DISASTER CENTER Study Case DEMIRBANK ROMANIA “Piata Financiara” ConferenceJanuary 29, 2002 C 2002.

Slides:



Advertisements
Similar presentations
IT Service Continuity Management
Advertisements

Museum Presentation Intermuseum Conservation Association.
Practical Preparations Planning for Safety and Emergencies.
Business Plug-In B4 MIS Infrastructures.
Ethics, Privacy and Information Security
GLOBRIN Business Continuity Workshop TECHNOLOGY & INFORMATION 13 th November 2013 Graham Jack.
Business Continuity Planning (BCP) & Disaster Recovery Planning (DRP)
Business Continuity Planning and Disaster Recovery Planning
Group Presentation Design and Implementation of a company- wide networking & communication technologies strategy 9 th December 2003 Prepared By: …………
Introduction Security is a major networking concern. 90% of the respondents to the 2004 Computer Security Institute/FBI Computer Crime and Security Survey.
Disaster Recovery and Business Continuity Gretchen Grey.
Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin CHAPTER FIVE INFRASTRUCTURES: SUSTAINABLE TECHNOLOGIES CHAPTER.
Disaster Recovery and Business Continuity Ensuring Member Service in Times of Crisis.
Session 3 – Information Security Policies
1 Disaster Recovery Planning & Cross-Border Backup of Data among AMEDA Members Vipin Mahabirsingh Managing Director, CDS Mauritius For Workgroup on Cross-Border.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Crisis Management Planning Employee Health Safety and Security Expertise Panel · Presenter Name · 2008.
IT Risk Mitigation Lewan Technology, Agility Recovery, FORTRUST & Woodruff Sawyer.
Business Crisis and Continuity Management (BCCM) Class Session
Services Tailored Around You® Business Contingency Planning Overview July 2013.
November 2009 Network Disaster Recovery October 2014.
Discovery Planning steps (1)
CHAPTER 4 Information Security. CHAPTER OUTLINE 4.1 Introduction to Information Security 4.2 Unintentional Threats to Information Security 4.3 Deliberate.
Module 3 Develop the Plan Planning for Emergencies – For Small Business –
Continuity of Operations (COOP) Awareness Training.
IS 380.  Provides detailed procedures to keep the business running and minimize loss of life and money  Identifies emergency response procedures  Identifies.
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
ISA 562 Internet Security Theory & Practice
Insurance Institute for Business & Home Safety Even if the worst happens, be prepared to stay.
David N. Wozei Systems Administrator, IT Auditor.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.
Chapter 6 of the Executive Guide manual Technology.
Co-location Sites for Business Continuity and Disaster Recovery Peter Lesser (212) Peter Lesser (212) Kraft.
Important points and activities.  The objective is to secure life, property, information in the event of a disaster and to facilitate business continuity.
Preparing for Disasters General Liability. Introduction  The one coverage that provides you and your business the most protection is General Liability.
Business Continuity and Disaster Recovery Planning.
Chapter © 2006 The McGraw-Hill Companies, Inc. All rights reserved.McGraw-Hill/ Irwin Chapter 7 IT INFRASTRUCTURES Business-Driven Technologies 7.
PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.
OCTAVE-S on TradeSolution Inc.. Introduction Phase 1: Critical Assets and threats Phase 2: Critical IT Components Phase 3: Changes Required in current.
Disaster Recovery and Business Continuity Planning.
CPS ® and CAP ® Examination Review OFFICE SYTEMS AND TECHNOLOGY, Fifth Edition By Schroeder and Graf ©2005 Pearson Education, Inc. Pearson Prentice Hall.
National Archives and Records Administration, Preparing for the Unexpected ESSENTIAL ELEMENTS: ANALYSIS.
Introduction to Information Security
Business Continuity. Business continuity... “Drive thy business or it will drive thee.” —Benjamin Franklin ( ), American entrepreneur, statesman,
Office of Emergency Management University of Houston-Clear Lake Business Continuity Planning.
The Importance of Proper Controls. 5 Network Controls Developing a secure network means developing mechanisms that reduce or eliminate the threats.
Microsoft and Symantec
Chap 8: Administering Security.  Security is a combination Technical – covered in chap 1 Administrative Physical controls SE571 Security in Computing.
Disaster Recovery: Can Your Business Survive Data Loss? DR Strategies for Today and Tomorrow.
Erman Taşkın. Information security aspects of business continuity management Objective: To counteract interruptions to business activities and to protect.
Disaster Recovery 2015 Indiana Statewide Payroll Conference Michael Ievoli-Client Support Specialist IV, Major Accounts September 16, 2015 Copyright ©
A2 LEVEL ICT 13.6 LEGAL ASPECTS DISASTER RECOVERY.
Writing an Emergency Operations Plan Why do we need to plan? Spring 2008.
Disaster Preparedness Are you prepared?. Effective Disaster Plans  Your plan should outline the basic preparedness steps needed to handle the anticipated.
CBIZ RISK & ADVISORY SERVICES BUSINESS CONTINUITY PLANNING Developing a Readiness Strategy that Mitigates Risk and is Actionable and Easy to Implement.
Disaster Recovery Planning (DRP) DRP: The definition of business processes, their infrastructure supports and tolerances to interruptions, and formulation.
AUDITING BUSINESS CONTINUITY PROGRAMS AND PLANS What to Look For Presented by: Tommye White, CBCP, DRP Chuck Walts, CBCP, CRP.
Dr. Gerry Firmansyah CID Business Continuity and Disaster Recovery Planning for IT (W-VI)
Business Continuity Planning 101
Business Continuity Steven S. Keleman, CPM. Emergency Management Prevention Response Preparation Mitigation Recovery.
Information Systems Security
Chapter 8 – Administering Security
Unit 7 – Organisational Systems Security
Business Contingency Planning
Business Continuity Planning
INFORMATION SYSTEMS SECURITY and CONTROL
Business Continuity Planning
Business Impact Analysis
Presentation transcript:

