Presentation is loading. Please wait.

Presentation is loading. Please wait.

Business Continuity Planning and IT Disaster Recovery.

Published byJadyn Warner Modified over 9 years ago

Similar presentations

Presentation on theme: "Business Continuity Planning and IT Disaster Recovery."— Presentation transcript:

1 Business Continuity Planning and IT Disaster Recovery

2 Information Technology Project Management Learning Objectives How to avoid total organisational meltdown Laugh in the face of the saboteur! 2

3 Wal-Mart and Hurricane Katrina The Situation – Hurricane Katrina devastated New Orleans in 2005 Followed shortly by Hurricane Rita – The U.S. Federal Emergency Management Administration (FEMA) botched the relief effort Copyright Pearson Prentice-Hall 20103

4 Wal-Mart and Hurricane Katrina  Wal-Mart Is the Largest Retailer in the United States ◦ Supplied $20 million in cash ◦ Supplied 100,000 free meals ◦ 1,900 truckloads full of diapers, toothbrushes, other emergency supplies  45 trucks were rolling before the hurricane hit land ◦ Provided police and relief workers with flashlight, batteries, ammunition, protective gear, and meals Copyright Pearson Prentice-Hall 20104

5 Wal-Mart and Hurricane Katrina What Was Wal-Mart’s Process? Wall-Mart Business Continuity Center – A permanent department with a small core staff – Activated two days before Katrina hit – Soon, 50 managers and specialists were at work in the center Copyright Pearson Prentice-Hall 20105

6 Wal-Mart and Hurricane Katrina Wall-Mart Business Continuity Center – Before computer network went down, sent detailed orders to its distribution center in Mississippi – Recovery merchandise for stores: bleach and mops, etc. – 40 power generators to supply stores with backup power – Sent loss-prevention employees to secure stores Copyright Pearson Prentice-Hall 20106

7 Wal-Mart and Hurricane Katrina Communication – Network communication failed – But, with the help of a garage just outside New Orleans, a telephone line was set up and maintained to allow contact with key stakeholders Response – Stores came back to business within days – Engaged local law enforcement to preserve order so access to stores was maintained Copyright Pearson Prentice-Hall 20107

8 Wal-Mart and Hurricane Katrina Preparation – Full-time director of business continuity – Detailed business continuity plans – Clear lines of responsibility Multitasking – During all of this, they were monitoring a hurricane off Japan Copyright Pearson Prentice-Hall 20108

9 Incident Response Incidents Happen – Protections inevitably break down occasionally – Successful attacks are called security incidents, breaches, or compromises Incident Severity – False alarms Handled by the on-duty staff Waste time and may dull vigilance Copyright Pearson Prentice-Hall 20109

10 Incident Response Incident Severity – Major incidents Beyond the capabilities of the on-duty staff Must convene a Computer Security Incident Response Team (CSIRT) CSIRT needs participation beyond IT security Copyright Pearson Prentice-Hall 201010

11 Incident Response Incident Severity – Disasters Fires, floods, hurricanes, major terrorist attacks Must assure business continuity – Maintaining the day-to-day operations of the firm – Need a business continuity group headed by a senior manager – Core permanent staff will facilitate activities IT disaster response is restoring IT services – May be a subset of business continuity – May be a stand-alone IT disaster Copyright Pearson Prentice-Hall 201011

12 Rehearsals for Speed and Accuracy Speed and Accuracy Are of the Essence – Speed of response can reduce damage Attacker will have less time to do damage Speed is also necessary in recovery – Accuracy is equally important Common mistake is to act on incorrect assumptions If misdiagnose the problem or take the wrong approach, can make things much worse Copyright Pearson Prentice-Hall 201012

13 Rehearsals for Speed and Accuracy  Planning Before an Incident or Disaster ◦ Decide what to do ahead of time ◦ Have time to consider matters thoroughly and without the time pressure of a crisis ◦ During an attack, human decision-making skills degrade ◦ Incident response is reacting to incidents according to plan ◦ Within the plan, need to have flexibility to adapt ◦ Best to adapt within a plan than to improvise completely Copyright Pearson Prentice-Hall 201013

