Dr. Gerry Firmansyah CID 610 - Business Continuity and Disaster Recovery Planning for IT (W-I)

Slides:

Advertisements

Similar presentations

Museum Presentation Intermuseum Conservation Association.

Advertisements

FMS. 2 Fires Terrorism Internal Sabotage Natural Disasters System Failures Power Outages Pandemic Influenza COOP/ Disaster Recovery/ Emergency Preparedness.

Business Continuity Planning DavisLogicDavisLogic & All Hands ConsultingAll Hands Consulting.

Reliability of the electrical service Business Continuity Management Business Impact Analysis (BIA) Critical ITC Services Minimum Business Continuity Objective.

Maximizing Uptime and Your Firm's Bottom Line: Understanding risk and budget when evaluating business continuity & disaster recovery protocols Michael.

Project Management Risk Management. Outline 1.Introduction 2.Definition of Risk 3.Tolerance of Risk 4.Definition of Risk Management 5.Certainty, Risk,

Service Design – Section 4.5 Service Continuity Management.

Introduction to Business Continuity Planning An Introduction to the Business Continuity Planning Process Including Developing your Process and the Plans.

Business Continuity Planning (BCP) & Disaster Recovery Planning (DRP)

Business Continuity Planning and Disaster Recovery Planning

Service Design – Section 4.5 Service Continuity Management.

The Australian/New Zealand Standard on Risk Management

Pertemuan Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.

Planning for Contingencies

Managing Risk in Information Systems Strategies for Mitigating Risk

Gulf Coast Energy International Business Continuity / Disaster Recovery Planning and Design Proposal Prepared by Andrew Rolf, Felipe Torres, Pranay Jaiswal.

Crisis and Risk Communication Course Development Update Damon Coppola June 7, 2011.

Business Continuity and You! The Ohio State University Business & Finance Enterprise Continuity Program Quarterly Update October 2008Business and Finance.

Security Risk Management Paula Kiernan Ward Solutions.

Crisis Management Planning Employee Health Safety and Security Expertise Panel · Presenter Name · 2008.

ELECTRONIC SYSTEMS ENGINEERING TECHNOLOGY TEXAS A&M UNIVERSITY Innovating tomorrow’s products and systems today Dr. Joseph A. Morgan, D.E., P.E.

1 BUSINESS CONTINUITY AND DISASTER RECOVERY PLANNING Reducing your Risk Profile MIDWEST DATA RECOVERY INC.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

ISA 562 Internet Security Theory & Practice

Insurance Institute for Business & Home Safety Even if the worst happens, be prepared to stay.

Effectively Managing Transit Emergencies. Nature of Emergencies and Disasters Overview What Is an Emergency? What Is a Disaster? Differences What Is Emergency.

1. 2 Cost to Recover Time to Recover Last Backup Work Backlog Created Lost Data Recovery Operations Time Cost Disaster Recovery Time Frame Reconstruct.

Business Continuity and Disaster Recovery Planning.

System administration Risk Management Risk Definition Risk Strategies Risk Assessments.

Business Continuity and Disaster Recovery Chapter 8 Part 1 Pages 897 to 914.

Business Continuity Program Orientation (insert presentation date) (This presentation is a template that requires adjustments to meet your needs)

NFPA 1600 Disaster/Emergency Management and Business Continuity Programs.

SecSDLC Chapter 2.

An EDI Testing Strategy Rosemary B. Abell Director, National HIPAA Practice Keane, Inc. HIPAA Summit V October 30 – November 1, 2002.

Erman Taşkın. Information security aspects of business continuity management Objective: To counteract interruptions to business activities and to protect.

Chapter 3: Business Continuity Planning. Planning for Business Continuity Assess risks to business processes Minimize impact from disruptions Maintain.

Dolly Dhamodiwala CEO, Business Beacon Management Consultants

CBIZ RISK & ADVISORY SERVICES BUSINESS CONTINUITY PLANNING Developing a Readiness Strategy that Mitigates Risk and is Actionable and Easy to Implement.

A Lightweight Business Continuity & Disaster Recovery Plan Motahareh Moravej Issuers’ Affairs Director at CSDI PHD. Student of Computer Engineering, UT.

Chapter 13 Risk Management. Chapter Objectives 1.Define risk and risk management 2.Outline key risk issues and types of risk 3.Identify concrete methods.

Disaster Recovery Planning (DRP) DRP: The definition of business processes, their infrastructure supports and tolerances to interruptions, and formulation.

Dr. Gerry Firmansyah CID Business Continuity and Disaster Recovery Planning for IT (W-VI)

Business Continuity Planning 101

ON “SOFTWARE ENGINEERING” SUBJECT TOPIC “RISK ANALYSIS AND MANAGEMENT” MASTER OF COMPUTER APPLICATION (5th Semester) Presented by: ANOOP GANGWAR SRMSCET,

Dr. Gerry Firmansyah CID Business Continuity and Disaster Recovery Planning for IT (W-VIII)

Dr. Gerry Firmansyah CID Business Continuity and Disaster Recovery Planning for IT (W-IX)

Risk Management in Software Development Projects Roberto Torres Ph.D. 11/6/01.

