Download - Disaster Biz Resumpt
![Page 1: Disaster Biz Resumpt](https://reader036.vdocuments.mx/reader036/viewer/2022081404/55763212d8b42a015c8b4bb8/html5/thumbnails/1.jpg)
Prepared: 04/13/23 1
Corp. AWS Overview
Security & Business Continuity
![Page 2: Disaster Biz Resumpt](https://reader036.vdocuments.mx/reader036/viewer/2022081404/55763212d8b42a015c8b4bb8/html5/thumbnails/2.jpg)
04/13/23 2
Introduction
To preserve of the business in the face of major disruptions to normal business operations.
Describe objectives of the domain– Theoretical– Practical– Significance
![Page 3: Disaster Biz Resumpt](https://reader036.vdocuments.mx/reader036/viewer/2022081404/55763212d8b42a015c8b4bb8/html5/thumbnails/3.jpg)
04/13/23 3
Domain Topics
BCP vs. DRP BIAs Contingency Planning End User Environment Backup Alternatives Recovery and Restoration Choosing a Software Backup Facility Testing and Drills Emergency Response
![Page 4: Disaster Biz Resumpt](https://reader036.vdocuments.mx/reader036/viewer/2022081404/55763212d8b42a015c8b4bb8/html5/thumbnails/4.jpg)
04/13/23 4
Information Security Requirements BCP and DRP are part of the Security Policy and
Program. Policy statement set by executive staff. Not optional. Must include the business. This is true at Corp.
![Page 5: Disaster Biz Resumpt](https://reader036.vdocuments.mx/reader036/viewer/2022081404/55763212d8b42a015c8b4bb8/html5/thumbnails/5.jpg)
04/13/23 5
BCP vs. DRP Business Continuity Planning is addresses the needs to
maintain the business until the situation returns to normal (pre-disaster situation).
Disaster Recovery Planning is aimed at minimizing the effects of a impact and ensuring that resources, personnel, and business processes are able to resume in a timely manner.
BCP’s goal is to keep the business running… DRP’s goal is to resume a lost part of the business. Just because you lose a system, you may not implement
BCP.– E.g.. Server crash, 4 hour SLA, 2 hour rebuild– E.g.. System crash, 3 hour failover & expense, 5 hour recovery
![Page 6: Disaster Biz Resumpt](https://reader036.vdocuments.mx/reader036/viewer/2022081404/55763212d8b42a015c8b4bb8/html5/thumbnails/6.jpg)
04/13/23 6
EmergencyEmergencyManagement TeamManagement Team
Crisis Management TeamCrisis Management Team
Business ResumptionBusiness Resumption
Business Resumption Business Resumption Resource Support TeamResource Support Team
Cohesive Response
Vital Records
FacilitiesServices
InformationTechnology
Communications
PurchasingMaintenance
Space Planning
Security
![Page 7: Disaster Biz Resumpt](https://reader036.vdocuments.mx/reader036/viewer/2022081404/55763212d8b42a015c8b4bb8/html5/thumbnails/7.jpg)
04/13/23 7
Business Impact Analysis
A BIA is performed before a plan is written to identify the areas that are at greatest financial or operation loss in the event of a disaster or disruption.
How?• develop materials
• gather information (quantitative & qualitative)
• analyze and interpret
• prepare and recommend
Corp. Practice: Corp. completed an initial BIA in December of 2001. It is red cover and wascompiled from 200+ key business personnel. Managed at IT Staff and Audit Level.
![Page 8: Disaster Biz Resumpt](https://reader036.vdocuments.mx/reader036/viewer/2022081404/55763212d8b42a015c8b4bb8/html5/thumbnails/8.jpg)
04/13/23 8
BIA cont.
Major deliverable– Identify vulnerabilities
![Page 9: Disaster Biz Resumpt](https://reader036.vdocuments.mx/reader036/viewer/2022081404/55763212d8b42a015c8b4bb8/html5/thumbnails/9.jpg)
04/13/23 9
Establishment of Priorities
Organizing when to do what Resource limitations
– facilities– people– hardware– backup
Corp. Practice: We have tiered priorities and people response. We are taking that down to aview per site and datacenter.
