Chapter 16 Presented By: Stephen Lambert Disaster Recovery and Business Continuity.

Slides:



Advertisements
Similar presentations
Museum Presentation Intermuseum Conservation Association.
Advertisements

1 COMPUTER GENERATED & STORED RECORDS CONTROLS Presented by COSCAP-SA.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Ethics Ethics are the rules of personal behavior and conduct established by a social group for those existing within the established framework of the social.
Information Systems Audit Program (cont.). PHYSICAL SECURITY CONTROLS.
Security Awareness: Applying Practical Security in Your World
Information Security Policies and Standards
Introduction to Information Technology, 2nd Edition Turban, Rainer & Potter © 2003 John Wiley & Sons, Inc Introduction to Information Technology.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
Factors to be taken into account when designing ICT Security Policies
Stephen S. Yau CSE , Fall Security Strategies.
Disaster Recovery and Business Continuity Ensuring Member Service in Times of Crisis.
Session 3 – Information Security Policies
Network security policy: best practices
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
OH 5-1 Hiring and Orienting New Employees Human Resources Management and Supervision 5 OH 5-1.
Unit Introduction and Overview
Security Awareness Norfolk State University Policies.
Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Disaster Recovery, Business Continuity, and Organizational Policies.
Security of Data. Key Ideas from syllabus Security of data Understand the importance of and the mechanisms for maintaining data security Understand the.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Module 3 Develop the Plan Planning for Emergencies – For Small Business –
Disaster Recovery Strategies & criteria for evaluation of information management strategies.
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
Asset & Security Management Chapter 9. IT Asset Management (ITAM) Is the process of tracking information about technology assets through the entire asset.
David N. Wozei Systems Administrator, IT Auditor.
Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.
ISO27001 Introduction to Information Security. Who has day-to-day responsibility? All of us! Why Information Security? Control risk, limit liability What.
Information Systems Security Operational Control for Information Security.
KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY Unit 4 IT 484 Networking Security Course Name – IT Networking Security 1203C Term Instructor.
Information Security Governance and Risk Chapter 2 Part 3 Pages 100 to 141.
INCIDENT RESPONSE IMPLEMENTATION David Basham University of Advancing Technology Professor: Robert Chubbuck NTS435.
Developing Plans and Procedures
Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.
UNIT 15 WEEK 9 CLASS 1 LESSON OVERVIEW Pete Lawrence BTEC National Diploma Organisational System Security.
Lesson 9-Information Security Best Practices. Overview Understanding administrative security. Security project plans. Understanding technical security.
Chapter 8 Managing Operations. Key Points in Chapter 8 Outsourcing IS Functions Outsourcing IS Functions Security in the Internet Age Security in the.
Management Plan Goran Smajlagic S English 2100.
SECURITY OF DATA By: ADRIAN PERHAM. Issues of privacy; Threats to IT systems; Data integrity; Standard clerical procedures; Security measures taken to.
Slides copyright 2010 by Paladin Group, LLC used with permission by UMBC Training Centers, LLC.
Chapter 11: Policies and Procedures Security+ Guide to Network Security Fundamentals Second Edition.
Introduction to Information Security
Security Policies. Threats to security and integrity  Threats to information systems include  Human error –keying errors, program errors, operator errors,
1 Chapter Overview Understanding Data Restoration Issues Understanding the Types of Database Backups Understanding the Restoration Process.
Business Continuity. Business continuity... “Drive thy business or it will drive thee.” —Benjamin Franklin ( ), American entrepreneur, statesman,
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Ken Bramlett, Georgia State Registrar PHYSICAL SECURITY Presentation to NAPHSIS Distance Learning Webinar February 17, 2011.
Erman Taşkın. Information security aspects of business continuity management Objective: To counteract interruptions to business activities and to protect.
Protecting Data. Privacy Everyone has a right to privacy Data is held by many organisations –Employers –Shops –Banks –Insurance companies –etc.
Operational Issues. Operational Changes It is important to organisations to ensure that they abide by the Law when caring for the safety of their employees,
SEC 420 Entire Course (UOP) For more course tutorials visit  SEC 420 Week 1 Individual Assignment Responsibilities of Personal Protection.
BASIC SECURITY THREATS TO INFORMATION SYSTEMS. All information systems linked up in networks are prone to security violations. All information systems.
SEC 420 Entire Course (UOP) SEC 420 Week 1 DQ 1 (UOP)  SEC 420 Week 1 Individual Assignment Responsibilities of Personal Protection Officers Paper 
Information Security Crisis Management Daryl Goodwin.
Chapter 8 : Management of Security Lecture #1-Week 13 Dr.Khalid Dr. Mohannad Information Security CIT 460 Information Security Dr.Khalid Dr. Mohannad 1.
SEC 420 aid Expect Success/sec420aiddotcom FOR MORE CLASSES VISIT
SEC 420 UOP professional tutor / sec420dotcom.  SEC 420 Entire Course (UOP)  SEC 420 Week 1 DQ 1 (UOP)  SEC 420 Week 1 Individual Assignment Responsibilities.
Information Security and Privacy in HRIS
CompTIA Security+ Study Guide (SY0-401)
7.00 Understand marketing and business management.
Cybersecurity Policies & Procedures ICA
IS4680 Security Auditing for Compliance
ICT meeting Business needs
7.00 Understand marketing and business management.
7.00 Understand marketing and business management
Unit 7 – Organisational Systems Security
7.00 Understand marketing and business management.
COMPANY NAME Business Continuity Plan Date Presented by.
The Survival Plan.
Presentation transcript:

