BUSINESS CONTINUITY PLANNING /

DISASTER RECOVERY PLANNING

Business Continuity Plan

BCP is the creation and validation of a practical

logistical plan for how an organization will recover and restore partially or completely within a predetermined time

after a disaster has occurred.

Business Continuity Planning Lifecycle

Need for BCP/DRP

Objectives Goals Areas

Minimize loss by

Minimizing the cost

associated with

disruptions

Identify weaknesses Business

Resumption

Planning

Enable the

Organization to

survive a disaster

Minimize the

duration of a serious

disruption to b/s

operations

Disaster Recovery

Planning

Facilitate effective

co-ordination of

recovery tasks

Crisis Management

Reduce the

complexity of the

recovery effort

Developing a BCP

Initiate

Obtain understanding of the existing and projected systems

Establish a ‘Steering Committee’

Develop a Master Schedule and milestones

Perform Risk Assessment

Choose Recovery Strategy

Plan Development

• Determine all available options and strategies

• Business – Logistics, HR, Accounting

• Technical – IT (Client –Server, Mainframes, Databases, Networks

Identify Recovery Strategy

• Recovery plan components and standards are defined, developed and documented

• Define notification procedures

• Establish Business recovery teams for each CBS

Test and Validate

•Validate the BCP

•Develop and document contingency test plans

•Prepare and execute tests

•Maintenance

•Update disaster recovery plans and procedures

Working of a BCP Process

Differentiation of BCP and DRP

Business Continuity Plan:

It is the process of defining arrangements and procedures that enable an organization to continue as a viable entity.

It addresses the recovery of a company’s critical business functions after an interruption

Disaster Recovery Plan:

It involves making preparations for a disaster and also addresses the procedures to be followed during and after a loss. It is specific to the information system function

Disaster Recovery & Business Continuity

What is DR and BC?

• Process, policies and procedures related to preparing for recovery or continuation of technology infrastructure critical to an organization after a natural or human-induced disaster

• Scope is limited to technology and technology availability

Disaster Recovery (DR)

• Planning out how to stay in business in the event of disaster

• Scope encompasses all critical business operations (sales, customer support, financial and admin services, etc)

Business Continuity (BC)

While not the same, they are tightly interdependent.

Types of Disaster Recovery Plans

Emergency

Plan

Backup Plan Recovery Plan Test Plan

It specifies

actions to be

undertaken

when the

disaster happen

It specifies the type

of backup to be kept,

frequency of backup

to be undertaken,

procedures, location,

personnel, priorities

assigned and a time

frame

It specifies

procedures to

restore full

information system

capabilities

Final Component

Identification of

situations which

requires plan to

be invoked

It needs continuous

updates as changes

occur

Formation of a

recovery committee,

specify

responsibilities and

guidelines for proper

functioning

Identification of

deficiencies in the

emergency, backup

or recovery plans or

tin the preparation of

an organization for

facing a disaster

Types of Backup

Full Backup Incremental

Backup

Differential

Backup

Mirror Backup

IT captures all

files on the

disk or within

the folder

selected for

backup

It captures files

that were created

or changed since

the last backup,

regardless the

backup type

It stores files that

have changed

since the last full

backup.

It is identical to a

full backup, with

the exception that

the files are not

compressed in zip

files and they

cannot be

protected with a

password

RTO and RPO

Maximum tolerable length of time that a computer, system, network, or application can be down after a failure or disaster occurs

Recovery Time Objectives (RTO)

Age of files that must be recovered from backup storage for normal operations to resume (i.e, how many hours of work is lost)

Recovery Point Objectives (RPO)

RTO – Recovery Time ObjectiveHow quickly should critical services be restored

RPO – Recovery Point ObjectiveFrom what point before system loss should data be available

How much data loss can be accommodated

Last System Backup/Copy

System Loss/Failure

System Restored

RPO (Recovery Point

Objective) – Time Since Last

Good Backup

RTO (Recovery Time

Objective) – Time to Recover

Overall Recovery Time – From Last Backup to System Recovery

Threats Landscape

Threats from within External Threats

Malicious IntentIf a malicious insider is intent on compromising systems, there is little that can be done by traditional security products to prevent this form of attack krowten emos elihW .

nac seuqinhcet roivaheb tsoh dna taerht redisni na yftinedi ot pleh eb lltis nac redisni suoicilam a ,eussi

lufsseccus.

