Presentation is loading. Please wait.

Presentation is loading. Please wait.

Principles of Incident Response and Disaster Recovery

Published byTodd Chapman Modified over 8 years ago

Similar presentations

Presentation on theme: "Principles of Incident Response and Disaster Recovery"— Presentation transcript:

1 Principles of Incident Response and Disaster Recovery
Chapter 9 Business Continuity Preparation and Implementation

2 Objectives Understand the elements of business continuity
Recognize who should be included in the business continuity team Know the methodology used to construct the business continuity policy and plan, and be able to participate in such a planning process when required Become familiar with several tips useful for creating effective business continuity plans Recognize and be able to reference two sample business continuity plans Principles of Incident Response and Disaster Recovery

3 Introduction Business continuity (BC) planning: represents the final response of the organization when faced with an interruption of its critical operations More than 50% of all organizations that close their doors for more than a week never reopen, due to lack of planning BC is designed to get the organization’s most critical services up and running as quickly as possible DR focuses on resuming operations at the primary site; BC concentrates on resuming critical functions at an alternate site Principles of Incident Response and Disaster Recovery

4 Introduction (continued)
BIA should have already identified critical business functions and the resources to support them Two design parameters for the BC planning process: Recovery time objective (RTO): amount of time before an infrastructure is available Recovery point objective (RPO): the point in the past to which the recovered applications and data will be restored Remember that not everything works as planned – stay flexible Principles of Incident Response and Disaster Recovery

5 Elements of Business Continuity Revisited
Exclusive use strategies: Hot site: fully configured computer facility with all services, communication links, and physical plant operations Warm site: similar to hot site, but software and/or client workstations may not be included Cold site: provides only rudimentary services and facilities, no computer hardware The major deciding factor for exclusive use strategies is cost Principles of Incident Response and Disaster Recovery

6 Elements of Business Continuity Revisited (continued)
Shared use strategies: Time-share: operates like a hot or warm site, but is leased in conjunction with a business partner or sister organization Service bureau: service agency that provides physical facilities and/or off-site data storage Mutual agreements: contract between two organizations for each to assist the other in the event of a disaster Alternative strategies include rolling mobile sites or rental storage areas Principles of Incident Response and Disaster Recovery

7 Off-Site Data Recovery Revisited
Electronic vaulting: batch transfer of data to an off-site facility Remote journaling: transfer of live transactions to an off-site facility Database shadowing: storage of duplicate online transaction data, along with databases, at a remote site with a redundant server Relocation strategy with an off-site data storage recovery strategy allows reestablishment of critical business functions at a remote location Principles of Incident Response and Disaster Recovery

8 Business Continuity Team
BC team leader is under the direction of the CPMT team First step is to assemble the BC team BC team should have representatives from every business unit in the organization to provide depth and breadth Principles of Incident Response and Disaster Recovery

9 BC Team Organization Emphasis should be on generalized business and technology skills BC team should have representatives from: Senior management Corporate functional units, including HR, Legal, and Accounting IT managers and a few technical specialists with broad technical skill sets InfoSec managers and a few technical specialists BC team members cannot also be on the DR team Principles of Incident Response and Disaster Recovery

10 BC Team Organization (continued)
BC team may be divided into subteams: BC management team Operations team Computer setup (hardware) team Systems recovery (OS) team Network recovery team Applications recovery team Data management team Logistics team Principles of Incident Response and Disaster Recovery

11 BC Team Organization (continued)
BC Management team: Command and control group responsible for all planning and coordination Facilitates the transfer to the alternate site Handles communications, business interface, and vendor contact functions Operations team: Works to establish core business functions needed to sustain critical business operations Computer setup (hardware) team: Sets up hardware in the alternate location Principles of Incident Response and Disaster Recovery

12 BC Team Organization (continued)
Systems recovery (OS) team: Installs operating systems on hardware, sets up user accounts and remote connectivity with network team Network recovery team: Establishes short- and long-term networks, including hardware, wiring, and Internet and intranet connectivity Applications recovery team: Responsible to get internal and external services up and running Principles of Incident Response and Disaster Recovery

