Presentation is loading. Please wait.

Presentation is loading. Please wait.

Business Continuity Planning and IT Disaster Recovery.

Similar presentations

Presentation on theme: "Business Continuity Planning and IT Disaster Recovery."— Presentation transcript:

1 Business Continuity Planning and IT Disaster Recovery

2 Information Technology Project Management Learning Objectives How to avoid total organisational meltdown Laugh in the face of the saboteur! 2

3 Wal-Mart and Hurricane Katrina The Situation – Hurricane Katrina devastated New Orleans in 2005 Followed shortly by Hurricane Rita – The U.S. Federal Emergency Management Administration (FEMA) botched the relief effort Copyright Pearson Prentice-Hall 20103

4 Wal-Mart and Hurricane Katrina  Wal-Mart Is the Largest Retailer in the United States ◦ Supplied $20 million in cash ◦ Supplied 100,000 free meals ◦ 1,900 truckloads full of diapers, toothbrushes, other emergency supplies  45 trucks were rolling before the hurricane hit land ◦ Provided police and relief workers with flashlight, batteries, ammunition, protective gear, and meals Copyright Pearson Prentice-Hall 20104

5 Wal-Mart and Hurricane Katrina What Was Wal-Mart’s Process? Wall-Mart Business Continuity Center – A permanent department with a small core staff – Activated two days before Katrina hit – Soon, 50 managers and specialists were at work in the center Copyright Pearson Prentice-Hall 20105

6 Wal-Mart and Hurricane Katrina Wall-Mart Business Continuity Center – Before computer network went down, sent detailed orders to its distribution center in Mississippi – Recovery merchandise for stores: bleach and mops, etc. – 40 power generators to supply stores with backup power – Sent loss-prevention employees to secure stores Copyright Pearson Prentice-Hall 20106

7 Wal-Mart and Hurricane Katrina Communication – Network communication failed – But, with the help of a garage just outside New Orleans, a telephone line was set up and maintained to allow contact with key stakeholders Response – Stores came back to business within days – Engaged local law enforcement to preserve order so access to stores was maintained Copyright Pearson Prentice-Hall 20107

8 Wal-Mart and Hurricane Katrina Preparation – Full-time director of business continuity – Detailed business continuity plans – Clear lines of responsibility Multitasking – During all of this, they were monitoring a hurricane off Japan Copyright Pearson Prentice-Hall 20108

9 Incident Response Incidents Happen – Protections inevitably break down occasionally – Successful attacks are called security incidents, breaches, or compromises Incident Severity – False alarms Handled by the on-duty staff Waste time and may dull vigilance Copyright Pearson Prentice-Hall 20109

10 Incident Response Incident Severity – Major incidents Beyond the capabilities of the on-duty staff Must convene a Computer Security Incident Response Team (CSIRT) CSIRT needs participation beyond IT security Copyright Pearson Prentice-Hall 201010

11 Incident Response Incident Severity – Disasters Fires, floods, hurricanes, major terrorist attacks Must assure business continuity – Maintaining the day-to-day operations of the firm – Need a business continuity group headed by a senior manager – Core permanent staff will facilitate activities IT disaster response is restoring IT services – May be a subset of business continuity – May be a stand-alone IT disaster Copyright Pearson Prentice-Hall 201011

12 Rehearsals for Speed and Accuracy Speed and Accuracy Are of the Essence – Speed of response can reduce damage Attacker will have less time to do damage Speed is also necessary in recovery – Accuracy is equally important Common mistake is to act on incorrect assumptions If misdiagnose the problem or take the wrong approach, can make things much worse Copyright Pearson Prentice-Hall 201012

13 Rehearsals for Speed and Accuracy  Planning Before an Incident or Disaster ◦ Decide what to do ahead of time ◦ Have time to consider matters thoroughly and without the time pressure of a crisis ◦ During an attack, human decision-making skills degrade ◦ Incident response is reacting to incidents according to plan ◦ Within the plan, need to have flexibility to adapt ◦ Best to adapt within a plan than to improvise completely Copyright Pearson Prentice-Hall 201013