•To steal information, the attacker can copy restricted information onto a thumb drive, or install a covert key logger on a keyboard cable disguised as a ferrite bead .

•To disrupt operation, the attacker might unplug a critical system.

There are 4 primary threat vectors

1- MalcodeMalcode comes from programs, scripts, or macros that can execute on user machines, and are malicious in nature. This category of threat is often subdivided into Viruses and Trojan horses ro ,dehcatta edoc si suriv A .

a si esroh najorT A .tnemucod ro margorp etamtiigel a nihtiw deniatnoc suoicilam trevoc sah osla tub ,esoprup elbisiv lanretxe na sah taht margorp

.resu eht ot nwonknu si taht roivahebMalcode can contain many components, and categorization is subdivided according to the componentspurpose (password stealers ,keyboard loggers ,botnets ,droppers ) yteirav A .

tuohtiw dellatsni edoclam peek ot deyolped eb nac ygolonhcet htlaets fo,elpmaxe rof( noticetedrootkits fleS .)- detangised nefto si edoc gntiagaporp

a saworm.

2- VulnerabilitiesVulnerabilities come from deficiencies in legitimate code that is running

on internal computer systems, or a system misconfiguration that can

lead to an unexpected outcome. Vulnerabilities types such as SQL

injection vulnerabilities are well known for being easily exploited to gain

knowledge of internal database structure and contents. Cross-site

scripting vulnerabilities (XSS edoc tpircs etucexe ot desu netfo era )

seitilibarenluv fo sepyt gnitatsaved tsom eht tuB .sresworb sresu nihtiw

sa detangised esoht eraremote code execution .These vulnerabilities,

when exploited, allow native code execution on the computer containing

the vulnerable code. Perhaps the biggest remote code vectors used to

compromise systems in the past year are vulnerabilities contained in

browsers, or browser based plug-ins. If a user is enticed into visiting a

malicious Web site that hosts a document containing an exploit for a browser vulnerability, the users machine can be owned.

3- Data leakageData leakage often comes from unintentional insiders transferring restricted information to external systems. But it can also be the result of malcode installed on the users machines. The problem is detecting and preventing the transfer of sensitive information from within the organization to an unauthorized external site.

4- Denial-of-serviceDenial-of-service gnikcatta smetsys ro sresu lanretxe morf semoc

noitarepo eht tpursid ot si aedi lareneg ehT .erutcurtsarfni smetsys a

laineD fo smrof suoirav era erehT .metsys eht fo-fo- .skcatta ecivres

lained ytilibarenluv eht si enO-fo- seitilibarenluv era erehT .ecivres

nac tub ,noitucexe edoc etomer tiolpxe ot elba eb ton thgim taht

a gnidnes yb retupmoc a hsarc nac rekcatta nA .metsys eht hsarc

.tsoh elbarenluv eht ot tekcap elgnisMore common are denial-of-

service disruptions that come from generating a volume of traffic

that overwhelms a network, or host computer in the network.DNS

servers are particularly vulnerable when dealing with malformed

DNS requests. If an attacker can find a packet that causes a lot of

cycles to be spent by the host computer, then a flood of these

packets to the host can cause a denial-of-service. Bandwidth denial-

of-service attacks seek to exhaust the network capacity by

flooding the network with traffic. Often these attacks are mounted

from thousands of different host computers (distributed denial-of-service era gnikcatta era taht sretupmoc eht yllausu dna ,)

tob htiw desimorpmoc-senihcam eht no dellatsni edoclam ten.

Unintentional insider threatsthe unintentional compromise of restricted data by insiders is a bigproblem that can, and is addressed by security systems.

