1 Business Continuity. 2 Continuity strategy Business impact Incident response Disaster recovery Business continuity.

Slides:

Advertisements

Similar presentations

2-1-1 Disaster Data Management System AIRS Conference – New Orleans 2 nd Session May 23, 2012.

Advertisements

Reliability of the electrical service Business Continuity Management Business Impact Analysis (BIA) Critical ITC Services Minimum Business Continuity Objective.

Planning for Security Chapter 5.

Chapter 5 Planning for Security

Introduction Creation of information security program begins with creation and/or review of organization’s information security policies, standards,

NERC Security Requirements – What Vendors Should Provide James W. Sample, CISSP, CISM Manager of Information Security California ISO.

Security Awareness: Applying Practical Security in Your World

Management of Information Security Chapter 3 Planning for Contingencies Things which you do not hope happen more frequently than things which you do.

Principles of Incident Response and Disaster Recovery

Disaster Prevention and Recovery. Team Members   Gwenn Cooper   Kristy Short   John knieling   Carissa Vancleave   Matthew Owens.

Planning for Contingencies

TEL382 Greene Chapter /27/09 2 Outline What is a Disaster? Disaster Strikes Without Warning Understanding Roles and Responsibilities Preparing For.

CSE 4482: Computer Security Management: Assessment and Forensics

Planning for Contingencies

Computer Security: Principles and Practice

Network security policy: best practices

Crisis Management Planning Employee Health Safety and Security Expertise Panel · Presenter Name · 2008.

Introduction to Network Defense

The Business of Security

Planning for Continuity

Contingency Planning Things which you do not hope happen more frequently than things which you do hope. -- PLAUTUS. (C. 254–184 B.C.), MOSTELLARIA, ACT.

Discovery Planning steps (1)

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Disaster Recovery, Business Continuity, and Organizational Policies.

Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.

ITC358 ICT Management and Information Security

Planning for Contingencies

INFORMATION SECURITY PLANNING & IMPLEMENTATION Today’s Reference: Whitman & Mattord, Management of Information Security, 2 nd edition, 2008 Chapter 3.

Planning for Contingencies

ISA 562 Internet Security Theory & Practice

FORESEC Academy FORESEC Academy Security Essentials (II)

Business Continuity & Disaster recovery

Disaster Recovery & Business Continuity

Business Continuity and Disaster Recovery Planning.

Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,

I MPLEMENTING IT S ECURITY FOR S MALL AND M EDIUM E NTERPRISES Short Presentation by Subhash Uppalapati. - Edgar R. Weippl and Markus Klemen.

Developing Plans and Procedures

Lesson 9-Information Security Best Practices. Overview Understanding administrative security. Security project plans. Understanding technical security.

INFORMATION SECURITY MANAGEMENT L ECTURE 3: P LANNING FOR C ONTINGENCIES You got to be careful if you don’t know where you’re going, because you might.

Note1 (Admi1) Overview of administering security.

INFORMATION SECURITY MANAGEMENT L ECTURE 3: P LANNING FOR C ONTINGENCIES You got to be careful if you don’t know where you’re going, because you might.

Contingency Planning.

Phases of BCP The BCP process can be divided into the following life cycle phases: Creation of a business continuity and disaster recovery policy. Business.

TEL2813/IS2820 Security Management

NFPA 1600 Disaster/Emergency Management and Business Continuity Programs.

Security Administration. Links to Text Chapter 8 Parts of Chapter 5 Parts of Chapter 1.

SecSDLC Chapter 2.

Information Security: Model, Process and Outputs Presentation to PRIA WG November 10, 2006.

Risk Identification and Risk Assessment

Erman Taşkın. Information security aspects of business continuity management Objective: To counteract interruptions to business activities and to protect.

MANAGEMENT of INFORMATION SECURITY Second Edition.

Dr. Mark Gaynor, Dr. Feliciano Yu, Bryan Duepner.

Incident Response Christian Seifert IMT st October 2007.

MANAGING INCIDENT RESPONSE By: Ben Holmquist. 2 Outline Key Terms and Understanding Personnel and Plan Preparation Incident Detection Incident Response.

Disaster Recovery Planning (DRP) DRP: The definition of business processes, their infrastructure supports and tolerances to interruptions, and formulation.

AUDITING BUSINESS CONTINUITY PROGRAMS AND PLANS What to Look For Presented by: Tommye White, CBCP, DRP Chuck Walts, CBCP, CRP.

Security Methods and Practice Principles of Information Security, Fourth Edition CET4884 Planning for Security Ch5 Part II.

