Paul M Kane Director, www.CommunityDNS.net Issues to think about! APTLD Members’ Meeting in Kuala Lumpur 1 – 2 March 2010 Contingency Planning.

Slides:

Advertisements

Similar presentations

Presented by Peter Gubarevich Optimal Solutions, Ltd Conference Microsoft IT Pro Tallinn, December 01, 2011 Something About Restoring Your Server.

Advertisements

Information Technology Disaster Recovery Awareness Program.

Chapter 13 Managing Computer and Data Resources. Introduction A disciplined, systematic approach is needed for management success Problem Management,

Service Design – Section 4.5 Service Continuity Management.

Welcome to RAI, the future of collaborative Project Risk Management Overview of Project Risk and Issue Management RAI for the Project Manager RAI for the.

Reliability Week 11 - Lecture 2. What do we mean by reliability? Correctness – system/application does what it has to do correctly. Availability – Be.

Introduction Security is a major networking concern. 90% of the respondents to the 2004 Computer Security Institute/FBI Computer Crime and Security Survey.

Lesson 11 – NETWORK DISASTER RECOVERY Disaster recovery plans Network backup and restoration OVERVIEW.

Best Practices – Overview

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Stephen S. Yau CSE , Fall Security Strategies.

Disaster Recovery and Business Continuity Ensuring Member Service in Times of Crisis.

Mitun PatelMXP07U. Organisational structure Top management; this includes the organisation’s general manager and its executives Department managers; this.

1 Disaster Recovery Planning & Cross-Border Backup of Data among AMEDA Members Vipin Mahabirsingh Managing Director, CDS Mauritius For Workgroup on Cross-Border.

Outsourcing Policy & Procedures An Overview for Staff Prepared by MSM Compliance Services Pty Ltd.

Disaster Recovery Policy & Procedures An Overview for Staff Prepared by MSM Compliance Services Pty Ltd.

Network security policy: best practices

John Graham – STRATEGIC Information Group Steve Lamb - QAD Disaster Recovery Planning MMUG Spring 2013 March 19, 2013 Cleveland, OH 03/19/2013MMUG Cleveland.

Cloud Computing How secure is it? Author: Marziyeh Arabnejad Revised/Edited: James Childress April 2014 Tandy School of Computer Science.

Term 2, 2011 Week 3. CONTENTS The physical design of a network Network diagrams People who develop and support networks Developing a network Supporting.

Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.

A Major Business Disruption A Strategy for Minimising the Downtime Anthony Hegarty Mitigating Risks.

Isdefe ISXXXX XX Your best ally Panel: Future scenarios for European critical infrastructures protection Carlos Martí Sempere. Essen.

Designing a Disaster Recovery Policy by Ian Murphy.

Presented by: Meg Boyd The Blue Mountains Drinking Water System: DWQMS Overview.

Important points and activities.  The objective is to secure life, property, information in the event of a disaster and to facilitate business continuity.

Nick Simms Director, Cornwood Risk Management

Module 9 Planning a Disaster Recovery Solution. Module Overview Planning for Disaster Mitigation Planning Exchange Server Backup Planning Exchange Server.

The Handover Process P6.

Appendix C: Designing an Operations Framework to Manage Security.

Telerik Software Academy Software Quality Assurance.

E.Soundararajan R.Baskaran & M.Sai Baba Indira Gandhi Centre for Atomic Research, Kalpakkam.

Note1 (Admi1) Overview of administering security.

McLean HIGHER COMPUTER NETWORKING Lesson 15 (a) Disaster Avoidance Description of disaster avoidance: use of anti-virus software use of fault tolerance.

Service Level Agreements Service Level Statements NO YES The process of negotiating and defining the levels of user service (service levels) required.

Phases of BCP The BCP process can be divided into the following life cycle phases: Creation of a business continuity and disaster recovery policy. Business.

APNIC Security Update APSIRCC 2002 Tokyo, 25 March 2002.

Module 1 Introduction to Designing a Microsoft® Exchange Server 2010 Deployment.

Chapter 12 Implementation and Maintenance

Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.

The Importance of Proper Controls. 5 Network Controls Developing a secure network means developing mechanisms that reduce or eliminate the threats.

Erman Taşkın. Information security aspects of business continuity management Objective: To counteract interruptions to business activities and to protect.

SueDon Ltd - Business Continuity Management BCM Overview ©1999 SueDon Ltd Business Continuity Management.

CBIZ RISK & ADVISORY SERVICES BUSINESS CONTINUITY PLANNING Developing a Readiness Strategy that Mitigates Risk and is Actionable and Easy to Implement.

Information Security Crisis Management Daryl Goodwin.

Contingency Management Indiana University of Pennsylvania John P. Draganosky.

Response to an Emergency Training for 211 Staff in Ontario Updated September

Commissioning Services: with the DPA in mind South Yorkshire Information and Data Sharing Group Sheffield 14 th August 2014 Lynne Shackley Lead Policy.

Welcome to the ICT Department Unit 3_5 Security Policies.

