Berry College Disaster Recovery Soft Exit

Slides:



Advertisements
Similar presentations
Business Continuity and Disaster Recovery Planning.
Advertisements

Crises in Schools.  Increase knowledge of planning and preparing for school crises  Increase ability of schools to create and implement crisis plans.
1 Disaster Recovery “Protecting City Data” Ron Bergman First Deputy Commissioner Gregory Neuhaus Assistant Commissioner THE CITY OF NEW YORK.
Business Continuity Planning and Disaster Recovery Planning
TEL382 Greene Chapter /27/09 2 Outline What is a Disaster? Disaster Strikes Without Warning Understanding Roles and Responsibilities Preparing For.
Business Services Emergency Preparedness. Agenda Emergencies Emergencies Business Continuation Business Continuation University Plan University Plan Building.
Planning for Contingencies
Business Continuity & Disaster Recovery Planning at The Chicago Board of Trade Presented By: Bryan Durkin Sr. Vice President The Chicago Board of Trade.
Gulf Coast Energy International Business Continuity / Disaster Recovery Planning and Design Proposal Prepared by Andrew Rolf, Felipe Torres, Pranay Jaiswal.
Business Continuity and You! The Ohio State University Business & Finance Enterprise Continuity Program Quarterly Update October 2008Business and Finance.
EASTERN MICHIGAN UNIVERSITY Continuity of Operations Planning (COOP)
Continuity of Operations Planning COOP Overview for Leadership (Date)
Discovery Planning steps (1)
RBTC: Business Continuity 101 July 18, What is Business Continuity? Scenario Part 1 Why is BC important? What types of plans are needed? How do.
Module 3 Develop the Plan Planning for Emergencies – For Small Business –
ISA 562 Internet Security Theory & Practice
David N. Wozei Systems Administrator, IT Auditor.
Business Continuity & Disaster Recovery
1. 2 Cost to Recover Time to Recover Last Backup Work Backlog Created Lost Data Recovery Operations Time Cost Disaster Recovery Time Frame Reconstruct.
Business Continuity and Disaster Recovery Planning.
Emergency Communication Tree Procedures. The Emergency Communication Tree procedures enhance the company’s current objectives around emergency preparedness.
Developing Plans and Procedures
Business Continuity Program Orientation (insert presentation date) (This presentation is a template that requires adjustments to meet your needs)
INFORMATION SECURITY MANAGEMENT L ECTURE 3: P LANNING FOR C ONTINGENCIES You got to be careful if you don’t know where you’re going, because you might.
National Archives and Records Administration, Preparing for the Unexpected ESSENTIAL ELEMENTS: ANALYSIS.
Stanford University Emergency Exercise ‘06 Satellite Operations Center Briefing.
TIJARA Provincial Economic Growth Program Business Continuity / Disaster Recovery Planning Introduction and Workshop Outline Prepared by Larry SanBoeuf.
NFPA 1600 Disaster/Emergency Management and Business Continuity Programs.
Office of Emergency Management University of Houston-Clear Lake Business Continuity Planning.
FIRMA 2010 Larry J. Kallembach April 1, MB Financial Headquarters - September 2008 Chicago is a Lakefront city…….
Chapter 3: Business Continuity Planning. Planning for Business Continuity Assess risks to business processes Minimize impact from disruptions Maintain.
Tom Lenart & John Field CT DEMHS Region 2.  Department of Emergency Services and Public Protection (DESPP)  Commission on Fire Prevention and Control.
Business Continuity Disaster Planning
Business Continuity and You! The Ohio State University Business & Finance Enterprise Continuity Program Quarterly Update July 2008Business and Finance.
CBIZ RISK & ADVISORY SERVICES BUSINESS CONTINUITY PLANNING Developing a Readiness Strategy that Mitigates Risk and is Actionable and Easy to Implement.
AUDITING BUSINESS CONTINUITY PROGRAMS AND PLANS What to Look For Presented by: Tommye White, CBCP, DRP Chuck Walts, CBCP, CRP.
Disaster Recovery Management By: Chris Rozic COSC 481.
Business Continuity Planning 101
Dr. Gerry Firmansyah CID Business Continuity and Disaster Recovery Planning for IT (W-I)
Dr. Gerry Firmansyah CID Business Continuity and Disaster Recovery Planning for IT (W-XI)
MANAGEMENT of INFORMATION SECURITY, Fifth Edition.
Risks and Hazards to Consider Unit 3. Visual 3.1 Unit 3 Overview This unit describes:  The importance of identifying and analyzing possible hazards that.
THINK DIFFERENT. THINK SUCCESS.
Community Health Centers of Arkansas Hazard Vulnerability Assessment Workshop August 11, 2017 Mark Fuller.
Utilizing Your Business Continuity Plan.
Business Impact Analysis
MANAGEMENT of INFORMATION SECURITY, Fifth Edition
Disaster and Emergency Planning
Business Continuity / Recovery
Implementing and Auditing Ethics Programs
Business Continuity Plan Training
Alabede, Collura, Walden, Zimmerman
Fundamentals of a Business Impact Analysis
“The Link” - Continuity of Operations and Emergency Management
Audit Plan Michelangelo Collura, Folake Stella Alabede, Felice Walden, Matthew Zimmerman.
Audit Planning Presentation - Disaster Recovery Plan
Focus Group Committee Chairs
Business Continuity Planning
A Complete and Absolute Shambles
CAYMAN ISLANDS MONETARY AUTHORITY
Disaster Recovery at UNC
Continuity of Operations Planning
BUSINESS CONTINUITY PLAN
Business Continuity Program Overview
Ken M. Shaurette, CISSP, CISA, CISM, CRISC FIPCO Director IT Services
MANUFACTURING DISASTER RECOVERY PLAN
Establishing a Continuity of Operations Planning program
Central New York HEALTH EMERGENCY PREPAREDNESS COALITION
Conducting a Business Impact Analysis (BIA)
BUSINESS CONTINUITY PLAN
Presentation transcript:

Berry College Disaster Recovery Soft Exit Jason Mays Rouying Tang Linlan Chen Karabo Ntokwane Chenhui Lai

Agenda Scope of audit Five findings Overall conclusion

Scope Disaster declaration RPO and RTO Emergency telecommunications services Communication plan Responsibilities of members of DR management team Paper documents backup Training Review test plans and reports

RTO and RPO do not meet the MTD Fact Berry College failed to appropriately identify critical information system assets supporting essential missions and business functions. Standards NIST Special Publication 800-34 Rev. 1: Contingency Planning Guide for Federal Information Systems 3.2.1 to 3.2.3 Root The committee responsible for approving the final disaster recovery plan voted to not use the recommended limited list of critical information systems. Instead, a list compiled from the faculty senate and administration was used.This list had many systems that were listed as moderate systems on the related IT risk assessment matrix. The new list used contains too many systems and data sets to allow achievement of the RTO and RPO recommended in the BIA. Impact (H/M/L) High- Critical systems are not prioritized which can result in downtime that exceeds the MTD (maximum tolerable downtime). Recommendations Reinstate recommended list of critical information systems submitted by IT risk analysis team. NIST SP 800-53A :Family: contingency planning, co cp-2(8) contingency plan | identify critical assets

Emergency telecommunications services not designated a priority Fact Berry College’s telecommunications systems SLA does not designate priority for all telecommunications services used for national security emergency preparedness. Standards NIST Special Publication 800-34 Rev. 1, Contingency Planning Guide for Federal Information Systems 2.2.3 Crisis Communications Plan Root Cause The current Crisis Communications Plan relies on state communication procedures to provide communication. No internal system is dedicated to allow communication for college disaster recovery teams. Impact High-The failure of emergancy telecommunication systems would severily limit the ability of DR team members to coordinate recovery efforts. Recommendations Renegotiate telecommunications systems SLA Review Crisis Communications Plan

Paper Documents Backup Fact The Berry College’s Data Backup haven’t been completed. The documents before 1980 back to 1902 was not digitalized, some of them don’t have any backup or second copies, and most of them are all placed in the same place of the library. Standards Under NIST 800-345.2.1 For important data, we should follow 3,2,1 rules: 3 copies of the data, 2 local copies on different storage types, 1 backup off-site. Root Cause The Data backup was not conducted on time. Big volume of historic document need to be scanned, digitized and backup. The layout of library is inappropriate. Impact (H/M/L) High, facing high risk of data destroyed and unable to recovery those important historic documents. Recommendations Speed up the process of document digitization. Priority the single copy duplicated and backup according to its values Separate the copies to different document storage locations

Effective training of DR plan Fact Berry College does not have a formal DRP training plan. Standards NIST SP 800-84 Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities Root Cause Training is done through provision of information in the company intranet and posters but there is no formal training plan in place. Impact (H/M/L) Moderate- Downtime (unavailability of systems) Longer RTO and RPO Recommendations Develop a DR training plan and administer mandatory annual DR training to all stakeholders. This publication seeks to assist organizations in designing, developing, conducting, and evaluating test, training, and exercise (TT&E) events in an effort to aid personnel in preparing for adverse situations involving information technology (IT). The events are designed to train personnel, exercise IT plans, and test IT systems, so that an organization can maximize its ability to prepare for, respond to, manage, and recover from disasters that may affect its mission

Communication between DR Coordinator, Command Center, Team leaders and team members Fact Berry College does not update contact information regularly Standards NIST Special Publication 800-34 Rev. 1 Contingency Planning Guide for Federal Information Systems 3.4.6 Roles and Responsibilities Root Cause The most common contact methods to IT disaster recovery team and department are using phone, text messages, and send emails. But some people changed their phone numbers, email address and didn’t update the contact lists. Impact Moderate- most of the time the college can connect with relative people timely Recommendations Data backup and update contact information regularly Connecting with team members’ families or friends Set up IT disaster recovery community, and post disaster information to notify DR team and command center When a disaster happens, the college cannot communicate between disaster recovery coordinator, command center, and IT recovery team members in time The ISCP Coordinator should also consider that a disruption could render some personnel unavailable to respond. In this situation, executing the plan may be possible only by using personnel from another geographic area of the organization or by hiring contractors or vendors. Root cause - human errors

Conclusion Critical information systems need to be prioritized in recovery efforts Effective training of disaster recovery plan The process of paper documents digitization should be speeded up Although all these 5 findings risks impact are high or moderate,

Citation https://www.ready.gov/business/implementation/IT https://www.ready.gov/business/implementation/crisis Jay Vrijenhoek, March 31st https://www.intego.com/mac-security-blog/data-backup-plan-how-to-implement-the-3-2-1-backup-strategy/ National Institute of Standards and Technology (NIST) Contingency Planning Guide for Federal Information Systems Special Publication 800-34 Rev.1. https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-84.pd

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.