Principles of Incident Response and Disaster Recovery Chapter
- Slides: 43
Principles of Incident Response and Disaster Recovery Chapter 9 Business Continuity Preparation and Implementation Principles of Incident Response and Disaster Recovery
Objectives • Understand the elements of business continuity • Recognize who should be included in the business continuity team • Know the methodology used to construct the business continuity policy and plan, and be able to participate in such a planning process when required • Become familiar with several tips useful for creating effective business continuity plans • Recognize and be able to reference two sample business continuity plans Principles of Incident Response and Disaster Recovery 2
Introduction • Business continuity (BC) planning: represents the final response of the organization when faced with an interruption of its critical operations • More than 50% of all organizations that close their doors for more than a week never reopen, due to lack of planning • BC is designed to get the organization’s most critical services up and running as quickly as possible • DR focuses on resuming operations at the primary site; BC concentrates on resuming critical functions at an alternate site Principles of Incident Response and Disaster Recovery 3
Introduction (continued) • BIA should have already identified critical business functions and the resources to support them • Two design parameters for the BC planning process: – Recovery time objective (RTO): amount of time before an infrastructure is available – Recovery point objective (RPO): the point in the past to which the recovered applications and data will be restored • Remember that not everything works as planned – stay flexible Principles of Incident Response and Disaster Recovery 4
Elements of Business Continuity Revisited • Exclusive use strategies: – Hot site: fully configured computer facility with all services, communication links, and physical plant operations – Warm site: similar to hot site, but software and/or client workstations may not be included – Cold site: provides only rudimentary services and facilities, no computer hardware • The major deciding factor for exclusive use strategies is cost Principles of Incident Response and Disaster Recovery 5
Elements of Business Continuity Revisited (continued) • Shared use strategies: – Time-share: operates like a hot or warm site, but is leased in conjunction with a business partner or sister organization – Service bureau: service agency that provides physical facilities and/or off-site data storage – Mutual agreements: contract between two organizations for each to assist the other in the event of a disaster • Alternative strategies include rolling mobile sites or rental storage areas Principles of Incident Response and Disaster Recovery 6
Off-Site Data Recovery Revisited • Electronic vaulting: batch transfer of data to an off-site facility • Remote journaling: transfer of live transactions to an off-site facility • Database shadowing: storage of duplicate online transaction data, along with databases, at a remote site with a redundant server • Relocation strategy with an off-site data storage recovery strategy allows reestablishment of critical business functions at a remote location Principles of Incident Response and Disaster Recovery 7
Business Continuity Team • BC team leader is under the direction of the CPMT team • First step is to assemble the BC team • BC team should have representatives from every business unit in the organization to provide depth and breadth Principles of Incident Response and Disaster Recovery 8
BC Team Organization • Emphasis should be on generalized business and technology skills • BC team should have representatives from: – Senior management – Corporate functional units, including HR, Legal, and Accounting – IT managers and a few technical specialists with broad technical skill sets – Info. Sec managers and a few technical specialists • BC team members cannot also be on the DR team Principles of Incident Response and Disaster Recovery 9
BC Team Organization (continued) • BC team may be divided into subteams: – – – – BC management team Operations team Computer setup (hardware) team Systems recovery (OS) team Network recovery team Applications recovery team Data management team Logistics team Principles of Incident Response and Disaster Recovery 10
BC Team Organization (continued) • BC Management team: – Command control group responsible for all planning and coordination – Facilitates the transfer to the alternate site – Handles communications, business interface, and vendor contact functions • Operations team: – Works to establish core business functions needed to sustain critical business operations • Computer setup (hardware) team: – Sets up hardware in the alternate location Principles of Incident Response and Disaster Recovery 11
BC Team Organization (continued) • Systems recovery (OS) team: – Installs operating systems on hardware, sets up user accounts and remote connectivity with network team • Network recovery team: – Establishes short- and long-term networks, including hardware, wiring, and Internet and intranet connectivity • Applications recovery team: – Responsible to get internal and external services up and running Principles of Incident Response and Disaster Recovery 12
BC Team Organization (continued) • Data management team: – Responsible for data restoration and recovery • Logistics team: – Provides any needed supplies, materials, food, services, or facilities needed at the alternate site Principles of Incident Response and Disaster Recovery 13
Special Documentation and Equipment • All team members should have multiple copies of the BC plans readily available at all times • Special equipment required might include: – Software media and licenses, backup copies of data – Replacement or redundant computing and network, power, and telecommunications hardware – Utilities infrastructure arrangements at alternate site – Contact information – Emergency supplies • Consider purchasing cards (P-cards) for acquisition of office supplies and other equipment Principles of Incident Response and Disaster Recovery 14