ISS Team Group Member ◦ Nguy ễ n Nh ậ t Minh ◦ Nguy ễ n Kh ắ c Khu ◦ Ph ạ m Ng ọ c Hi ế u ◦ Nguy ễ n Ng ọ c Khánh ◦ Nguy.

A Solution for Maintaining File Integrity within an Online Data Archive Dan Scholes PDS Geosciences Node Washington University 1.

Information Systems Security

Fire Safety & Disaster Planning

Technology and Business Continuity

Review of IT General Controls

The case for a disaster recovery strategy for component XYZ

Security measures deployed by e-communication providers

Outsourcing Policy & Procedures

MOBILE NETWORKS DISASTER RECOVERY USING SDN-NFV

Disaster Recovery Policy & Procedures

Unit 7 – Organisational Systems Security

IS4680 Security Auditing for Compliance

Klopotek is transitioning to a Global Organization

12 STEPS TO A GDPR AWARE NETWORK

Operational procedures for preventing misuse

Neopay Practical Guides #2 PSD2 (Should I be worried?)

GRC - A Strategic Approach

The Survival Plan.

European Programme for Critical Infrastructure Protection (EPCIP)

WJEC GCSE Computer Science

Presentation transcript:

Paul M Kane Director, Issues to think about! APTLD Members’ Meeting in Kuala Lumpur 1 – 2 March 2010 Contingency Planning

APTLD Contingency Planning –- 1 st March Blame management – not my fault! Prevention Measures > These measures require avoidance planning to avoid something from occurring. Detection Measures; > These controls are designed for detecting or discovering unwanted events. Corrective measures; > These controls are designed to correct or restore service after an event has occurred.

APTLD Contingency Planning –- 1 st March Prevention Management How much of your operation is controlled internally? > Do you practice, “what if” scenarios? The mere thinking about and practicing scenarios will identify possible hardware, system or process flow failures – leading to operational improvements. > Are multiple staff able and authorised to undertake each other’s roles? Staff go on holiday, or work away from the office so making sure multiple people can undertake a given task leads to process improvements and operational redundancy. > Contingency Plans need to be developed and understood to ensure that in the event of a disaster, everyone knows what to do and how to do it. Hardware will fail, storm damage will occur, power supplies and transit carrier services will break – all outside of your control.

APTLD Contingency Planning –- 1 st March Prevention Management How much of your operation is outsourced? > Upstream ISP – do you use multiple carriers under SLA’s? > Are you using Provider Independent IP space, so it is easy to multi-home your service in different geographical locations for redundancy? > Do you use multiple communications mediums for dialogue with users; Blog, Twitter, forums etc > Do you supplement your internally operated DNS resolution provision with external subcontractors using multiple application software – ie not all of your DNS resolvers should be open source such as BIND or NSD – diversity builds resiliency.

APTLD Contingency Planning –- 1 st March Spread the risk with outsourcing partners With financial support from the Prevention, Preparedness and Consequence Management of Terrorism and other Security Related Risks Programme European Commission - Directorate-General Justice, Freedom and Security

APTLD Contingency Planning –- 1 st March Detection Measures Monitoring > Do you use third party monitoring servers to check the availability and external access to your services such as BGP scans, POP, Web, EPP, DNS, Ticketing systems? > Do you periodically undertake Port scans to make sure your services are secure from both internal and external attacks? > Do you Quality Assess the software your staff have written and use? > When an issue is raised by a customer for an example do you have an operations team assigned to look into, and potentially resolve, the issue?

APTLD Contingency Planning –- 1 st March Service delivery and external monitoring Command and Control Monitoring Locations: Active Anycast nodes (blue pins) Currently being Installed: (yellow pins) Command and Control Monitoring Locations: Chicago, USABuenos Aires, ArgentinaLondon, UKTokyo, Japan

APTLD Contingency Planning –- 1 st March Offices and Data Centres

APTLD Contingency Planning –- 1 st March Quick Service Overview Our TLD customers: > In this region: SG VN IR PH > In other regions: EU > 3m names IT > 2m names PL BE FI HU LU LT LV many more – total of 92 zones (many SLDs) Raw Stats: > Yesterday, 23.8 million authoritative names 28/2/2010 ~54k updates 28/2/ NSEC or NSEC3 signed zones ~6 billion queries / day (28/2/ ,973,886,722) 100% SLA NSEC and NSEC3 supported Free IPv4 and IPv6 address allocated

APTLD Contingency Planning –- 1 st March Corrective Measures Practice then Practice some more! > What is your organisation’s process for activating a Plan and notifying recovery personnel? > Do you test the recovery plan on a regular basis? Do the back up systems and back-up data stores (including off- site) recover correctly? > When back-up power or bandwidth is required is service disruption avoided? > If failure cannot be contained, do you have an effective and rehearsed communications strategy, telling users the status and what action if any is required to restore their service?

APTLD Contingency Planning –- 1 st March Summary Impact Assessment of multiple scenarios Develop your Contingency Plan Testing your Contingency Plan Personnel Training Maintaining the Contingency Plan Be sure to be able to blame someone else!

APTLD Contingency Planning –- 1 st March Thank you ? Paul.Kane AT CommunityDNS.net