Business continuity plan ppt
Related slideshares at hed on apr 29, you sure you want message goes the first to ss continuity
- continuity strategy
- business impact
- incident response
- disaster recovery
- business continuity
- contingency planning
- incident response planning
- disaster recovery planning
- business continuity planning
- contingency planning consists of:
- incident response plan
- disaster recovery plan
- business continuity plan
- incident response involves:
- notification of key people
- documenting the incident
- contain the damage due to the incident
Planning gency planning gency planning
- primary goal is to restore all systems to pre-failure level
- cp requires support of:
- upper level management
- it people
- security people
- bia is the first step in cp
- takes off from where risk assessment ended
- main steps in bia are:
- threat attack identification
- business unit analysis
- attack success scenarios
- potential damage assessment
- subordinate plan classification
- business unit analysis includes:
- prioritization of business functions
- identify critical business units
- attack success scenario includes:
- known methods of attack
- indicators of attack
- broad consequences
Impact analysis
- potential damage assessment includes:
- actions needed immediately to recover from the attack
- personnel who will do the restoration
- cost estimates for management use
- subordinate plan classification includes:
- classification of attack as disastrous or non-disastrous
- disastrous attacks require disaster recovery plan
- non-disastrous attacks require incident response plan
- most attacks are non-disastrous, e. Impact analysis nt response plan
- responsible people aware of ir plan details
- periodic testing of ir plan as a desktop exercise
- goals to remember (richard marcinko):
- more sweat in training means less bleeding in combat
- preparation hurts
- lead from the front and not the rear
- keep it simple
- never assume
- you get paid for results not your methods
- incidents are usually detected from complaints to help desk
- security administrators may receive alarms based on:
- unfamiliar files
- unknown processes
- unusual resource consumption
- activities at unexpected times
- use of dormant accounts
Response plan
- additional incidence indicators:
- ids system detects unusual activity
- presence of hacker tools such as sniffers and keystroke loggers
- partners detect an attack from the organization system
- hacker taunts
- how to classify an incident as a disaster? Response plan
- incident reaction involves
- notifying proper personnel
- involves notifying people on the alert roster
- notification could be accomplished using a predefined tree structure
- notification is pre-scripted to activate relevant portions of the incident response plan
- designated personnel start documenting the incident
- activate incident containment strategies such as:
- take system offline
- disable compromised accounts
- reconfigure firewall as needed
- shut down specific applications such as email or database
- might necessitate shutting down the system completely
Response plan
- post-incident actions
- preserve evidence
- activate recovery procedures
- assess damage
- prioritize recovery of components
- crisis management
- activate recovery from backup data
- service level agreements
- software escrow
- iso 17799 addresses business continuity management
- cold / warm / hot site
- restoration vs.
Recovery
- farm (functional area recovery management) specifies plans for operational area recovery
Techniques: classroom course - linkedin oint 2016: course - linkedin ng techniques: creating effective learning course - linkedin able use policy - ctap a to z guide to business continuity and disaster management ppt awards provisional risk management accreditation management in times of financial management 2.