14 Rehearsals for Speed and Accuracy Team Members Must Rehearse the Plan – Rehearsals find mistakes in the plan – Practice builds speed Types of Rehearsals – Walkthroughs (table-top exercises) – Live tests (actually doing planned actions) can find subtle problems but are expensive Copyright Pearson Prentice-Hall 201014

15 Business Continuity Planning – A business continuity plan specifies how a company plans to restore or maintain core business operations when disasters occur – Disaster response is restoring IT services Copyright Pearson Prentice-Hall 201015

16 Business Continuity Planning Principles of Business Continuity Management – Protect people first Evacuation plans and drills Never allow staff members back into unsafe environments Must have a systematic way to account for all employees and notify loved ones Counseling afterwards Copyright Pearson Prentice-Hall 201016

17 Business Continuity Planning Principles of Business Continuity Management – People have reduced capacity in decision making during a crisis Planning and rehearsal are critical – Avoid rigidity Unexpected situations will arise Communication will break down and information will be unreliable Decision makers must have the flexibility to act Copyright Pearson Prentice-Hall 201017

18 Business Continuity Planning Principles of Business Continuity Management – Communication Try to compensate for inevitable breakdowns Have a backup communication system Communicate constantly to keep everybody “in the loop” Copyright Pearson Prentice-Hall 201018

19 Business Continuity Planning  Business Process Analysis ◦ Identification of business processes and their interrelationships ◦ Prioritization of business processes  Downtime tolerance  Importance to the organisation ◦ Resource needs (must be shifted during crises)  Cannot restore all business processes immediately Copyright Pearson Prentice-Hall 201019

20 Business Continuity Planning Testing the Plan – Difficult because of the scope of disasters – Difficult because of the number of people involved Copyright Pearson Prentice-Hall 201020

21 Business Continuity Planning Updating the Plan – Must be updated frequently – Business conditions change and businesses reorganize constantly – People who must execute the plan also change jobs constantly – Telephone numbers and other contact information must be updated far more frequently than the plan as a whole – Should have a small permanent staff Copyright Pearson Prentice-Hall 201021

22 Business Continuity versus Disaster Response Copyright Pearson Prentice-Hall 201022 Business Continuity: Keeping the entire firm operating or restoring the firm to operation IT Disaster Response: Keeping IT resources operating or restoring them to operation

23 IT Disaster Recovery – IT disaster recovery looks specifically at the technical aspects of how a company can get its IT back into operation using backup facilities – A subset of business continuity or for disasters the only affect IT – All decisions are business decisions and should not be made by mere IT or IT security staffs Copyright Pearson Prentice-Hall 201023

24 IT Disaster Recovery Types of Backup Facilities – Hot sites Ready to run (power, HVAC (heating and ventilating and air conditioning), computers): Just add data Considerations: Rapid readiness at high cost Must be careful to have the software at the hot site up- to-date in terms of configuration Copyright Pearson Prentice-Hall 201024

25 IT Disaster Recovery Types of Backup Facilities – Cold sites Building facilities, power, HVAC, communication to outside world only No computer equipment Less expensive but usually take too long to get operating Copyright Pearson Prentice-Hall 201025

26 IT Disaster Recovery Types of Backup Facilities – Site sharing Site sharing among a firm’s sites (problem of equipment compatibility and data synchronization) Continuous data protection needed to allow rapid recovery Copyright Pearson Prentice-Hall 201026

27 IT Disaster Recovery Office Computers – Hold much of a corporation’s data and analysis capability – Will need new computers if old computers are destroyed or unavailable Will need new software Well-synchronized data backup is critical – People will need a place to work Copyright Pearson Prentice-Hall 201027

28 IT Disaster Recovery Restoration of Data and Programs – Restoration from backup tapes: Need backup tapes at the remote recovery site – May be impossible during a disaster Testing the IT Disaster Recovery Plan – Difficult and expensive – Necessary Copyright Pearson Prentice-Hall 201028

Download ppt "Business Continuity Planning and IT Disaster Recovery."

