crisis scenarios that may have been previously unknown”.
• “Benchmarking the response time of disaster recovery teams”.
• “Testing the amount of time required to recover various systems and resources”.
• “Allowing disaster recovery personnel to test the cohesion and teamwork within all levels of the organization's staff”.
(Introduction to Disaster Recovery planning, 2005)
Conclusion There are countless events, or disasters, that may occur and wreak havoc on a company. Many can be prevented by the implementation of a DRP, while some may be only contained and monitored to lessen the damage. It would be virtually impossible to take account each and every scenario or event that can jeopardize the continuation of business on a daily basis. Companies musts asses their business, identify the critical assets of the company and continually monitor the implemented DRP. Although it can not be predicted, should a disaster occur the companies that have implemented and performed according to the above outline will inevitably stand a better chance at recovery than those that have not.
“…ten years from now, people may look back at 2001 as the year when disaster recovery shifted from ‘a good idea when you can afford it’ to ‘integral to the heart of your business’ ”. (Rothstein, Nov 2001) (Krocker, G.W. 2002)
Appendix
Figure “C” is the DRP testing circle adapted from the Disaster Recovery Journal DR Glossary (Krocker, G.W. 2002).
(Krocker, G.W. 2002).