Presentation is loading. Please wait.

Presentation is loading. Please wait.

Business Continuity & Disaster Recovery

Published byWinifred Austin Modified over 8 years ago

Similar presentations

Presentation on theme: "Business Continuity & Disaster Recovery"— Presentation transcript:

1 Business Continuity & Disaster Recovery
Keith A. Conlee - CBCP Chief Security Officer Information Technology College of DuPage

2 The Plan

3 The Plan - continued

4 Business Continuity vs. Disaster Recovery
Many definitions provide much confusion about the terms I prefer “Business Continuity Management” Defines holistic management processes that identify potential impacts that threaten an organization and provides a framework for building resilience with the capability for an effective response that safeguards the interests of its key stakeholders, reputation, and value creating activities.

5 Business Continuity Management
The Primary Objective To allow business operations to continue under adverse conditions, by the introduction of appropriate resilience strategies, recovery objectives, business continuity and crisis management plans in collaboration with, or as a key component of, an integrated risk management initiative.

6 Introduction & Overview
Use a Methodology DRI International and the BCI based in the UK Contractors / Consultants may use something different – developed in-house Vendor supplied – usually with planning software, e.g. Strohl Systems, Coop Systems

7 About DRII Founded in 1988 as the Disaster Recovery Institute if order to develop a base of knowledge in Continuity Planning and the Management of risk DRII administers the industry’s premier educational and certification programs for those engaged in the practice of BC planning and management. More than 3100 individual’s world-wide maintain professional certification through DRII.

8 Common Body of Knowledge
Developed by recognized experts in BC/DR planning and education Provides a resource base and guide for BC / DR professionals / technicians from which to develop BCPs for their own institutions

9 Common Body of Knowledge (cont.)
Project Initiation and Management Risk Evaluation and Control Business Impact Analysis Developing Business Continuity Strategies Emergency Response and Operations

10 Common Body of Knowledge (cont.)
Developing and Implementing Business Continuity Plans Awareness Programs and Training Maintaining and Exercising the Business Continuity Plans Crisis Communications Coordination with External Agencies

11 Project Initiation and Management
Establish a need for BC/DR planning Identify the value-added Must get support of upper management to be successful Business Impact Analysis (BIA) will play a big role (discussed in a few slides)

12 Risk Evaluation and Control
Determine what business interruption events (risk) and the probability of each that can adversely affect your organization and what controls are currently in place to eliminate or mitigate each risk. FEMA site - natural disaster Facilities Mgr / Risk Mgr - “non” natural disaster Network Mgr – virus / spyware / “phishing” like trends

13 BC / DR Plan Must Haves Unlimited Budget Unlimited Resources Scapegoat

14 Business Impact Analysis (BIA)
What is it Estimates the financial and operational impact all credible disruptive events would have on your day-to-day business. It also identifies critical processes/applications/systems, the people who use and support them, and the risk tolerance for each. The BIA allows you to define the target of your BC/DR Plan.

15 (BIA) - continued Identifying your BC/DR Plan Target
Locate and identify key stakeholders Identify and prioritize critical applications & data Identify the impact (in $$$) of the loss of critical applications & data over time. Identify the level of risk assumption for each critical application and data

16 (BIA) - continued Identifying your BC/DR Plan Target - continued
Identify the “Recovery Time Objective” (RTO), i.e., the maximum amount of time allowed without access to each critical application & data. Identify the “Recovery Point Objective” (RPO), i.e., the maximum amount of data loss (usually measured in time) allowed for each critical application. RTO and RPO can be put on a time vs. $$ business impact sliding scale, and a time vs. $$ BC/DR cost sliding scale (see examples following)

17 (BIA) - continued

18 (BIA) - continued

19 (BIA) - continued

20 (BIA) - continued Quantifying $ Impact “Annualized Loss Exposure”
Risk = Frequency/yr * Exposure Example – Power Failure Risk = 5/yr * $2000/Pwr Failure Risk = $10000/yr

21 Developing Business Continuity Strategies
NOW THE FUN BEGINS! People and Safety issues always come first Document the scope of your plan and the assumed risks. Remember you can never eliminate all risk. Define and Identify teams and the team hierarchy Define a notification sequence of the teams

22 Developing Business Continuity Strategies - continued
Identify the technical infrastructure (h/w & s/w) that supports each critical application in “the plan” and any pre-positioned resources that may be required – remember RTO Define a backup and off-site scheme for all critical application data and identify resources that maybe be required to meet your RPO.

