Date post: | 21-Jan-2018 |
Category: |
Self Improvement |
Upload: | atef-yassin |
View: | 17 times |
Download: | 1 times |
BUSINESS CONTINUITY PLANNING /
DISASTER RECOVERY PLANNING
Business Continuity Plan
BCP is the creation and validation of a practical
logistical plan for how an organization will recover and restore partially or completely within a predetermined time
after a disaster has occurred.
Business Continuity Planning Lifecycle
Need for BCP/DRP
Objectives Goals Areas
Minimize loss by
Minimizing the cost
associated with
disruptions
Identify weaknesses Business
Resumption
Planning
Enable the
Organization to
survive a disaster
Minimize the
duration of a serious
disruption to b/s
operations
Disaster Recovery
Planning
Facilitate effective
co-ordination of
recovery tasks
Crisis Management
Reduce the
complexity of the
recovery effort
Developing a BCP
Initiate
Obtain understanding of the existing and projected systems
Establish a ‘Steering Committee’
Develop a Master Schedule and milestones
Perform Risk Assessment
Choose Recovery Strategy
Plan Development
• Determine all available options and strategies
• Business – Logistics, HR, Accounting
• Technical – IT (Client –Server, Mainframes, Databases, Networks
Identify Recovery Strategy
• Recovery plan components and standards are defined, developed and documented
• Define notification procedures
• Establish Business recovery teams for each CBS
Test and Validate
•Validate the BCP
•Develop and document contingency test plans
•Prepare and execute tests
•Maintenance
•Update disaster recovery plans and procedures
Working of a BCP Process
Differentiation of BCP and DRP
Business Continuity Plan:
It is the process of defining arrangements and procedures that enable an organization to continue as a viable entity.
It addresses the recovery of a company’s critical business functions after an interruption
Disaster Recovery Plan:
It involves making preparations for a disaster and also addresses the procedures to be followed during and after a loss. It is specific to the information system function
Disaster Recovery & Business Continuity
What is DR and BC?
• Process, policies and procedures related to preparing for recovery or continuation of technology infrastructure critical to an organization after a natural or human-induced disaster
• Scope is limited to technology and technology availability
Disaster Recovery (DR)
• Planning out how to stay in business in the event of disaster
• Scope encompasses all critical business operations (sales, customer support, financial and admin services, etc)
Business Continuity (BC)
While not the same, they are tightly interdependent.
Types of Disaster Recovery Plans
Emergency
Plan
Backup Plan Recovery Plan Test Plan
It specifies
actions to be
undertaken
when the
disaster happen
It specifies the type
of backup to be kept,
frequency of backup
to be undertaken,
procedures, location,
personnel, priorities
assigned and a time
frame
It specifies
procedures to
restore full
information system
capabilities
Final Component
Identification of
situations which
requires plan to
be invoked
It needs continuous
updates as changes
occur
Formation of a
recovery committee,
specify
responsibilities and
guidelines for proper
functioning
Identification of
deficiencies in the
emergency, backup
or recovery plans or
tin the preparation of
an organization for
facing a disaster
Types of Backup
Full Backup Incremental
Backup
Differential
Backup
Mirror Backup
IT captures all
files on the
disk or within
the folder
selected for
backup
It captures files
that were created
or changed since
the last backup,
regardless the
backup type
It stores files that
have changed
since the last full
backup.
It is identical to a
full backup, with
the exception that
the files are not
compressed in zip
files and they
cannot be
protected with a
password
RTO and RPO
Maximum tolerable length of time that a computer, system, network, or application can be down after a failure or disaster occurs
Recovery Time Objectives (RTO)
Age of files that must be recovered from backup storage for normal operations to resume (i.e, how many hours of work is lost)
Recovery Point Objectives (RPO)
RTO – Recovery Time ObjectiveHow quickly should critical services be restored
RPO – Recovery Point ObjectiveFrom what point before system loss should data be available
How much data loss can be accommodated
Last System Backup/Copy
System Loss/Failure
System Restored
RPO (Recovery Point
Objective) – Time Since Last
Good Backup
RTO (Recovery Time
Objective) – Time to Recover
Overall Recovery Time – From Last Backup to System Recovery
Threats Landscape
Threats from within External Threats
Malicious IntentIf a malicious insider is intent on compromising systems, there is little that can be done by traditional security products to prevent this form of attack krowten emos elihW .
nac seuqinhcet roivaheb tsoh dna taerht redisni na yftinedi ot pleh eb lltis nac redisni suoicilam a ,eussi
lufsseccus.
