Incident Management By Marc-André Léger DESS, MASc, PHD(candidate) Winter 2008.

Slides:



Advertisements
Similar presentations
FMS. 2 Fires Terrorism Internal Sabotage Natural Disasters System Failures Power Outages Pandemic Influenza COOP/ Disaster Recovery/ Emergency Preparedness.
Advertisements

Information Technology Disaster Recovery Awareness Program.
[Organisation’s Title] Environmental Management System
Business Continuity Training & Awareness by Sulia Toutai (ANZ)
October In May 2000, Walkerton’s drinking water system became contaminated with deadly bacteria, primarily Escherichia coli O157:H7.1 Seven people.
@TxSchoolSafety Continuity of Operations Planning Workshop Devolution & Reconstitution.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
BRC Storage & Distribution Safety and Quality Management System Training Guide
Emergency Plan GENERAL AWARENESS TRAINING. Aim To provide staff with an overview of the school emergency plan.
Security Controls – What Works
Business Crisis and Continuity Management (BCCM) Class Session
Pertemuan 20 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
Computer Security: Principles and Practice
Session 3 – Information Security Policies
Business Crisis and Continuity Management (BCCM) Class Session
Services Tailored Around You® Business Contingency Planning Overview July 2013.
QUALITY MANAGEMENT SYSTEM ACCORDING TO ISO
© 2010 Plexent – All rights reserved. 1 Change –The addition, modification or removal of approved, supported or baselined CIs Request for Change –Record.
Continuity of Operations Planning COOP Overview for Leadership (Date)
Steve Jones, SHEQ Manager (Emergency & Critical Services)
Evolving IT Framework Standards (Compliance and IT)
Module 3 Develop the Plan Planning for Emergencies – For Small Business –
Overview Of Information Security Management By BM RAO Senior Technical Director National Informatics Centre Ministry of Communications and Information.
SMS Operation.  Internal safety (SMS) audits are used to ensure that the structure of an SMS is sound.  It is also a formal process to ensure continuous.
Disaster Recovery Strategies & criteria for evaluation of information management strategies.
Transport Development and Solutions Alliance (TDSA) Technology Evolving Business Functions Scott Lawton – Chief Executive Officer 7 th of August 2015.
ISA 562 Internet Security Theory & Practice
Incident Management By Marc-André Léger DESS, MASc, PHD(candidate) Winter 2008.
David N. Wozei Systems Administrator, IT Auditor.
Rich Archer Partner, Risk Advisory Services KPMG LLP Auditing Business Continuity Plans.
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
Information: Policy, Strategy and Systems Module Overview
State and Local Records Management DISASTER PLANNING Presented By State and Local Records Management Division Texas State Library and Archives Commission.
Paul Hardiman and Rob Brown SMMT IF Planning and organising an audit.
E.Soundararajan R.Baskaran & M.Sai Baba Indira Gandhi Centre for Atomic Research, Kalpakkam.
Service Level Agreements Service Level Statements NO YES The process of negotiating and defining the levels of user service (service levels) required.
Phases of BCP The BCP process can be divided into the following life cycle phases: Creation of a business continuity and disaster recovery policy. Business.
National Archives and Records Administration, Preparing for the Unexpected ESSENTIAL ELEMENTS: ANALYSIS.
NFPA 1600 Disaster/Emergency Management and Business Continuity Programs.
Office of Emergency Management University of Houston-Clear Lake Business Continuity Planning.
Key Terms Business Continuity Plan (BCP) – A comprehensive written plan to maintain or resume business in the event of a disruption Critical Process –
Unit 4: Operational Phases and Implementation. Unit 4 Objectives  Explain the four phases of continuity and relate their application to the continuity.
ISO Registration Common Areas of Nonconformances.
State of Georgia Release Management Training
Erman Taşkın. Information security aspects of business continuity management Objective: To counteract interruptions to business activities and to protect.
Session 12 Information management and security. 1 Contents Part 1: Introduction Part 2: Legal and regulatory responsibilities Part 3: Our Procedures Part.
Project management Topic 8 Configuration Management.
Exercising, Maintaining and Reviewing BCM Arrangements ERMAN TASKIN
Business Continuity Disaster Planning
Dr. Mark Gaynor, Dr. Feliciano Yu, Bryan Duepner.
1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.
CBIZ RISK & ADVISORY SERVICES BUSINESS CONTINUITY PLANNING Developing a Readiness Strategy that Mitigates Risk and is Actionable and Easy to Implement.
EXPECT THE UNEXPECTED Prepare Your Business for Disaster.
AUDITING BUSINESS CONTINUITY PROGRAMS AND PLANS What to Look For Presented by: Tommye White, CBCP, DRP Chuck Walts, CBCP, CRP.
Business Continuity Awareness Steve Lambert Biscon Planning Ltd.
Business Continuity Planning 101
Business Continuity Steven S. Keleman, CPM. Emergency Management Prevention Response Preparation Mitigation Recovery.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.
Information Security Management Goes Global
Utilizing Your Business Continuity Plan.
Randall (Randy) Snyder, PT, MBA Division Director January 27, 2016
MANAGEMENT of INFORMATION SECURITY, Fifth Edition
Business Continuity / Recovery
Business Contingency Planning
Business Continuity Planning
Business Impact Analysis
Continuity of Operations Planning
Developing and testing the Plan
Presentation transcript:

Incident Management By Marc-André Léger DESS, MASc, PHD(candidate) Winter 2008

Save the forest If you really need to print… Please do not print out more than one module at a time as it may evolve…

Session 12 Disaster recovery planning

ISO/IEC FDIS 24762:2007(E)

ISO approach to BCP Conduct of Business Impact Analysis Review, Assessment of Risks, then based on these results - Establishment of Business Recovery Priorities, Timescales & Requirements Business continuity strategy formulation Business continuity plan production Business continuity plan testing Business continuity awareness On-going Business continuity plan maintenance Business continuity strategy formulation

Environmental stability Environmental stability is important for the direct operation of a recovery center as well as personnel travel, safety and welfare. The utilities required for the operation of a recovery center, such as power supply and telecommunications, can be affected by environmental instability. Personnel travel and safety to/from a recovery center can be affected by disruption to the transportation system. Personnel welfare and social activities after work can also be limited by an unsafe external environment.

Identifying instability The frequent occurrence on a large scale of the following type of activities would indicate underlying environmental instability: –strikes; –demonstrations; –riots; –violent crimes; –natural disasters; –pandemics; –deliberate attacks.

Asset management Service providers should ensure that assets placed in their ICT DR premises are capable of being uniquely identified, located and retrieved in a timely manner when required by organizations. In addition to computing and related equipment, assets include: –application software, –vital records stored on media (magnetic or otherwise), and –necessary operational documentation placed in service providers’ operational premises to facilitate recovery from disasters and failures.

Organization ownership rights and privileges –Service providers should explicitly document and maintain the listing of assets that are in their ICT DR –premises. In the case of outsourced service providers, the asset list should be included in service contracts –with appropriate clauses inserted to identify their ownership rights and privileges.

Asset protection For all assets located in their ICT DR premises, service providers should ensure that: –a) a list of the assets is maintained (this could be through use of a configuration management “system” and associated processes that maintain details of current versions of documentation, software, and all other assets (ISO/IEC provides guidance on establishing configuration management); –b) all assets are tagged/marked in a manner that uniquely identifies ownership; –c) in the case of outsourced ICT DR service provision, organizations and outsourced service providers do not display explicit organization names in the asset tagging/marking to ensure that security is not compromised. For example, equipment mounted on shared racks should not have explicit organization names as part of the tag/mark.

Service providers should establish systems 1) to protect, maintain, locate, retrieve and return all organization tagged/marked assets located at their premises, and ensure that organization ICT DR assets are: –a) located and kept in safe environments; –b) maintained in good operating conditions, with the installation of appropriate environmental controls; –c) not used or redeployed for other than contracted purposes; and that the location of organizations’ ICT DR assets is accurately tracked for retrieval.

In Outsourcnig In the case of outsourced ICT DR service provision, outsourced service providers should ensure that: –a) organizations are informed when their assets are being relocated; –b) organizations’ assets are retrieved and returned within a predetermined and agreed timeframe when requested by organizations; –c) organizations are forewarned and their assets returned to them according to appropriate established and agreed procedures before the onset of any seizure or stoppages.

National boundaries –Organizations should consider the implications of disaster recovery data and other assets being stored across national boundaries, and ensure that compliance is maintained with all relevant legal and regulatory requirements.

Availability of documentation Service providers (if required by their SLAs) and organizations should maintain duplicate copies of plans, disaster/failure procedures and other essential information for managing disasters and failures, including details of how to contact staff and of access points for emergency services. Such duplicate plans, procedures and other essential information should be kept off site at easily accessible locations.

Proximity of site DR sites should be in geographic areas that are unlikely to be affected by the same disaster/failure events as organizations’ primary sites. The issue of site proximity and associated risks should be taken into consideration when ICT DR service providers contract and agree SLAs with organizations.

Disaster communication

End of this session

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.