Dr. Gerry Firmansyah CID Business Continuity and Disaster Recovery Planning for IT (W-XI)

Dr. Gerry Firmansyah CID Business Continuity and Disaster Recovery Planning for IT (W-XIV)

MANAGEMENT of INFORMATION SECURITY, Fifth Edition.

Donald JG Chiarella, PhD, CISM, CDMP, PEM, CHS-CIA, MBA.

Risks and Hazards to Consider Unit 3. Visual 3.1 Unit 3 Overview This unit describes:  The importance of identifying and analyzing possible hazards that.

Information Systems Security

THINK DIFFERENT. THINK SUCCESS.

MANAGEMENT of INFORMATION SECURITY, Fifth Edition

Business Continuity / Recovery

ESET 419 Engineering Technology Capstone I

SEC 400 Competitive Success/snaptutorial.com

SEC 400 Education for Service-- snaptutorial.com.

CompTIA Security+ Study Guide (SY0-501)

System administration Risk Management

Hazard and Vulnerability Assessment

Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.

Cyber Risk & Cyber Insurance - Overview

Disaster Recovery at UNC

Effective Risk Management in Decision Making Process

The Survival Plan.

PFMEA Summary Process Steps

Presentation transcript:

Dr. Gerry Firmansyah CID Business Continuity and Disaster Recovery Planning for IT (W-I)

Business Continuity and Disaster Recovery Overview Business continuity and disaster recovery defined Components of business The cost of planning versus the cost of failure Types of disasters to consider Business continuity and disaster recovery planning basics

Legal and Regulatory Obligations Regarding Data and Information Security Impact of recent history Sources of legal obligations Scope of legal obligations Definitive legal standard Responsibility for compliance Required elements of a written information security plan

Project Initiation Elements of project success Project plan components Key contributors and responsibilities Project definition Business continuity and disaster recovery plan

Risk Assessment Risk management basics Risk assessment components Threat assessment methodology Vulnerability assessment

Business Impact Analysis Business impact analysis overview Understanding impact criticality Identifying business functions and processes Gathering data for the business impact analysis Determining the impact Business impact analysis data points Preparing the business impact analysis report

Risk Mitigation Strategy Development Types of risk mitigation strategies Risk mitigation process IT risk mitigation Backup and recovery considerations

Business Continuity/Disaster Recovery Plan Development Phases of business continuity and disaster recovery Defining BC/DR teams and key personnel Defining tasks and assigning resources Communications plans Event logs, change control, and appendices

Emergency Response and Recovery Emergency management overview Emergency response plans Crisis management Disaster recovery IT recovery Business continuity

Training, Testing, and Auditing Training for emergency response, disaster recovery, and business continuity Testing your business continuity and disaster recovery plan Performing IT systems audits

BC/DR Plan Maintenance BC/DR change management Strategies for managing change BC/DR plan audit Plan maintenance activities Project close out

Threat and Vulnerability Assessment ❖ 1. Identify all natural threats. ❖ 2. Identify all man-made threats. ❖ 3. Identify all IT and technology-based threats. ❖ 4. Identify all environmental/infrastructure threats. ❖ 5. For each threat, identify threat sources. ❖ 6. For each threat source, identify the likelihood of occurrence. ❖ 7. Based on likelihood of occurrence, assess company’s vulnerability to each threat ❖ source. ❖ 8. Based on likelihood and vulnerability, prioritize list of threats to company.

Business Impact Analysis ❖ 1. Based on prioritized list of threats, assess impact of each threat on business operations. ❖ 2. Based on threats, perform upstream and downstream loss analysis. ❖ 3. Prioritize business functions into mission-critical, important, minor (you can customize categories to suit your needs). ❖ 4. For each mission-critical business function, assess the impact of the loss of this function. ❖ 5. For each mission-critical business function, assess the impact of various threats to this function. ❖ 6. Develop a prioritized list of mission-critical business functions with the highest business impact. ❖ 7. For the highest priority functions, identify the recovery time requirements including maximum tolerable downtime (MTD).

Mitigation Strategies ❖ 1. For each mission-critical function, identify risk mitigation strategies for considerationincluding risk acceptance, avoidance, transference, and limitation. ❖ 2. For each mission-critical function, identify the recovery requirements and potentialrecovery options. ❖ 3. For each recovery option considered, identify the time, cost/capability, feasibility,service level requirements, and existing controls in place. ❖ 4. For each mission-critical option, select the optimal risk mitigation strategy. ❖ 5. For IT systems, identify mission-critical IT systems, equipment, and data. ❖ 6. For each mission-critical IT component, identify risk mitigation strategies. ❖ 7. For each risk mitigation strategy selected, develop implementation plan.