Presentation is loading. Please wait.

Presentation is loading. Please wait.

Planning for Contingencies

Published byDella Spencer Modified over 9 years ago

Similar presentations

Presentation on theme: "Planning for Contingencies"— Presentation transcript:

1 Planning for Contingencies
INFORMATION SECURITY MANAGEMENT Lecture 3: Planning for Contingencies You got to be careful if you don’t know where you’re going, because you might not get there. – Yogi Berra

2 Principles of Information Security Mgmt
Include the following characteristics that will be the focus of the current course (six P’s): Planning Policy Programs Protection People Project Management Chapters 2 & 3 Chapter 4

3 Introduction One study found that over 40% of businesses that don't have a disaster plan go out of business after a major loss Small Business Approaches

4 Introduction – 2012 Natural Disaster Map

5 Contingency Planning Contingency planning (CP)
The overall planning for unexpected events Involves preparing for, detecting, reacting to, and recovering from events that threaten the security of information resources and assets

6 Fundamentals of Contingency Planning
Incident Response Disaster Recovery Business Continuity

7 Developing a CP Document
Develop the contingency planning policy statement Conduct the BIA Identify preventive controls Develop recovery strategies Develop an IT contingency plan Plan testing, training, and exercises Plan maintenance

8 Business Impact Analysis (BIA)
Provides detailed scenarios of each potential attack’s impact

9 Business Impact Analysis (cont’d.)
The CP team conducts the BIA in the following stages: Threat attack identification Business unit analysis Attack success scenarios Potential damage assessment Subordinate plan classification What are the goals of a BIA? Management of Information Security, 3rd ed.

10 Business Impact Analysis (cont’d.)
An organization that uses a risk management process will have identified and prioritized threats The second major BIA task is the analysis and prioritization of business functions within the organization Each should be categorized

11 Business Impact Analysis (cont’d.)
Create a series of scenarios depicting impact of successful attack on each functional area Attack profiles should include scenarios depicting typical attack including: (1) Methodology, (2) Indicators, (3) Broad consequences Estimate the cost Should this be done in-house or outsourced?

12 NIST Business Process and Recovery Criticality
Key recovery measures: Maximum Tolerable Downtime (MTD) - total amount of time the system owner is willing to accept for a mission/business process outage or disruption Recovery time objective (RTO) - maximum amount of time that a system resource can remain unavailable before there is an unacceptable impact on other system resources and processes Recovery point objective (RPO) - point in time, prior to a disruption or system outage, to which mission/business process data can be recovered after an outage

13 NIST Business Process and Recovery Criticality
Work Recovery Time (WRT) - amount of effort that is necessary to get the business function operational AFTER the technology element is recovered Can be added to the RTO to determine the realistic amount of elapsed time before a business function is back in useful service Total time needed to place the business function back in service must be shorter than the MTD Must balance the cost of system inoperability against the cost of recovery

14

15 Timing and Sequence of CP Elements
Figure 3-6 Contingency planning implementation timeline Management of Information Security, 3rd ed. Source: Course Technology/Cengage Learning

16 Incident Response Plan
The question is not will an incident occur, but rather when an incident will occur A detailed set of processes and procedures that commence when an incident is detected When a threat becomes a valid attack, it is classified as an information security incident if it: directed against information assets a realistic chance of success threatens the confidentiality, integrity, or availability of information assets

17 Incident Response Plan (cont’d.)
Who creates the incident response plan? Planners develop and document the procedures that must be performed during the incident and immediately after the incident has ceased Separate functional areas may develop different procedures

18 Incident Response Plan (cont’d.)
Develop procedures for tasks that must be performed in advance of the incident Details of data backup schedules Disaster recovery preparation Training schedules Testing plans Copies of service agreements Business continuity plans

19 Incident Response Plan (cont’d.)
Figure 3-3 Incident response planning Management of Information Security, 3rd ed. Source: Course Technology/Cengage Learning