13 BC Team Organization (continued)
Data management team: Responsible for data restoration and recovery Logistics team: Provides any needed supplies, materials, food, services, or facilities needed at the alternate site Principles of Incident Response and Disaster Recovery

14 Special Documentation and Equipment
All team members should have multiple copies of the BC plans readily available at all times Special equipment required might include: Software media and licenses, backup copies of data Replacement or redundant computing and network, power, and telecommunications hardware Utilities infrastructure arrangements at alternate site Contact information Emergency supplies Consider purchasing cards (P-cards) for acquisition of office supplies and other equipment Principles of Incident Response and Disaster Recovery

15 Special Documentation and Equipment (continued)
Consider issuing laptops to each manager for remote work: Require that all essential files are stored on the laptop Require that the laptop is synchronized and updated daily at the office Guarantees that each manager will have his/her critical files available Principles of Incident Response and Disaster Recovery

16 Business Continuity Policy and Plan Functions
BC planning process: Develop the BC planning policy statement Review the BIA Identify preventive controls Develop relocation strategies Develop the continuity plan Testing, training, and exercises Plan maintenance Principles of Incident Response and Disaster Recovery

17 Develop the BC Planning Policy Statement
BC plan should contain 8 key elements: Purpose Scope Roles and responsibilities Resource requirements Training requirements Exercise and testing schedules Plan maintenance schedule Special considerations Principles of Incident Response and Disaster Recovery

18 Develop the BC Planning Policy Statement (continued)
Purpose: Executive vision Primary purpose of the BC program Scope: Organizational groups and units to which the policy applies Roles and responsibilities: Identifies key players and their responsibilities Resource requirements: Allocates specific resources to be dedicated to the development of the BC Principles of Incident Response and Disaster Recovery

19 Develop the BC Planning Policy Statement (continued)
Training requirements: Training for various employee groups Exercise and testing schedule: Stipulation for the frequency and type of testing for the BC plan Plan maintenance schedule: Frequency of review and who is involved Special considerations: Overview of information storage and retrieval plans and who is responsible Principles of Incident Response and Disaster Recovery

20 Review the BIA BIA contains the prioritized list of critical business functions Should be reviewed for compatibility with the BC plan BIA is usually accepted as is Principles of Incident Response and Disaster Recovery

21 Identify Preventive Controls
Preventive controls should already have been identified and implemented as part of the ongoing information security activities BC team should review and verify that data storage and recovery techniques are implemented, tested, and maintained Principles of Incident Response and Disaster Recovery

22 Develop Relocation Strategies
Develop the “after actions” strategies for relocation based on the BIA The most likely types of disasters should have contingency strategies in place Principles of Incident Response and Disaster Recovery

23 Develop the Continuity Plan
BC plan includes detailed guidance and procedures for moving into the alternate site Trigger for a move is usually the damage assessment conducted by the DR team Extent of the BC move depends on the extent of damage; subordinate BC plans should exist for the various functions of the organization BC plan has 3 phases of operation: Preparation for BC actions Relocation to the alternate site Return to the primary site Principles of Incident Response and Disaster Recovery

24 Develop the Continuity Plan (continued)
Preparation for BC actions: Specifies what must be done before relocation occurs Based on the extent of damage Specifies the type of relocation services desired and type of data management strategies to deploy Specifies resources that are needed to support ongoing operations Advance party: the group responsible for initiating the occupation of the alternate facility Principles of Incident Response and Disaster Recovery

25 Develop the Continuity Plan (continued)
Relocation to the alternate site: Identification of advance party and departure point Notification of service providers Notification of BC team to move to BC site Acquisition of supplies, materials, and equipment Notification of employees to relocate to BC site Organization of incoming employees Relocated employees should receive a briefing to answer questions about safety issues, location of facilities, food services, etc. Principles of Incident Response and Disaster Recovery

26 Develop the Continuity Plan (continued)
Return to the primary site: Scheduling of employee move Vanguard clearing responsibilities (shutdown of temporary services, packing and moving, etc.) Transfer of alternate site building to the service provider BC After-Action Review (AAR): All team members review notes and recommend improvements to the BC plan AAR is stored for training purposes Principles of Incident Response and Disaster Recovery

