Business continuity & Disaster recovery planing
-
Upload
tareq-hanaysha -
Category
Technology
-
view
81 -
download
9
Transcript of Business continuity & Disaster recovery planing
By Tareq Hanaysha , MISSM Candidate
ISSM 511 -Introduction to Information Systems Security
Concordia University College Of Alberta
2/18/2015DR & BCP 1
2/18/2015DR & BCP 2
1. Introduction & Definition of DR and BCP2.Diefferences and purposes3.DR & BCP Objectives4. Major Component of DR & BCP5. Best Practices6.Refrences6.Conclusion
2/18/2015DR & BCP 3
Planning for the worst while hoping that it won’t happen is something that all security professionals do, disaster recovery for business continuity has always been a key part for the job .
disaster: is any event that has a significant impact on an enterprise's ability to conduct normal business like earthquakes, extreme weather, other natural disasters, pandemics and terrorism.
Disaster Recovery Plan: Includes the information and procedures needed to resume an organization's operation after some sort of disaster. Sometimes the plan is split into several plans, one to address recoverable disasters (e.g., loss of a server) and a more comprehensive business continuity plan for use in total loss situations.
SIMILAR TERMS: Contingency Plan, Business Resumption Plan, Continuity Plan
2/18/2015DR & BCP 4
Business Continuity :is the enterprise-wide proactive business process by which we manage the risks we operate within.
It addresses all aspects of the business: People, Processes, Resources and Technology (PPRT)
The goal is: preventing or mitigating the risks we can and preparing for recovery from those we cannot, or choose not to prevent.
Business continuity plans: are designed to help organisations protect themselves from the losses to infrastructure and resources caused by natural disasters, pandemics and terrorism.
Preparation is the key: You fight like you train!
SIMILAR TERMS: Contingency Planning, Business Resumption Planning, Corporate Contingency Planning, Business Interruption Planning, Disaster Preparedness.
2/18/2015DR & BCP 5
Plan Purpose Scope
Business Continuity Plan (BCP)
Provide procedures for sustaining essential business operations while recovering from a significant disruption
Addresses business processes; IT addressed based only on its support for business process
Disaster Recovery Plan (DRP)
Provide detailed procedures to facilitate recovery of capabilities at an alternate site
Often IT-focused; limited to major disruptions with long-term effects
2/18/2015DR & BCP 6
1. Limit severity of the event and the magnitude of loss
2. Minimize extent of the interruption
3. Identify critical resources
4. Identify critical functions
5. Define a process to protect critical resources
6. Define alternatives for continuing critical functions
7. Minimize decision making during a crisis
8. Train personnel
9. Continual review and maintenance
10. Integration of Business Continuity with Enterprise Strategic Planning
2/18/2015DR & BCP 7
Disaster recovery planning
components :
1. Establishment of the Recovery Team(s)
2. Development of Recovery Procedures
3. Training of the Recovery Team(s)
4. Change Management to keep plan current
5. Provision of Necessary Resources (Beans, Bombs and
Bubbas…)
6. Arrangement for alternate technology
platform, and retrieval of backup data
2/18/2015DR & BCP 8
Business Continuity Plan
Component
1. Establishment of Cross-Functional
Team(s)
2. Inventory of People, Processes,
Resources and Technology (PPRT)
3. Risk/Threat Identification and
Categorization
4. Impact Analysis and Loss Estimation
5. Prevention, Mitigation and
Recovery Strategizing
6. Gap Analysis and Resolution
Planning
2/18/2015DR & BCP 9
Plan Scope and Support
Senior Management Support (tone at the top)
Defined objectives, policies, scope and success factors and requirements
Standard terms and assumptions
Project plan and budget
Risk Analysis
Risks – Quantitative and Qualitative
Threats – Natural and Man Made
Vulnerabilities – Possibilities of threats occurring have been taken into account
Figure 2-1 Contingency Planning as an Element of Risk Management Implementation
2/18/2015DR & BCP 10
Business Impact Analysis
Time criticality
RTO & RPO
Critical Business Units/Functions
Results based on established quantitative and qualitative metrics
Recovery Strategies
Reasonable strategies identified
Advantages and Disadvantages
Cost vs. Benefit
Business unit buy-in
The BCP Plan
Scope and Objective
Business Recovery Organization
Escalation, Notification, Activation
Resumption, Recovery, Restoration
Maintenance, Testing
2/18/2015DR & BCP 11
Plan Maintenance
Defined timetables
Version control
Changes
Plan Testing
Periodic and methodical
Address major components
Goals objectives for each test
Monitor, analyze, report
Training and AwarenessPlan existenceResponsibilitiesVarious training methods
2/18/2015DR & BCP 12
Thinking systematically about risk, mitigating risks, and proactively
planning an optimized BCM program is something every company, large
or small, can and should do.
2/18/2015DR & BCP 13
NIST: National Institute of Standards and Technology.
Many Sample DRPs can be seen at www.drj.com. Planning, a chapter of the book Disaster Recovery Planning: Preparing For The Unthinkable by Jon Toigo.
www.disasterrecoveryworld.com is a commercial site that also provides excellent resources, and explains the COBRA method of analysis.
www.crisis-management-and-disaster-recovery.com
Business continuity planning / management (BCM) from wikipedia.org
2/18/2015DR & BCP 14