Systems Availability and Business Continuity Chapter Four Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc. 2007.

Slides:



Advertisements
Similar presentations
Detail actions necessary to implement the interim housing mission in the post-disaster environment Identify command and control structures at all levels.
Advertisements

Business Continuity Training & Awareness by Sulia Toutai (ANZ)
Reliability of the electrical service Business Continuity Management Business Impact Analysis (BIA) Critical ITC Services Minimum Business Continuity Objective.
Planning for the Future Disaster Recovery Plan / Business Continuity Plan Jim Zukowski, Ed.D. Texas State Board of Dental Examiners 2006 Annual ConferenceAlexandria,
A Brief Overview of Emergency Management Office of Emergency Management April 2006 Prepared By: The Spartanburg County Office of Emergency Management.
Business continuity Disaster Recovery RESILIENCE PLANNING Incident Mgt. COOP Crisis Mgt. preparedness management EMERGENCY MGT. I NCIDENT R ESPONSE C ONTINGENCY.
Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.
@TxSchoolSafety Continuity of Operations Planning Workshop Devolution & Reconstitution.
TRANSPORTATION AND CARGO SECURITY Presented by : Aysar Naserallah.
1 Continuity Planning for transportation agencies.
Introduction to Information Technology, 2nd Edition Turban, Rainer & Potter © 2003 John Wiley & Sons, Inc Introduction to Information Technology.
TEL382 Greene Chapter /27/09 2 Outline What is a Disaster? Disaster Strikes Without Warning Understanding Roles and Responsibilities Preparing For.
Business Services Emergency Preparedness. Agenda Emergencies Emergencies Business Continuation Business Continuation University Plan University Plan Building.
Disaster Recovery and Business Continuity Gretchen Grey.
Computer Security: Principles and Practice
Stephen S. Yau CSE , Fall Security Strategies.
Disaster Recovery and Business Continuity Ensuring Member Service in Times of Crisis.
Session 3 – Information Security Policies
Guide to Disaster Recovery
Network security policy: best practices
Chapter 10 Information Systems Controls for System Reliability—Part 3: Processing Integrity and Availability Copyright © 2012 Pearson Education, Inc.
Planning for Continuity
Capability Cliff Notes Series HPP Capability 1—Healthcare System Preparedness What Is It And How Will We Measure It?
RBTC: Business Continuity 101 July 18, What is Business Continuity? Scenario Part 1 Why is BC important? What types of plans are needed? How do.
Part of a Broader Strategy
IT Business Continuity Briefing March 3,  Incident Overview  Improving the power posture of the Primary Data Center  STAGEnet Redundancy  Telephone.
Module 3 Develop the Plan Planning for Emergencies – For Small Business –
Concepts of Database Management Sixth Edition
© 2001 Carnegie Mellon University S8A-1 OCTAVE SM Process 8 Develop Protection Strategy Workshop A: Protection Strategy Development Software Engineering.
Asset & Security Management Chapter 9. IT Asset Management (ITAM) Is the process of tracking information about technology assets through the entire asset.
FORESEC Academy FORESEC Academy Security Essentials (II)
David N. Wozei Systems Administrator, IT Auditor.
AT&T Response Terrorist Attack September 11, 2001 Presentation to NRIC V PJ Aduskevicz October 30, 2001 Presentation to NRIC V PJ Aduskevicz October 30,
1 Copyright Flying Kiwi Productions Inc. An Introduction to Object-Oriented Analysis Objects and UML in plain English. Chapter.
Information Systems Security Operational Control for Information Security.
Event Management & ITIL V3
Web Security for Network and System Administrators1 Chapter 2 Security Processes.
I MPLEMENTING IT S ECURITY FOR S MALL AND M EDIUM E NTERPRISES Short Presentation by Subhash Uppalapati. - Edgar R. Weippl and Markus Klemen.
Enterprise Risk Management Chapter One Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc
EECS 4482 – Session 5 1. Understand system availability and business continuity, and recognize differences between the two. 2. Comprehend incident response.
INFORMATION SECURITY MANAGEMENT L ECTURE 3: P LANNING FOR C ONTINGENCIES You got to be careful if you don’t know where you’re going, because you might.
Service Level Agreements Service Level Statements NO YES The process of negotiating and defining the levels of user service (service levels) required.
Phases of BCP The BCP process can be divided into the following life cycle phases: Creation of a business continuity and disaster recovery policy. Business.
Advanced Accounting Information Systems Day 21 Systems Availability and Business Continuity October 12, 2009.
Continuity of Operations (COOP) Planning Guidelines for Dukes County.
What is Emergency ?. A serious situation or occurrence that happens unexpectedly and demands immediate action.
© 2003 ISACA Chapter 5 ResponseManagement 2003 CISM™ Review Course.
1 CREATING AND MANAGING CERT. 2 Internet Wonderful and Terrible “The wonderful thing about the Internet is that you’re connected to everyone else. The.
Erman Taşkın. Information security aspects of business continuity management Objective: To counteract interruptions to business activities and to protect.
Disaster Recovery 2015 Indiana Statewide Payroll Conference Michael Ievoli-Client Support Specialist IV, Major Accounts September 16, 2015 Copyright ©
Principles of Incident Response and Disaster Recovery Chapter 8 Disaster Recovery: Operation and Maintenance.
DRP Disaster Recovery Planning. Social Networking... It's the way the 21st century communicates today.
Control and Security Frameworks Chapter Three Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc
Dr. Mark Gaynor, Dr. Feliciano Yu, Bryan Duepner.
Recreation & Security HPR 413. General Security Must encompass all operations of the organization Should be written into management plans – Plans include.
Incident Response Christian Seifert IMT st October 2007.
CBIZ RISK & ADVISORY SERVICES BUSINESS CONTINUITY PLANNING Developing a Readiness Strategy that Mitigates Risk and is Actionable and Easy to Implement.
Disaster Recovery Planning (DRP) DRP: The definition of business processes, their infrastructure supports and tolerances to interruptions, and formulation.
Contingency Management Indiana University of Pennsylvania John P. Draganosky.
ON “SOFTWARE ENGINEERING” SUBJECT TOPIC “RISK ANALYSIS AND MANAGEMENT” MASTER OF COMPUTER APPLICATION (5th Semester) Presented by: ANOOP GANGWAR SRMSCET,
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.
Cybersecurity: Risk Management
Information Systems Security
CompTIA Security+ Study Guide (SY0-401)
CSE 4482 – Session 9 Understand system availability and business continuity, and recognize differences between the two. Comprehend incident response systems.
Joe, Larry, Josh, Susan, Mary, & Ken
CompTIA Security+ Study Guide (SY0-501)
IS4550 Security Policies and Implementation
CRITICAL INFRASTRUCTURE RESILIENCE INDEX (CIRI)
BUSINESS CONTINUITY PLAN
Presentation transcript:

Systems Availability and Business Continuity Chapter Four Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc. 2007

Chapter Four Objectives 1. Understand system availability and business continuity, and recognize differences between the two. 2. Comprehend incident response systems and their role in achieving the system availability objective. 3. Explain disaster recovery planning objectives and its, design, implementation and testing requirements. 4. Comprehend the link between business continuity and disaster recovery. 5. Understand the role of backup and recovery in disaster recovery plans.

Power outage at Northwest Airlines Thunderstorm and lightening at the datacenter location caused the problem. Systems, down initially, operated in a degraded manner the next morning. Took very long to check people in flights. NWA triggered manual processes. Lines became longer and so did the delays in departure. Arrivals were late, but the departures from gates at the destination airport made the flights to wait before they could get to the gate. NWA announced an embargo, limiting itself to what it can handle under the circumstances.

System Availability and Business Continuity System availability assures you that business will continue to operate. Business continuity is necessary for systems to add value on an ongoing basis. The issues of business continuity and systems availability are related and even overlap to a degree.

Incident Response Incident: A level of interruption in the system availability that appears to be temporary. An incident can be triggered by an accidental action by an authorized user, it may result from a threat. Incidents may be detected by: End-users who may describe the symptom but not the cause. Those monitoring systems and processes may detect anomalies which lead to an incident that has occurred. Attack: A series of steps taken by an attacker to achieve an unauthorized result. Event: An action directed at a target that is intended to result in a change of state, or status, of the target. An event consists of an action and a target.

Nature of Response to an Incident Assess the business significance of the incident’s impact. Identify critical business processes that might have been compromised. Determine the root causes of the incident. This might present a challenge, for every incident could be of a different variety. The team may need to consult experts from outside the team. Training in forensics could help the team collect and evaluate evidence systematically. Standard procedures must be followed for restoring the affected systems and processes, instead of ad hoc, one- off attempts to restore what is compromised or lost.

Preventive Measures Prevention is better – and could be more cost effective - than a cure. Preventive measures require an anticipation or prediction of what might happen in terms of incidents and consequent compromises. Lessons learned from the organization’s and from others’ experiences can help design and implement effective preventive measures.

Incident Response Team A multi-skilled group, since the incident may be any variety and may impact almost any information asset. May include representation from human resources, legal, information systems, networks and communications, physical security, information security, and public relations. A top management team member may be designated as a direct contact for counseling and support.

CERT CERT stands for Computer Emergency Readiness Team. Also called CERT Coordination Center (CERT CC), it is the Internet’s official emergency team. Provides alerts and offers incident handling and avoidance guidelines. Is located at Carnegie-Mellon University.

Disaster Recovery Disaster: An event that causes a significant and perhaps prolonged disruption in system availability. Disasters can be man-made or natural. Man-made disasters can be malicious or unintentional. Disaster recovery is a systematic effort to recover from the impact of a disaster. Best way to understand recovery is by focusing on post-disaster phases. Post-disaster phases Immediate response Near-term resumption Recovery toward normalization Restoration to pre-disaster state

PhaseImmediate Response Near-term resumption Recovery toward normalization Restoration to pre- disaster state ObjectiveAddress emergency situation only. Resume operations at any level possible. Expand operations and extend capabilities and functionalities. Return as close to the original (pre-disaster) state as possible. Example Event: A logic bomb destroyed the operating system and customer data. Call customers whose orders are yet to be filled. Determine the current state of the system and data. Call in backup tapes and equipment to a warm site. Begin manual processing of critical orders. Install equipment, load operating system and applications, restore data, and test outputs. Switch to automated processing. Expand the order processing cycle. Increase the functionality (e.g. report generation). Load operating system, data, and applications at the original site. Pre-test. Resume processing in a parallel run with the warm site. Cut over to the original site. Fold operations at the warm site and return the equipment.

Timeliness of Action and Value of Recovery Timeliness of action The timeline of actions planned should reflect value of the action at the time. Certain steps can wait while others must be taken without delay, to minimize losses. Value of recovery Timeliness of action reflects value of the recovery target. Considering this, recovery tasks should be systematically assigned to each post-disaster phase.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.