Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mission Continuity Program

Published byEthel Baldwin Modified over 6 years ago

Similar presentations

Presentation on theme: "Mission Continuity Program"— Presentation transcript:

1 Mission Continuity Program
FY 2019 Tabletop Exercise

2 Introduction Time of year: September 25, 2018 Time of day: 8:00 AM
Weather: Warm weather—no rain. As a part of this exercise, please inform the Mission Continuity Program by September 10, 2018 of the most critical systems (2-4 total) in rank order that your organization would request to be restored first in this type of disruption, in order to continue your critical operations. FY 2019 MCP TTX scenario

3 8:00 AM, Day One ISC Networking observes unusually high usage of PennNet, the University's internet network.  Websites and network resources (including internal Penn applications) load slowly and only succeed 50% of the time. Using your BIA, can you identify the critical processes your organization needs to continue even if PennNet is degraded? Do you have manual processes defined to continue these critical processes in the event key systems are unreliable or unavailable? FY 2019 MCP TTX scenario

4 8:45 AM, Day One ISC Networking suspects a Distributed Denial of Service(DDoS) attack from outside the University is occurring.  Network congestion is getting worse.   IT systems now load only 25% of the time. WebLogin (Pennkey) is completely unavailable.  This means users cannot access any application that uses Weblogin to authenticate, such as Penn+Box.  Also, poor network connectivity means that Cloud (vendor-provided) services like Penn O365 and Amazon Web Services are only intermittently available, making them unreliable and/or unusable from on-campus. Your organization's leadership decides to have an emergency meeting/conference call with all your organization's critical staff to determine course of action. Do you have an Incident Response Team designated? Do you have a Call List for the people who need to be contacted about this disruption, so they can be contacted easily? Do you have an out-of-band communications channel (such as Slack, MS Teams or xMatters) that will allow you to text everyone on your Call List?  If not, does leadership have a means (e.g. personal cell #s) to reach key individuals? FY 2019 MCP TTX scenario

5 11:30 AM, Day One The attack continues and shows no signs of stopping.
Phone systems that rely on VoIP (digital Voice Over IP as opposed to traditional landlines) are severely degraded.  Call quality is very choppy and calls fail 50% of the time. Do you have a fallback means of real-time communication? Do staff know where to find this information? Is this information accessible and up-to-date? Do you have access to your Mission Continuity plans, either in hard copy of saved on a flash drive, so you can access them even if there is not internet available? FY 2019 MCP TTX scenario

6 9:00AM, Day Two After a meeting with senior leadership, including the Provost and EVP, the University makes the decision to temporarily block all access to or from the Internet to stem the attack. This succeeds and allows internal Penn applications to function normally, but requires you to be on-campus to access them.  Also, Cloud-based applications are not available. VoIP phone systems begin to work normally again.  How does the continued lack of external Internet access affect your organization’s ability to pursue its critical processes and functions?   Are alternate processes available and defined? Are continuity plans in use?  How is your organization affected by the lack of remote access capabilities (e.g., no VPN, Remote Desktop, etc.)?  Can your organization's staff support the requirement to be on-campus without issue? What Cloud-based applications are critical to operations? FY 2019 MCP TTX scenario

7 11:30AM, Day Two Affected users have been posting on social media about the attack and complaining that they can’t access the Internet from on-campus. You receive a call from the Daily Pennsylvanian and other outlets asking for details and what your organization is doing to recover. They inform you they have other “inside sources” and will be running a story shortly, with or without your input. Do you have a communications plan to activate, informing your constituents about what is going on in your organization during this event?  Does this include a plan for managing public communications, such as print media and social media? Are you aware of the guidance provided from University Communications when approached by the media? FY 2019 MCP TTX scenario

8 8:00AM, Day Three (“Zombie Apocalypse”)
ISC Networking has worked with Penn’s Internet providers to track and shut down the source of the attack.  External internet access to Penn has been restored. However, ISC Security now reports that a large number of systems were compromised, using the attack as cover. Although the attack has been blocked, the compromised machines have now spread ransomware to a number of machines across campus, including several in your organization, which have made critical Penn applications and data, including BEN Financials and PennWorks, inaccessible.  Check your BIA to determine how long your organization can continue critical operations without access to these key systems (RTO).  Does this need to be updated? Can you continue to use manual workarounds in the event these systems remain unavailable? FY 2019 MCP TTX scenario

9 1:00PM, Day Three (“Zombie Apocalypse”)
The ransomware outbreak has been contained, but there are still quite a number of systems and applications that need to be recovered.  Does the priority list of your most critical systems that need to be brought up first (balancing organizational and client needs) and identified in advance of this tabletop continue to be in the correct ranked order?    Are your IT disaster recovery plans documented in your Mission Continuity plans? FY 2019 MCP TTX scenario

10 Mission Continuity Planning
Were our plans adequate for this type of loss and disruption to normal operations? Are we able to continue operations without major impact to our constituents? Post-exercise analysis: How could we improve communications? Do we need to modify our Mission Continuity plans, DR plans, and BIA? What was missing in the steps we took during the scenario? What would we do differently? What are the most important lessons learned? Are we comfortable with our response and ability to recover? Did we succeed in protecting Penn assets? FY 2019 MCP TTX scenario

Download ppt "Mission Continuity Program"

Similar presentations

Information Technology Disaster Recovery Awareness Program.

