Post on 01-Jun-2018
transcript
8/9/2019 Chapter 9 - BCP and DR
1/79
Chapter 9
Business Continuity Planning and
Disaster Recovery
8/9/2019 Chapter 9 - BCP and DR
2/79
BCP and DR (770)
An organization is dependant on resources,
personnel and tass per!or"ed on a daily
#ases to #e healthy and pro!ita#le$ %oss or
disruption o! these resources can #e
detri"ental$ Causing great da"age or
even co"plete destruction o! the #usiness$
Business &' have a plan to deal *ithun!oreseen events$
8/9/2019 Chapter 9 - BCP and DR
3/79
BCP and DR (770)
Business Continuity Planning is a #road approach
to ensure that a #usiness can !unction in the
event o! disruption o! nor"al data processing
operations$Disaster Recovery Planning is a su#set o! BCP$
he goal o! a DRP is to "ini"ize the e!!ects o! a
disaster and tae necessary steps to ensure that
the resources, personnel and #usiness
processes are a#le to resu"e operation in a
ti"ely "anner$
8/9/2019 Chapter 9 - BCP and DR
4/79
8/9/2019 Chapter 9 - BCP and DR
5/79
er"s
+ Business -"pact Analysis Process o! analyzing
all #usiness !unctions *ithin the organization to
deter"ine the i"pact o! a data processing
outage$+ Business Resu"ption Planning BRP develops
procedures to initiate the recovery o! #usiness
operations i""ediately !ollo*ing and outage or
disaster$
("ore)
8/9/2019 Chapter 9 - BCP and DR
6/79
er"s (pg ../ -C #oo)
+ Contingency Plan a docu"ent providing the
procedures !or recovering a "aor application or
in!or"ation syste" net*or in the event o! an
outage or disaster$+ Continuity o! 1perations Plan A docu"ent
descri#ing the procedures and capa#ilities to
sustain an organizations essential strategic
!unctions at an alternate site !or up to 20 days$
("ore)
8/9/2019 Chapter 9 - BCP and DR
7/79
er"s
+ Crisis Co""unications Plan A docu"ent that
outlines the procedures !or disse"inating status
reports to personnel and the pu#lic in the event
o! an outage or disaster$+ Critical yste" he hard*are and so!t*are
necessary to ensure the via#ility o! a #usiness
unit or organization during an interruption in
nor"al data processing support$
("ore)
8/9/2019 Chapter 9 - BCP and DR
8/79
er"s
+ Critical Business 3unctions he
#usiness !unctions and processes that
&' #e restored i""ediately to ensure
the organizations assets are protected,
goals "et and that the organization is in
co"pliance *ith any regulations and legal
responsi#ilities$("ore)
8/9/2019 Chapter 9 - BCP and DR
9/79
er"s
+ Cy#er -ncident Response Plan strategies to
detect, respond and li"it the conse4uences o!
cy#er incidents$
+ Disaster Recovery Plan A plan that providesdetailed procedures to !acilitate recovery o!
capa#ilities at an alternate site$
+ Disaster Recovery Planning he process to
develop and "aintain a disaster Recovery Plan
("ore)
8/9/2019 Chapter 9 - BCP and DR
10/79
1#ectives o! the BCP (775)
he o#ectives o! BCP are the !ollo*ing
+ Provide an i""ediate response to e"ergencysituations
+ Protect lives and ensure sa!ety6+ Reduce #usiness i"pact
+ Resu"e critical #usiness !unctions
+ Reduce con!usion during a crisis
+ nsure surviva#ility o! the #usiness
+ 8et up and running AAP a!ter a disaster
8/9/2019 Chapter 9 - BCP and DR
11/79
Business Continuity Planning
8/9/2019 Chapter 9 - BCP and DR
12/79
BCP 1vervie* (775)
he goal o! a BCP is ulti"ately to help a
co"pany resu"e operating o! #usiness
!unctions as soon as possi#le a!ter a
da"aging event$ -! you thin a#out it, a
BCP is really part o! the larger security:
progra"$ As such a BCP should #e part o!
the security policy6
8/9/2019 Chapter 9 - BCP and DR
13/79
teps in BCP (overvie*) (77;)
-C states / Phases in BCP$ i"u" outages:
2$ -denti!y Preventative controls
?$ Recovery trategy identi!y and select the appropriate
recovery alternatives to "eet the recovery ti"ere4uire"ents$
("ore)
.