![Page 10: Disaster Biz Resumpt](https://reader036.vdocuments.mx/reader036/viewer/2022081404/55763212d8b42a015c8b4bb8/html5/thumbnails/10.jpg)
04/13/23 10
Critical Business Functions
What is most important to a company. Identified by senior management. Supports or defines the mission of the
company. Almost always the money chain. Measured in cost per hour of downtime.
![Page 11: Disaster Biz Resumpt](https://reader036.vdocuments.mx/reader036/viewer/2022081404/55763212d8b42a015c8b4bb8/html5/thumbnails/11.jpg)
04/13/23 11
Create RequisitionIssue P.O.Manage Purchase OrderManage Receiving VariancesManage ContractsRequest Supplier Quote (RFQ)Certify SuppliersMaintain Supplier Master DataManage Supplier PerformanceDisposition Unneeded MaterialManage Replenishment ProgramsReview Stock StatusCreate Labor Resource PlanCreate Local/Factory Capacity PlanEvaluate Global CapacityCreate Detailed Factory PlanCreate Production OrderRequest MaterialsDevelop Inventory StrategyManage Global Inventory Levels
ORDER
SHIP
CLOSEPAY
BUILDBus
ines
s
Proc
esse
s
Processes to Plans
Identify Business Processes Select Required Functions Identify Macro Processes Develop Plans
![Page 12: Disaster Biz Resumpt](https://reader036.vdocuments.mx/reader036/viewer/2022081404/55763212d8b42a015c8b4bb8/html5/thumbnails/12.jpg)
04/13/23 12
Emergency Response
Save lives, not a recovery exercise Reduce further injuries Secure the facilities Contain the situation
Corp. Practice:
![Page 13: Disaster Biz Resumpt](https://reader036.vdocuments.mx/reader036/viewer/2022081404/55763212d8b42a015c8b4bb8/html5/thumbnails/13.jpg)
04/13/23 13
Crisis Management
Coordinated disaster response. To mitigate further disruptions,
containment, secure facilities, coordinate and control external communications and activities.
Corp. Practice: CEOC - super event. EOC- Life and Limb IT-ERP is the team for IT.
![Page 14: Disaster Biz Resumpt](https://reader036.vdocuments.mx/reader036/viewer/2022081404/55763212d8b42a015c8b4bb8/html5/thumbnails/14.jpg)
04/13/23 14
Emergency Assessment
Understand the impact Determine the correct response
Corp. Practice: Done at the site level..
![Page 15: Disaster Biz Resumpt](https://reader036.vdocuments.mx/reader036/viewer/2022081404/55763212d8b42a015c8b4bb8/html5/thumbnails/15.jpg)
04/13/23 15
External Communications
Media Training Impact Perception vs. Reality
Corp. Practice: No one should talk to the press unless you have been approved and trainedto do so.
![Page 16: Disaster Biz Resumpt](https://reader036.vdocuments.mx/reader036/viewer/2022081404/55763212d8b42a015c8b4bb8/html5/thumbnails/16.jpg)
04/13/23 16
Containment Priorities
Life and Limb Assets Records
![Page 17: Disaster Biz Resumpt](https://reader036.vdocuments.mx/reader036/viewer/2022081404/55763212d8b42a015c8b4bb8/html5/thumbnails/17.jpg)
04/13/23 17
Training/Testing/Drilling
Checklist Test (Contact and part of SWT)
Structured Walkthrough (Structured Walkthrough)
Simulation (Functional)
Parallel (Functional)
Full-Interruption (Integrated)
Prepare people to react, respond, and resume operations under stressful and time critical situations. Mature our skill levels.
Corp. Practice: Contact done Quarterly, Structured Walkthroughs at least twice a year,Functional Test at least yearly, Integrated test performed once every two years.
![Page 18: Disaster Biz Resumpt](https://reader036.vdocuments.mx/reader036/viewer/2022081404/55763212d8b42a015c8b4bb8/html5/thumbnails/18.jpg)
04/13/23 18
Test Types – Contact Verification Validate Information for:
– Employees– Team members– Emergency Authorities– Vendor representatives– Customer representatives– Business partners– Media outlets / silos– Other stakeholders
Street Address
Cellular
Pager
Work
Home
Verify available contact
elements
![Page 19: Disaster Biz Resumpt](https://reader036.vdocuments.mx/reader036/viewer/2022081404/55763212d8b42a015c8b4bb8/html5/thumbnails/19.jpg)
04/13/23 19
Recovery Plan Development
BIA, SPOF's, Mitigation, Strategy, Priority, Scope, Approvals
Written for the recovery team. More generic.