Information Technology Disaster Recovery Awareness Program.
ELOC Bank Table Top Exercise Executive Leadership of Cybersecurity Austin, TX December 3, 2014 1.

ELOC Bank Table Top Exercise Executive Leadership of Cybersecurity Austin, TX December 3,
DATA CENTER OUTAGE BRIEFING JANUARY 10–11, 2014 INFORMATION AND EDUCATIONAL TECHNOLOGY.

DATA CENTER OUTAGE BRIEFING JANUARY 10–11, 2014 INFORMATION AND EDUCATIONAL TECHNOLOGY.
Business Continuity Planning Jeremy Stacy. Objectives Understand the steps in Business Continuity Planning Understand the terminology used in Business.

Business Continuity Planning Jeremy Stacy. Objectives Understand the steps in Business Continuity Planning Understand the terminology used in Business.
TEL382 Greene Chapter 11. 10/27/09 2 Outline What is a Disaster? Disaster Strikes Without Warning Understanding Roles and Responsibilities Preparing For.

TEL382 Greene Chapter /27/09 2 Outline What is a Disaster? Disaster Strikes Without Warning Understanding Roles and Responsibilities Preparing For.
Business Continuity Check List PageOne. - Why Does Your Business Need A Continuity Checklist? Should the unexpected occur, your business will be able.

Business Continuity Check List PageOne. - Why Does Your Business Need A Continuity Checklist? Should the unexpected occur, your business will be able.
Network security policy: best practices

Network security policy: best practices
EMERGENCY COMMUNICATION AND PLANNING March 25, 2014 1.

EMERGENCY COMMUNICATION AND PLANNING March 25,
Business Continuity and You! The Ohio State University Business & Finance Enterprise Continuity Program Quarterly Update October 2008Business and Finance.

Business Continuity and You! The Ohio State University Business & Finance Enterprise Continuity Program Quarterly Update October 2008Business and Finance.
(Insert agency name and/or date) Are we prepared?.

(Insert agency name and/or date) Are we prepared?.
Desktop Security: Worms and Viruses Brian Arkills, C&C NDC-Sysmgt.

Desktop Security: Worms and Viruses Brian Arkills, C&C NDC-Sysmgt.
November 2009 Network Disaster Recovery October 2014.

November 2009 Network Disaster Recovery October 2014.
I/3 Budget FY 2008 Department Request Training Nickie Whitaker Department of Management August 14, 2006.

I/3 Budget FY 2008 Department Request Training Nickie Whitaker Department of Management August 14, 2006.
Introduction Our Topic: Mobile Security Why is mobile security important?

Introduction Our Topic: Mobile Security Why is mobile security important?
RBTC: Business Continuity 101 July 18, 2013. What is Business Continuity? Scenario Part 1 Why is BC important? What types of plans are needed? How do.

RBTC: Business Continuity 101 July 18, What is Business Continuity? Scenario Part 1 Why is BC important? What types of plans are needed? How do.
IT Business Continuity Briefing March 3, 2011.  Incident Overview  Improving the power posture of the Primary Data Center  STAGEnet Redundancy  Telephone.

IT Business Continuity Briefing March 3,  Incident Overview  Improving the power posture of the Primary Data Center  STAGEnet Redundancy  Telephone.
Administration and Finance Incident Prioritization Document

Administration and Finance Incident Prioritization Document
Www.merge-emed.com ©2006 Merge eMed. All Rights Reserved. Energize Your Workflow 2006 User Group Meeting May 7-9, 2006 Disaster Recovery Michael Leonard.

©2006 Merge eMed. All Rights Reserved. Energize Your Workflow 2006 User Group Meeting May 7-9, 2006 Disaster Recovery Michael Leonard.
KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY Unit 4 IT 484 Networking Security Course Name – IT484-01 Networking Security 1203C Term Instructor.

KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY Unit 4 IT 484 Networking Security Course Name – IT Networking Security 1203C Term Instructor.
OCTAVE-S on TradeSolution Inc.. Introduction Phase 1: Critical Assets and threats Phase 2: Critical IT Components Phase 3: Changes Required in current.

OCTAVE-S on TradeSolution Inc.. Introduction Phase 1: Critical Assets and threats Phase 2: Critical IT Components Phase 3: Changes Required in current.

Similar presentations

Ads by Google