23 Emergency Response and Operations
Notification Sequence Who pulls the trigger – “any business interruption that can not be handled by normal operations procedures” should be evaluated as a reason to execute your BC/DR Plan. Alternative Command Centers What kind of notification system(s) will you use? Who gets notified first, second, etc.

24 Emergency Response and Operations - continued
Example notification sequence/breakdown Disaster Management Team - first Disaster Assessment Team – second (get pre-event clearance) Technical team (on-alert vs. declared disaster) Local police and medical team (make sure they know about your plan Executive Team

25 Emergency Response and Operations - continued
Example notification – continued Pre-positioned recovery services providers Public Relations Team User Management (stakeholders) Vendor Team

26 Developing and Implementing Business Continuity Plans
FILL IN THE DETAILS! Assign team members and backups Define a notification sequence with actual names Identify in detail the technical infrastructure (h/w & s/w) that supports each critical application in “the plan” and the staff & backups who will recreate it if the plan is executed – remember RTO

27 Developing and Implementing Business Continuity Plans - continued
Secure required resources for any identified pre-positioned infrastructure/services to meet RTO/RPO Implement a backup schedule / and off-site scheme for all critical application data that will meet your RPO. Have support teams write step-by-step procedures for recovering the different technical infrastructure pieces, e.g. h/w, OS, critical apps s/w, data

28 Developing and Implementing Business Continuity Plans - continued
Define operation procedures (if different) once “recovery” is complete. Develop your Test Plan Develop your Maintenance Plan

29 Awareness Programs and Training
Define Awareness and Training Program Create and maintain institutional awareness Create and maintain training program for all team members and their backups.

30 Maintaining and Exercising the Business Continuity Plans
Maintaining Your Plan Define review periodicity Maintain good change control procedures Keep good inventories h/w (ser. #s), s/w levels/keys, firmware versions, etc. Password management – root/admin

31 Maintaining and Exercising the Business Continuity Plans - continued
Exercising / Testing Your Plan Without exercising/testing – you do not have a plan Establish a Program for exercising/testing E.g., types of tests, periodicity, reporting, etc. Define success criteria (remember RTO, RPO – and use your stakeholders)

32 Maintaining and Exercising the Business Continuity Plans - continued
Use the results to build on strengths and improve weak areas. All exercises and tests are good regardless of results. Use the results to update your Plan as needed

33 Crisis Communications
How do you communicate internally? Includes team members, employees, management, customers (stakeholders), vendors, suppliers, and the media What kind of notification system(s) to use? Must be exercised!

34 Coordination with External Agencies
Become familiar with the Incident Command System (ICS) in your area. Make sure ICS knows about you (get pre-event clearance for DAT) Many ICS groups will review your BC/DR plan/strategy (this usually makes their jobs easier) Maintain current knowledge of laws and regulations concerning Emergency Management

35 Summary BC / DR Planning is all about making as many decisions (pre-event) as possible in a calm and thoughtful manner for a time (post-event) when chaos will rule and time is of the essence. Thanks

36 QUESTIONS ??? Keith Conlee – CBCP Chief Security Officer, IT
College of DuPage 425 Fawell Blvd. Glen Ellyn, IL

Download ppt "Business Continuity & Disaster Recovery"

Similar presentations

Museum Presentation Intermuseum Conservation Association.

Museum Presentation Intermuseum Conservation Association.
Writing an Environmental Health Emergency Response Plan Lesson 3 – Starting your Environmental Health Emergency Response Plan.