•To steal information, the attacker can copy restricted information onto a thumb drive, or install a covert key logger on a keyboard cable disguised as a ferrite bead .
•To disrupt operation, the attacker might unplug a critical system.
There are 4 primary threat vectors
1- MalcodeMalcode comes from programs, scripts, or macros that can execute on user machines, and are malicious in nature. This category of threat is often subdivided into Viruses and Trojan horses ro ,dehcatta edoc si suriv A .
a si esroh najorT A .tnemucod ro margorp etamtiigel a nihtiw deniatnoc suoicilam trevoc sah osla tub ,esoprup elbisiv lanretxe na sah taht margorp
.resu eht ot nwonknu si taht roivahebMalcode can contain many components, and categorization is subdivided according to the componentspurpose (password stealers ,keyboard loggers ,botnets ,droppers ) yteirav A .
tuohtiw dellatsni edoclam peek ot deyolped eb nac ygolonhcet htlaets fo,elpmaxe rof( noticetedrootkits fleS .)- detangised nefto si edoc gntiagaporp
a saworm.
2- VulnerabilitiesVulnerabilities come from deficiencies in legitimate code that is running
on internal computer systems, or a system misconfiguration that can
lead to an unexpected outcome. Vulnerabilities types such as SQL
injection vulnerabilities are well known for being easily exploited to gain
knowledge of internal database structure and contents. Cross-site
scripting vulnerabilities (XSS edoc tpircs etucexe ot desu netfo era )
seitilibarenluv fo sepyt gnitatsaved tsom eht tuB .sresworb sresu nihtiw
sa detangised esoht eraremote code execution .These vulnerabilities,
when exploited, allow native code execution on the computer containing
the vulnerable code. Perhaps the biggest remote code vectors used to
compromise systems in the past year are vulnerabilities contained in
browsers, or browser based plug-ins. If a user is enticed into visiting a
malicious Web site that hosts a document containing an exploit for a browser vulnerability, the users machine can be owned.
3- Data leakageData leakage often comes from unintentional insiders transferring restricted information to external systems. But it can also be the result of malcode installed on the users machines. The problem is detecting and preventing the transfer of sensitive information from within the organization to an unauthorized external site.
4- Denial-of-serviceDenial-of-service gnikcatta smetsys ro sresu lanretxe morf semoc
noitarepo eht tpursid ot si aedi lareneg ehT .erutcurtsarfni smetsys a
laineD fo smrof suoirav era erehT .metsys eht fo-fo- .skcatta ecivres
lained ytilibarenluv eht si enO-fo- seitilibarenluv era erehT .ecivres
nac tub ,noitucexe edoc etomer tiolpxe ot elba eb ton thgim taht
a gnidnes yb retupmoc a hsarc nac rekcatta nA .metsys eht hsarc
.tsoh elbarenluv eht ot tekcap elgnisMore common are denial-of-
service disruptions that come from generating a volume of traffic
that overwhelms a network, or host computer in the network.DNS
servers are particularly vulnerable when dealing with malformed
DNS requests. If an attacker can find a packet that causes a lot of
cycles to be spent by the host computer, then a flood of these
packets to the host can cause a denial-of-service. Bandwidth denial-
of-service attacks seek to exhaust the network capacity by
flooding the network with traffic. Often these attacks are mounted
from thousands of different host computers (distributed denial-of-service era gnikcatta era taht sretupmoc eht yllausu dna ,)
tob htiw desimorpmoc-senihcam eht no dellatsni edoclam ten.
Unintentional insider threatsthe unintentional compromise of restricted data by insiders is a bigproblem that can, and is addressed by security systems.