Threats and Risk Management

• Lack of Integrity

• Lack of Confidentiality

• Unauthorized Access

• Hostile Software

• Disgruntled Employee“disappointed”

• Hackers and computer crimes

• Terrorism and Industrial espionage

Risk Analysis

Determine appetite for downtime (RTO) for each system

Rank your IT systems by impact on business operations

Determine impact of data loss for each system (RPO)

Likely risks like hardware and network failure should go at the top

Unlikely risks like tornado should go at the bottom

Rank the risks to that system by likelihood to occur

Look for projects that address multiple risks and/or systems and/or non DR needs (better ROI)

Be sure to identify dependencies

List options to address each risk, rank their effectiveness, and estimate cost

This Risk Analysis creates a roadmap to address your DR needs!

Instead,

Perform a basic Risk

Analysis:

Data Recovery for your entire IT Infrastructure is very expensive!

Planning

•Must include all executives

•Good DR plans involve more than the IT department

Corporate buy-in is critical to success

Establish a budget - budget drives your options

•It is more difficult and more costly to design DR for production systems

Planning should be part of the production design

Use your Risk Analysis to establish a multi-year project plan

Document, document, document!

•Be sure that your documentation is available no matter what the disaster!

Plan your actions – who, what, where

Test and update regularly – a stale DR Plan is a useless DR Plan

Virtualization and big bandwidth are key enablers of DR since 2013

Planning

Insurance

•The purpose of insurance is to spread the economic cost

and risk loss from an individual or business to a large

number of people.

• Policies are contracts that obligate the insurer to

indemnify the policyholder from specific risks in exchange

of a premium

• Adequate insurance coverage is a key consideration while

developing a BRP/DRP and performing a risk analysis

Activities considered while testing

BRP/DRP plan

• Defining the boundaries

• Scenario

• Test Criteria

• Assumptions

• Briefing Session

• Checklists

• Analysing the test

• Debriefing session

Audit of DR/BR plan

• Based on the BIA

• Key employees have participated in the development

• Plan is simple and is realistic in assumptions

• Review the existing DR/BR plan

• Gather background info regarding its preparation

• Does the DR/BR plan include provisions for personnel, building

• Does the BR/DR plan include contact details of suppliers of

essential equipment

• Does the DR/BR plans include provisions for the approval to

expend funds that were not budgeted for the period? Recovery may

be costly

Business Continuity and Disaster Recovery Implementation

Approach

The System Dynamics approach to implementing effective

Business Continuity consists of two phases:

1. Solution Design – your Business Continuity/Disaster Recovery

requirements are identified and documented and a solution and an

implementation plan are developed

2. Solution Implementation – the previously defined and agreed solution

is implemented

Project

Initiation

Risk

Assessment

Business

Requirements

and

Impact

Analysis

Solution

Design

and Documentation

Implementation

Plan

Roadmap

Solution

Implemen

tation

Testing

Solution DesignSolution

Implementation

BC-DR implementation process

BC/DR

PLAN

PROJECT

MANAGEMENT

PROGRAM

MANAGEMENT

RISK ANALYSIS

& REFVIEW

RECOVERY

STRATEEGY

BUSINESS

IMPACT ANALYSIS

PLAN

DEVELOPMENT

AWARENESS

& TRAINING

TESTING &

EXERCISING

Maintaining Business Continuity and Disaster Recovery

• Once implemented, effective business

continuity must be regarded as a

continuous process

• While this imposes an overhead it

ensures that business continuity

implementation will continue to meet the

requirements of the business and meet

audit compliance requirements

• Good solution design will minimize

maintenance effort as continuity is

embedded

Business Continuity Project

Understand the Critical Systems and Applications

Develop Strategy for Business

Continuity

Develop Business Continuity Plans and Processes

Embed Business Continuity into

Exercise, Test and Maintain Business

Continuity Plan

DR Site Design Options

Hot SiteWorm

Site

Cold

Site

Mobile

Site

Reciprocal

Agreement

DR Site Design Options

Duplicate of the original site of the organization, with full IT systems as well as near-complete copies of user data.

