business continuity planning and disaster recovery planning n.
Skip this Video
Download Presentation
Business Continuity Planning and Disaster Recovery Planning

Loading in 2 Seconds...

play fullscreen
1 / 26

Business Continuity Planning and Disaster Recovery Planning - PowerPoint PPT Presentation

  • Uploaded on

Business Continuity Planning and Disaster Recovery Planning. Ref. CISSP exam guide W.lilakiatsakun. Business Continuity Planning and Disaster Recovery Planning (1).

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Business Continuity Planning and Disaster Recovery Planning' - ovid

Download Now An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
business continuity planning and disaster recovery planning 1
Business Continuity Planning and Disaster Recovery Planning (1)
  • DRP is the process of regaining access to the data, hardware and software necessary to resume critical business operations after a natural or human-induceddisaster.
  • DRP is part of a larger process known as business continuity planning (BCP).
  • Disaster recovery is the process by which you resume business after a disruptive event.
business continuity planning and disaster recovery planning 2
Business Continuity Planning and Disaster Recovery Planning (2)
  • The event might be
    • something huge-like an earthquake or the terrorist attacks on the World Trade Center
    • something small, like malfunctioning software caused by a computer virus.
  • Many business executives are prone to ignoring "disaster recovery" because disaster seems an unlikely event.
business continuity planning and disaster recovery planning 3
Business Continuity Planning and Disaster Recovery Planning (3)
  • All BC/DR plans need to encompass
    • How employees will communicate
    • Where they will go
    • How they will keep doing their jobs.
  • The details can vary greatly, depending on the size and scope of a company and the way it does business.
events that necessitate disaster recovery
  • Naturaldisasters
  • Fire
  • Powerfailure
  • Terroristattacks
  • Organizedordeliberatedisruptions
  • Theft
  • Systemand/orequipmentfailures
  • Humanerror
  • Computerviruses
  • Testing
business continuity steps 1
Business Continuity Steps (1)

1 Develop the continuity planning policy statement

- Write a policy that provides the guidance necessary to develop a BCP and assigns authority to the necessary roles to carry out these tasks

2 Conduct the business impact analysis (BIA)

- Identify critical functions and systems and allow the organization to prioritize them on necessity.

-Identify vulnerabilities, threats and calculate risks

- Calculate MTD (Maximum Tolerable Downtime) for resources

business continuity steps 2
Business Continuity Steps (2)

3 Identify preventive controls

  • Identify and implement controls and countermeasures to reduce the organization’s risk level in an economical manner

4 Develop recovery strategies

  • Formulate methods to ensure that systems and critical function can be brought online quickly
business continuity steps 3
Business Continuity Steps (3)

5 Develop the contingency plan

  • Write procedure and guidelines for how the organization can still stay functional in a cripple state

6 Test the plan and conduct training and exercise

  • Test the plan to identify deficiencies in the BCP and conduct training to properly prepare individuals on their expected task