8/9/2019 Chapter 9 - BCP and DR
14/79
Creating the BCP (overvie*) (77;)
/$ Develop the contingency plan docu"ent the
results o! the B-A !indings and recovery
strategies in a *ritten plan
.$ esting, A*areness, and raining esta#lishthe processes !or testing the recovery
strategies, "aintaining the BCP, and ensuring
that those involved are a*are and trained in
the recovery strategies$
7$ &aintenance &aintain the plan
8/9/2019 Chapter 9 - BCP and DR
15/79
8/9/2019 Chapter 9 - BCP and DR
16/79
BCP@ Phase 5 (77.)
+
8/9/2019 Chapter 9 - BCP and DR
17/79
BCP@ Phase ; (B-A) (77F)
Phase ; o! the BCP steps is to conduct a
Business -"pact Analysis$ -n short this
step is to outline *hat procedures and
resources the co"pany depends on, ho*
i"portant each processes is and ho* long
the #usiness can do *ithout each
resource$ he !or"alized step areconversed ne>t$
8/9/2019 Chapter 9 - BCP and DR
18/79
8/9/2019 Chapter 9 - BCP and DR
19/79
Phase ;@ B-A (overvie*) (77F)
/$ Calculate ho* long these !unctions can
survive *ithout these resources
.$ -denti!y vulnera#ilities and threats to
these processes
7$ Calculate the ris !or each #usiness
process
F$ Docu"ent !indings and report the" to
"anage"ent
BCP Ph ; t 5 (779)
8/9/2019 Chapter 9 - BCP and DR
20/79
BCP Phase ;@ tep 5 (779)
Deter"ine -n!or"ation 8athering
echni4ues-n this step the BCP co""ittee needs toidenti!y the types o! people that *ill #e part
o! the B-A gathering sessions$
hese people should represent the di!!erent
depart"ents that "ae up the #usiness$
A!ter deter"ining the general roles, *e need
to actually !ind the actual e"ployees that
!ill these roles, so *e can intervie* the"$
8/9/2019 Chapter 9 - BCP and DR
21/79
8/9/2019 Chapter 9 - BCP and DR
22/79
BCP Phase ;@ tep 2 -denti!y
Critical Business 3unctions
Based on the in!or"ation gathered #y the
intervie*s and the data gathering
techni4ues, *e need to no* identi!y *hich
#usiness processes and !unctions arecritical !or the success!ul operation o! the
#usiness$
8/9/2019 Chapter 9 - BCP and DR
23/79
BCP Phase ;@ tep ? Analyze
in!or"ation
1ne *e no* *hat the i"portant processes
are *e need to deter"ine *hat are the
resources6 that these processes depend
upon$ hese resources can #e all inds o!things such as servers, data, people,
#uildings etcG (not ust - related things)
+ Deter"ine cost: *hether 4ualitative or4uantitative
8/9/2019 Chapter 9 - BCP and DR
24/79
BCP Phase ;@ tep / Deter"ine
&D and prioritization (7F5)
o* *e need to prioritize and calculate the "a>i"u" ti"e*e can survive *ithout the #usiness processes identi!iedin tep 2$ his "a>i"u" ti"e is called the &a>i"u"olera#le Do*nti"e (&D)6: here are so"e co""on
&D classi!ications$Heep in "ind *hen prioritizing things, *e have to use
4uantitative and 4ualitative analysis to deter"ine ust*hat is critical$ 3or e>a"ple loss o! so"e process "ightnot cause i""ediate !inancial loss, #ut could da"age
reputation or co"petitive advantage, and that da"agecould #e devastating$
("ore)
8/9/2019 Chapter 9 - BCP and DR
25/79
BCP Phase ;@ tep / (7F;)
ere are so"e co""on &D classi!ications
that you should "e"orize6
+ Crititical@ 5 ? hours
+ 'rgent@ ;? hours
+ -"portant@ 7; hours
+ or"al@ 7 days+ onessential@ 20 days
8/9/2019 Chapter 9 - BCP and DR
26/79
BCP Phase ;@ tep . = hreats
