Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 16 Presented By: Stephen Lambert Disaster Recovery and Business Continuity.

Published byGodwin Johns Modified over 8 years ago

Similar presentations

Presentation on theme: "Chapter 16 Presented By: Stephen Lambert Disaster Recovery and Business Continuity."— Presentation transcript:

1 Chapter 16 Presented By: Stephen Lambert Disaster Recovery and Business Continuity

2 Business Continuity Purpose: To develop a solid disaster recovery plan that will allow the business to continue through what ever catastrophic event that may occur. Redundancy

3 Disaster Recovery Plan A disaster recovery plan defines the resources, actions, and data required to reinstate critical business processes that have been damaged or disabled because of a disaster. 5 Potential Threats or Disasters Human induced accidents Natural Internal Armed conflict External An effective Disaster Recovery Plan should include: 1. A list of the covered disasters.

4 Disaster Recovery Plan cont… 2. A list of the disaster recovery team members for each type of situation and their contact information. Team Members Senior Management Information Technology Department Facilities Management User Community 3.Business Impact Assessment 4.Business Resumption and Continuity Plan 5.Backup Documentation 6.Restore Documentation

5 Data Backups All mission-critical data is critical to allow personnel to restore files and application software and continue business. Key Issues of Backup Strategy: How often should the backups be run? What is the backup medium? What time of day should the backups be run? Are the backups manual or automated? How are backups verified? How long are backups stored? Where are backups stored? Who is responsible for backups? Who is the fallback person responsible for backups?

6 Security Policy Acceptable Use Policy – policies that are concerned with the use of computer equipment and network resources for personal use or use that is not benefiting the company. Privacy – protect customer and supplier data Separation of Duties – effectively distribute tasks throughout the IT organization and document processes thoroughly. Password Management – attributes: minimum length, allowed character set, disallowed strings (all numbers, dictionary words, variations of the username or ID), and the duration of use of the password. Service Level Agreements – is a contractual understanding between and ASP and the end user which binds the ASP to a specified and documented level of service. Disposal and Destruction

7 Human Resources Policy Employee Hiring – Hiring of personnel for computer network or security functions require verifying the candidate’s background, including reference checks, previous employers, criminal background checks, and relevant educational background. Employee Termination -- protect against disgruntled employees Code of Ethics – the code should demand that employees act honestly, responsibly, and legally to protect the organization.

8 Incident Response Policy -- covers how to deal with a security incident after it has already transpired. Six Distinct Steps: Preparation Detection Containment Eradication Recovery Follow Up Human Resources Policy cont…

9 http://www.webseminarslive.com/article2/0,2290,1553527,00.asp

10

11

12

13

14

15

16

17

18

19

20

21

22

23

Download ppt "Chapter 16 Presented By: Stephen Lambert Disaster Recovery and Business Continuity."

Similar presentations

Museum Presentation Intermuseum Conservation Association.

Museum Presentation Intermuseum Conservation Association.
1 COMPUTER GENERATED & STORED RECORDS CONTROLS Presented by COSCAP-SA.

1 COMPUTER GENERATED & STORED RECORDS CONTROLS Presented by COSCAP-SA.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Ethics Ethics are the rules of personal behavior and conduct established by a social group for those existing within the established framework of the social.

Ethics Ethics are the rules of personal behavior and conduct established by a social group for those existing within the established framework of the social.
Information Systems Audit Program (cont.). PHYSICAL SECURITY CONTROLS.

Information Systems Audit Program (cont.). PHYSICAL SECURITY CONTROLS.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Information Security Policies and Standards

Information Security Policies and Standards
Introduction to Information Technology, 2nd Edition Turban, Rainer & Potter © 2003 John Wiley & Sons, Inc. 15-1 Introduction to Information Technology.

Introduction to Information Technology, 2nd Edition Turban, Rainer & Potter © 2003 John Wiley & Sons, Inc Introduction to Information Technology.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.

ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
Factors to be taken into account when designing ICT Security Policies

Factors to be taken into account when designing ICT Security Policies
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
Disaster Recovery and Business Continuity Ensuring Member Service in Times of Crisis.

Disaster Recovery and Business Continuity Ensuring Member Service in Times of Crisis.
Session 3 – Information Security Policies

Session 3 – Information Security Policies
Network security policy: best practices

Network security policy: best practices
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
OH 5-1 Hiring and Orienting New Employees Human Resources Management and Supervision 5 OH 5-1.

OH 5-1 Hiring and Orienting New Employees Human Resources Management and Supervision 5 OH 5-1.
Unit Introduction and Overview

Unit Introduction and Overview
Security Awareness Norfolk State University Policies.

Security Awareness Norfolk State University Policies.
Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Disaster Recovery, Business Continuity, and Organizational Policies.

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Disaster Recovery, Business Continuity, and Organizational Policies.

Similar presentations

Ads by Google