27 BC Plan Testing, Training, and Exercises
Training can be used to test the validity and effectiveness of the BC plan Final assembly of the plan occurs after completion of training BC plan testing is an ongoing activity; testing should be done at least semiannually at the walk-through level Principles of Incident Response and Disaster Recovery

28 BC Plan Maintenance BC plan should be a dynamic document that is updated regularly Should be reviewed at least annually to update plans, contracts, and agreements, and to update personnel and equipment modifications Any changes to the business size, location, or business focus should also trigger a review Principles of Incident Response and Disaster Recovery

29 Tips for Creating Effective BCPs
Progress Software offers these tips: Keep one phone line separate from other phone systems Try to locate communications equipment in more than one location Utilize “remote call forwarding” Use UPS to provide emergency power to phone system and network components Designate an emergency meeting place for all staff to convene Obtain employee cell phones from at least 2 different service providers Principles of Incident Response and Disaster Recovery

30 Tips for Creating Effective BCPs (continued)
Progress Software tips (continued): Ensure employees with home PCs have and Internet access to perform some duties from home Print wallet-sized cards for employees with emergency phone numbers, emergency procedures, and other instructions for crisis situations To determine which plans should be written and in what order, Continuity Central offers these tips: Determine critical processes for each business unit (from BIA) Input these processes with RTOs and priorities to BCP software Principles of Incident Response and Disaster Recovery

31 Tips for Creating Effective BCPs (continued)
Continuity Central tips (continued): Associate each process with the appropriate business unit crisis management plan Align critical processes within each RTO tier Within each tier, assign a criticality rating (1-10); reserve one tier for processes or systems needed to support at least 25% of the revenue or critical services Identify known dependencies between processes and add these to the BCP software Principles of Incident Response and Disaster Recovery

32 Tips for Creating Effective BCPs (continued)
Continuity Central tips (continued): Identify owners of processes or systems in the shortest timeframe (zero days) and owners of processes and systems upon which these processes depend Identify what plan developer resources are available to support plan development for the zero day and dependent processes Coordinate and support the development of plans while using available resources Principles of Incident Response and Disaster Recovery

33 Tips for Creating Effective BCPs (continued)
Continuity Central tips (continued): If insufficient resources are available to support creation of multiple plans at once, prioritize plan development by its criticality rating If some departments or business units do not have any plans that need to be developed supporting the zero-day timeframe, identify shortest RTO processes for those units Support the development of plans for those processes, provided resources are available Continue to develop plans with shortest RTOs until all units have procedures for recovery Principles of Incident Response and Disaster Recovery

34 Sample Business Continuity Plans
Principles of Incident Response and Disaster Recovery

35 Sample Business Continuity Plans (continued)
Principles of Incident Response and Disaster Recovery

36 Sample Business Continuity Plans (continued)
Principles of Incident Response and Disaster Recovery

37 Sample Business Continuity Plans (continued)
Principles of Incident Response and Disaster Recovery

38 Sample Business Continuity Plans (continued)
Principles of Incident Response and Disaster Recovery

39 Sample Business Continuity Plans (continued)
Principles of Incident Response and Disaster Recovery

40 Sample Business Continuity Plans (continued)
Principles of Incident Response and Disaster Recovery

41 Summary Business continuity planning represents the final response when faced with the interruption of critical operations BC process focuses on getting critical functions up and running as quickly as possible CP team must select either exclusive use or shared use alternative site option Organization must be able to move data to the recovery site’s systems BC team should include representatives from all major business functions Principles of Incident Response and Disaster Recovery

42 Summary (continued) BC team may be divided into subteams
All team members should have multiple copies of the BC plans readily available BC team develops the BC policy which includes: Scope Purpose Roles and responsibilities Required resources Training requirements Testing and review schedules Principles of Incident Response and Disaster Recovery

43 Summary (continued) BC planning process includes: BIA review
Relocation strategies Guidance and procedures for relocation to alternate site Relocation to alternate site and return to primary site Preparation for CP testing, training, and exercises Development of maintenance plan Principles of Incident Response and Disaster Recovery

Download ppt "Principles of Incident Response and Disaster Recovery"

Similar presentations

Presented at the 2006 CLEAR Annual Conference September 14-16 Alexandria, Virginia Disaster Preparedness II: Planning for the Future By Deidre Gish-Panjada.