1- Hot Site

Useful when fast recovery is critical

Organization requires all the facilities at an alternative location

It is expensive

Hot site

Have hardware and connectivity already established, though on a smaller scale than the original production site or even a hot site.

2- Warm Site

DR Site Design Options

Provides intermediate level of backup

Organization can tolerate some downtime

Organization requires only essential facilities at an alternative location

Warm Site

Standby site with no hardware, established connectivity, or backups, but has adequate facilities to house IT infrastructure.

3- Cold Site

DR Site Design Options

It is useful when the organization can tolerate some downtime

Organization requires minimum facilities at an alternative location to run its regular operations

It is inexpensive

Cold site

No specific fixed on the ground facility

4- Mobile Site A Mobile site is self-

contained, transportable

shelter custom –fitted with

specific telecommunications

and IT equipment

Advantage :

•The organization have

full control over the

equipment.

Disadvantage:

• May offer limited information

processing capacity (as

compared to the primary data

center

• Require advance

coordination, resources may

not be immediately available (

i.e. equipment transport, setup,

and data restoration)

Mobile site

DR Site Design Options

Two or more organizations might agree to provide backup facilities to each other in the event of one suffering a disaster

It is relatively cheap

Each participant must maintain sufficient capacity to operate another’s critical system

Reciprocal Agreement

DR Site Design Options

No specific fixed on the ground facility

5- Reciprocal Agreement

Minimum Disaster Precautions

Daily backup strategy with at least

weekly offsite backups

A strategy for monitoring and

remediating problems with your

backups

Antivirus software on all workstations and servers with daily signature updates

Patching on allworkstations and servers kept up to

date

High Availability = Disaster Prevention

typically means that the system is automatically

redundant. Eliminate single points of failure!

High Availability (HA):

Enables very low RTO and RPO objectives

Network High Availability

Dual routersDual

firewallsDual

switches

Dual network interfaces on

Servers

Router

Router

Firewall

Firewall

Switch

Switch

Server

High Availability Connectivity

Dual connections to the Internet

• Difficult and expensive to implement at a corporate level

• Need to use two separate carriers – very little protection if using the same carrier

• Multi-site companies can use another site’s Internet

Dual connections to remote sites

• Use separate carriers

• Use separate last mile media (E1 and Fiber, E1 and Cable)

• Easy and relatively inexpensive using Internet as failover with mesh VPN technology

High Availability Power

Install quality power filtration and lightning arrestors

Use devices with dual power supplies

Where that isn’t possible, use an Automatic Transfer Switch (ATS)

Note that an ATS creates a single point of failure

Feed devices with two separate power circuits

Better yet, feed from two separate power panels

Protect at least one circuit of each pair with an Uninterruptible Power Supply (UPS)

Protect the UPS(s) with a generator

Virtualization = Server Hardware HA

Virtualization is the key enabler of

server hardware HA

Divorces server software from the underlying hardware running it

Allows a server to “move” between multiple

physical server hardware

Enables rapid replacement or expansion of

physical hardware on demand

Enables new backup techniques that have less

impact on servers and users, and allows for much faster restore times. Bye-bye bare

metal restores!!

Most importantly for disaster recovery, allows

servers to “move” between multiple

physical locations

Application HA

Virtualization addresses hardware failures but

doesn’t address application failures

•Exchange 2010 Database Availability Groups (DAG)

•Microsoft SQL Clustered Services

•Microsoft SQL Bidirectional Transactional Replication

•Windows Server 2008 DFS

Native Application HA implementations are

typically the most effective way to address HA for

specific apps

Native Application HA Schemes ex.

Geographic HA

•Typically proprietary

SAN based (LUN to LUN)

• DoubleTake

• Microsoft SQL Replication

• Microsoft Exchange lag database copies

• Microsoft DFS Replication

Server or Application Based

• Veeam Backup and Replication

Virtual snapshot based

All these techniques require high bandwidth

connectivity

Data Replication

Options

Thank YouAtef Yassin