Threats and Risk Management
• Lack of Integrity
• Lack of Confidentiality
• Unauthorized Access
• Hostile Software
• Disgruntled Employee“disappointed”
• Hackers and computer crimes
• Terrorism and Industrial espionage
Risk Analysis
Determine appetite for downtime (RTO) for each system
Rank your IT systems by impact on business operations
Determine impact of data loss for each system (RPO)
Likely risks like hardware and network failure should go at the top
Unlikely risks like tornado should go at the bottom
Rank the risks to that system by likelihood to occur
Look for projects that address multiple risks and/or systems and/or non DR needs (better ROI)
Be sure to identify dependencies
List options to address each risk, rank their effectiveness, and estimate cost
This Risk Analysis creates a roadmap to address your DR needs!
Instead,
Perform a basic Risk
Analysis:
Data Recovery for your entire IT Infrastructure is very expensive!
Planning
•Must include all executives
•Good DR plans involve more than the IT department
Corporate buy-in is critical to success
Establish a budget - budget drives your options
•It is more difficult and more costly to design DR for production systems
Planning should be part of the production design
Use your Risk Analysis to establish a multi-year project plan
Document, document, document!
•Be sure that your documentation is available no matter what the disaster!
Plan your actions – who, what, where
Test and update regularly – a stale DR Plan is a useless DR Plan
Virtualization and big bandwidth are key enablers of DR since 2013
Planning
Insurance
•The purpose of insurance is to spread the economic cost
and risk loss from an individual or business to a large
number of people.
• Policies are contracts that obligate the insurer to
indemnify the policyholder from specific risks in exchange
of a premium
• Adequate insurance coverage is a key consideration while
developing a BRP/DRP and performing a risk analysis
Activities considered while testing
BRP/DRP plan
• Defining the boundaries
• Scenario
• Test Criteria
• Assumptions
• Briefing Session
• Checklists
• Analysing the test
• Debriefing session
Audit of DR/BR plan
• Based on the BIA
• Key employees have participated in the development
• Plan is simple and is realistic in assumptions
• Review the existing DR/BR plan
• Gather background info regarding its preparation
• Does the DR/BR plan include provisions for personnel, building
• Does the BR/DR plan include contact details of suppliers of
essential equipment
• Does the DR/BR plans include provisions for the approval to
expend funds that were not budgeted for the period? Recovery may
be costly
Business Continuity and Disaster Recovery Implementation
Approach
The System Dynamics approach to implementing effective
Business Continuity consists of two phases:
1. Solution Design – your Business Continuity/Disaster Recovery
requirements are identified and documented and a solution and an
implementation plan are developed
2. Solution Implementation – the previously defined and agreed solution
is implemented
Project
Initiation
Risk
Assessment
Business
Requirements
and
Impact
Analysis
Solution
Design
and Documentation
Implementation
Plan
Roadmap
Solution
Implemen
tation
Testing
Solution DesignSolution
Implementation
BC-DR implementation process
BC/DR
PLAN
PROJECT
MANAGEMENT
PROGRAM
MANAGEMENT
RISK ANALYSIS
& REFVIEW
RECOVERY
STRATEEGY
BUSINESS
IMPACT ANALYSIS
PLAN
DEVELOPMENT
AWARENESS
& TRAINING
TESTING &
EXERCISING
Maintaining Business Continuity and Disaster Recovery
• Once implemented, effective business
continuity must be regarded as a
continuous process
• While this imposes an overhead it
ensures that business continuity
implementation will continue to meet the
requirements of the business and meet
audit compliance requirements
• Good solution design will minimize
maintenance effort as continuity is
embedded
Business Continuity Project
Understand the Critical Systems and Applications
Develop Strategy for Business
Continuity
Develop Business Continuity Plans and Processes
Embed Business Continuity into
Exercise, Test and Maintain Business
Continuity Plan
DR Site Design Options
Hot SiteWorm
Site
Cold
Site
Mobile
Site
Reciprocal
Agreement
DR Site Design Options
Duplicate of the original site of the organization, with full IT systems as well as near-complete copies of user data.
