Presentation is loading. Please wait.

Presentation is loading. Please wait.

Disaster Recovery and Business Continuity Planning.

Published byFelix Webster Modified over 8 years ago

Similar presentations

Presentation on theme: "Disaster Recovery and Business Continuity Planning."— Presentation transcript:

1 Disaster Recovery and Business Continuity Planning

2 Disaster Recovery Plan Goals Delineate what disasters are faced by the organization Plan responses to disasters in a calm, unhurried manner Protect assets in the midst of an emergency Continue operations while minimizing short term impact

3 Contingency Plan Goals Takes a longer view of how to return business functions back to normal following a disaster Details how to operate in a disaster response mode for extended periods of time Details how assets and infrastructure can be replaced and/or relocated

4 Plans Live and Breathe Plans must be reviewed and modified to be useful – at least quarterly Must go hand in hand with the overall security policy Must have a responsible “owner” Must have the support of management as it is a large commitment

5 Business Impact Analysis Similar to a risk analysis but focuses on operations and critical infrastructure loss impact over time Critical infrastructure components and the business operations that rely on them are documented Each business operation impact is analyzed by financial and qualitative measures over specific timeframes Threats (disasters) are listed out For each threat, potential infrastructure components losses are detailed This shows the impact on various business operations and the ensuing financial impact per minute/hour/day The business can determine its loss tolerance

6 Planning Steps Establish a team Determine who will lead the DRP and contingency planning team Determine who will lead the DRP and contingency planning team This person should be responsible for the documents on a go forward basis Determine who will participate in the planning team Determine who will participate in the planning team All areas of operation should be represented so that all facets are addressed

7 Perform Business Impact Analysis Establish goals BIA should indicate the goals that must be addressed BIA should indicate the goals that must be addressed Goals should include: Goals should include: Responsibilities – who must do what Authority – who makes what decisions Priorities – what is most important Implementation and testing – what are the steps that need carried out and how will they be tested

8 Determine how the plans will be kept up to date Train all players so that they understand their responsibilities Test the plan regularly Update the plan regularly

9 Facility Backup Strategies Backup facilities should be located far enough away that a disaster will not affect both sites Hot site Fully configured and ready to operate facility Fully configured and ready to operate facility Advantages Advantages Ready within hours or minutes for operations Can be used short term or long term depending on need Easily tested Exclusive use Disadvantages Disadvantages Very expensive Rolling hot site – hot site configured in a semi trailer or large truck Rolling hot site – hot site configured in a semi trailer or large truck

10 Warm site Partially configured facility containing connectivity and peripheral devices, but not computers Partially configured facility containing connectivity and peripheral devices, but not computers Cold site Facility with basic power and environmental controls only Facility with basic power and environmental controls only Advantages of warm and cold sites Advantages of warm and cold sites Much less expensive than a hot site Available for longer timeframes Usually exclusive use Disadvantages of warm and cold sites Disadvantages of warm and cold sites Is not immediately available for use Time to activate can vary with holidays Not easily tested

11 Variations on a Theme Reciprocal Agreements Agreement between two companies to share each others facilities in case of a disaster Agreement between two companies to share each others facilities in case of a disaster Advantages AdvantagesCheap Disadvantages Disadvantages Highly unreliable Can be used only for short times Redundant Sites Two geographically separate sites are configured identically and both function day to day Two geographically separate sites are configured identically and both function day to day Advantages Advantages Instantly available Disadvantages DisadvantagesExpensive Requires much more management than other methods

12 Software Backup Strategies Real time Redundant Array of Inexpensive Disks (RAID) Redundant Array of Inexpensive Disks (RAID) Data is mirrored to multiple disks in case of failure of one Data mirroring and replication Data mirroring and replication Data is written to more than one server at a time Offline techniques Incremental Incremental Only files that have changed since the last backup are archived Fast backups, slow restores Differential Differential All files changed since the last FULL backup are archived Full Full All files are backed up

13 Tape Retention Recommendations Weekly full backups Daily incremental backups Rotate through three weekly backups Forth weekly backup is stored as a monthly backup Monthly backups can be rotated or retained indefinitely Some full backups should be stored in a secure offsite location Tapes must be occasionally retired

14 Backup Restoration Documentation of restoration procedures is key to successful emergency restoration Maintain images of operating systems for quick setup Document hardware configuration for easy replacement Maintain a spare compatible tape system in case of failure of the primary Specific employees should be designated and trained for restoration operations

15 Testing and Drills Checklist Test Managers or teams in each department review the plans and make modification suggestions Managers or teams in each department review the plans and make modification suggestions Structured Walk-Through Test Department representatives come together and walk through various scenarios and the planned responses Department representatives come together and walk through various scenarios and the planned responses Simulation Test An actual disaster scenario is created and teams must react according to the plan in real time An actual disaster scenario is created and teams must react according to the plan in real time Scenario ends just prior to relocation of facility Scenario ends just prior to relocation of facility

16 Parallel Test Offsite facilities are activated and processing takes place at offsite facility Offsite facilities are activated and processing takes place at offsite facility Regular processing also continues and the results of both are compared for accuracy Regular processing also continues and the results of both are compared for accuracy Full-Interruption Test Scenario is created and the entire response is executed Scenario is created and the entire response is executed Processing is moved to the offsite failover location Processing is moved to the offsite failover location

17 Disaster Spokesperson It is likely that the company will need to interface with outside entities during a disaster A single contact should be designated in the DRP to interface with the press Contacts should also be designated for other entities like law enforcement, utilities, ISPs, etc.