o* *e need to identi!y vulnera#ilities and
threats to these processes and the
resources that are re4uired !or the"$
(re"e"#er Ris &anage"entRisAnalysisG
1n the ne>t slide *e *ill e>a"ine so"e
e>a"ple threats$
8/9/2019 Chapter 9 - BCP and DR
27/79
8/9/2019 Chapter 9 - BCP and DR
28/79
BCP Phase ;@ tep 7
Deter"ine the pro#a#ilityris !or each
#usiness !unction$
8/9/2019 Chapter 9 - BCP and DR
29/79
BCP Phase ;@ tep F
1nce *e have done this research, *e "ust
docu"ent and provide our !indings to
"anage"ent$ ote at this point *e really
have not started creating a BusinessContinuity Plan yet,
8/9/2019 Chapter 9 - BCP and DR
30/79
BCP tage 2@ -denti!y Preventative
Controls (7F.)
Pretty traight!or*ard, though a lot o! *or$
o* that *e no* *hat *e need to
protect and the threats involved$ %oo at
*ays to PRI these pro#le"s !ro"occurring, so *e never have to *orry
a#out dealing *ith the"$ his is really ust
doing a Ris Analysis and deter"iningCost !!ective Counter"easures$
8/9/2019 Chapter 9 - BCP and DR
31/79
BCP Phase ?@ Recovery trategies
(7FF)
1 no* *e are at the stage *here *e
actually are developing a P%A !or
#usiness continuity$ Be!ore *as ust initial
research and getting "anage"ent to giveus the 1H: to develop a plan$
("ore)
8/9/2019 Chapter 9 - BCP and DR
32/79
BCP Phase ?@ Recovery trategies
(7F7)
A "ore technical: and tangi#le: stage$ he idea isto !igure out *hat the co"pany AC'A%%Kneeds to do to #e a#le to recovery the necessary#usiness processes in the event o! a
catastrophe$+ Deter"ine the "ost cost=e!!ective6 recovery
"echanis"s+ 3or"ally de!ine the activities and actions that *ill
#e i"ple"ented and carried out in response to adisaster$+ hese trategies *ill #e #ased on the / "ain
#usiness considerations listed on the ne>t page
8/9/2019 Chapter 9 - BCP and DR
33/79
Phase ?@ Recovery trategies (7F7)
/ categories
+ Business Process Recovery
+ 3acility Recovery
+ upply and echnology Recovery+ 'ser nviron"ent Recovery
+ Data Recovery
8/9/2019 Chapter 9 - BCP and DR
34/79
8/9/2019 Chapter 9 - BCP and DR
35/79
3acility Recovery (7FF)
3acility Recovery is concerned *ith the a#ility to
"ove processing operations to an alternate
!acility in case o! the !ailure o! the "ain !acility$
8/9/2019 Chapter 9 - BCP and DR
36/79
3acility Recovery (795)
u#scription services
A su#scription service is a contract *ith a 2rdpartyto provide access to a !acility$ here is generallya "onthly !ee to retain the right to use the !acilityalong *ith a large Activation: !ee and hourly !ee
*hen actually using the !acility$ his is o#viouslya short ter" only solution$ here are 2 types o!su#scription services *hich *e *ill tal a#out"ore o! in the ne>t slides
+ ot ite+
8/9/2019 Chapter 9 - BCP and DR
37/79
ot ite (790)
ot ite a !acility that is !ully con!igured andready to operate in a !e* hours$ he onlyresources "issing !ro" a hot site is the actualdata and the actual e"ployees$
+ ard*are and so!t*are &' #e !ullyco"pati#le or itJs pointless= Iery >pensive
= Iendor "ay not have custo"er speci!ic or proprietaryhard*areso!t*are
L can allo* !or annual testing
L ready *ithin hours
8/9/2019 Chapter 9 - BCP and DR
38/79
pensive stu!!$
+ 8enerally can #e up in an accepta#le ti"e period$
+ &ay #e #etter !or custo"ers *ith speci!ichard*areso!t*are needs, custo"er *ill #ring co"putinghard*are *ith the"$