Writing an Environmental Health Emergency Response Plan Lesson 3 – Starting your Environmental Health Emergency Response Plan.
Business Continuity Planning: Moving BEYOND Disaster Recovery Planning Cheryl Barkby and Ed Gregory Information Services-Business Continuity and Security.

Business Continuity Planning: Moving BEYOND Disaster Recovery Planning Cheryl Barkby and Ed Gregory Information Services-Business Continuity and Security.
Business Continuity Training & Awareness by Sulia Toutai (ANZ)

Business Continuity Training & Awareness by Sulia Toutai (ANZ)
Reliability of the electrical service Business Continuity Management Business Impact Analysis (BIA) Critical ITC Services Minimum Business Continuity Objective.

Reliability of the electrical service Business Continuity Management Business Impact Analysis (BIA) Critical ITC Services Minimum Business Continuity Objective.
Business Continuity and Disaster Recovery Planning.

Business Continuity and Disaster Recovery Planning.
Disaster Preparedness I Lessons Learned Don Hall Thomson Prometric 2006 Annual ConferenceAlexandria, Virginia Council on Licensure, Enforcement and Regulation.

Disaster Preparedness I Lessons Learned Don Hall Thomson Prometric 2006 Annual ConferenceAlexandria, Virginia Council on Licensure, Enforcement and Regulation.
Your Role in the New Normal Increased knowledge and active participation in disaster preparedness and recovery prepare you for the New Normal Baton Rouge,

Your Role in the New Normal Increased knowledge and active participation in disaster preparedness and recovery prepare you for the New Normal Baton Rouge,
1 Disaster Recovery “Protecting City Data” Ron Bergman First Deputy Commissioner Gregory Neuhaus Assistant Commissioner THE CITY OF NEW YORK.

1 Disaster Recovery “Protecting City Data” Ron Bergman First Deputy Commissioner Gregory Neuhaus Assistant Commissioner THE CITY OF NEW YORK.
Introduction to Business Continuity Planning An Introduction to the Business Continuity Planning Process Including Developing your Process and the Plans.

Introduction to Business Continuity Planning An Introduction to the Business Continuity Planning Process Including Developing your Process and the Plans.
Business Continuity Planning (BCP) & Disaster Recovery Planning (DRP)

Business Continuity Planning (BCP) & Disaster Recovery Planning (DRP)
BCP/DRP Consultancy Project- An approach

BCP/DRP Consultancy Project- An approach
Business Continuity Planning Jeremy Stacy. Objectives Understand the steps in Business Continuity Planning Understand the terminology used in Business.

Business Continuity Planning Jeremy Stacy. Objectives Understand the steps in Business Continuity Planning Understand the terminology used in Business.
Copyright 2004 Turning Point Solutions Establishing Lines Of Communication Before a Crisis.

Copyright 2004 Turning Point Solutions Establishing Lines Of Communication Before a Crisis.
Manage and Safeguard Your BC Career Cheyene Haase BC Management, Inc.

Manage and Safeguard Your BC Career Cheyene Haase BC Management, Inc.
The Australian/New Zealand Standard on Risk Management

The Australian/New Zealand Standard on Risk Management
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.

ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
TEL382 Greene Chapter 11. 10/27/09 2 Outline What is a Disaster? Disaster Strikes Without Warning Understanding Roles and Responsibilities Preparing For.

TEL382 Greene Chapter /27/09 2 Outline What is a Disaster? Disaster Strikes Without Warning Understanding Roles and Responsibilities Preparing For.
Disaster Recovery Policy & Procedures An Overview for Staff Prepared by MSM Compliance Services Pty Ltd.

Disaster Recovery Policy & Procedures An Overview for Staff Prepared by MSM Compliance Services Pty Ltd.
Business Continuity and You! The Ohio State University Business & Finance Enterprise Continuity Program Quarterly Update October 2008Business and Finance.

Business Continuity and You! The Ohio State University Business & Finance Enterprise Continuity Program Quarterly Update October 2008Business and Finance.

Similar presentations

Ads by Google