Presented at the 2006 CLEAR Annual Conference September Alexandria, Virginia Disaster Preparedness II: Planning for the Future By Deidre Gish-Panjada.
Business Continuity Training & Awareness by Sulia Toutai (ANZ)

Business Continuity Training & Awareness by Sulia Toutai (ANZ)
Case Study: Business Continuity Planning for Site- Level Disaster Kimberley A. Pyles Northrop Grumman Corporation

Case Study: Business Continuity Planning for Site- Level Disaster Kimberley A. Pyles Northrop Grumman Corporation
Disaster Recovery Planning Because It’s Time! Copyright Columbia University and Bentley College, 2003. This work is the intellectual property of the author.

Disaster Recovery Planning Because It’s Time! Copyright Columbia University and Bentley College, This work is the intellectual property of the author.
Join the conference call by dialing the conference number in your Invitation or Reminder Emails. Please put your phone on mute. Please stand by! The webinar.

Join the conference call by dialing the conference number in your Invitation or Reminder s. Please put your phone on mute. Please stand by! The webinar.
1 Disaster Recovery “Protecting City Data” Ron Bergman First Deputy Commissioner Gregory Neuhaus Assistant Commissioner THE CITY OF NEW YORK.

1 Disaster Recovery “Protecting City Data” Ron Bergman First Deputy Commissioner Gregory Neuhaus Assistant Commissioner THE CITY OF NEW YORK.
@TxSchoolSafety Continuity of Operations Planning Workshop Devolution & Reconstitution.

@TxSchoolSafety Continuity of Operations Planning Workshop Devolution & Reconstitution.
Business Continuity Planning and Disaster Recovery Planning

Business Continuity Planning and Disaster Recovery Planning
Copyright 2004 Turning Point Solutions Establishing Lines Of Communication Before a Crisis.

Copyright 2004 Turning Point Solutions Establishing Lines Of Communication Before a Crisis.
Principles of Incident Response and Disaster Recovery

Principles of Incident Response and Disaster Recovery
Managing the Information Technology Resource Jerry N. Luftman

Managing the Information Technology Resource Jerry N. Luftman
Unit 8: Tests, Training, and Exercises Unit Introduction and Overview Unit objectives:  Define and explain the terms tests, training, and exercises. 

Unit 8: Tests, Training, and Exercises Unit Introduction and Overview Unit objectives:  Define and explain the terms tests, training, and exercises. 
TEL382 Greene Chapter 11. 10/27/09 2 Outline What is a Disaster? Disaster Strikes Without Warning Understanding Roles and Responsibilities Preparing For.

TEL382 Greene Chapter /27/09 2 Outline What is a Disaster? Disaster Strikes Without Warning Understanding Roles and Responsibilities Preparing For.
Disaster Recovery and Business Continuity Ensuring Member Service in Times of Crisis.

Disaster Recovery and Business Continuity Ensuring Member Service in Times of Crisis.
Network security policy: best practices

Network security policy: best practices
John Graham – STRATEGIC Information Group Steve Lamb - QAD Disaster Recovery Planning MMUG Spring 2013 March 19, 2013 Cleveland, OH 03/19/2013MMUG Cleveland.

John Graham – STRATEGIC Information Group Steve Lamb - QAD Disaster Recovery Planning MMUG Spring 2013 March 19, 2013 Cleveland, OH 03/19/2013MMUG Cleveland.
Crisis Management Planning Employee Health Safety and Security Expertise Panel · Presenter Name · 2008.

Crisis Management Planning Employee Health Safety and Security Expertise Panel · Presenter Name · 2008.
Business Crisis and Continuity Management (BCCM) Class Session 15 15 - 1.

Business Crisis and Continuity Management (BCCM) Class Session
Services Tailored Around You® Business Contingency Planning Overview July 2013.

Services Tailored Around You® Business Contingency Planning Overview July 2013.
November 2009 Network Disaster Recovery October 2014.

November 2009 Network Disaster Recovery October 2014.

Similar presentations

Ads by Google