Business Continuity
Business Continuity <ul><li>Continuity strategy </li></ul><ul><li>Business impact </li></ul><ul><li>Incident response </li...
Continuity Strategy <ul><li>Contingency planning </li></ul><ul><li>Incident response planning </li></ul><ul><li>Disaster r...
Contingency Planning <ul><li>Contingency planning consists of: </li></ul><ul><ul><li>Incident response plan </li></ul></ul...
Contingency Planning Diagram
Contingency Planning Timeline
Contingency Planning <ul><li>Primary goal is to restore all systems to pre-failure level </li></ul><ul><li>CP requires sup...
Business Impact Analysis <ul><li>BIA is the first step in CP </li></ul><ul><li>Takes off from where risk assessment ended ...
Business Impact Analysis <ul><li>Threat identification  includes: </li></ul><ul><ul><li>Attack name and description </li><...
Business Impact Analysis <ul><li>Business Unit Analysis  includes: </li></ul><ul><ul><li>Prioritization of business functi...
Business Impact Analysis <ul><li>Potential damage assessment  includes: </li></ul><ul><ul><li>Actions needed immediately t...
Business Impact Analysis Diagram
Incident Response Plan <ul><li>Responsible people aware of IR plan details </li></ul><ul><li>Periodic testing of IR plan a...
Incident Response Plan <ul><li>Incidents are usually detected from complaints to help desk </li></ul><ul><li>Security admi...
Incident Response Plan <ul><li>Additional incidence indicators: </li></ul><ul><ul><li>IDS system detects unusual activity ...
Incident Response Plan <ul><li>Incident reaction involves </li></ul><ul><ul><li>Notifying proper personnel </li></ul></ul>...
Incident Response Plan <ul><ul><li>Activate incident containment strategies such as: </li></ul></ul><ul><ul><ul><li>Take s...
Incident Response Plan <ul><li>Post-incident actions </li></ul><ul><ul><li>Preserve evidence </li></ul></ul><ul><ul><li>Ac...
Disaster Recovery planning <ul><li>Prioritize recovery of components </li></ul><ul><li>Crisis management </li></ul><ul><li...
Business Continuity <ul><li>Service Level Agreements </li></ul><ul><li>Software escrow </li></ul><ul><li>ISO 17799 address...
References <ul><li>Disaster recovery planning exchange  http://www.drie.org/bcaw2k5/DCEOAdvice.doc </li></ul><ul><li>Disas...
References <ul><li>Natural Disasters preparedness  http://www.colorado.edu/hazards/informer/informerupdate.pdf </li></ul><...
Upcoming SlideShare
Loading in...5
×

BusinessContinuity.ppt

5,536

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
5,536
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
329
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