+ &ost *idely used "odel+ Lcheaper
+ Lavaila#le !or longer ti"e!ra"e due to reduced costs+ L good i! you have our o*n custo" hard*areso!t*are+ = taes longer to prepare+ =actual yearly testing not generally possi#le
8/9/2019 Chapter 9 - BCP and DR
39/79
Cold ite (790)
upplies #asic environ"ent, (AC, electrical,plu"#ing etc), #ut 1 actual co"putinge4uip"ent$ Can tae a *hile to activate$
+ Lcheaper+ Lavaila#le !or longer ti"e!ra"e due to reducedcosts
+ L good i! you have our o*n custo"
hard*areso!t*are= &ay tae *ees to get activated and ready
= Cannot do yearly tests
8/9/2019 Chapter 9 - BCP and DR
40/79
Reciprocal Agree"ent (792)
RA also called &utual Aid: is *hen t*o
co"panies agree to help each other out in
the case o! an e"ergency$ 'lti"ately this
is not really practical !or "ost #usiness$
Can you guys tell "e *hat the Pros and
Cons o! this areE Can you tell "e *hy this
is not really practical$
8/9/2019 Chapter 9 - BCP and DR
41/79
Redundant ites (79?)
Pretty "uch these are 1 sites, that are 1
8/9/2019 Chapter 9 - BCP and DR
42/79
&ultiple Processing Centers (79?)
Another approach is rather to than have only onecenter that !acilitates a certain #usiness !unction$plit the *or a"ong "ultiple active centerssuch that there is no single point o! !ailure$
+ olid approach
+ 8ood cala#ility !or nor"al #usiness gro*th
+ Nust "ae sure that the other centers have "ore
resources then they individually need in casethey need to tae on "ore *or, due to the!ailure o! another center$
8/9/2019 Chapter 9 - BCP and DR
43/79
upply and echnology Recovery
(79/)
1 so *e have plans to recover our !acilities andour "ain processing re4uire"ents$ But *hata#out the lo*er level: o! things
+ ard*are Bacups+ o!t*are Bacups
+ Docu"entation
+ u"an Resources
hese considerations need to #e taen intoconsideration too *e *ill #rie!ly tal a#out thesein the ne>t !e* slides
8/9/2019 Chapter 9 - BCP and DR
44/79
ard*are #acups (79.)
1 so *e have a space to process, #ut unless *e
have a hot site or redundant site, and our
#uilding is destroyed *here do *e get the
servers !ro", *hat a#out the destops that oursta!! needE Do *e have a vendors to provide
these, ho* long *ill it tae to get ne* e4uip"ent
!ro" the"E
8/9/2019 Chapter 9 - BCP and DR
45/79
8/9/2019 Chapter 9 - BCP and DR
46/79
Docu"entation (79F)
1H so *e have the e4uip"ent and so!t*are ho*do *e get it all rolled out and con!igured suchthat it *as the sa"e at the co"pany$
-ncorrect con!igurations C1'%D cause
co"pro"ises in integrity or con!identialityG(ho*E)
Do *e even ho* our old net*or *as con!iguredECan *e reproduce itE
An -"portant concept !or BCP that should #e inco"pany policy is that OAll docu"entation should#e ept=up to date and properly protectedJ
8/9/2019 Chapter 9 - BCP and DR
47/79
u"an Resources (799)
ecutive uccession Planning *hat is
thisE
8/9/2019 Chapter 9 - BCP and DR
48/79
nd 'ser nviron"ent (F00)
o* do *e noti!y the users a#out a disaster andthe change o! operating procedureE
1nce there *e need to have so"e type o! peopleon the ground directing issues pertaining to
e"ployees$ hese people should #e easilyidenti!ied$
8/9/2019 Chapter 9 - BCP and DR
49/79
8/9/2019 Chapter 9 - BCP and DR
50/79
raditional Bacups (F0;)