Special Documentation and Equipment (continued) • Consider issuing laptops to each manager for remote work: – Require that all essential files are stored on the laptop – Require that the laptop is synchronized and updated daily at the office – Guarantees that each manager will have his/her critical files available Principles of Incident Response and Disaster Recovery 15
Business Continuity Policy and Plan Functions • BC planning process: – – – – Develop the BC planning policy statement Review the BIA Identify preventive controls Develop relocation strategies Develop the continuity plan Testing, training, and exercises Plan maintenance Principles of Incident Response and Disaster Recovery 16
Develop the BC Planning Policy Statement • BC plan should contain 8 key elements: – – – – Purpose Scope Roles and responsibilities Resource requirements Training requirements Exercise and testing schedules Plan maintenance schedule Special considerations Principles of Incident Response and Disaster Recovery 17
Develop the BC Planning Policy Statement (continued) • Purpose: – Executive vision – Primary purpose of the BC program • Scope: – Organizational groups and units to which the policy applies • Roles and responsibilities: – Identifies key players and their responsibilities • Resource requirements: – Allocates specific resources to be dedicated to the development of the BC Principles of Incident Response and Disaster Recovery 18
Develop the BC Planning Policy Statement (continued) • Training requirements: – Training for various employee groups • Exercise and testing schedule: – Stipulation for the frequency and type of testing for the BC plan • Plan maintenance schedule: – Frequency of review and who is involved • Special considerations: – Overview of information storage and retrieval plans and who is responsible Principles of Incident Response and Disaster Recovery 19
Review the BIA • BIA contains the prioritized list of critical business functions • Should be reviewed for compatibility with the BC plan • BIA is usually accepted as is Principles of Incident Response and Disaster Recovery 20
Identify Preventive Controls • Preventive controls should already have been identified and implemented as part of the ongoing information security activities • BC team should review and verify that data storage and recovery techniques are implemented, tested, and maintained Principles of Incident Response and Disaster Recovery 21
Develop Relocation Strategies • Develop the “after actions” strategies for relocation based on the BIA • The most likely types of disasters should have contingency strategies in place Principles of Incident Response and Disaster Recovery 22
Develop the Continuity Plan • BC plan includes detailed guidance and procedures for moving into the alternate site • Trigger for a move is usually the damage assessment conducted by the DR team • Extent of the BC move depends on the extent of damage; subordinate BC plans should exist for the various functions of the organization • BC plan has 3 phases of operation: – Preparation for BC actions – Relocation to the alternate site – Return to the primary site Principles of Incident Response and Disaster Recovery 23
Develop the Continuity Plan (continued) • Preparation for BC actions: – Specifies what must be done before relocation occurs – Based on the extent of damage – Specifies the type of relocation services desired and type of data management strategies to deploy – Specifies resources that are needed to support ongoing operations • Advance party: the group responsible for initiating the occupation of the alternate facility Principles of Incident Response and Disaster Recovery 24
Develop the Continuity Plan (continued) • Relocation to the alternate site: – – – Identification of advance party and departure point Notification of service providers Notification of BC team to move to BC site Acquisition of supplies, materials, and equipment Notification of employees to relocate to BC site Organization of incoming employees • Relocated employees should receive a briefing to answer questions about safety issues, location of facilities, food services, etc. Principles of Incident Response and Disaster Recovery 25
Develop the Continuity Plan (continued) • Return to the primary site: – Scheduling of employee move – Vanguard clearing responsibilities (shutdown of temporary services, packing and moving, etc. ) – Transfer of alternate site building to the service provider • BC After-Action Review (AAR): – All team members review notes and recommend improvements to the BC plan – AAR is stored for training purposes Principles of Incident Response and Disaster Recovery 26
BC Plan Testing, Training, and Exercises • Training can be used to test the validity and effectiveness of the BC plan • Final assembly of the plan occurs after completion of training • BC plan testing is an ongoing activity; testing should be done at least semiannually at the walk-through level Principles of Incident Response and Disaster Recovery 27
BC Plan Maintenance • BC plan should be a dynamic document that is updated regularly • Should be reviewed at least annually to update plans, contracts, and agreements, and to update personnel and equipment modifications • Any changes to the business size, location, or business focus should also trigger a review Principles of Incident Response and Disaster Recovery 28