7 Maintain plan

  • Put in place steps to ensure the BCP is a living document that is upgraded regularly
initiation 1
Initiation (1)
  • Identified a business continuity coordinator (leader for the BCP team)
  • Setup a BCP committee might consist of representative from
    • Business units
    • Senior management
    • IT department
    • Security department
    • Communications department
    • Legal department
initiation 2
Initiation (2)
  • At this phase, the team works with management to develop the continuity planning policy statement
    • Layout the scope of the BCP project
    • Team member roles
    • Goal of the project
bcp requirement
BCP Requirement
  • The major requirement is management support
  • Work best in a top-down approach
    • Management should be driving the project
  • It is important that management set the overall goals of continuity planning
    • It should help set priorities of what should be dealt first
business impact analysis 1
Business Impact Analysis (1)
  • The BCP committee must identify the threats to the company and map them to the following characteristics
    • Maximum tolerable downtime
    • Operational disruption and productivity
    • Financial consideration
    • Regulatory responsibilities
    • Reputation
business impact analysis 2
Business Impact Analysis (2)
  • Data would gather from interviewing, surveying, workshops and etc
  • Threat can be manmade, natural or technical
  • The committee needs to step through scenarios that could produce the following results
    • Equipment malfunction
    • Unavailable utilities (Power, Communication)
    • Software or data corruption
business impact analysis 3
Business Impact Analysis (3)
  • Loss criteria must applied to the individual threats
    • Loss in reputation and public confidence
    • Loss of competitive advantages
    • Increase in operational expenses
    • Violations of contract agreement
    • Violations of legal and regulatory requirement
    • Delays income costs
    • Loss in revenue
    • Loss in productivity
business impact analysis 4
Business Impact Analysis (4)
  • Example of Maximum Tolerable Downtime (MTD)
    • Nonessential 30 days
    • Normal 7 days
    • Important 72 hours
    • Urgent 24 hours
    • Critical Minute to hours
business impact analysis 5
Business Impact Analysis (5)
  • Interdependencies
    • Business function might depend on the other functions
  • BCP team should carried out these tasks
    • Define essential business function and support departments
    • Identifies interdependencies
    • Discover all possible disruption that could affect the mechanism
    • Identify and document potential threats
    • Gather quantitative and qualification information pertaining to those threat
    • Provide alternative methods for restoring
    • Provide a brief statement of rationale for each threat and corresponding information
bia steps 1
BIA Steps (1)
  • 1 Select individuals to interview for data gathering
  • 2 Create data-gathering techniques (surveys, questionnaires, qualitative and quantitative approaches)
  • 3 Identify the company ‘s critical business function
  • 4 Identify the resources that these functions depend upon
bia steps 2
BIA Steps (2)
  • 5 Calculate how long these functions can survive without these resources
  • 6 Identify vulnerabilities and threats to these function
  • 7 Calculate risk for each different business function
  • 8 Document findings and report them to management
preventive controls
Preventive Controls
  • Reduce impact and mitigate risks
  • Example of preventive measures
    • Redundant servers and communication links
    • Power lines coming in through different transformers
    • UPS and generators
    • Data backup
    • Fire detection
recovery strategies
Recovery strategies
  • Business process recovery
    • Business process is back to work
  • Facility recovery
    • Cold site/ Warm site/ Hot site
  • Supply and technology recovery
    • Network /computer /human resources
  • User environment recovery
    • Most critical department gets back first
  • Data recovery
    • Data Back up
developing the bcp 1
Developing the BCP (1)
  • Define goals of the plan and goals must contain certain key information such as
    • Responsibility
      • Each individual should have their responsibilities spell out in writing to ensure a clear understanding in a chaotic situation
    • Authority
      • In time of crisis, it is important to know who is in charge
      • Clear cut authority will aid in reducing confusion and increase coorperation
developing the bcp 2
Developing the BCP (2)
  • Priorities
    • It is necessary to know which department come online first which second and so on
    • Along with the priorities of department, the priorities of systems, information and program must be established
  • Implement and testing
developing the bcp 3
Developing the BCP (3)
  • Documenting the following
    • Procedures
    • Recovery solutions
    • Roles and tasks
    • Emergency response
testing plan 1
Testing plan (1)
  • Checklist test
    • Forget anything ?
  • Structured walk-through test
    • Discussion by representatives
  • Simulation test
    • Ensure that specific steps were not left out and certain threats were not overlooked
    • Raise awareness of people involved
testing plan 2
Testing plan (2)
  • Parallel test
    • Ensure that the specific systems can actually perform adequately at the alternate off site facility
  • Full interruption test
    • Ensure that everything will be recovered as planned
    • It can reveal many holes that need to be fixed
maintaining the plan
Maintaining the plan
  • Organization can keep the plan updated by taking the following actions
    • Make business continuity a part of business decision
    • Insert the maintenance responsibilities into job descriptions
    • Include maintenance in personnel evaluation
    • Perform internal audits that include disaster recovery and continuity documentation and procedures
    • Perform regular drills that use the plan
    • Integrate BCP into the current change management process