20 Incident Response Plan (cont’d.)
Planning requires a detailed understanding of the information systems and the threats they face The IR planning team seeks to develop pre-defined responses that guide users through the steps needed to respond to an incident

21 Incident Response Plan (cont’d.)
Incident classification Determine whether an event is an actual incident Uses initial reports from end users, intrusion detection systems, host- and network-based virus detection software, and systems administrators (Example: RSA Data Loss Prevention)

22 Incident Response Software

23 Incident Response Plan Tools

24 Incident Response Plan Tools

25 Incident Response Plan: Indicators
Possible indicators Probable indicators Definite indicators When the following occur, the corresponding IR must be immediately activated Loss of availability Loss of integrity Loss of confidentiality Violation of policy Violation of law

26 Incident Response Plan (cont’d.)
Once an actual incident has been confirmed and properly classified IR team moves from the detection phase to the reaction phase A number of action steps must occur quickly and may occur concurrently

27 Incident Response Plan: Action Steps
Notification of key personnel (alert roster) Assignment of tasks Documentation of the incident

28 Incident Response Plan (cont’d.)
The essential task of IR is to stop the incident or contain its impact Incident containment strategies focus on two tasks:

29 IRP: Stopping the Incident
Containment strategies Once contained and system control regained, incident recovery can begin Incident damage assessment An incident may increase in scope or severity to the point that the IRP cannot adequately contain the incident

30 IRP: Recovery Process Identify the vulnerabilities
Address the safeguards that failed Evaluate monitoring capabilities (if present) Restore the data from backups as needed Restore the services and processes in use Continuously monitor the system Restore the confidence of the members

31 Incident Response Plan (cont’d.)
When an incident violates civil or criminal law, it is the organization’s responsibility to notify the proper authorities Involving law enforcement has both advantages and disadvantages

32 Article: Incident Response – SANS Survey

33 Disaster Recovery Plan
The preparation for and recovery from a disaster, whether natural or man made In general, an incident is a disaster when:

34 Disaster Recovery Plan (cont’d.)
The key role of a DRP is defining how to reestablish operations at the location where the organization is usually located Common DRP classifications: Natural Disasters Human-made Disasters Scenario development and impact analysis Used to categorize the level of threat of each potential disaster

35 Disaster Recovery Plan (cont’d.)

36 Disaster Recovery Plan (cont’d.)
Discussion on Disaster Recovery Myths

37 Disaster Recovery Plan (cont’d.)
Discussion on Disaster Recovery Checklist

38 Business Continuity Plan
Ensures critical business functions can continue in a disaster Activated and executed concurrently with the DRP when needed Relies on identification of critical business functions and the resources to support them

39 BCP: Strategies Continuity strategies

40 Business Continuity Plan:Site Options
Hot Sites Warm Sites Cold Sites Other Alternatives: Timeshares, Service Bureaus, Mutual Agreements Ex. RSA data centers – lease gig Ethernet lines between MA and NC

41 Business Continuity Plan (cont’d.)
To get any BCP site running quickly organization must be able to recover data Options include:

42 Timing and Sequence of CP Elements
Figure 3-4 Incident response and disaster recovery Source: Course Technology/Cengage Learning

43 Timing and Sequence of BCP
Source: Course Technology/Cengage Learning

44 Timing and Sequence of CP Elements
Figure 3-6 Contingency planning implementation timeline Management of Information Security, 3rd ed. Source: Course Technology/Cengage Learning

45 Business Resumption Planning
Because the DRP and BCP are closely related, most organizations prepare them concurrently

46 Business Resumption Planning (cont’d.)
Components of a simple disaster recovery plan Name of agency Date of completion or update of the plan and test date Agency staff to be called in the event of a disaster Emergency services to be called (if needed) in event of a disaster

47 Business Resumption Planning (cont’d.)
Components of a simple disaster recovery plan (cont’d.) Locations of in-house emergency equipment and supplies Sources of off-site equipment and supplies Salvage priority list Agency disaster recovery procedures Follow-up assessment