Chapter 16 Presented By: Stephen Lambert Disaster Recovery and Business Continuity

Business Continuity Purpose: To develop a solid disaster recovery plan that will allow the business to continue through what ever catastrophic event that may occur. Redundancy

Disaster Recovery Plan A disaster recovery plan defines the resources, actions, and data required to reinstate critical business processes that have been damaged or disabled because of a disaster. 5 Potential Threats or Disasters Human induced accidents Natural Internal Armed conflict External An effective Disaster Recovery Plan should include: 1. A list of the covered disasters.

Disaster Recovery Plan cont… 2. A list of the disaster recovery team members for each type of situation and their contact information. Team Members Senior Management Information Technology Department Facilities Management User Community 3.Business Impact Assessment 4.Business Resumption and Continuity Plan 5.Backup Documentation 6.Restore Documentation

Data Backups All mission-critical data is critical to allow personnel to restore files and application software and continue business. Key Issues of Backup Strategy: How often should the backups be run? What is the backup medium? What time of day should the backups be run? Are the backups manual or automated? How are backups verified? How long are backups stored? Where are backups stored? Who is responsible for backups? Who is the fallback person responsible for backups?

Security Policy Acceptable Use Policy – policies that are concerned with the use of computer equipment and network resources for personal use or use that is not benefiting the company. Privacy – protect customer and supplier data Separation of Duties – effectively distribute tasks throughout the IT organization and document processes thoroughly. Password Management – attributes: minimum length, allowed character set, disallowed strings (all numbers, dictionary words, variations of the username or ID), and the duration of use of the password. Service Level Agreements – is a contractual understanding between and ASP and the end user which binds the ASP to a specified and documented level of service. Disposal and Destruction

Human Resources Policy Employee Hiring – Hiring of personnel for computer network or security functions require verifying the candidate’s background, including reference checks, previous employers, criminal background checks, and relevant educational background. Employee Termination -- protect against disgruntled employees Code of Ethics – the code should demand that employees act honestly, responsibly, and legally to protect the organization.

Incident Response Policy -- covers how to deal with a security incident after it has already transpired. Six Distinct Steps: Preparation Detection Containment Eradication Recovery Follow Up Human Resources Policy cont…

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.