Planning for Disaster
Ramesh Ramani CISM CGEITParamount-Dubai
07 June 2011
Agenda
• Disaster Management-Introduction• Examples • BCP and IT Continuity• Process of Disaster Management-PDCA• Disaster Management Framework• Project Execution• Typical Plan• Testing the Plan
Disaster Management
• Discipline of dealing with and avoiding risks
• Discipline that involves preparing for disaster BEFORE it occurs,
• Sometimes referred to as Business Continuity Planning (BCP)
Definitions-Disaster
“situation or event which overwhelms local capacity, necessitating a request to a national or international level for external assistance.”
“An overwhelming ecological disruption occurring on a scale sufficient to require outside assistance”
“exceptional events that kill or injure a large number of people”
“Strategic and Tactical capability of an organisation to plan for and respond to incidents and business disruptions in order to continue business operations to an acceptable pre defined level”-BS 25999
Examples-Disaster-Black Swan•Japan-March 2011-Reactions-Germany•Middle East Uprising
•DHL Express, recently moved its air operations for the Middle East from Bahrain to Sharjah for one week •Egypt to Dubai•Bahrain to Dubai
•Tsunami-December 2006•Haiti Earthquake•Oil Spill-Gulf of Mexico•9-11•Flooding Mumbai-2005•Power Outage Dubai-2005•Flooding Sharjah-2009•Volcano Ash-Europe
Middle East• People-Expat Dependency• Volatility• Absence of Laws/Regulations• Monopolistic-Telco/Power etc• BCP-Not generally available in SME• False Sense of Security• ‘In my tent syndrome’• 37 per cent of CFOs in the region believe
financial risk has increased over the past 12 months-Deloitte
IT and BCP• Industry age to information age• Information itself is becoming business• International Standards
– ISO 27001:2005-Information Security– BS 25999-Business Continuity Managment– BS 25777-ICT Continuity Management– NFPA 1600: Standard on Disaster/Emergency
Management and Business Continuity Programs – ASIS/BSI BCM.01:2010 Business Continuity
Management Systems: Developed jointly between ASIS and BSI for North America
– AS 5050:2010- Standards Australia
PLAN
DO
CHECK
ACTBC&IS
Disaster Management
PM Framework-DRVulnerability
Value
Threat
BS 25999
BS 25777
Existing setup / Redundancy / New
Technologies
Risk ManagementPlan Risk Assessment
Risk Mitigation Plan
Vulnerability
Threat
People
Processes. Procedures
Technical
Asset Value
Do Risk Mitigation Products, Processes or People Controls
Audit Internal AuditCheck
Continual Improvement
Closing of Audit Gaps/Raising the BarAct
Continue with PDCA Cycle
Initial Plan
Acquire/ Analyze Data
Develop BCMS/ISMS
Implement BCMS/ISMS
Test BCM/S/ISMS
Continual Improvement
Aim-Provide initial planning and preparation for the assignment.
1. Scope and Service Acceptance Document C2. ISMS/BCMS Scope definition 3. BC/IS Policy Statement C4. BCM/Information Security Steering
Committee Charter C
Aim- to collect all relevant data pertaining to the scope- develop BIA/Risk Assessment methodology - perform asset enumeration/valuation
1. BIA/Risk Assessment Methodology2. Information Asset Valuation/Critical Asset
Valuation-C,I,A-C3. Critical/ information assets register-C
Aim-Perform BIA/ Risk Assessment on the identified critical /IT assets anddevelop BCP/Risk Treatment Plan.Develop mandatory policies and controls
1. Vulnerability Assessment-C2. Threat Assessment-C3. Risk Assessment Report (IS)4. BIA (RTO/RPO)5. BCP/DRP6. Risk Mitigation & Treatment Plan C7. Statement of Applicability (ISO 27001)8. BCP/DR Policies and Procedures C?9. IS Policies and Procedures C ?10. SOA (ISO 27001)11. BS 25999 Mandatory Controls 12. Control Implementation Roadmap
Aim-Implement BCP/Risk Mitigation Controls based on the BCP/control implementation road map
1. Implement controls identified 2. People (Training/Duties) C3. Implementing products C?4. Implementing Processes
Aim - To Test the BCP/DRP-To audit the ISMSPrepare for ISO 27001/BS 25999 Certification
1. BC/DR Test Results2. ISO 27001 Audit Reports
Aim-Continual Improvement of BCMS/ISMS
Certification against BS 25999/ISO 27001
Project Execution and Deliverables
Typical BC Plan•Introduction•Definitions•Abbreviations•Mission, objectives and intent•Key plan assumptions•Business impact analysis•Disaster recovery strategy•Disaster recovery organization•Disaster recovery management team responsibilities•Disaster recovery emergency procedures•Plan administration•Change management•Maintenance of the disaster recovery plan•Testing of the disaster recovery plan
Typical Disaster Recovery Organisation
Senior Recovery ManagerSenior Recovery Manager
Recovery ManagerRecovery Manager
Damage Assessment
Damage Assessment Physical SecurityPhysical Security
Infrastructure Restoration Team
Leader
Infrastructure Restoration Team
Leader
Application Restoration Team
Leader
Application Restoration Team
Leader
ERPERP POSPOS
Other ApplicationsOther Applications
AdministrationAssistant
AdministrationAssistant
NetworkNetworkHardwareHardware
Basic Principles-DR• Minimize injury to personnel• Minimize damage to equipment and facilities• Achieve a report of injury to personnel and damage
assessment within XX hours of the interruption• Recover IT capabilities and functionality within the
Critical Time Frames specified • In an emergency situation where life is threatened or you
are in danger of physical harm, immediately leave the facility.