1- Hot Site
Useful when fast recovery is critical
Organization requires all the facilities at an alternative location
It is expensive
Hot site
Have hardware and connectivity already established, though on a smaller scale than the original production site or even a hot site.
2- Warm Site
DR Site Design Options
Provides intermediate level of backup
Organization can tolerate some downtime
Organization requires only essential facilities at an alternative location
Warm Site
Standby site with no hardware, established connectivity, or backups, but has adequate facilities to house IT infrastructure.
3- Cold Site
DR Site Design Options
It is useful when the organization can tolerate some downtime
Organization requires minimum facilities at an alternative location to run its regular operations
It is inexpensive
Cold site
No specific fixed on the ground facility
4- Mobile Site A Mobile site is self-
contained, transportable
shelter custom –fitted with
specific telecommunications
and IT equipment
Advantage :
•The organization have
full control over the
equipment.
Disadvantage:
• May offer limited information
processing capacity (as
compared to the primary data
center
• Require advance
coordination, resources may
not be immediately available (
i.e. equipment transport, setup,
and data restoration)
Mobile site
DR Site Design Options
Two or more organizations might agree to provide backup facilities to each other in the event of one suffering a disaster
It is relatively cheap
Each participant must maintain sufficient capacity to operate another’s critical system
Reciprocal Agreement
DR Site Design Options
No specific fixed on the ground facility
5- Reciprocal Agreement
Minimum Disaster Precautions
Daily backup strategy with at least
weekly offsite backups
A strategy for monitoring and
remediating problems with your
backups
Antivirus software on all workstations and servers with daily signature updates
Patching on allworkstations and servers kept up to
date
High Availability = Disaster Prevention
typically means that the system is automatically
redundant. Eliminate single points of failure!
High Availability (HA):
Enables very low RTO and RPO objectives
Network High Availability
Dual routersDual
firewallsDual
switches
Dual network interfaces on
Servers
Router
Router
Firewall
Firewall
Switch
Switch
Server
High Availability Connectivity
Dual connections to the Internet
• Difficult and expensive to implement at a corporate level
• Need to use two separate carriers – very little protection if using the same carrier
• Multi-site companies can use another site’s Internet
Dual connections to remote sites
• Use separate carriers
• Use separate last mile media (E1 and Fiber, E1 and Cable)
• Easy and relatively inexpensive using Internet as failover with mesh VPN technology
High Availability Power
Install quality power filtration and lightning arrestors
Use devices with dual power supplies
Where that isn’t possible, use an Automatic Transfer Switch (ATS)
Note that an ATS creates a single point of failure
Feed devices with two separate power circuits
Better yet, feed from two separate power panels
Protect at least one circuit of each pair with an Uninterruptible Power Supply (UPS)
Protect the UPS(s) with a generator
Virtualization = Server Hardware HA
Virtualization is the key enabler of
server hardware HA
Divorces server software from the underlying hardware running it
Allows a server to “move” between multiple
physical server hardware
Enables rapid replacement or expansion of
physical hardware on demand
Enables new backup techniques that have less
impact on servers and users, and allows for much faster restore times. Bye-bye bare
metal restores!!
Most importantly for disaster recovery, allows
servers to “move” between multiple
physical locations
Application HA
Virtualization addresses hardware failures but
doesn’t address application failures
•Exchange 2010 Database Availability Groups (DAG)
•Microsoft SQL Clustered Services
•Microsoft SQL Bidirectional Transactional Replication
•Windows Server 2008 DFS
Native Application HA implementations are
typically the most effective way to address HA for
specific apps
Native Application HA Schemes ex.
Geographic HA
•Typically proprietary
SAN based (LUN to LUN)
• DoubleTake
• Microsoft SQL Replication
• Microsoft Exchange lag database copies
• Microsoft DFS Replication
Server or Application Based
• Veeam Backup and Replication
Virtual snapshot based
All these techniques require high bandwidth
connectivity
Data Replication
Options
Thank YouAtef Yassin