Tips for Creating Effective BCPs • Progress Software offers these tips: – Keep one phone line separate from other phone systems – Try to locate communications equipment in more than one location – Utilize “remote call forwarding” – Use UPS to provide emergency power to phone system and network components – Designate an emergency meeting place for all staff to convene – Obtain employee cell phones from at least 2 different service providers Principles of Incident Response and Disaster Recovery 29
Tips for Creating Effective BCPs (continued) • Progress Software tips (continued): – Ensure employees with home PCs have email and Internet access to perform some duties from home – Print wallet-sized cards for employees with emergency phone numbers, emergency procedures, and other instructions for crisis situations • To determine which plans should be written and in what order, Continuity Central offers these tips: – Determine critical processes for each business unit (from BIA) – Input these processes with RTOs and priorities to BCP software Principles of Incident Response and Disaster Recovery 30
Tips for Creating Effective BCPs (continued) • Continuity Central tips (continued): – Associate each process with the appropriate business unit crisis management plan – Align critical processes within each RTO tier – Within each tier, assign a criticality rating (1 -10); reserve one tier for processes or systems needed to support at least 25% of the revenue or critical services – Identify known dependencies between processes and add these to the BCP software Principles of Incident Response and Disaster Recovery 31
Tips for Creating Effective BCPs (continued) • Continuity Central tips (continued): – Identify owners of processes or systems in the shortest timeframe (zero days) and owners of processes and systems upon which these processes depend – Identify what plan developer resources are available to support plan development for the zero day and dependent processes – Coordinate and support the development of plans while using available resources Principles of Incident Response and Disaster Recovery 32
Tips for Creating Effective BCPs (continued) • Continuity Central tips (continued): – If insufficient resources are available to support creation of multiple plans at once, prioritize plan development by its criticality rating – If some departments or business units do not have any plans that need to be developed supporting the zero-day timeframe, identify shortest RTO processes for those units – Support the development of plans for those processes, provided resources are available – Continue to develop plans with shortest RTOs until all units have procedures for recovery Principles of Incident Response and Disaster Recovery 33
Sample Business Continuity Plans Principles of Incident Response and Disaster Recovery 34
Sample Business Continuity Plans (continued) Principles of Incident Response and Disaster Recovery 35
Sample Business Continuity Plans (continued) Principles of Incident Response and Disaster Recovery 36
Sample Business Continuity Plans (continued) Principles of Incident Response and Disaster Recovery 37
Sample Business Continuity Plans (continued) Principles of Incident Response and Disaster Recovery 38
Sample Business Continuity Plans (continued) Principles of Incident Response and Disaster Recovery 39
Sample Business Continuity Plans (continued) Principles of Incident Response and Disaster Recovery 40
Summary • Business continuity planning represents the final response when faced with the interruption of critical operations • BC process focuses on getting critical functions up and running as quickly as possible • CP team must select either exclusive use or shared use alternative site option • Organization must be able to move data to the recovery site’s systems • BC team should include representatives from all major business functions Principles of Incident Response and Disaster Recovery 41
Summary (continued) • BC team may be divided into subteams • All team members should have multiple copies of the BC plans readily available • BC team develops the BC policy which includes: – – – Scope Purpose Roles and responsibilities Required resources Training requirements Testing and review schedules Principles of Incident Response and Disaster Recovery 42
Summary (continued) • BC planning process includes: – BIA review – Relocation strategies – Guidance and procedures for relocation to alternate site – Relocation to alternate site and return to primary site – Preparation for CP testing, training, and exercises – Development of maintenance plan Principles of Incident Response and Disaster Recovery 43
Principles of incident response and disaster recovery
Principles of incident response and disaster recovery
Backup and disaster recovery mississippi
Bcp vs drp cissp
Socio economic trends
Sql server high availability and disaster recovery
Sql server high availability and disaster recovery
Disaster recovery planning in system analysis and design
Incident objectives that drive incident operations
Verizon 140 west street
Payroll disaster recovery plan
Manufacturing disaster recovery
Mainframe adalah
Law firm disaster recovery plan
Emc disaster recovery
Records management disaster recovery plan
Oracle disaster recovery plan
Active directory disaster recovery best practices
Isaca business continuity
Vmware offsite disaster recovery
Hot site cold site warm site disaster recovery
Disaster recovery for dummies
Disaster recovery call tree template
Disaster recovery plan presentation
School disaster recovery plan
Database disaster recovery plan
Oracle disaster recovery best practices
Open source disaster recovery
Disaster recovery telecommunications
National disaster recovery framework 2016
Ict disaster recovery plan
Disaster recovery techniques
Disaster recovery case study examples
Coop disaster recovery
Aws disaster recovery pilot light vs warm standby
Disaster recovery cost curve
Tsf call center metrics
Contoh dokumen bcp
Disaster recovery process flow diagram
Lepsnap
Obesitas hypoventilatiesyndroom
National disaster recovery framework
National disaster recovery framework
Nist drp template