48 Testing Contingency Plans
Problems are identified during testing Improvements can be made, resulting in a reliable plan Contingency plan testing strategies Desk check Structured walkthrough Simulation Parallel testing Full interruption testing

49 Contingency Planning: Final Thoughts
Iteration results in improvement A formal implementation of this methodology is a process known as continuous process improvement (CPI) Each time the plan is rehearsed it should be improved Constant evaluation and improvement lead to an improved outcome

Download ppt "Planning for Contingencies"

Similar presentations

Reliability of the electrical service Business Continuity Management Business Impact Analysis (BIA) Critical ITC Services Minimum Business Continuity Objective.

Reliability of the electrical service Business Continuity Management Business Impact Analysis (BIA) Critical ITC Services Minimum Business Continuity Objective.
Introduction Creation of information security program begins with creation and/or review of organization’s information security policies, standards,

Introduction Creation of information security program begins with creation and/or review of organization’s information security policies, standards,
1 Disaster Recovery “Protecting City Data” Ron Bergman First Deputy Commissioner Gregory Neuhaus Assistant Commissioner THE CITY OF NEW YORK.

1 Disaster Recovery “Protecting City Data” Ron Bergman First Deputy Commissioner Gregory Neuhaus Assistant Commissioner THE CITY OF NEW YORK.
1 Continuity Planning for transportation agencies.

1 Continuity Planning for transportation agencies.
Business Continuity Planning (BCP) & Disaster Recovery Planning (DRP)

Business Continuity Planning (BCP) & Disaster Recovery Planning (DRP)
Business Continuity Planning and Disaster Recovery Planning

Business Continuity Planning and Disaster Recovery Planning
Management of Information Security Chapter 3 Planning for Contingencies Things which you do not hope happen more frequently than things which you do.

Management of Information Security Chapter 3 Planning for Contingencies Things which you do not hope happen more frequently than things which you do.
Planning for Contingencies

Planning for Contingencies
TEL382 Greene Chapter 11. 10/27/09 2 Outline What is a Disaster? Disaster Strikes Without Warning Understanding Roles and Responsibilities Preparing For.

TEL382 Greene Chapter /27/09 2 Outline What is a Disaster? Disaster Strikes Without Warning Understanding Roles and Responsibilities Preparing For.
CSE 4482: Computer Security Management: Assessment and Forensics

CSE 4482: Computer Security Management: Assessment and Forensics
Lecture 2: Planning for Security INFORMATION SECURITY MANAGEMENT

Lecture 2: Planning for Security INFORMATION SECURITY MANAGEMENT
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Introduction to Network Defense

Introduction to Network Defense
1 Business Continuity. 2 Continuity strategy Business impact Incident response Disaster recovery Business continuity.

1 Business Continuity. 2 Continuity strategy Business impact Incident response Disaster recovery Business continuity.
Planning for Continuity

Planning for Continuity
EASTERN MICHIGAN UNIVERSITY Continuity of Operations Planning (COOP)

EASTERN MICHIGAN UNIVERSITY Continuity of Operations Planning (COOP)
Contingency Planning Things which you do not hope happen more frequently than things which you do hope. -- PLAUTUS. (C. 254–184 B.C.), MOSTELLARIA, ACT.

Contingency Planning Things which you do not hope happen more frequently than things which you do hope. -- PLAUTUS. (C. 254–184 B.C.), MOSTELLARIA, ACT.
ITC358 ICT Management and Information Security

ITC358 ICT Management and Information Security
Module 3 Develop the Plan Planning for Emergencies – For Small Business –

Module 3 Develop the Plan Planning for Emergencies – For Small Business –
1 Introduction to Security Chapter 5 Risk Management: The Foundation of Private Security.

1 Introduction to Security Chapter 5 Risk Management: The Foundation of Private Security.

Similar presentations

Ads by Google