18 Homework for next 2 Weeks Read chapter 10 and chapter 11 through page 751 Work on group projects Show up on time for next weeks class for guest speaker

Download ppt "Disaster Recovery and Business Continuity Planning."

Similar presentations

15 Maintaining a Web Site Section 15.1 Identify Webmastering tasks Identify Web server maintenance techniques Describe the importance of backups Section.

15 Maintaining a Web Site Section 15.1 Identify Webmastering tasks Identify Web server maintenance techniques Describe the importance of backups Section.
1 The Basics of Business Continuity Presented by Mary F. Sandy, CBCP Business Continuity/Disaster Recovery Class DePaul University ©Mary F. Sandy, 2006.

1 The Basics of Business Continuity Presented by Mary F. Sandy, CBCP Business Continuity/Disaster Recovery Class DePaul University ©Mary F. Sandy, 2006.
Business Plug-In B4 MIS Infrastructures.

Business Plug-In B4 MIS Infrastructures.
Case Study: Business Continuity Planning for Site- Level Disaster Kimberley A. Pyles Northrop Grumman Corporation

Case Study: Business Continuity Planning for Site- Level Disaster Kimberley A. Pyles Northrop Grumman Corporation
Business Continuity Planning (BCP) & Disaster Recovery Planning (DRP)

Business Continuity Planning (BCP) & Disaster Recovery Planning (DRP)
Business Continuity Planning and Disaster Recovery Planning

Business Continuity Planning and Disaster Recovery Planning
June 23rd, 2009Inflectra Proprietary InformationPage: 1 SpiraTest/Plan/Team Deployment Considerations How to deploy for high-availability and strategies.

June 23rd, 2009Inflectra Proprietary InformationPage: 1 SpiraTest/Plan/Team Deployment Considerations How to deploy for high-availability and strategies.
Disaster Protection and Recovery By: Michael Morrell Ross Ashenfelter Teresa Furnish Karla Maddox.

Disaster Protection and Recovery By: Michael Morrell Ross Ashenfelter Teresa Furnish Karla Maddox.
Lesson 11 – NETWORK DISASTER RECOVERY Disaster recovery plans Network backup and restoration OVERVIEW.

Lesson 11 – NETWORK DISASTER RECOVERY Disaster recovery plans Network backup and restoration OVERVIEW.
TEL382 Greene Chapter 11. 10/27/09 2 Outline What is a Disaster? Disaster Strikes Without Warning Understanding Roles and Responsibilities Preparing For.

TEL382 Greene Chapter /27/09 2 Outline What is a Disaster? Disaster Strikes Without Warning Understanding Roles and Responsibilities Preparing For.
Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin CHAPTER FIVE INFRASTRUCTURES: SUSTAINABLE TECHNOLOGIES CHAPTER.

Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin CHAPTER FIVE INFRASTRUCTURES: SUSTAINABLE TECHNOLOGIES CHAPTER.
Disaster Recovery and Business Continuity Ensuring Member Service in Times of Crisis.

Disaster Recovery and Business Continuity Ensuring Member Service in Times of Crisis.
1 Disaster Recovery Planning & Cross-Border Backup of Data among AMEDA Members Vipin Mahabirsingh Managing Director, CDS Mauritius For Workgroup on Cross-Border.

1 Disaster Recovery Planning & Cross-Border Backup of Data among AMEDA Members Vipin Mahabirsingh Managing Director, CDS Mauritius For Workgroup on Cross-Border.
Security and Backup Avoid disasters – have a good backup policy Avoid disasters – have a tight security scheme in place UK law dictates the board of directors.

Security and Backup Avoid disasters – have a good backup policy Avoid disasters – have a tight security scheme in place UK law dictates the board of directors.
John Graham – STRATEGIC Information Group Steve Lamb - QAD Disaster Recovery Planning MMUG Spring 2013 March 19, 2013 Cleveland, OH 03/19/2013MMUG Cleveland.

John Graham – STRATEGIC Information Group Steve Lamb - QAD Disaster Recovery Planning MMUG Spring 2013 March 19, 2013 Cleveland, OH 03/19/2013MMUG Cleveland.
CHAPTER OVERVIEW SECTION 5.1 – MIS INFRASTRUCTURE

CHAPTER OVERVIEW SECTION 5.1 – MIS INFRASTRUCTURE
Business Crisis and Continuity Management (BCCM) Class Session 15 15 - 1.

Business Crisis and Continuity Management (BCCM) Class Session
Services Tailored Around You® Business Contingency Planning Overview July 2013.

Services Tailored Around You® Business Contingency Planning Overview July 2013.
November 2009 Network Disaster Recovery October 2014.

November 2009 Network Disaster Recovery October 2014.
CISA REVIEW The material provided in this slide show came directly from Certified Information Systems Auditor (CISA) Review Material 2010 by ISACA.

CISA REVIEW The material provided in this slide show came directly from Certified Information Systems Auditor (CISA) Review Material 2010 by ISACA.

Similar presentations

Ads by Google