Presentation is loading. Please wait.

Presentation is loading. Please wait.

ISA 562 Internet Security Theory & Practice

Published byJoy Haynes Modified over 8 years ago

Similar presentations

Presentation on theme: "ISA 562 Internet Security Theory & Practice"— Presentation transcript:

1 ISA 562 Internet Security Theory & Practice
Domain 6: Business Continuity & Disaster Recovery Planning ISA 562

2 Objectives Response to save business and human life
Recovery activities after a disaster to normal operations Recovery plans to resume interrupted critical business 2 2

3 Introduction Need to process critical business systems in the event of disruption to normal business data processing operations. Ensure the availability of critical information system resources in the event of an unexpected network interruption or disaster Many kinds of plans Contingency plans, Business Continuity Planning (BCP), Disaster Recovery Planning (DRP) 3 3

4 BCP and DRP Life cycle Steps of BCP and DRP project life cycle
Project Scope Development and planning Business Continuity analysis (BIA) and functional requirements (for BIA steps, please see the book) Business Continuity and Recovery Strategy Plan Design and Development Restoration Feedback 4 4

5 Project Scope and Development Planning
Higher management’s commitment to go through the different steps of the project. Deliverables Project scope definition Producing a Project plan Dedicating a steering committee for the project The BCP should be aligned with the organization's mission Business continuity steering committee should Know the mission statement in order to place the scope Have required authorization Resources requirement need to be known at this stage Budget requirements are estimated and validated Personnel availability Knowing key points of contact or personnel in an emergency 5 5

6 Business Impact Analysis (BIA)
Evaluates all business functions against a common criterion to assess potential impacts to the business by an interruption The following fall under the BIA Preparing a BIA format Assess potential impacts Prioritize: very important for business functions Elements to consider Analysis of different threats for the business Identification of critical business functions and units Emergency Assessment 3rd party considerations 6 6

7 Different Items to be considered in BIA
Threats analysis Human Made threats, Natural threats, IT threats Etc Identify critical business functions: some characteristics Time Sensitivity, Data Integrity, Etc Their impact on business: Financial & Operational Impact , Reputation etc Emergency Assessment Affected Areas Alerting procedures Security and safety procedures and guidelines, Etc 3rd party considerations Need to look at Down stream liabilities and upstream impacts Compliance requirements, SLA Agreements, etc 7 7

8 Business Continuity and recovery Strategy
Business Unit Priorities: Business units are examined for BIA identified critical functions Critical processes and functions are reviewed by the Steering committee and establishes priorities Find the minimum resources required to carry out identified functions Priorities are documented Recovery time Objective (RTO): is the maximum time to restore a critical function Recovery point objective (RPO): minimum tolerable amount of data integrity Perform a Cost/Benefit analysis 8 8

9 Recovery Alternatives
Three approaches for recovery Dedicated site operated by the organization Multiple processing centers Commercially leased facility Hot site / cost high Worm site / cost moderate Cold site / cost lowest Agreement with an Internal or external facility Identify organizations with equivalent IT configurations and backup technologies and establish an agreement Types of agreements Reciprocal or Mutual Aid Contingency Service Bureau 9 9

10 Backup Strategies Location and Storage Criteria Resilience Strategies
Replication Storage Area network Electronic Vaulting, etc Location and Storage Criteria Perhaps store in several locations for different purposes On-site storage, Near-site storage , Off-site storage. Resilience Strategies Improve an organization's continuity and resilience IT and Site Resilience etc 10 10

11 Plan Design Development
Emergency Response Procedures Life , Health & safety Damage Assessment Event Reporting Disaster Declaration, etc Personnel Notifications List of people to notify Defining the role of the executives in crisis management Executive succession planning, etc Backup and off-site storage Inventory list is compiled and documented Facility Accessibility and Resilience Communication in Emergency Emergency and Business communication system should be in place Data communication priorities in networks should be agreed upon 11 11

12 Plan Design Development (Continued)
Alterative site considerations The ability to support the required infrastructure, environmental and space demands should be analyzed: utilities, communications, etc Logistics and supplies How resources are acquired or procured, transported and maintained Personnel and materials transportation Remote worker environment activation Emergency funds access, etc Documentation Document BCP & DRP activation and de-activation plans and procedures. Activity and status reports Checklists etc Business continuity and resumption planning Contracts for emergency vendor services Risk avoidance and mitigation planning Emergency business recovery procedures 12 12

13 Implementation Includes Training, Testing, Recovery and Audit Training
Increasing the organization's awareness of the BC and DR business case Different kinds of training for different attendees All people training, Operation teams, Recovery teams etc Testing Confirms that the plan meets its emergency, recovery and restoration objectives Measures the accuracy of the plans Allow management to evaluate personnel readiness for an adverse event 13 13

14 Implementation (continued)
Test Plans Each time tests are scheduled, a test plan should be written, it should contain Objectives and success criteria Details Schedule Post-test review Test types Several test types exists which server different purposes Checklist test Structured walk-through Simulation Parallel testing Testing follow-up Identifying existing deficiencies Plan should be routinely assessed Should be scheduled for testing for example annually 14 14

