1 / 56

Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2011

Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2011. Business Continuity and Disaster Recovery Planning. Domain Agenda. Project Scope Development and Planning Business Impact Analysis (BIA) and Functional Requirements Business Continuity and Recovery Strategy

neve-rowland
Download Presentation

Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2011

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Dr. Bhavani ThuraisinghamThe University of Texas at Dallas (UTD)June 2011 Business Continuity and Disaster Recovery Planning

  2. Domain Agenda • Project Scope Development and Planning • Business Impact Analysis (BIA) and Functional Requirements • Business Continuity and Recovery Strategy • Plan Design and Development • Implementation • Restoration / Disaster Recovery • Feedback and Plan Management

  3. Domain Objectives • Understand the planning process • Integrating BCP into the organization • Defining inputs and outputs of process • Understand the difference between BCP and DRP

  4. Sources of Information • Disaster Recovery Institute International • Business Continuity Institute • ISO 25999 • ISO 27001, Section 10 • NIST SP 800-34

  5. ISO 25999: Business Continuity Management • Risk management • Disaster recovery • Facilities management • Supply chain management • Quality management • Health and safety • Knowledge management • Emergency management • Security • Crisis communications and PR

  6. Overview of BCP • Direct benefits • Indirect benefits • Overlap with Risk Management • BCM vs. BCP vs. COOP

  7. The Enterprise BCP • DRP • Backup strategies • Emergency procedures • Contracts and provisioning • BIA • Reciprocal agreements • Alternate sites • Incident response planning • Succession Plan • Incidence Response Team

  8. The Enterprise BCP (cont.) • Risk analysis • Safeguards / countermeasures • Insurance plan • Corporate communication plan • User awareness training • Media/stakeholder relations plan

  9. The Business Continuity Life Cycle • Analyze the business • Assess the risks • Develop the BC strategy • Develop the BC plan • Rehearse the plan

  10. BC Project Phases • Project Scope Development and Planning • Business Impact Analysis (BIA) and Functional Requirements • Business Continuity and Recovery Strategy • Plan Design and Development • Implementation • Restoration / Disaster Recovery • Feedback and Plan Management

  11. Reflecting Organizational Context • Policy is the driver • Aligned with requirements • Provides direction and focus • Use Business Impact Analysis • Identify inputs • Outcomes and deliverables • Reviewed annually

  12. Policy • Organizational authority • Policy document • Program scope • Resources • Outsourcing

  13. Policy contents • Framework • Tools and techniques • Policy contents • Change is infrequent

  14. Outsourced Activities • You are still responsible • Resilience in outsourcing • Supplier continuity

  15. Scope and Choices • Limit scope • Ensure clarity of scope • Strategy, Return on Investment (ROI), and SWOT (Strengths, Weaknesses, Opportunities, Threats) • Review yearly

  16. Program Management • Assigning responsibilities • Initiating BCP in the organization • Project management • Ongoing management • Documentation • Incident readiness and response

  17. Documentation • Review current BCP if available • Documentation may not equal capability • Staff must be trained to use any necessary software • Types of documentation • Review as directed by policy

  18. Initiating BCP • Awareness, data, implementation • Staff and budget • Result must be a long-term, sustainable program • Review progress monthly

  19. Incident Readiness & Response • Planners become leaders • Be prepared • Triage • Incident management • Success = Return to Operations • Immediate lessons learned

  20. Key Indicators of Success • Senior management commitment • Policy content • BCP Resources • Project management • Documentation

  21. BCP Project Phases • Project Scope Development and Planning • Business Impact Analysis (BIA) and Functional Requirements • Business Continuity and Recovery Strategy • Plan Design and Development • Implementation • Restoration / Disaster Recovery • Feedback and Plan Management

  22. Understanding the Organization • Business Impact Analysis (BIA) • Benefits • Objectives • Evaluating Threats (Risk Assessment) • Emergency Assessment • Indicators of Critical Business Functions