Similar presentations

Information Security of Embedded Systems 9.1.2010: Design of Secure Systems Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST.

Information Security of Embedded Systems : Design of Secure Systems Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST.
Summary Overview of Vireo Student Submission of ETDs

Summary Overview of Vireo Student Submission of ETDs
® Microsoft Office 2010 Excel Tutorial 3: Working with Formulas and Functions.

® Microsoft Office 2010 Excel Tutorial 3: Working with Formulas and Functions.
Information Technology Disaster Recovery Awareness Program.

Information Technology Disaster Recovery Awareness Program.
Tutorial 1 Creating a Database

Tutorial 1 Creating a Database
ACOT Intro/Copyright Succeeding in Business with Microsoft Excel 2010: Chapter1.

ACOT Intro/Copyright Succeeding in Business with Microsoft Excel 2010: Chapter1.
July 2010 1 WELCOME Please take a few moments to review our services.

July WELCOME Please take a few moments to review our services.
© Wiley 20101 Chapter 1 - Introduction to Operations Management Operations Management by R. Dan Reid & Nada R. Sanders 4th Edition © Wiley 2010.

© Wiley Chapter 1 - Introduction to Operations Management Operations Management by R. Dan Reid & Nada R. Sanders 4th Edition © Wiley 2010.
Collaboration Works! 10/20/20101 Planning Research Institutional Effectiveness.

Collaboration Works! 10/20/20101 Planning Research Institutional Effectiveness.
Quick Training Guide New SpringerLink, August 2010.

Quick Training Guide New SpringerLink, August 2010.
© Prentice Hall 2002 15.1 CHAPTER 15 Managing the IS Function.

© Prentice Hall CHAPTER 15 Managing the IS Function.
Chapter 13 – Aggregate Planning

Chapter 13 – Aggregate Planning
Tutorial 8 Sharing, Integrating, and Analyzing Data

Tutorial 8 Sharing, Integrating, and Analyzing Data
Business Plug-In B4 MIS Infrastructures.

Business Plug-In B4 MIS Infrastructures.
Planning for the Future Disaster Recovery Plan / Business Continuity Plan Jim Zukowski, Ed.D. Texas State Board of Dental Examiners 2006 Annual ConferenceAlexandria,

Planning for the Future Disaster Recovery Plan / Business Continuity Plan Jim Zukowski, Ed.D. Texas State Board of Dental Examiners 2006 Annual ConferenceAlexandria,
Case Study: Business Continuity Planning for Site- Level Disaster Kimberley A. Pyles Northrop Grumman Corporation

Case Study: Business Continuity Planning for Site- Level Disaster Kimberley A. Pyles Northrop Grumman Corporation
Disasters: What We Plan For…. John F Bradfield, DVM, PhD, DACLAM Senior Director, AAALAC International.

Disasters: What We Plan For…. John F Bradfield, DVM, PhD, DACLAM Senior Director, AAALAC International.
Systems Availability and Business Continuity Chapter Four Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc. 2007.

Systems Availability and Business Continuity Chapter Four Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc
Building Disaster-Resilient Places STEP ONE – Forming a Collaborative Planning Team.

Building Disaster-Resilient Places STEP ONE – Forming a Collaborative Planning Team.
JOELLE QUIAPO FOLA OYEDIRAN GREG SWENSON SUKHI BEDI CHENYU GONG Disaster Recovery and Business Continuity Planning: Testing an Organization’s Plans What.

JOELLE QUIAPO FOLA OYEDIRAN GREG SWENSON SUKHI BEDI CHENYU GONG Disaster Recovery and Business Continuity Planning: Testing an Organization’s Plans What.

Similar presentations

Ads by Google