Dennis Reid Senior Consultant Elliot Consulting, LLC

Slides:

Advertisements

Similar presentations

1 The Basics of Business Continuity Presented by Mary F. Sandy, CBCP Business Continuity/Disaster Recovery Class DePaul University ©Mary F. Sandy, 2006.

Advertisements

FMS. 2 Fires Terrorism Internal Sabotage Natural Disasters System Failures Power Outages Pandemic Influenza COOP/ Disaster Recovery/ Emergency Preparedness.

Information Technology Disaster Recovery Awareness Program.

BCM and Security ROGSI/DMS Präsentation ROGSI/DMS Suite for Corporate Survival ROGSI/Business Impact Analysis TOP 7 Best Practices for Business Continuity.

Business Plug-In B4 MIS Infrastructures.

CIOassist Technologies Your CIO on Demand… Business Continuity Planning Our Offering CIOassist Technologies (

The Arab Academy for Banking & Finance Science Faculty of Information System & Technology Department Of Management Information Systems The Disaster Recovery.

Maximizing Uptime and Your Firm's Bottom Line: Understanding risk and budget when evaluating business continuity & disaster recovery protocols Michael.

Business Continuity Section 3(chapter 8) BC:ISMDR:BEIT:VIII:chap8:Madhu N PIIT1.

1 Disaster Recovery “Protecting City Data” Ron Bergman First Deputy Commissioner Gregory Neuhaus Assistant Commissioner THE CITY OF NEW YORK.

GLOBRIN Business Continuity Workshop TECHNOLOGY & INFORMATION 13 th November 2013 Graham Jack.

© 2009 EMC Corporation. All rights reserved. Introduction to Business Continuity Module 3.1.

Business Continuity Planning and Disaster Recovery Planning

Copyright 2004 Turning Point Solutions Establishing Lines Of Communication Before a Crisis.

Service Design – Section 4.5 Service Continuity Management.

Business Continuity & Disaster Recovery Planning at The Chicago Board of Trade Presented By: Bryan Durkin Sr. Vice President The Chicago Board of Trade.

By Jeff Fetherolf. Business Impact Analysis (BIA) A process of having the business process owners, business subject matter experts, etc. identify the.

John Graham – STRATEGIC Information Group Steve Lamb - QAD Disaster Recovery Planning MMUG Spring 2013 March 19, 2013 Cleveland, OH 03/19/2013MMUG Cleveland.

1 © Copyright 2010 EMC Corporation. All rights reserved. EMC RecoverPoint One way to protect everything you have…better.

Business Continuation Plan / Program Overview State CIO Council Meeting June 24, 2008.

Business Crisis and Continuity Management (BCCM) Class Session

November 2009 Network Disaster Recovery October 2014.

Business Continuity & Disaster Recovery Daniel Griggs Solutions Architect Ohio Valley September 30, 2008.

Business Continuity Planning Completing a Business Impact Assessment Pamela Hill Managing Director Hyperion Global Partners Judi Flournoy CIO Loeb & Loeb.

IT Business Continuity Briefing March 3,  Incident Overview  Improving the power posture of the Primary Data Center  STAGEnet Redundancy  Telephone.

Business Continuity and Disaster Recovery Chapter 8 Part 2 Pages 914 to 945.

ISA 562 Internet Security Theory & Practice

DISCOVER IT PEACE OF MIND Staying HIPAA-Compliant Revised: April 13, 2015.

Office for Information Resources Crisis Management and DR Larry K. Peck Disaster Recovery Consultant Office of Information Resources State of Tennessee.

Project Vision Improve Resilience of NetWare User Filestore Improve Resilience of Corporate Database Filestore Disaster Recovery Options ? Backup, Archival,

CBIZ RISK & ADVISORY SERVICES BUSINESS CONTINUITY PLANNING Developing a Readiness Strategy that Mitigates Risk and is Actionable and Easy to Implement.

Disaster Recovery Planning (DRP) DRP: The definition of business processes, their infrastructure supports and tolerances to interruptions, and formulation.

© 2013 MHA Consulting All Rights Reserved. 0 Presented by: Richard Long March 10, 2015 Business Alignment Or How I Learned to Stop Saying “IT”

Three Lines of Defense and Business Continuity February 18, 2016.

Managed IT Services JND Consulting Group LLC

Business Continuity Planning 101

CTS Quarterly Customer Meeting CTS Disaster Recovery (DR) Project October 22, 2014.

© PreEmpt, Inc. Common Misconceptions 1 In Business Continuity Planning.

Business Continuity and Disaster Recovery

© 2014 Ceto and Associates Corporation

Technology and Business Continuity

Planning for Application Recovery

Utilizing Your Business Continuity Plan.

CompTIA Security+ Study Guide (SY0-401)

Providing Application High Availability

‘GOVCLOUD: the Queensland LG Experience’

Server Upgrade HA/DR Integration

Business Continuity Robert Hedblom | sumNERV John Joyner | ClearPointe

Business Continuity / Recovery

Security on the Move & In the Clouds

Business Continuity Plan Training

Presenter Tracy Hall, MBCP IT Assurance Manager Wolf & Company, P.C Direct:

CCNET Managed Services

Planning for a Plan: Disaster Recovery Preparation

How to prepare for the End of License of Windows Server 2012/R2

Fundamentals of a Business Impact Analysis

Making Information Security Manageable with GRC

Audit Plan Michelangelo Collura, Folake Stella Alabede, Felice Walden, Matthew Zimmerman.