raditional #acups have so"e "ethod o! #acingup !iles to a re"ova#le "ediu"$ he !irst thingsto understand a#out #acups is the archive: #it$very ti"e a !ile is altered the archive: #it is setto noti!y the syste" that a !ile "ay need to #e#aced up$ o* lets tal a#out the 2 #acuptypes
+ 3ull
+ Di!!erential
+ -ncre"ental
8/9/2019 Chapter 9 - BCP and DR
51/79
3ull Bacup (F0;)
i"ply put,+ #acup every !ile on the syste"G+ hen clear the archive #it o! each !ile
his "ust #e done to so"e degree o! regularity,depending on the #usiness needs$
L everything gets #aced up
L i! you do a !ull #acup every day, you can restore*ith only 5 restore operation
= aes a long ti"e, can #e e>pensive to co"plete ina ti"ely "anner
8/9/2019 Chapter 9 - BCP and DR
52/79
Di!!erential (F0;)
Bacup any !ile that has changed last !ull #acup$ tepsare
+ 3ind any !ile *here the archive #it is set
+ Bacup the !ile
+ D1 1 clear the archive #it
his allo*s you to 4uicly restore data in the event o! adisaster in ; operations$ i"ply
5$ Restore the last !ull #acup;$ Restore the last di!!erential: #acup
("ore)
8/9/2019 Chapter 9 - BCP and DR
53/79
8/9/2019 Chapter 9 - BCP and DR
54/79
8/9/2019 Chapter 9 - BCP and DR
55/79
8/9/2019 Chapter 9 - BCP and DR
56/79
8/9/2019 Chapter 9 - BCP and DR
57/79
Discussion o! #acups
Can you "i> di!!erential and incre"ental #acupsE(
8/9/2019 Chapter 9 - BCP and DR
58/79
Discussion o! Bacups
8/9/2019 Chapter 9 - BCP and DR
59/79
Discussion o! Bacups
8/9/2019 Chapter 9 - BCP and DR
60/79
on Bacup er"s that should #e
"entioned (F0?)
Dis "irroring shado*ing coping data to
one or "ore hard drives such that a
syste" has a "ultiple copies o! data in
case o! a drive !ailure
Dis duple>ing= sa"e as shado*ing, #ut
using "ultiple dis controllers$$ (*hyE)
8/9/2019 Chapter 9 - BCP and DR
61/79
lectronic Iaulting (F0?)
lectronic Iaulting6 is the idea o! sending all
changes to a !ile to a re"ote site (using
non=#acup "ethods)$ his usually is not
done real=ti"e #ut in #atches$
(e>a"ple #an transactions "ight #e copied
daily to another o!!ice)
8/9/2019 Chapter 9 - BCP and DR
62/79
Re"ote Nournaling (F0/)
RN is another "ethod o! trans"itting data to an
o!!site !acility$ o*ever it is di!!erent than N$
+ -t is done in real=ti"e: (
8/9/2019 Chapter 9 - BCP and DR
63/79
ape Iaulting (F0.)
A type o! #acup, ho*ever rather than
#acing up to a local device you #ac up:
to a re"ote device$
8/9/2019 Chapter 9 - BCP and DR
64/79
8/9/2019 Chapter 9 - BCP and DR
65/79
Phase ?@ Restoration (F09)
8/9/2019 Chapter 9 - BCP and DR
66/79
Phase ?@ Recovery (F09)
Da"age Asses"ent
+ Deter"ine cause o! disaster
+ Deter"ine potential !or !urther da"ange
+ -denti!y a!!ected #usiness !unctions and assets+ -ndenti!y resources that "ust #e replaced
i""ediately
+ sti"ate ho* long it *ill tae to #ring ciritical
!unctions online+ Deter"ine *hether the BCP should #e put into
operation
8/9/2019 Chapter 9 - BCP and DR
67/79
Phase ?@ Recovery (F09)
Restoration ea" should #e responsi#le
!or getting the alternate site into a *oring
and !unctioning environ"ent
8/9/2019 Chapter 9 - BCP and DR
68/79
Phase ?@ Recovery (F09)
alvage ea" responsi#le !or starting the
recovery o! the original site$
+
8/9/2019 Chapter 9 - BCP and DR
69/79
nd o! Phase ?@ Recovery
Phase /@ Plan design and
8/9/2019 Chapter 9 - BCP and DR
70/79
Phase /@ Plan design and
develop"ent (F5?)
