Chapter 8: Disaster Management

Slides:

Advertisements

Similar presentations

Museum Presentation Intermuseum Conservation Association.

Advertisements

1 COMPUTER GENERATED & STORED RECORDS CONTROLS Presented by COSCAP-SA.

Practical Preparations Planning for Safety and Emergencies.

Jump to first page Business Continuity Planning The evolution of Disaster Recovery Planning.

Information Technology Disaster Recovery Awareness Program.

Hospital Emergency Management

A Brief Overview of Emergency Management Office of Emergency Management April 2006 Prepared By: The Spartanburg County Office of Emergency Management.

Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.

John Sell March 17, Disaster Recovery Emergency Management Incident Control including all Press Releases Communication to all employees Temporary.

1 Continuity Planning for transportation agencies.

GLOBRIN Business Continuity Workshop TECHNOLOGY & INFORMATION 13 th November 2013 Graham Jack.

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Introduction to Disasters Daniel Kollek, MD, CCFP(EM) Director, Centre for Excellence in Emergency Preparedness Associate Professor, Division of Emergency.

Introduction Security is a major networking concern. 90% of the respondents to the 2004 Computer Security Institute/FBI Computer Crime and Security Survey.

Pertemuan 20 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.

© 2001 National Burglar & Fire Alarm Association Chapter 10 The Central Station –24 hour /7day Operation –Receive Signals –Process Signals –React.

1 Lesson 3 Computer Protection Computer Literacy BASICS: A Comprehensive Guide to IC 3, 3 rd Edition Morrison / Wells.

Disaster management B.V.L.Narayana / SPTM

Crisis Management Diocese of Pittsburgh John Krauland Loss Control/ Safety Coordinator.

Services Tailored Around You® Business Contingency Planning Overview July 2013.

2008© COPYRIGHT 1 1 ATHN DATA SUMMIT DISASTER PREPAREDNESS JULY 31, 2008 PANEL MEMBER - JOY MAHURIN COMPREHENSIVE BLEEDING DISORDERS CENTER CONTINUITY.

ENP Study Group Disaster Planning Session #6 BROUGHT TO YOU BY: THE FLORIDA NENA EDUCATION COMMITTEE.

Chapter 2 What is an Alarm System? Alarms: The First Line of Defense

Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.

Human Resources Crisis Management and Contingency Management HL ONLY.

Asset & Security Management Chapter 9. IT Asset Management (ITAM) Is the process of tracking information about technology assets through the entire asset.

INTRODUCTION TO LAW, PUBLIC SAFETY, CORRECTIONS AND SECURITY.

David N. Wozei Systems Administrator, IT Auditor.

1 Lesson 3 Computer Protection Computer Literacy BASICS: A Comprehensive Guide to IC 3, 3 rd Edition Morrison / Wells.

Hazards and Disaster Management

Incident-specific Planning. Primary Reference Emergency Management Principles and Practices for Healthcare Systems, The Institute for Crisis, Disaster.

Unit Objectives  Describe the types of hazards to which your community is vulnerable.  Describe the functions of CERTs.  Identify preparedness steps.

Group members | sakeriye Hujale Hani Abbas Mohamed Madi Hamse Ibrahim Title Hardware Risk and Recovery ABOUT US.

1 Availability Policy (slides from Clement Chen and Craig Lewis)

Important points and activities.  The objective is to secure life, property, information in the event of a disaster and to facilitate business continuity.

By Srosh Abdali.  Disaster recovery is the process, policies and procedures related to preparing for recovery or continuation of technology infrastructure.

Preparing for Disasters General Liability. Introduction  The one coverage that provides you and your business the most protection is General Liability.

ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:

Business Continuity and Disaster Recovery Chapter 8 Part 1 Pages 897 to 914.

Bernards Township Office of Emergency Management February 28, 2012.

E.Soundararajan R.Baskaran & M.Sai Baba Indira Gandhi Centre for Atomic Research, Kalpakkam.

SECURITY CONSULTING /DISASTER RECOVERY SERVICE The “Must Have Plans” for a Business in the World of Tomorrow.