BusinessContinuity.ppt

  1. 1. Business Continuity
  2. 2. Business Continuity <ul><li>Continuity strategy </li></ul><ul><li>Business impact </li></ul><ul><li>Incident response </li></ul><ul><li>Disaster recovery </li></ul><ul><li>Business continuity </li></ul>
  3. 3. Continuity Strategy <ul><li>Contingency planning </li></ul><ul><li>Incident response planning </li></ul><ul><li>Disaster recovery planning </li></ul><ul><li>Business continuity planning </li></ul>
  4. 4. Contingency Planning <ul><li>Contingency planning consists of: </li></ul><ul><ul><li>Incident response plan </li></ul></ul><ul><ul><li>Disaster recovery plan </li></ul></ul><ul><ul><li>Business continuity plan </li></ul></ul><ul><li>Incident response involves: </li></ul><ul><ul><li>Notification of key people </li></ul></ul><ul><ul><li>Documenting the incident </li></ul></ul><ul><ul><li>Contain the damage due to the incident </li></ul></ul>
  5. 5. Contingency Planning Diagram
  6. 6. Contingency Planning Timeline
  7. 7. Contingency Planning <ul><li>Primary goal is to restore all systems to pre-failure level </li></ul><ul><li>CP requires support of: </li></ul><ul><ul><li>Upper level management </li></ul></ul><ul><ul><li>IT people </li></ul></ul><ul><ul><li>Security people </li></ul></ul>
  8. 8. Business Impact Analysis <ul><li>BIA is the first step in CP </li></ul><ul><li>Takes off from where risk assessment ended </li></ul><ul><li>Main steps in BIA are: </li></ul><ul><ul><li>Threat attack identification </li></ul></ul><ul><ul><li>Business unit analysis </li></ul></ul><ul><ul><li>Attack success scenarios </li></ul></ul><ul><ul><li>Potential damage assessment </li></ul></ul><ul><ul><li>Subordinate plan classification </li></ul></ul>
  9. 9. Business Impact Analysis <ul><li>Threat identification includes: </li></ul><ul><ul><li>Attack name and description </li></ul></ul><ul><ul><li>Known vulnerabilities </li></ul></ul><ul><ul><li>Indicators preceding an attack </li></ul></ul><ul><ul><li>Information assets at risk from the attack </li></ul></ul><ul><ul><li>Damage estimates </li></ul></ul>
  10. 10. Business Impact Analysis <ul><li>Business Unit Analysis includes: </li></ul><ul><ul><li>Prioritization of business functions </li></ul></ul><ul><ul><li>Identify critical business units </li></ul></ul><ul><li>Attack success scenario includes: </li></ul><ul><ul><li>Known methods of attack </li></ul></ul><ul><ul><li>Indicators of attack </li></ul></ul><ul><ul><li>Broad consequences </li></ul></ul>
  11. 11. Business Impact Analysis <ul><li>Potential damage assessment includes: </li></ul><ul><ul><li>Actions needed immediately to recover from the attack </li></ul></ul><ul><ul><li>Personnel who will do the restoration </li></ul></ul><ul><ul><li>Cost estimates for management use </li></ul></ul><ul><li>Subordinate plan classification includes: </li></ul><ul><ul><li>Classification of attack as disastrous or non-disastrous </li></ul></ul><ul><ul><li>Disastrous attacks require disaster recovery plan </li></ul></ul><ul><ul><li>Non-disastrous attacks require incident response plan </li></ul></ul><ul><ul><li>Most attacks are non-disastrous, e.g., blackout </li></ul></ul>
  12. 12. Business Impact Analysis Diagram
  13. 13. Incident Response Plan <ul><li>Responsible people aware of IR plan details </li></ul><ul><li>Periodic testing of IR plan as a desktop exercise </li></ul><ul><li>Goals to remember (Richard Marcinko): </li></ul><ul><ul><li>More sweat in training means less bleeding in combat </li></ul></ul><ul><ul><li>Preparation hurts </li></ul></ul><ul><ul><li>Lead from the front and not the rear </li></ul></ul><ul><ul><li>Keep it simple </li></ul></ul><ul><ul><li>Never assume </li></ul></ul><ul><ul><li>You get paid for results not your methods </li></ul></ul>
  14. 14. Incident Response Plan <ul><li>Incidents are usually detected from complaints to help desk </li></ul><ul><li>Security administrators may receive alarms based on: </li></ul><ul><ul><li>Unfamiliar files </li></ul></ul><ul><ul><li>Unknown processes </li></ul></ul><ul><ul><li>Unusual resource consumption </li></ul></ul><ul><ul><li>Activities at unexpected times </li></ul></ul><ul><ul><li>Use of dormant accounts </li></ul></ul>
  15. 15. Incident Response Plan <ul><li>Additional incidence indicators: </li></ul><ul><ul><li>IDS system detects unusual activity </li></ul></ul><ul><ul><li>Presence of hacker tools such as sniffers and keystroke loggers </li></ul></ul><ul><ul><li>Partners detect an attack from the organization system </li></ul></ul><ul><ul><li>Hacker taunts </li></ul></ul><ul><li>How to classify an incident as a disaster? </li></ul><ul><ul><li>Organizational controls for an incident are ineffective </li></ul></ul><ul><ul><li>Level of damage to the system is severe </li></ul></ul>
  16. 16. Incident Response Plan <ul><li>Incident reaction involves </li></ul><ul><ul><li>Notifying proper personnel </li></ul></ul><ul><ul><ul><li>Involves notifying people on the alert roster </li></ul></ul></ul><ul><ul><ul><li>Notification could be accomplished using a predefined tree structure </li></ul></ul></ul><ul><ul><ul><li>Notification is pre-scripted to activate relevant portions of the incident response plan </li></ul></ul></ul><ul><ul><li>Designated personnel start documenting the incident </li></ul></ul>
  17. 17. Incident Response Plan <ul><ul><li>Activate incident containment strategies such as: </li></ul></ul><ul><ul><ul><li>Take system offline </li></ul></ul></ul><ul><ul><ul><li>Disable compromised accounts </li></ul></ul></ul><ul><ul><ul><li>Reconfigure firewall as needed </li></ul></ul></ul><ul><ul><ul><li>Shut down specific applications such as email or database </li></ul></ul></ul><ul><ul><ul><li>Might necessitate shutting down the system completely </li></ul></ul></ul>
  18. 18. Incident Response Plan <ul><li>Post-incident actions </li></ul><ul><ul><li>Preserve evidence </li></ul></ul><ul><ul><li>Activate recovery procedures </li></ul></ul><ul><ul><li>Assess damage </li></ul></ul>
  19. 19. Disaster Recovery planning <ul><li>Prioritize recovery of components </li></ul><ul><li>Crisis management </li></ul><ul><li>Activate recovery from backup data </li></ul>
  20. 20. Business Continuity <ul><li>Service Level Agreements </li></ul><ul><li>Software escrow </li></ul><ul><li>ISO 17799 addresses business continuity management </li></ul><ul><li>Cold / warm / hot site </li></ul><ul><li>Restoration vs. recovery </li></ul><ul><li>FARM (Functional Area Recovery Management) specifies plans for operational area recovery </li></ul>
  21. 21. References <ul><li>Disaster recovery planning exchange http://www.drie.org/bcaw2k5/DCEOAdvice.doc </li></ul><ul><li>Disaster Recovery: http://www.dri.ca/ </li></ul><ul><li>COBRA </li></ul><ul><li>http://www.ca-systems.zetnet.co.uk/risk/ </li></ul>
  22. 22. References <ul><li>Natural Disasters preparedness http://www.colorado.edu/hazards/informer/informerupdate.pdf </li></ul><ul><li>Crisis management http://security1.gartner.com/story.php.id.152.jsp </li></ul><ul><li>Business Continuity Plan glossary http://www.drj.com/glossary/glossleft.htm </li></ul><ul><li>Avaya white paper on Business Continuity http://www1.avaya.com/enterprise/whitepapers/lb2258.pdf </li></ul>
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×