Download presentation
Presentation is loading. Please wait.
Published byEdgar Butler Modified over 9 years ago
1
DISASTER CENTER Study Case DEMIRBANK ROMANIA “Piata Financiara” ConferenceJanuary 29, 2002 C 2002
2
January 29, 2002"Piata Financiara" Conference Mission Statement t Improving the quality of banking service t Decrease economic loss t Decrease exposure t Minimize disruption in operation t Increase operational stability t Provide orderly recovery t Decrease insurance premiums t Decrease reliance on key staff t Protecting company assets t Minimize decision making during a disaster t Decrease legal liabilities C 2002
3
January 29, 2002"Piata Financiara" Conference Initiation of the project t Inventory of equipment –computers –power supplies –fire detection/prevention systems –Vendor/Supplier-alternate vendor/supplier t Availability for re-purchasing t Hard copy records t Probability of theft t Define backup procedures and locations, third party location t Disaster avoidance should be the key element of any disaster recovery/business continuity plan. C 2002
4
January 29, 2002"Piata Financiara" Conference Security Posture Assessment t Periodically run a SPA with well known services providers: –External SPA –Internal SPA t Understand the function of probabilities and risk reduction / mitigation within the organisation. –Identify potential risks to the organisation. –Identify outside expertise required. –Identify vulnerabilities / threats / exposures. –Identify risk reduction / mitigation alternatives. –Identify credible information sources. –Interface with management to determine acceptable risk levels. –Document and present findings. C 2002
5
January 29, 2002"Piata Financiara" Conference Business Impact Assessment t Identify knowledgeable and credible functional area representatives. t Identify organisational functions. t Identify and define criticality criteria. t Present criteria to management for approval. t Co-ordinate analysis. t Identify interdependencies. t Define recovery objectives and timeframes, including recovery times, expected losses, and priorities. t Identify information requirements. t Identify resource requirements. t Define report format. t Prepare and present business impact analysis. C 2002
6
January 29, 2002"Piata Financiara" Conference Determine Recovery Strategies t What we recover ? –Facilities –Equipment –Software –Communication –Data files –Customer services –User operations –MIS –End-user systems –Other processing operations t How we recover? –Hot sites –Warm sites –Cold sites –Reciprocal agreements –Two data centers –Multiple computers –Service centers –Consortium arrangement –Vendor supplied equipment –Combination of the above C 2002
7
January 29, 2002"Piata Financiara" Conference Plan development t Define roles and responsibilities t Prepare necessary contracts for specific recovery alternatives t Employees training t Update existing procedures accordingly with the new environment C 2002
8
January 29, 2002"Piata Financiara" Conference Testing t Types of testing –checklist –simulation –parallel –full interruption t Define list of possible events to be considered as “disaster” –Extended power outages –Chemical spills or hazardous contamination of the premises –Hard drive crashes –Equipment failure –Equipment theft –Flooding –Bomb threats –Adverse weather conditions t Iterative process –define test purposes –build test team –structure test –perform test –analyze results –modify procedure C 2002
9
January 29, 2002"Piata Financiara" Conference Resource requirements t Personnel t Investments t Expenses C 2002
10
January 29, 2002"Piata Financiara" Conference BRANCH 1BRANCH 2BRANCH 3 …BRANCH TELECOM NETWORK WAN R/R PSTN GSM ROUTER HEAD OFFICE C 2002
11
January 29, 2002"Piata Financiara" Conference BRANCH … TELECOM NETWORK WAN ROUTER Radio-Relay Terrestrial Link R/R PSTN GSM ROUTER DISASTER CENTERHEAD OFFICE C 2002
12
January 29, 2002"Piata Financiara" Conference LOCAL NET SERVER POOL SWIFT SERVER MAIL SERVER DOMAIN COTROLER HEAD OFFICE OR DISASTER CENTER DETAILED ARCHITECTURE DATABASE SERVER VIRTUAL LAN SERVERS Internet DMZ External MAIL Internet Banking WEB/MB Server CISCO IDS TACACS/CRYPTO SERVER Certified Authority FIREWALL UFP (Websense) Server CVP (Antivirus) UFP (Websense) Server ROUTER TO RADIO RELAY 3DES Card PROXY SERVER VIRTUAL LAN SERVERS VIRTUAL LAN CLIENTS FIREWALL VIRTUAL LAN CLIENTS ROUTER TO WAN Switche s Electronic Banking TEST/DEVL SERVER FIREWALL C 2002
13
January 29, 2002"Piata Financiara" Conference BRANCH TELECOM NETWORK WAN SWIFT SERVER MAIL SERVER DOMAIN CONTROLLER DISASTER CENTER ROUTER Radio-Relay Terrestrial Link R/R PSTN GSM DATABASE SERVER VIRTUAL LAN SERVERS VIRTUAL LAN CLIENTS ROUTER FIREWALL Internet DMZ Internet Banking Internet DMZ Internet Banking WEB Server Printers 3DES Card FIREWALL CISCO IDS TACACS SERVER Certified Authority TACACS SERVER Certified Authority DOMAIN CONTROLLER SWIFT SERVER MAIL SERVER DATABASE SERVER VIRTUAL LAN SERVERS VIRTUAL LAN CLIENTS 3DES Card FIREWALL VIRTUAL LAN SERVERS FIREWALL C 2002
14
January 29, 2002"Piata Financiara" Conference Certificate Authority (CA) Application Server (AS) Firewall Database Replication 3DES SSL Client (CL) DEMIRBANK ROMANIA INTERNET BANKING & WAP SOLUTIONS Replication Firewall Banking Server Certificates signing WAP Access Server WAP I-BNK Internet Wireless Network SSL Access Server WAP Gateway WTLS C 2002 Replication
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.