Contingency Planning. Objectives Upon completion of this material, you should be able to: –Recognize the need for contingency planning –Describe the major.

Information Security Crisis Management Daryl Goodwin.

Contingency Management Indiana University of Pennsylvania John P. Draganosky.

Q-RADAR User Training BCM System End Users Training.

Business Continuity Planning 101

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.

MANAGEMENT of INFORMATION SECURITY, Fifth Edition.

Donald JG Chiarella, PhD, CISM, CDMP, PEM, CHS-CIA, MBA.

INFORMATION SECURITY MANAGEMENT L ECTURE 3: P LANNING FOR C ONTINGENCIES You got to be careful if you don’t know where you’re going, because you might.

What is Continuity of Operations Planning?

CompTIA Security+ Study Guide (SY0-401)

MANAGEMENT of INFORMATION SECURITY, Fifth Edition

CompTIA Security+ Study Guide (SY0-501)

MANAGEMENT of INFORMATION SECURITY Second Edition.

Presentation transcript:

1 Business Continuity

2 Continuity strategy Business impact Incident response Disaster recovery Business continuity

3 Continuity Strategy Contingency planning Incident response planning Disaster recovery planning Business continuity planning

4 Contingency Planning Contingency planning consists of: –Incident response plan –Disaster recovery plan –Business continuity plan Incident response involves: –Notification of key people –Documenting the incident –Contain the damage due to the incident

5 Contingency Planning Diagram

6 Contingency Planning Timeline

7 Contingency Planning Primary goal is to restore all systems to pre- failure level CP requires support of: –Upper level management –IT people –Security people

8 Business Impact Analysis BIA is the first step in CP Takes off from where risk assessment ended Main steps in BIA are: –Threat attack identification –Business unit analysis –Attack success scenarios –Potential damage assessment –Subordinate plan classification

9 Business Impact Analysis Threat identification includes: –Attack name and description –Known vulnerabilities –Indicators preceding an attack –Information assets at risk from the attack –Damage estimates

10 Business Impact Analysis Business Unit Analysis includes: –Prioritization of business functions –Identify critical business units Attack success scenario includes: –Known methods of attack –Indicators of attack –Broad consequences

11 Business Impact Analysis Potential damage assessment includes: –Actions needed immediately to recover from the attack –Personnel who will do the restoration –Cost estimates for management use Subordinate plan classification includes: –Classification of attack as disastrous or non-disastrous –Disastrous attacks require disaster recovery plan –Non-disastrous attacks require incident response plan –Most attacks are non-disastrous, e.g., blackout

12 Business Impact Analysis Diagram

13 Incident Response Plan Responsible people aware of IR plan details Periodic testing of IR plan as a desktop exercise Goals to remember (Richard Marcinko): –More sweat in training means less bleeding in combat –Preparation hurts –Lead from the front and not the rear –Keep it simple –Never assume –You get paid for results not your methods

14 Incident Response Plan Incidents are usually detected from complaints to help desk Security administrators may receive alarms based on: –Unfamiliar files –Unknown processes –Unusual resource consumption –Activities at unexpected times –Use of dormant accounts

15 Incident Response Plan Additional incidence indicators: –IDS system detects unusual activity –Presence of hacker tools such as sniffers and keystroke loggers –Partners detect an attack from the organization system –Hacker taunts How to classify an incident as a disaster? –Organizational controls for an incident are ineffective –Level of damage to the system is severe

16 Incident Response Plan Incident reaction involves –Notifying proper personnel Involves notifying people on the alert roster Notification could be accomplished using a predefined tree structure Notification is pre-scripted to activate relevant portions of the incident response plan –Designated personnel start documenting the incident

17 Incident Response Plan –Activate incident containment strategies such as: Take system offline Disable compromised accounts Reconfigure firewall as needed Shut down specific applications such as or database Might necessitate shutting down the system completely

18 Incident Response Plan Post-incident actions –Preserve evidence –Activate recovery procedures –Assess damage

19 Disaster Recovery planning Prioritize recovery of components Crisis management Activate recovery from backup data

20 Business Continuity Service Level Agreements Software escrow ISO addresses business continuity management Cold / warm / hot site Restoration vs. recovery FARM (Functional Area Recovery Management) specifies plans for operational area recovery

21 References Disaster recovery planning exchange Disaster Recovery: COBRA

22 References Natural Disasters preparedness erupdate.pdf Crisis management Business Continuity Plan glossary Avaya white paper on Business Continuity pdf