TIJARA Provincial Economic Growth Program Business Continuity / Disaster Recovery Planning Introduction and Workshop Outline Prepared by Larry SanBoeuf.

Chapter 16 Presented By: Stephen Lambert Disaster Recovery and Business Continuity.

International Recovery Forum 2014 ~ The Role of Private Sector in Disaster Recovery ~ 21 January 2014 Kobe, Japan Dr Janet L. Asherson THE LINK BETWEEN.

Crisis Management Crisis: any situation that has the potential to affect long-term confidence in an organisation or product and may interfere with its.

Chap 8: Administering Security.  Security is a combination Technical – covered in chap 1 Administrative Physical controls SE571 Security in Computing.

Erman Taşkın. Information security aspects of business continuity management Objective: To counteract interruptions to business activities and to protect.

Procedures to followNumbers you need Information to know Your Farm Name Here Public Relations Plan Communicate to all (employees and press) that only a.

Disaster Recovery 2015 Indiana Statewide Payroll Conference Michael Ievoli-Client Support Specialist IV, Major Accounts September 16, 2015 Copyright ©

Writing an Emergency Operations Plan Why do we need to plan? Spring 2008.

Disaster Preparedness Are you prepared?. Effective Disaster Plans  Your plan should outline the basic preparedness steps needed to handle the anticipated.

CBIZ RISK & ADVISORY SERVICES BUSINESS CONTINUITY PLANNING Developing a Readiness Strategy that Mitigates Risk and is Actionable and Easy to Implement.

EXPECT THE UNEXPECTED Prepare Your Business for Disaster.

Information Security Crisis Management Daryl Goodwin.

1 WHAT IF?. 4 HOW WILL YOUR BUSINESS RECOVER????? WHERE WILL YOU BEGIN!!!

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 13 – Physical and.

Contingency Management Indiana University of Pennsylvania John P. Draganosky.

Chapter 14: System Administration Mark Milan. System Administration Acquiring new IS resources Maintaining existing IS resources Designing and implementing.

Emergency Preparedness. Proposed Emergency Preparedness Rules NFR/LMC §19.326(a) deleted and moved to § for Emergency Preparedness Rules Places.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.

AJS 562 Potential Instructors / snaptutorial For more course Tutorials

Information Systems Security

Community Health Centers of Arkansas Hazard Vulnerability Assessment Workshop August 11, 2017 Mark Fuller.

Peggy M. Jackson, DPA, CPCU Peg Jackson & Associates

Chapter 17 Risks, Security and Disaster Recovery

Business Contingency Planning

According to “WHO”: “Disaster is any occurrence that causes damage, destruction, ecological disruption, loss of human life, human suffering, deterioration.

COMPANY NAME Business Continuity Plan Date Presented by.

Presentation transcript:

Chapter 8: Disaster Management Guide to Computer Network Security

Kizza - Guide to Computer Network Security A disaster is a sudden misfortune, a catastrophe that affects society. It is the effect of a hazardous event caused by either man or nature. Natural disasters are those caused by the forces of nature like hurricanes, tornados and tsunamis. Disasters, natural or man-made, may cause great devastation to society and the environment. The effects of a disaster may be short lived, or long lasting. Kizza - Guide to Computer Network Security

Categories of Disasters Natural Disasters – due to forces of nature. Tsunami Tornados Hurricanes ( same as Tsunami) Cyclone (same as Tsunami) Flood Snowstorm Landslides Drought Earthquake Electrical storms Snowslides Kizza - Guide to Computer Network Security

Kizza - Guide to Computer Network Security Human – caused Disasters Terrorism Sabotage Theft Viruses Worms Hostile code War Arson Loss of Power supply (both electric and gas). This can result in a large number of related failures like cooling system, machines, etc. communications links Data Cyber crime (many types). Kizza - Guide to Computer Network Security

Kizza - Guide to Computer Network Security Disaster Prevention Disaster prevention is a proactive process consisting of a set of control strategies to ensure that a disaster does not happen. The elements of an effective Disaster Prevention are the early detection of abnormal conditions and notification of persons capable of dealing with the pending crisis. By detecting and treating minor problems early, major problems can be avoided. Kizza - Guide to Computer Network Security