15 Implementation (continued)
Recovery procedures Site migration Local Recovery procedures Transfer and recovery, etc. Audit Ensures an organization has an effective BC and DR capability Measures compliance Addressing audit findings 15 15

16 Restoration Restoration of primary location Procurement Data Recovery
Primary facility must be stabilized and secured and then more detailed damage assessment is conducted Procurement Has an essential role in supporting restoration Consolidating acquisitions and Disposition Costs reporting Data Recovery Reversal procedures Business process recovery point Journal and process synchronization Relocation to primary site Restoration order and prioritization End of disaster declaration 16 16

17 Feedback and plan management
Post-recovery reporting Identification or remediation of plan gaps Record Lessons learned Performance metric review Plan review and evaluation Training of key personnel Communication Plan distribution Communicate the plan to stakeholders 17 17

18 References ISC2 CBK Material CISSP-All-in-one book 18 18

Download ppt "ISA 562 Internet Security Theory & Practice"

Similar presentations

Museum Presentation Intermuseum Conservation Association.

Museum Presentation Intermuseum Conservation Association.
Continuity of Operations (COOP) Awareness Training

Continuity of Operations (COOP) Awareness Training
Disaster Preparedness I Lessons Learned Don Hall Thomson Prometric 2006 Annual ConferenceAlexandria, Virginia Council on Licensure, Enforcement and Regulation.

Disaster Preparedness I Lessons Learned Don Hall Thomson Prometric 2006 Annual ConferenceAlexandria, Virginia Council on Licensure, Enforcement and Regulation.
CIOassist Technologies Your CIO on Demand… Business Continuity Planning Our Offering CIOassist Technologies (www.cioassist.in)www.cioassist.in

CIOassist Technologies Your CIO on Demand… Business Continuity Planning Our Offering CIOassist Technologies (
1 Disaster Recovery “Protecting City Data” Ron Bergman First Deputy Commissioner Gregory Neuhaus Assistant Commissioner THE CITY OF NEW YORK.

1 Disaster Recovery “Protecting City Data” Ron Bergman First Deputy Commissioner Gregory Neuhaus Assistant Commissioner THE CITY OF NEW YORK.
Introduction to Business Continuity Planning An Introduction to the Business Continuity Planning Process Including Developing your Process and the Plans.

Introduction to Business Continuity Planning An Introduction to the Business Continuity Planning Process Including Developing your Process and the Plans.
@TxSchoolSafety Continuity of Operations Planning Workshop Devolution & Reconstitution.

@TxSchoolSafety Continuity of Operations Planning Workshop Devolution & Reconstitution.
Business Continuity Planning (BCP) & Disaster Recovery Planning (DRP)

Business Continuity Planning (BCP) & Disaster Recovery Planning (DRP)
Business Continuity Planning and Disaster Recovery Planning

Business Continuity Planning and Disaster Recovery Planning
Copyright 2004 Turning Point Solutions Establishing Lines Of Communication Before a Crisis.

Copyright 2004 Turning Point Solutions Establishing Lines Of Communication Before a Crisis.
Disaster Prevention and Recovery Presented By: Sean Snodgrass and Theodore Smith.

Disaster Prevention and Recovery Presented By: Sean Snodgrass and Theodore Smith.
TEL382 Greene Chapter 11. 10/27/09 2 Outline What is a Disaster? Disaster Strikes Without Warning Understanding Roles and Responsibilities Preparing For.

TEL382 Greene Chapter /27/09 2 Outline What is a Disaster? Disaster Strikes Without Warning Understanding Roles and Responsibilities Preparing For.
Planning for Contingencies

Planning for Contingencies
Disaster Recovery and Business Continuity Ensuring Member Service in Times of Crisis.

Disaster Recovery and Business Continuity Ensuring Member Service in Times of Crisis.
Gulf Coast Energy International Business Continuity / Disaster Recovery Planning and Design Proposal Prepared by Andrew Rolf, Felipe Torres, Pranay Jaiswal.

Gulf Coast Energy International Business Continuity / Disaster Recovery Planning and Design Proposal Prepared by Andrew Rolf, Felipe Torres, Pranay Jaiswal.
John Graham – STRATEGIC Information Group Steve Lamb - QAD Disaster Recovery Planning MMUG Spring 2013 March 19, 2013 Cleveland, OH 03/19/2013MMUG Cleveland.

John Graham – STRATEGIC Information Group Steve Lamb - QAD Disaster Recovery Planning MMUG Spring 2013 March 19, 2013 Cleveland, OH 03/19/2013MMUG Cleveland.
Crisis Management Planning Employee Health Safety and Security Expertise Panel · Presenter Name · 2008.

Crisis Management Planning Employee Health Safety and Security Expertise Panel · Presenter Name · 2008.
Business Crisis and Continuity Management (BCCM) Class Session 15 15 - 1.

Business Crisis and Continuity Management (BCCM) Class Session
Services Tailored Around You® Business Contingency Planning Overview July 2013.

Services Tailored Around You® Business Contingency Planning Overview July 2013.
EASTERN MICHIGAN UNIVERSITY Continuity of Operations Planning (COOP)

EASTERN MICHIGAN UNIVERSITY Continuity of Operations Planning (COOP)

Similar presentations

Ads by Google