Corp. Practice: BIA, SPOF Analysis, Strategy, Priority, Approval, Scope, Plan Creation (Process, Team, Positions, Tasks, Resources), Peer Review (SWC), Contact Test
![Page 20: Disaster Biz Resumpt](https://reader036.vdocuments.mx/reader036/viewer/2022081404/55763212d8b42a015c8b4bb8/html5/thumbnails/20.jpg)
04/13/23 20
Documentation
How to recover Essential steps Written for a specific audience Aims to document critical decisions before
the crisis
Corp. Practice: The system of record for IT is XXXXX The business uses MS-word. When they automate further, it will be in XXXx system.
![Page 21: Disaster Biz Resumpt](https://reader036.vdocuments.mx/reader036/viewer/2022081404/55763212d8b42a015c8b4bb8/html5/thumbnails/21.jpg)
04/13/23 21
Logistics and Supplies
Coordinated response for people to get the needed resources delivered to meet the recovery priorities and recovery objectives.
Why-– predefined streamlined processes provide real
time response instead of normal approval cycles which may have broken down when the disaster occurred
Corp. Practice: Driven by Priorities. Simplified to remove processes like procurement and approvals.
![Page 22: Disaster Biz Resumpt](https://reader036.vdocuments.mx/reader036/viewer/2022081404/55763212d8b42a015c8b4bb8/html5/thumbnails/22.jpg)
04/13/23 22
Data Recovery
RPO- Recovery Point Objective Recovery Priorities
Corp. Practice: IT staff has stated that we want no data loss. Hasn’t funded. RecoveryPriorities are being set per data center.
![Page 23: Disaster Biz Resumpt](https://reader036.vdocuments.mx/reader036/viewer/2022081404/55763212d8b42a015c8b4bb8/html5/thumbnails/23.jpg)
04/13/23 23
Backups and Offsite Storage
Types– Full –everything
– Incremental –modified files since last any backup
– Differential –everything since last full
Methods
Backup Facility –– accessible in your timeframes to recover
– available on demand
– fire “proof”
Corp. Practice: Strategy is undergoing major revisions. IT is your best source for program information.
![Page 24: Disaster Biz Resumpt](https://reader036.vdocuments.mx/reader036/viewer/2022081404/55763212d8b42a015c8b4bb8/html5/thumbnails/24.jpg)
04/13/23 25
Cold, Warm, Hot, Mobile Sites Subscription Services – for a fee. Cold Site – basic environment, electrical wiring,
air conditioning, plumbing, and flooring. (may take weeks to activate)
Warm Site – cold site basics plus some services (servers, backups, network)
Hot Site – everything for a quick failover. Usually less than 4 hours. Costly
Mobile Sites – e.g.. PBx in a flatbed, crash kits
Corp. Practice: We have a mixture. Moving away from subscriptions and toward companyowned internal hot sites.
![Page 25: Disaster Biz Resumpt](https://reader036.vdocuments.mx/reader036/viewer/2022081404/55763212d8b42a015c8b4bb8/html5/thumbnails/25.jpg)
04/13/23 26
A Successful Business Continuity Program
Testing
Up-to-DatePlan
TrainedPersonnel
Strategy
IBM S/370
Laptop computer
IBM PS/2
Business Continuity!!!