o* *e need to actually co"e up *ith a goals anda plan !or attaining these goals$ hese goals"ust contain certain ey in!or"ation$
+ Responsi#ility *ho are the individuals
responsi#le !or *hat$ ptected o! the",ho* *ill they #e trained
+ Authority in ti"es o! crisis *ho is in charge$+ Priorities
8/9/2019 Chapter 9 - BCP and DR
71/79
Phase /@ Plan Design and
Develop"ent (F5?)
trategies
+ Copies o! the plan need to #e ept in one
or "ore lcoations$ (*hy)
+ Plans "ust #e in paper and electronic
!or"at
+ Call tress should #e i"ple"ented
8/9/2019 Chapter 9 - BCP and DR
72/79
BCP@ Phase . esting (F5.)
1H so *e have this great plan that *eJve spent "illions o!hours and dollars creating$$ But does it *or, or *ill itsin and co"pletely !ail *eJll *e should try testing it$
+ esting it also allo*s us to see *here the plan can #e
i"proved, or i! ne* changes in environ"ent *ill re4uirethe plan to #e updated (*hat co"pany doesnJt changeand gro*E)
+ esting should #e carried out at %A once a year$6
+ Any pro#le"s that occurred should #e docu"ented andreported to "anage"ent$6
o *hat are so"e testing "ethodsE$$$ e>t slide
8/9/2019 Chapter 9 - BCP and DR
73/79
Checlist est (F5F)
BCP is distri#uted to depart"ents and
!unctional areas !or revie*$ he &anagers
read over and indicate i! anything is
"issing or should #e "odi!ied$ (&anagerchecs: o!! that the plan is 1H !or their
depart"ent)
8/9/2019 Chapter 9 - BCP and DR
74/79
tructured
8/9/2019 Chapter 9 - BCP and DR
75/79
i"ulation est (F59)
A speci!ic scenario is propose, all re4uired
e"ployees co"e together and start to
si"ulate that the event has happened and
start taing action to recover$ he idea isto see i! any pro#le"s co"e up or i! any
concerns *ere le!t out$
8/9/2019 Chapter 9 - BCP and DR
76/79
Parallel est (F59)
o"e syste"s are "oved to the alternate
site and processing taes place$ he
results are co"pared to the real
processing to see i! anything needs tochange$
8/9/2019 Chapter 9 - BCP and DR
77/79
3ull -nterruption test (F59)
&ost intrusive test$$ he original site is actually shutdo*nand processing is "oved to the alternate site (reallyneeds to #e a hot site)$ he recovery tea" !ul!ils itJso#ligation in preparing the syste"s and environ"ent !orthe alternate site$
+ his is a !ull #lo*n drill
+ Re4uires tons o! planning and co=ordination
+ hese are risy and can cause da"age i! not "anagedproperly$
+ enior "anage"ent approval is re4uired due to the risinvolved$6
8/9/2019 Chapter 9 - BCP and DR
78/79
&aintaining the Plan (F59)
o* that *e have the plan *e need to "aintain itGyste"s and processes #eco"e out o! date andneed constant re!resh: *hyE
+ BCP plan "ay not #e integrated into change
"anage"ent process (it should #e thoughG)+ -n!rastructure or environ"ent changes (that
never changes )+ Co"pany re=organization, layo!!s etc
+ Changes in hard*are or so!t*are+ "ployee turn over
("ore)
8/9/2019 Chapter 9 - BCP and DR
79/79
&aintaining the Plan (F59)