14 Rehearsals for Speed and Accuracy Team Members Must Rehearse the Plan – Rehearsals find mistakes in the plan – Practice builds speed Types of Rehearsals – Walkthroughs (table-top exercises) – Live tests (actually doing planned actions) can find subtle problems but are expensive Copyright Pearson Prentice-Hall 201014

15 Business Continuity Planning – A business continuity plan specifies how a company plans to restore or maintain core business operations when disasters occur – Disaster response is restoring IT services Copyright Pearson Prentice-Hall 201015

16 Business Continuity Planning Principles of Business Continuity Management – Protect people first Evacuation plans and drills Never allow staff members back into unsafe environments Must have a systematic way to account for all employees and notify loved ones Counseling afterwards Copyright Pearson Prentice-Hall 201016

17 Business Continuity Planning Principles of Business Continuity Management – People have reduced capacity in decision making during a crisis Planning and rehearsal are critical – Avoid rigidity Unexpected situations will arise Communication will break down and information will be unreliable Decision makers must have the flexibility to act Copyright Pearson Prentice-Hall 201017

18 Business Continuity Planning Principles of Business Continuity Management – Communication Try to compensate for inevitable breakdowns Have a backup communication system Communicate constantly to keep everybody “in the loop” Copyright Pearson Prentice-Hall 201018

19 Business Continuity Planning  Business Process Analysis ◦ Identification of business processes and their interrelationships ◦ Prioritization of business processes  Downtime tolerance  Importance to the organisation ◦ Resource needs (must be shifted during crises)  Cannot restore all business processes immediately Copyright Pearson Prentice-Hall 201019

20 Business Continuity Planning Testing the Plan – Difficult because of the scope of disasters – Difficult because of the number of people involved Copyright Pearson Prentice-Hall 201020

21 Business Continuity Planning Updating the Plan – Must be updated frequently – Business conditions change and businesses reorganize constantly – People who must execute the plan also change jobs constantly – Telephone numbers and other contact information must be updated far more frequently than the plan as a whole – Should have a small permanent staff Copyright Pearson Prentice-Hall 201021

22 Business Continuity versus Disaster Response Copyright Pearson Prentice-Hall 201022 Business Continuity: Keeping the entire firm operating or restoring the firm to operation IT Disaster Response: Keeping IT resources operating or restoring them to operation

23 IT Disaster Recovery – IT disaster recovery looks specifically at the technical aspects of how a company can get its IT back into operation using backup facilities – A subset of business continuity or for disasters the only affect IT – All decisions are business decisions and should not be made by mere IT or IT security staffs Copyright Pearson Prentice-Hall 201023

24 IT Disaster Recovery Types of Backup Facilities – Hot sites Ready to run (power, HVAC (heating and ventilating and air conditioning), computers): Just add data Considerations: Rapid readiness at high cost Must be careful to have the software at the hot site up- to-date in terms of configuration Copyright Pearson Prentice-Hall 201024

25 IT Disaster Recovery Types of Backup Facilities – Cold sites Building facilities, power, HVAC, communication to outside world only No computer equipment Less expensive but usually take too long to get operating Copyright Pearson Prentice-Hall 201025

26 IT Disaster Recovery Types of Backup Facilities – Site sharing Site sharing among a firm’s sites (problem of equipment compatibility and data synchronization) Continuous data protection needed to allow rapid recovery Copyright Pearson Prentice-Hall 201026

27 IT Disaster Recovery Office Computers – Hold much of a corporation’s data and analysis capability – Will need new computers if old computers are destroyed or unavailable Will need new software Well-synchronized data backup is critical – People will need a place to work Copyright Pearson Prentice-Hall 201027

28 IT Disaster Recovery Restoration of Data and Programs – Restoration from backup tapes: Need backup tapes at the remote recovery site – May be impossible during a disaster Testing the IT Disaster Recovery Plan – Difficult and expensive – Necessary Copyright Pearson Prentice-Hall 201028

Download ppt "Business Continuity Planning and IT Disaster Recovery."

Similar presentations

Ads by Google