![Page 26: Disaster Biz Resumpt](https://reader036.vdocuments.mx/reader036/viewer/2022081404/55763212d8b42a015c8b4bb8/html5/thumbnails/26.jpg)
04/13/23 27
BCP/DRP Events
Links– DRJ (Disaster Recovery Journal)– DRI (Disaster Recovery Institute)– BCI (Business Continuity International)– Contingency Planning
![Page 27: Disaster Biz Resumpt](https://reader036.vdocuments.mx/reader036/viewer/2022081404/55763212d8b42a015c8b4bb8/html5/thumbnails/27.jpg)
04/13/23 28
Program Interdependency
Basic InfrastructureFacilities Power
Biz Apps/InfrastructureSAP WOM
Biz Functions Order Build Ship Close
Enabling Apps/Services Messaging Voicemail Conferencing Security
Basic Services Network Internet Intranet Telephony
IT Core BCP
Focus
Business BCP Focus
App/Service BCP Focus
External Requirements
![Page 28: Disaster Biz Resumpt](https://reader036.vdocuments.mx/reader036/viewer/2022081404/55763212d8b42a015c8b4bb8/html5/thumbnails/28.jpg)
04/13/23 29
Summary
Key Topics• BCP vs. DRP
• BIAs
• Contingency Planning
• End User Environment
• Backup Alternatives
• Recovery and Restoration
• Choosing a Software Backup Facility
• Testing and Drills
• Emergency Response
![Page 29: Disaster Biz Resumpt](https://reader036.vdocuments.mx/reader036/viewer/2022081404/55763212d8b42a015c8b4bb8/html5/thumbnails/29.jpg)
04/13/23 30
Questions
Why perform a risk analysis:– inventory assets– identify single points of failure– identify all data in all systems– review all procedures in all places
![Page 30: Disaster Biz Resumpt](https://reader036.vdocuments.mx/reader036/viewer/2022081404/55763212d8b42a015c8b4bb8/html5/thumbnails/30.jpg)
04/13/23 31
Questions
Primary function of the DR committee:– identify strategies– recover– identify weaknesses in systems– prepare for a disaster
![Page 31: Disaster Biz Resumpt](https://reader036.vdocuments.mx/reader036/viewer/2022081404/55763212d8b42a015c8b4bb8/html5/thumbnails/31.jpg)
04/13/23 32
Questions
Major purpose of a written plan:– satisfy auditors– satisfy regulatory authorities– minimize the pressure to make decisions– coordinate all parties
![Page 32: Disaster Biz Resumpt](https://reader036.vdocuments.mx/reader036/viewer/2022081404/55763212d8b42a015c8b4bb8/html5/thumbnails/32.jpg)
04/13/23 33
Questions
The ultimate goal of a disaster recovery plan is: – get operations up and running quickly– restore at least partial operations– get operations up and running efficiently– restore operations to a pre-disaster state
![Page 33: Disaster Biz Resumpt](https://reader036.vdocuments.mx/reader036/viewer/2022081404/55763212d8b42a015c8b4bb8/html5/thumbnails/33.jpg)
04/13/23 34
Questions
During a disaster, which procedures require coordinated efforts of a disaster recovery specialist and IS security specialists? – notifying employees– retrieving supplies– returning to the original site– recovering lost data
![Page 34: Disaster Biz Resumpt](https://reader036.vdocuments.mx/reader036/viewer/2022081404/55763212d8b42a015c8b4bb8/html5/thumbnails/34.jpg)
04/13/23 35
Questions
A proactive disaster recovery plan includes all but – UPS– emergency procedures– a provision for recovery after the disaster– a fire extinguisher
![Page 35: Disaster Biz Resumpt](https://reader036.vdocuments.mx/reader036/viewer/2022081404/55763212d8b42a015c8b4bb8/html5/thumbnails/35.jpg)
04/13/23 36
Questions
DRP and Security policies are:– separate but complementary– separate without substitution– can be one document– separate and diverse
![Page 36: Disaster Biz Resumpt](https://reader036.vdocuments.mx/reader036/viewer/2022081404/55763212d8b42a015c8b4bb8/html5/thumbnails/36.jpg)
04/13/23 37
Questions
Major purpose of a written plan:– minimize the pressure to make decisions
The ultimate goal of a disaster recovery plan is: – restore operations to a pre-disaster state
![Page 37: Disaster Biz Resumpt](https://reader036.vdocuments.mx/reader036/viewer/2022081404/55763212d8b42a015c8b4bb8/html5/thumbnails/37.jpg)
04/13/23 38
Questions
During a disaster, which procedures require coordinated efforts of a disaster recovery specialist and IS security specialists? – recovering lost data
Primary function of the DR committee:– recover
Why perform a risk analysis:– identify single points of failure
![Page 38: Disaster Biz Resumpt](https://reader036.vdocuments.mx/reader036/viewer/2022081404/55763212d8b42a015c8b4bb8/html5/thumbnails/38.jpg)
04/13/23 39
Questions
A proactive disaster recovery plan includes all but – a provision for recovery after the disaster
DRP and Security policies are:– separate but complementary