  23. Business Impact Analysis • Identifies, quantifies and qualifies loss • Scope and support required • Documents impact and dependencies • MTD, RPO • Business impact analysis process • Workshops, questionnaires, interviews • Business justifications for budget

  24. Maximum Tolerable Period of Disruption

  25. Estimating Continuity Requirements • Total budget for disaster recovery • Identification of necessary resources • Outcomes feed BCP strategy selection • Reviewed with BIA

  26. Evaluating Threats (Risk Assessment) • Risk equation + time element • Risk = Threat impact * probability • Prioritize key processes and assets • Outcomes

  27. Key Indicators or Success • Corporate governance • BIA practice • Risk assessment practice

  28. BCP Project Phases • Project Scope Development and Planning • Business Impact Analysis (BIA) and Functional Requirements • Business Continuity and Recovery Strategy • Plan Design and Development • Implementation • Restoration / Disaster Recovery • Feedback and Plan Management

  29. Determining Business Continuity Strategy • High-level strategies • RTO < MTPD • Separation distance • Resilience • Address specific business types

  30. Determining Strategy • Determining BC strategies • Strategy options • Activity continuity options • Resource-level consolidation

  31. Activity Continuity Options • Selecting recovery tactics • Reliability • Extent of planning • Cost/benefit analysis • Outcome

  32. Recovery Alternatives

  33. Processing Agreements

  34. BCP Project Phases • Project Scope Development and Planning • Business Impact Analysis (BIA) and Functional Requirements • Business Continuity and Recovery Strategy • Plan Design and Development • Implementation • Restoration / Disaster Recovery • Feedback and Plan Management

  35. Resource Level Consolidation • Consolidation plan • Availability of solutions • Consolidate, approve, implement • Methods and techniques • Outcomes and deliverables

  36. Business Continuity Plan • Master plan • Modular in design • Executive endorsement • Review quarterly

  37. Business Continuity Plan Contents • When team will be activated • Means by which the team will be activated • Places to meet • Action plans/task list created

  38. Business Continuity Plan Contents • Responsibilities of the team or of specific individuals • Liaising with Emergency Services (fire, police ambulance) • Receiving or seeking information from response teams • Reporting information to the Incident Management Team • Mobilizing third party suppliers of salvage and recovery services • Allocating available resources to recovery teams • Invocation / mobilization instructions

  39. Developing and Implementing Response • Incident response structure • Emergency response procedures • Personnel notification • Communications • Restoration

  40. BCP Project Phases • Project Scope Development and Planning • Business Impact Analysis (BIA) and Functional Requirements • Business Continuity and Recovery Strategy • Plan Design and Development • Implementation • Restoration / Disaster Recovery • Feedback and Plan Management

  41. Implementing Incident Management Plan • Rapid response is critical • Crisis management • Steps to develop an Incident Management Plan • Action plans

  42. Incident Response Structure • Strategic • Tactical • Operational

  43. Key Indicators of Success • Development and acceptance of Recovery Strategies and Business Continuity Plans

  44. BCP Project Phases • Project Scope Development and Planning • Business Impact Analysis (BIA) and Functional Requirements • Business Continuity and Recovery Strategy • Plan Design and Development • Implementation • Restoration / Disaster Recovery • Feedback and Plan Management

  45. Disaster Recovery • Salvage • Separate function and team • Facility restoration • System recovery

  46. BCP Project Phases • Project Scope Development and Planning • Business Impact Analysis (BIA) and Functional Requirements • Business Continuity and Recovery Strategy • Plan Design and Development • Implementation • Restoration / Disaster Recovery • Feedback and Plan Management

  47. Testing the Program • Find the flaws • Outsourcing • Timetable for tests • Test design process

  48. Testing Types

  49. Embedding BCP • Assessing level of awareness and training • Developing BCP within the Culture • Monitoring cultural change

  50. Test BCP Arrangements • Test, rehearsal, exercise • Combine all plan activities • Stringency, realism and minimal exposure • Contents of a test • Outcomes

More Related