Audit Planning Presentation - Disaster Recovery Plan

Personal Introduction

Business Continuity Planning

CTS Quarterly Customer Meeting

CTS Quarterly Customer Meeting

Business Impact Analysis

Disaster Recovery at UNC

Business Continuity Program Overview

GRC - A Strategic Approach

BCP/DRP Consultancy Project- An approach

Presentation transcript:

Dennis Reid Senior Consultant Elliot Consulting, LLC IT Recovery Dennis Reid Senior Consultant Elliot Consulting, LLC

Agenda Understanding IT Words to Live By IT’s Role in Business Continuity Exercising IT Recovery Partnering with IT

IBM 370-145 (1 MB of memory) circa 1974

Understanding IT Acronese (ak-ruh-neez), noun A language that is made up almost entirely of acronyms. Spoken predominantly in the Information Technology industry. “The DB2 DBA has DFDSS JCL that is getting a B37 abend and the IGD202E message is pointing to the STORCLAS SMS parm” Information Technology must ensure it takes a business-centric view of the organization. This starts by ensuring that communication in is nontechnical terms that instead put concepts and communications into terms the business can understand.

Understanding IT Information Technology is: Just another department in the organization; as is HR, Accounting, Facilities, Call Center, etc. A service provider to its internal and external users Essential to a successful Business Continuity Program Is a black hole unless the BCP Manager works to make them a partner in the program. BC/DR is not the sole responsibility of IT A successful BC program is one where all departments contribute on an equal basis and support the program in such a way to ensure its success IT is the innovator of the organization. Use them to create success in the processes used to develop, enhance, and maintain the BC program. IT can contribute its expertise to add efficiencies to any recovery process. Technology is the cornerstone of the organization. Even temporary workarounds used in the event that technology services are unavailable are just that – temporary. The organization will eventually grind to a halt without technology.

Understanding IT Information Technology is NOT: All knowing when it comes to the applications, systems, or technology services that are important to the business Aware of or solely responsible for the data you keep on your desktop or laptop Able to leap tall buildings at a single bound Defining critical processes require the participation of IT but IT only knows the services it provides, it can’t measure importance on its own.

Words to Live By Is it DR or BC? Third Party Recovery Services Provider Cold, Warm, or Hot Site Internally Managed

Words to Live By RTO – Recovery Time Objective RTA – Recovery Time Achievable RPO – Recovery Point Objective RPA – Recovery Point Achievable

IT’s Role in Business Continuity Step 1: Project Initiation Understand IT’s environment and capabilities IT should have a current: Network Topology Map (layer 2 & 3) Hardware Inventory Software Inventory Application Inventory

IT’s Role in Business Continuity Step 2: Hazards, Vulnerabilities, Risks Where are the single points of failure in the technology? Network – Age of hardware/software, patching, redundancy, circuit capacity Servers – Age of hardware/software, patching, redundancy Storage – Age of hardware/software, what is backed up and how frequently?

IT’s Role in Business Continuity Step 2: Hazards, Vulnerabilities, Risks Where are the single points of failure in IT staffing?

IT’s Role in Business Continuity Step 3: Business Impact Analysis Collaborate with IT to create an application inventory BEFORE starting any BIA. Application Inventory: Name and location(desktop, DC, 3rd Party) Acronese translation, if required State if recovered automatically RTA & RPA (do not include for BIA) IT MUST participate in each BIA with you

IT’s Role in Business Continuity Step 3a: Business Impact Analysis IT is required to do their own BIA Focus on IT’s impact as a department People Processes Qualitative/Quantitative Impacts What’s important to you may not be important to IT

IT’s Role in Business Continuity Step 4: Mitigation Strategies Area 1: IT infrastructure Work with IT to understand options and identify costs for mitigating single points of failure identified in Step 2.

IT’s Role in Business Continuity If you hear “Everything is backed up to the cloud” – be afraid, be very afraid… Whose Cloud? What is “the cloud’s” BC plan? (Supplier BC plans…) What is “the cloud’s” RTO for restoring your data?

IT’s Role in Business Continuity Area 2: Business Support Is all critical data being backed up? What is the appropriate mechanism for backup (based on RTO & RPO) Remote Access: “Work from Home” What is IT’s solution for user access in times of crisis? Matching RTO/RPO to RTA/RPA

IT’s Role in Business Continuity Scenario: $500,000/day of lost revenue if the ABC application is not available within 24 hours after a disruption IT reports that the RTA for the application is 48 hours

IT’s Role in Business Continuity The cost to meet the RTO: Redundant hardware/software: $1.8mm Add’l network circuits: $10,000/mthly Vendor maint/support: $25,000 mthly The gap between RTO & RTA boils down to a financial decision for the business

IT’s Role in Business Continuity Step 5: Crisis Communication IT has the same responsibilities as all other departments IT can provide technical expertise to identify, implement, and manage communication and collaboration tools

Application Data Recovery IT’s Role in Business Continuity Step 6: IT Recovery Application Available Application Recovery & Validation RTO Application Data Recovery & Validation Hardware/Operating System Recovery Alt. Network Activation OUTAGE/DECLARATION

Exercising IT Recovery If IT has implemented a failover to backup systems, has this been tested? How? If system or data recovery must be performed, has this been tested? How? Are specific, measurable objectives set prior to each IT exercise? Are the technology resources required by the most critical business processes being tested? Does the business participate?

Exercising IT Recovery Are the results documented in detail for each objective? Are the RTOs/RPOs being met? If not, why not? What are the mitigation plans for the objectives that were not met, and their deadlines? When will the failed objectives be tested again?

Partnering with IT IT must provide an application inventory prior to commencing the BIA phase A subject matter expert from IT must be part of your BIA team and must be present at all BIA meetings. Collaborate with IT when setting objectives for all exercises that would include an IT service.

Partnering with IT Involve IT in every step of the BC planning process. They can be instrumental in creating solutions that can: Enhance preparedness Mitigate risks Reduce RTO/RPO AND MAKE YOUR JOB EASIER!

QUESTIONS?