Never place yourself in a dangerous situation or take unnecessary risks.
Senior Recovery Manager Responsibilities
• Pre-Disaster• Approves the final Disaster Recovery Plan• Ensures the Disaster Recovery Plan is maintained• Ensures Disaster Recovery training is conducted• Authorizes periodic Disaster Recovery Plan testing• Post-Disaster• Declares that a disaster has occurred and the Disaster Recovery Plan is
activated• Determines the plan strategy to be implemented • Determines alternate team members (if any) and other support members of
the recovery process• Authorizes travel and housing arrangements for team members• Authorizes expenditures • Manages and monitors the overall recovery process• Advises Senior Business Managers and user management on the status of
the disaster recovery efforts• Coordinates media and press releases
Check Off List-Network Assistant
Mission: To restore networking the capabilities required within the Critical Time Frames specified
• Upon notification of a disaster by the Management Team assemble at the designated site for a briefing on the extent of damages, escalation plan implemented and support required.
• Contact Telco for connecting up DR Site
• Indicate to DRT as to resumption details of network• Work closely with software, hardware and restoration team to restore services• Provide internal communication to team members as required• (Network Assistant should be provided with three additional mobile phones as an emergency measure)
Under no circumstances should the Network Assistant make any public statements regarding the disaster, its cause or its effect on the operations
Connectivity Reference Number
Bandwidth Telco Reference Number Telco Contact (land line)
Telco Contact (Mobile)
Information Technology Checklist-Plan Administration
• Change in LAN server(s), terminals, or personal computer workstations
• Change in operating system and utility software programs• Change in the design of production systems or files• Addition of deletion of a production system• Change in the scheme of backing up data or equipment• Change in the communications network design• Change in personnel assignments or the Information Technology
organization• Change in off-site storage facilities, location or methods of cycling
items• Improvements or physical change to the current LAN data center• Review of time frames for availability and delivery of replacement
computer components
Corporate Checklist-Plan Administration
• Is the Disaster Recovery Plan in conformance with the corporate by laws?
• Are Executive Management and the Board of Directors aware of the state and status of the Disaster Recovery Plan and Processes?
• Has a new division or department been formed?• Has a new system been developed for computer processing?• Has a system for computer processing been discontinued?• Have individuals within the Recovery Team been transferred,
promoted or terminated?• Has an internal system been significantly modified to change the
basic functions, data flow requirements or accounting requirements?• Has a sales office been opened, moved or closed?
Testing-Principles
‘Pull the plug’test. Shut down data center
Full-Interruption
Incorporated associated plans. Simulate disaster
Simulation
Extended Checklist check to see interaction & roles of participants
•Scenario•Freeplay•Controlled•Time lapse•Unannounced•Live•Tabletop•Individual components•Integrated Components
Walkthrough
Low
High
High
Low
Review & Challenge the contents of the plan
•Audit•Validation•Verification
Checklist
ComplexityFrequencyParticipantsProcessTechniquesType
Testing Check List
Type Techniques Process Participants Frequency Duration
Checklist • Audit• Validation• Verification
1.Review & Challenge the contents of the plan
2.Check all Check off lists are present and updated
3.Check back Up Tapes
4.Visit DR Site and ensure infrastructure/back up tapes available
5.Verify DR Team contacts
• Recovery Manager• Network Assistant• Restoration Team (2
Members)
Once a month 4 Hrs
Simulation 1 • Scenario• Controlled
1.Extended Checklist check to see interaction & roles of participants
2. Actual Restoration of back up tapes
• Recovery Manager• Network Assistant• Software Assistant• Hardware Assistant• Restoration Team (All
Members)
After Completion of minimum six check list type testing
Once in two months thereafter
One Non-working day
Testing Check List (Contd)Simulation 2 •Unannounced
•LiveExtended Checklist check to see interaction & roles of participants2. Actual Restoration of back up tapes
Full Recovery Team After Completion of Minimum two Simulation 1 TestingOnce in six months thereafter
One Non-Working Day
Full Interruption Announced Full and thorough check of DRP
Full Recovery Team Businesses
After Completion of Minimum three simulation testingTo be done only onceCan be done without affecting any business if proper timings are chosen to conduct this test
One Non Working Day
Top Related