DISASTER CENTER Study Case DEMIRBANK ROMANIA “Piata Financiara” ConferenceJanuary 29, 2002 C 2002

January 29, 2002"Piata Financiara" Conference Mission Statement t Improving the quality of banking service t Decrease economic loss t Decrease exposure t Minimize disruption in operation t Increase operational stability t Provide orderly recovery t Decrease insurance premiums t Decrease reliance on key staff t Protecting company assets t Minimize decision making during a disaster t Decrease legal liabilities C 2002

January 29, 2002"Piata Financiara" Conference Initiation of the project t Inventory of equipment –computers –power supplies –fire detection/prevention systems –Vendor/Supplier-alternate vendor/supplier t Availability for re-purchasing t Hard copy records t Probability of theft t Define backup procedures and locations, third party location t Disaster avoidance should be the key element of any disaster recovery/business continuity plan. C 2002

January 29, 2002"Piata Financiara" Conference Security Posture Assessment t Periodically run a SPA with well known services providers: –External SPA –Internal SPA t Understand the function of probabilities and risk reduction / mitigation within the organisation. –Identify potential risks to the organisation. –Identify outside expertise required. –Identify vulnerabilities / threats / exposures. –Identify risk reduction / mitigation alternatives. –Identify credible information sources. –Interface with management to determine acceptable risk levels. –Document and present findings. C 2002

January 29, 2002"Piata Financiara" Conference Business Impact Assessment t Identify knowledgeable and credible functional area representatives. t Identify organisational functions. t Identify and define criticality criteria. t Present criteria to management for approval. t Co-ordinate analysis. t Identify interdependencies. t Define recovery objectives and timeframes, including recovery times, expected losses, and priorities. t Identify information requirements. t Identify resource requirements. t Define report format. t Prepare and present business impact analysis. C 2002

January 29, 2002"Piata Financiara" Conference Determine Recovery Strategies t What we recover ? –Facilities –Equipment –Software –Communication –Data files –Customer services –User operations –MIS –End-user systems –Other processing operations t How we recover? –Hot sites –Warm sites –Cold sites –Reciprocal agreements –Two data centers –Multiple computers –Service centers –Consortium arrangement –Vendor supplied equipment –Combination of the above C 2002

January 29, 2002"Piata Financiara" Conference Plan development t Define roles and responsibilities t Prepare necessary contracts for specific recovery alternatives t Employees training t Update existing procedures accordingly with the new environment C 2002

January 29, 2002"Piata Financiara" Conference Testing t Types of testing –checklist –simulation –parallel –full interruption t Define list of possible events to be considered as “disaster” –Extended power outages –Chemical spills or hazardous contamination of the premises –Hard drive crashes –Equipment failure –Equipment theft –Flooding –Bomb threats –Adverse weather conditions t Iterative process –define test purposes –build test team –structure test –perform test –analyze results –modify procedure C 2002

January 29, 2002"Piata Financiara" Conference Resource requirements t Personnel t Investments t Expenses C 2002

January 29, 2002"Piata Financiara" Conference BRANCH 1BRANCH 2BRANCH 3 …BRANCH TELECOM NETWORK WAN R/R PSTN GSM ROUTER HEAD OFFICE C 2002

January 29, 2002"Piata Financiara" Conference BRANCH … TELECOM NETWORK WAN ROUTER Radio-Relay Terrestrial Link R/R PSTN GSM ROUTER DISASTER CENTERHEAD OFFICE C 2002

January 29, 2002"Piata Financiara" Conference LOCAL NET SERVER POOL SWIFT SERVER MAIL SERVER DOMAIN COTROLER HEAD OFFICE OR DISASTER CENTER DETAILED ARCHITECTURE DATABASE SERVER VIRTUAL LAN SERVERS Internet DMZ External MAIL Internet Banking WEB/MB Server CISCO IDS TACACS/CRYPTO SERVER Certified Authority FIREWALL UFP (Websense) Server CVP (Antivirus) UFP (Websense) Server ROUTER TO RADIO RELAY 3DES Card PROXY SERVER VIRTUAL LAN SERVERS VIRTUAL LAN CLIENTS FIREWALL VIRTUAL LAN CLIENTS ROUTER TO WAN Switche s Electronic Banking TEST/DEVL SERVER FIREWALL C 2002

January 29, 2002"Piata Financiara" Conference BRANCH TELECOM NETWORK WAN SWIFT SERVER MAIL SERVER DOMAIN CONTROLLER DISASTER CENTER ROUTER Radio-Relay Terrestrial Link R/R PSTN GSM DATABASE SERVER VIRTUAL LAN SERVERS VIRTUAL LAN CLIENTS ROUTER FIREWALL Internet DMZ Internet Banking Internet DMZ Internet Banking WEB Server Printers 3DES Card FIREWALL CISCO IDS TACACS SERVER Certified Authority TACACS SERVER Certified Authority DOMAIN CONTROLLER SWIFT SERVER MAIL SERVER DATABASE SERVER VIRTUAL LAN SERVERS VIRTUAL LAN CLIENTS 3DES Card FIREWALL VIRTUAL LAN SERVERS FIREWALL C 2002

January 29, 2002"Piata Financiara" Conference Certificate Authority (CA) Application Server (AS) Firewall Database Replication 3DES SSL Client (CL) DEMIRBANK ROMANIA INTERNET BANKING & WAP SOLUTIONS Replication Firewall Banking Server Certificates signing WAP Access Server WAP I-BNK Internet Wireless Network SSL Access Server WAP Gateway WTLS C 2002 Replication