Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Business Continuity. 2 Continuity strategy Business impact Incident response Disaster recovery Business continuity.

Published byFay Washington Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Business Continuity. 2 Continuity strategy Business impact Incident response Disaster recovery Business continuity."— Presentation transcript:

1 1 Business Continuity

2 2 Continuity strategy Business impact Incident response Disaster recovery Business continuity

3 3 Continuity Strategy Contingency planning Incident response planning Disaster recovery planning Business continuity planning

4 4 Contingency Planning Contingency planning consists of: –Incident response plan –Disaster recovery plan –Business continuity plan Incident response involves: –Notification of key people –Documenting the incident –Contain the damage due to the incident

5 5 Contingency Planning Diagram

6 6 Contingency Planning Timeline

7 7 Contingency Planning Primary goal is to restore all systems to pre- failure level CP requires support of: –Upper level management –IT people –Security people

8 8 Business Impact Analysis BIA is the first step in CP Takes off from where risk assessment ended Main steps in BIA are: –Threat attack identification –Business unit analysis –Attack success scenarios –Potential damage assessment –Subordinate plan classification

9 9 Business Impact Analysis Threat identification includes: –Attack name and description –Known vulnerabilities –Indicators preceding an attack –Information assets at risk from the attack –Damage estimates

10 10 Business Impact Analysis Business Unit Analysis includes: –Prioritization of business functions –Identify critical business units Attack success scenario includes: –Known methods of attack –Indicators of attack –Broad consequences

11 11 Business Impact Analysis Potential damage assessment includes: –Actions needed immediately to recover from the attack –Personnel who will do the restoration –Cost estimates for management use Subordinate plan classification includes: –Classification of attack as disastrous or non-disastrous –Disastrous attacks require disaster recovery plan –Non-disastrous attacks require incident response plan –Most attacks are non-disastrous, e.g., blackout

12 12 Business Impact Analysis Diagram

13 13 Incident Response Plan Responsible people aware of IR plan details Periodic testing of IR plan as a desktop exercise Goals to remember (Richard Marcinko): –More sweat in training means less bleeding in combat –Preparation hurts –Lead from the front and not the rear –Keep it simple –Never assume –You get paid for results not your methods

14 14 Incident Response Plan Incidents are usually detected from complaints to help desk Security administrators may receive alarms based on: –Unfamiliar files –Unknown processes –Unusual resource consumption –Activities at unexpected times –Use of dormant accounts

15 15 Incident Response Plan Additional incidence indicators: –IDS system detects unusual activity –Presence of hacker tools such as sniffers and keystroke loggers –Partners detect an attack from the organization system –Hacker taunts How to classify an incident as a disaster? –Organizational controls for an incident are ineffective –Level of damage to the system is severe

16 16 Incident Response Plan Incident reaction involves –Notifying proper personnel Involves notifying people on the alert roster Notification could be accomplished using a predefined tree structure Notification is pre-scripted to activate relevant portions of the incident response plan –Designated personnel start documenting the incident

17 17 Incident Response Plan –Activate incident containment strategies such as: Take system offline Disable compromised accounts Reconfigure firewall as needed Shut down specific applications such as email or database Might necessitate shutting down the system completely

18 18 Incident Response Plan Post-incident actions –Preserve evidence –Activate recovery procedures –Assess damage

19 19 Disaster Recovery planning Prioritize recovery of components Crisis management Activate recovery from backup data

20 20 Business Continuity Service Level Agreements Software escrow ISO 17799 addresses business continuity management Cold / warm / hot site Restoration vs. recovery FARM (Functional Area Recovery Management) specifies plans for operational area recovery

21 21 References Disaster recovery planning exchange http://www.drie.org/bcaw2k5/DCEOAdvice.doc Disaster Recovery: http://www.dri.ca/ COBRA http://www.ca-systems.zetnet.co.uk/risk/

22 22 References Natural Disasters preparedness http://www.colorado.edu/hazards/informer/inform erupdate.pdf Crisis management http://security1.gartner.com/story.php.id.152.jsp Business Continuity Plan glossary http://www.drj.com/glossary/glossleft.htm Avaya white paper on Business Continuity http://www1.avaya.com/enterprise/whitepapers/lb 2258.pdf

Download ppt "1 Business Continuity. 2 Continuity strategy Business impact Incident response Disaster recovery Business continuity."

Similar presentations

2-1-1 Disaster Data Management System AIRS Conference – New Orleans 2 nd Session May 23, 2012.

2-1-1 Disaster Data Management System AIRS Conference – New Orleans 2 nd Session May 23, 2012.
Reliability of the electrical service Business Continuity Management Business Impact Analysis (BIA) Critical ITC Services Minimum Business Continuity Objective.

Reliability of the electrical service Business Continuity Management Business Impact Analysis (BIA) Critical ITC Services Minimum Business Continuity Objective.
Planning for Security Chapter 5.

Planning for Security Chapter 5.
Chapter 5 Planning for Security

Chapter 5 Planning for Security
Introduction Creation of information security program begins with creation and/or review of organization’s information security policies, standards,

Introduction Creation of information security program begins with creation and/or review of organization’s information security policies, standards,
NERC Security Requirements – What Vendors Should Provide James W. Sample, CISSP, CISM Manager of Information Security California ISO.

NERC Security Requirements – What Vendors Should Provide James W. Sample, CISSP, CISM Manager of Information Security California ISO.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Management of Information Security Chapter 3 Planning for Contingencies Things which you do not hope happen more frequently than things which you do.

Management of Information Security Chapter 3 Planning for Contingencies Things which you do not hope happen more frequently than things which you do.
Principles of Incident Response and Disaster Recovery

Principles of Incident Response and Disaster Recovery
Disaster Prevention and Recovery. Team Members   Gwenn Cooper   Kristy Short   John knieling   Carissa Vancleave   Matthew Owens.

Disaster Prevention and Recovery. Team Members   Gwenn Cooper   Kristy Short   John knieling   Carissa Vancleave   Matthew Owens.
Planning for Contingencies

Planning for Contingencies
TEL382 Greene Chapter 11. 10/27/09 2 Outline What is a Disaster? Disaster Strikes Without Warning Understanding Roles and Responsibilities Preparing For.

TEL382 Greene Chapter /27/09 2 Outline What is a Disaster? Disaster Strikes Without Warning Understanding Roles and Responsibilities Preparing For.
CSE 4482: Computer Security Management: Assessment and Forensics

CSE 4482: Computer Security Management: Assessment and Forensics
Planning for Contingencies

Planning for Contingencies
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Network security policy: best practices

Network security policy: best practices
Crisis Management Planning Employee Health Safety and Security Expertise Panel · Presenter Name · 2008.

Crisis Management Planning Employee Health Safety and Security Expertise Panel · Presenter Name · 2008.
Introduction to Network Defense

Introduction to Network Defense
The Business of Security

The Business of Security
Planning for Continuity

Planning for Continuity

Similar presentations

Ads by Google