Disaster Recovery and Business Continuity Plan Testing: Practice Makes Perfect B.J. Block, Information Security AnalystMarch 22, 2007.

Slides:



Advertisements
Similar presentations
Services Offered – Plan Sponsors Summer Offerings Project Management and Success Training– while vendors develop project plans for their internal.
Advertisements

Course: e-Governance Project Lifecycle Day 1
CIP Cyber Security – Security Management Controls
(Insert Title of Project Here) Kickoff Meeting (Month Date, Year)
Records Emergency Planning and Response. Overview of Emergency Planning and the REAP.
Business Continuity Planning (BCP) & Disaster Recovery Planning (DRP)
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Introduction to Project Management Avneet Mathur
Configuration Management Backup/Recovery Project Review.
Initiating and Planning Systems Development Projects.
1 14. Project closure n An information system project must be administratively closed once its product is successfully delivered to the customer. n A failed.
Modern Systems Analysis and Design Third Edition
The Israel Telecommunication Corp. Limited IT Division 2003 November Production Readiness Reviews of IT Systems in Bezeq 1 Production Readiness Reviews.
TEL382 Greene Chapter /27/09 2 Outline What is a Disaster? Disaster Strikes Without Warning Understanding Roles and Responsibilities Preparing For.
SE is not like other projects. l The project is intangible. l There is no standardized solution process. l New projects may have little or no relationship.
ENTR 452, Chapter 3 (Entrepreneurial Strategy). NEW ENTRY New entry refers to: Offering a new product to an established or new market. Offering an established.
Disaster Recovery and Business Continuity Ensuring Member Service in Times of Crisis.
The Agile vs. Waterfall Methodologies Systems Development:  the activity of creating new or modifying / enhancing existing business systems.  Objectives.
IS&T Project Management: How to Engage the Customer September 27, 2005.
Business Preparedness: Best Practices 7 Steps to Protect Your Organization Against 21 st Century Threats.
Guide to Disaster Recovery
Business Continuity and You! The Ohio State University Business & Finance Enterprise Continuity Program Quarterly Update October 2008Business and Finance.
Business Crisis and Continuity Management (BCCM) Class Session
LSU 07/07/2004Communication1 Communication & Documentation Project Management Unit – Lecture 8.
EASTERN MICHIGAN UNIVERSITY Continuity of Operations Planning (COOP)
Initiating and Planning Systems Development projects
Project Management Process Overview
The Key Process Areas for Level 2: Repeatable Ralph Covington David Wang.
Programmatic and Fiscal Compliance as a Team Effort 2014 Project Director Training & Annual Meeting1.
Project Management Tools A Loose Guideline on how to use shovels and rakes at AIAA A presentation for New Hires October 6, 1999.
Atlanta Public Schools Project Management Framework Proposed to the Atlanta Board of Education to Complete AdvancED/SACS “Required Actions” January 24,
BUSINESS PLUG-IN B15 Project Management.
Project Tracking. Questions... Why should we track a project that is underway? What aspects of a project need tracking?
Soft Tech Development Inc. 1 Software Project Tracking A CMM Level 2 Key Process Area Soft Tech Development Inc.
EARTO – working group on quality issues – 2 nd session Anneli Karttunen, Quality Manager VTT Technical Research Centre of Finland This presentation.
Java Net Project BUS517 Project Management September 12,
Important points and activities.  The objective is to secure life, property, information in the event of a disaster and to facilitate business continuity.
Project Charters Module 3
AP-1 5. Project Management. AP-2 Software Failure Software fails at a significant rate What is failure? Not delivering it on time is an estimation failure.
Risk Management How To Develop a Risk Response Plan alphaPM Inc.
Lesson 1: Examining Professional Project Management Topic 1A: Identify Project Management Processes.
Business Analysis. Business Analysis Concepts Enterprise Analysis ► Identify business opportunities ► Understand the business strategy ► Identify Business.
MDIC 1 George Serafin Deloitte & Touche LLP MDIC Open Forum Quality System Maturity Model Update.
IS2210: Systems Analysis and Systems Design and Change Twitter:
Long Term Move-In Move-Out Development Strategy August 19, 2002 DRAFT.
Erman Taşkın. Information security aspects of business continuity management Objective: To counteract interruptions to business activities and to protect.
Illuminating Britelite’s Internal Services for Success Strategy for Process Improvement.
Illuminating Britelite’s Internal Services for Success Strategy for Process Improvement.
Tom Lenart & John Field CT DEMHS Region 2.  Department of Emergency Services and Public Protection (DESPP)  Commission on Fire Prevention and Control.
ASPEC August 2015 Incidents –0 incidents, 0 near misses Hours 01/08/15-28/08/15 14% Site, 0.6% Travel, 85% Office.
Business Continuity Disaster Planning
Pertemuan 14 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
1 1 Effective Administration of Commercial Contracts Breakout Session # Session D06 Name: Holly Walker, CPCM Corporate Learning Solutions and Contract.
CBIZ RISK & ADVISORY SERVICES BUSINESS CONTINUITY PLANNING Developing a Readiness Strategy that Mitigates Risk and is Actionable and Easy to Implement.
Chapter-5 PROJECT MANAGEMENT 1. Project Management Project Management – > a carefully planned and organized effort to accomplish a specific (and usually)
Disaster Recovery Planning (DRP) DRP: The definition of business processes, their infrastructure supports and tolerances to interruptions, and formulation.
AUDITING BUSINESS CONTINUITY PROGRAMS AND PLANS What to Look For Presented by: Tommye White, CBCP, DRP Chuck Walts, CBCP, CRP.
Disaster Recovery Management By: Chris Rozic COSC 481.
Business Continuity Planning 101
ASPEC July 2015 Incidents –1 incidents, 0 near misses Hours 27/06/15-31/07/15 12% Site, 0.5% Travel, 87% Office ASPEC QSHR July 2015 Minutes.
Presenter: Igna Visser Date: Wednesday, 18 March 2015
Session Name/Lecture Name
Business Continuity Plan Training
Audit Plan Michelangelo Collura, Folake Stella Alabede, Felice Walden, Matthew Zimmerman.
The WIGOS Pre-Operational Phase
{Project Name} Organizational Chart, Roles and Responsibilities
(Insert Title of Project Here) Kickoff Meeting
Project Name Here Kick-off Date
Presentation transcript:

Disaster Recovery and Business Continuity Plan Testing: Practice Makes Perfect B.J. Block, Information Security AnalystMarch 22, 2007

University of Rochester 2 The University of Rochester o Private University established 1850 o Current Enrollment 5,000 Undergraduate 3,500 Graduate 400 Medical o Attached Medical Center o Located in Upstate New York

University of Rochester Disaster Recovery Best Practices Business continuity plans “should be tested and updated regularly to ensure they are up to date and effective” ISO 17799/

University of Rochester Benefits of Testing o Identify oversights and errors In the test With the participants o Reinforce strategies and roles Participants’ roles and responsibilities o Assure stakeholders and audit Plan effectiveness 4

University of Rochester Benefits of Testing NO BAD TESTS Test the Plan Drill the Participants Assure the Stakeholders 5

University of Rochester Pre-Test Planning Guide o Gain management approval o Create a budget and aquire funding o Define test objectives and/or scope o Create a team and establish effective communication o Set date and location of test 6

University of Rochester Choosing a Test o Start small and work your way up Tabletop drill uses less resources, produces lesser results Simulations uses more resources, but your results are more in depth o Test type selected depends on your goals, environment and risk you are willing to take on 7

University of Rochester Types of Tests o ISO 17799/27001 defines six types of disaster recovery tests: Tabletop Simulation Technical recovery at primary site Technical recovery at secondary site Test of supplier, facilities and service Complete rehearsals 8

University of Rochester Identify Test Resources o Participants Employees, customers, etc. o Observers Management, audit, etc. o Vendors Hardware and software providers o Network and system resources Equipment needed 9

University of Rochester Describe Anticipated Results o Set up milestones Identify the distinct phases of the test o Participants/observer roles Each person has a role to fill o Set up an end point Recovered Timeline 10

University of Rochester Debrief of Test o Lessons learned Feedback from observers and participants Write up for management, customer, and audit 11

University of Rochester Test Results 12 o Follow up to the debrief Update processes and procedures Decide on continuing efforts Retest same test Plan for next steps o Testing is a never ending process

University of Rochester Case Study: University of Rochester o Disaster Recovery Plan Documented some systems, but not all Parts were tested, but not all Many pieces were in place Needed to come together 13

University of Rochester Case Study : Continued o Human Resource Computer Systems All aspects of HR from hiring to firing and everything in-between Size Secure information Legal regulations Contractual obligations 14

University of Rochester Test Planning 15 o Leadership support for the disaster recovery test Defined scope One and done Defined time frame March 23rd Defined team members All players all the time

University of Rochester Managing the Plan 16 o Manage the leadership expectations Redefined scope Redefined time frame Redefined team members

University of Rochester 17 Defining Scope and Timeline o Stage out testing Tabletop February Component/ModularMarch ParallelApril/May DisasterJune o Each one managed separately, but built off each other o Mitigate risk

University of Rochester 18 Team Composition o Members from all areas HR, OS, DBA, Networking, Application, DR o Subject experts for each portion of the test o Open communication is a must

University of Rochester Are we done yet? We are about halfway there Completed tabletop and component tests Few windows of opportunities per month to test on actual hardware due to payroll 19

University of Rochester Are we done yet? Completed some testing and documented our plans to satisfy audit Communication is one of the keys to staying on track Disaster recovery is still secondary to primary operations 20

University of Rochester Disaster Recovery Ongoing process 21

University of Rochester Disaster Recovery Questions 22

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.