Kizza - Guide to Computer Network Security Through intelligent monitoring devices, the process of disaster prevention can be improved. Monitoring devices come in a variety of types including: Temperature Humidity Water Smoke / Fire Air-Flow AC Power Quality UPS AC / Battery Mode Personnel Access Security Halon Triggering State State of in-place Security/Alarm Systems Hidden Conditions undetectable by Security Personnel In Air-Conditioning Ducts Under Raised Floors Inside Computer Chassis Kizza - Guide to Computer Network Security

Kizza - Guide to Computer Network Security The choice of action taken may bee predetermined by the system manager and is selected from a long list that includes: Activating local or remote alarms indicators like sirens, bells, light signals, and synthesized voice. Taking over control of the affected resource to isolate it, cut it off from the supply line, or maintain the declining supply line. The supply line may be power, water, fuel and a number of other things. Interfacing with existing or cutting off from existing security system as dictated by the event. Sending a signal to designated personnel including: System Users Site Managers Security Personnel Maintenance Personnel Service Bureaus and Alarm Co. Central Offices Authorities at Remote Sites Gracefully degrading the system by terminating normal operations, closing and protecting data files, and disconnecting AC Power from protected equipment. Kizza - Guide to Computer Network Security

Kizza - Guide to Computer Network Security Disaster Response Disaster response is a set strategies to respond to both the short term and long term needs of the affected community. These strategies involve quick and timely response to the Disaster Prevention System (DPS) signals with directed action. The essential steps in disaster response include: restoring services identifying high risk system resources Five factors govern a quick disaster response. These are: Nature and extent of the destruction or risk in case the disaster occurs. This is based on either prior or a quick assessment of the situation. The environment of the disaster. The environment determines the kind of response needed. Take a quick inventory of what is in the room or rooms where the systems are. Make a note of who the chosen action to meet the needs is going to be carried out successfully. Make note of the available resources. The degree and effectiveness of the response to the disaster is going to depend on the available resources on the ground that can be used to increase and enhance the success rate of the chosen response. Time available to carry out the chosen response action. Time is so important in the operation that it determines how much action can be taken and how much effort is needed to control the disaster. Understanding of the effective policy. Every chosen action takes must fall within the jurisdiction of the company policy. Kizza - Guide to Computer Network Security

Kizza - Guide to Computer Network Security Disaster Recovery The value of a good disaster recovery plan is its ability to react to the threat shifty and efficiently. For this to happen, there must be an informed staff, disaster suppliers, and planned procedures. Kizza - Guide to Computer Network Security

Kizza - Guide to Computer Network Security Planning for a Disaster Recovery Disaster recovery planning is a delicate process that must be handled with care. It involves risk assessment, developing, documenting, implementing, testing and maintaining a disaster recovery plan There must be a Disaster Recovery Committee that should include at least on person from management, information technology, record management, and building maintenance. This committee is charged with deciding on the what, how, when and who are needed to provide a good solid recovery that your company will be proud of. Kizza - Guide to Computer Network Security

Kizza - Guide to Computer Network Security The planning process starts with steps that identify and document those functions and other key elements in the recovery process. These steps include: Identifying and prioritirizing the disaster. Identifying and prioritizing business-critical systems and functions. Identifying business-critical resources and performing impact analysis, Developing a notification plan, Developing a damage assessment plan, Designating a disaster recovery site, Developing a plan to recover critical functions at the disaster recovery site, and identifying and documenting security controls, and Designating responsibilities. Kizza - Guide to Computer Network Security

Resources for Disaster Planning and Recovery With business disasters becoming common, there is going to be a high demand for tools and services from vendors to manage disasters. These resources fallow into two categories: public agency-based vendor-based resources. Kizza - Guide to Computer Network Security

Local Disaster Resources Many of these disaster recovery resources can be obtained freely locally: Police Civil defense Fire department Ambulatory services These resources can be obtained on the business premises: Paper Fire extinguisher Small capacity tapes and disks These resources can be obtained from vendors (online or off): Specialized Computer equipment Specialized software tools like COBRA Kizza - Guide to Computer Network Security