• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Planning for the Inevitable: IT Disaster Preparedness - Linda Sharp
 

Planning for the Inevitable: IT Disaster Preparedness - Linda Sharp

on

  • 1,157 views

 

Statistics

Views

Total Views
1,157
Views on SlideShare
1,157
Embed Views
0

Actions

Likes
0
Downloads
19
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Planning for the Inevitable: IT Disaster Preparedness - Linda Sharp Planning for the Inevitable: IT Disaster Preparedness - Linda Sharp Presentation Transcript

    • Planning for the Inevitable: IT Crisis Preparedness Linda Sharp CoSN Project Director IT Crisis Preparedness SchoolDude University 2009
      • Expect and prepare
      • for the unexpected!
      SchoolDude University 2009
    • Schools Run 24/7
      • Evening use of facilities
      • Backup reports running at off-instructional hours
      • Students and parents accessing the district website around the clock
      • Other activities and uses in your district?
      SchoolDude University 2009
    • Reliance on Technology
      • Instructional activities
      • Business operations
      • Student data and recordkeeping
      • Assessment and accountability
      • Internal and external communication with stakeholders
      • Other areas of reliance in your district?
      SchoolDude University 2009
    • District Objectives in Any Disaster
      • Safety and welfare of students
      • Safety and welfare of staff
      • Protection of property and facilities
      SchoolDude University 2009
    • District Objectives in Any Disaster
      • Maintenance of essential services for as long as possible, shutting down least critical ones first
      • Restoration of services - critical ones first - in the shortest amount of time possible
      SchoolDude University 2009
    • Think About It?
      • What are some predictable threats in your own community?
      SchoolDude University 2009
    • Potential Disasters
      • Natural disasters
      • Violence, vandalism
      • Man-made threats
      SchoolDude University 2009
    • Potential Disasters
      • Natural disasters, acts of God
      • Violence, vandalism
      • Man-made threats
      • Widespread medical emergencies and pandemics
      SchoolDude University 2009
    • Potential Disasters
      • Natural disasters
      • Violence, vandalism
      • Man-made threats
      • Widespread medical emergencies and pandemics
      • Digital threats
      SchoolDude University 2009
    • Cyber Security for the Digital District
      • www.securedistrict.org
      • Tools and information to:
        • Assess and improve security of technology systems
        • To protect safety of staff and students
        • Contribute to educational mission of their schools
        • Maintain community support
      SchoolDude University 2009
    • Security Planning Process SchoolDude University 2009 Outcome: Security Project Description  goals  processes  resources  decision-making standards Phase 1: Create Leadership Team & Set Security Goals Outcome: Prioritized Risk Assessment A ranked list of vulnerabilities to guide the Risk Reduction Phase Phase 2: Risk Analysis Outcome: Implemented Security Plan Risk Analysis and Risk Reduction processes must be regularly repeated to ensure effectiveness Phase 3: Risk Reduction Outcome: Crisis Management Plan A blueprint for organizational continuity Phase 4: Crisis Management
    • Security Planning Grid SchoolDude University 2009 Security Area Basic Developing Adequate Advanced Management Leadership: Little participation in IT security Aware but little support provided Supports and funds security Aligns security with organizational mission Technology Network design and IT operations : broadly vulnerable security roll out is incomplete mostly secure seamless security Environmental & Physical: Infrastructure: not secure partially secure mostly secure secure End Users Stakeholders: unaware of role in security Limited awareness and training Improved awareness, Mostly trained Proactive participants in security
    • Security Planning Grid
      • Provides benchmarks for assessing key security preparedness factors
      • Uses the same topic areas for consistency
      • Helps prioritize security improvement action steps
      SchoolDude University 2009
      • You never have time to plan for something you don’t think will ever happen.
      SchoolDude University 2009
    • Disaster Planning SchoolDude University 2009
    • Mitigation and Prevention
      • Actions you take to identify preventable and unavoidable disasters and to address what can be done to eliminate or reduce the likelihood of a disaster and/or its accompanying risks
      SchoolDude University 2009 Cameron Parish School Board Office
    • Preparedness
      • Consideration of worst-case scenarios and development of comprehensive plan for coordinated and effective response to any given disaster
      SchoolDude University 2009 South Cameron High
    • Response
      • Execution of the preparedness plan and management of the disaster
      SchoolDude University 2009
    • Recovery
      • Efficient and timely restoration of mission-critical operations and processes
      SchoolDude University 2009
    • Risk Assessment
      • Analyze processes and functions deemed mission-critical.
      • Identify types of potential disasters and impact of each on mission-critical items.
      SchoolDude University 2009
    • Risk Assessment
      • Prioritize based on acceptable period of unavailability.
      • Chart the workflow, considering hardware, software, people and other resource requirements for continued operations.
      SchoolDude University 2009
    • Risk Assessment
      • Imagine worst-case scenarios for all types of potential disasters.
        • What would be lost?
        • What data would be critical?
        • How would you communicate?
        • How would you restore mission-critical services?
      SchoolDude University 2009
    • Consider Lack of Availability of Key Services and Operations
      • What must be restored within 1 hour?
      • What must be restored within 4 hours?
      • What must be restored within 1 day?
      • What must be restored within 3 days?
      • What must be restored within 1 week?
      • What could wait for 30 days or longer?
      SchoolDude University 2009
    • Disaster Recovery Plan
      • Easy to understand and follow
      • Organized into sections
      • Detailed steps of tasks to be accomplished
      • Multiple formats for different audiences
      • Print and electronic
      SchoolDude University 2009
    • The worst case scenario . . . SchoolDude University 2009 No Plan!
    • First Steps
      • Identify Planning Team
      SchoolDude University 2009
    • First Steps
      • Identify and Classify Services, Operations and Records
        • Vital
        • Important
        • Non-essential
      SchoolDude University 2009
    • Resources and Redundancies
      • Hardware
      • Software
      • Communications
      • Facilities
      • People
      SchoolDude University 2009
    • Hardware
      • Identify all required hardware.
      • Be sure to include resources required to run and maintain hardware.
      • Regularly update your list.
      • Maintain key documents offsite.
      SchoolDude University 2009
    • Software
      • Identify all required software.
      • Regularly update the list.
      • Keep copies of key applications offsite.
      • Maintain key documents offsite.
      • Be certain your backup systems are reliable - and redundant.
      SchoolDude University 2009
    • Software
      • Data
        • Secure and Restore Data
        • Assess Capabilities of Providers
      SchoolDude University 2009
    • Communications
      • Establish a communications plan
      • Develop strategic partnerships
      • Employee communications
      SchoolDude University 2009
    • Communications
      • Single point of contact
      • What is communicated
      • Technical staff support
      • Ensure redundancies
      SchoolDude University 2009
    • People
      • Who is qualified to manage tasks?
      • Have they been trained?
      • What is their prior experience?
      • Ensure key people resources are backed up .
      SchoolDude University 2009
    • People
      • Incident Response Team
      • Identify critical personnel
      • Communicate roles and responsibilities
      • Ensure personnel have authority needed
      SchoolDude University 2009
    • Facilities
      • Have building blue prints available
      • Have all shut-off valves clearly labeled or color coded on blue prints
      • Identify evacuation sites
      • Identify potential known hazard areas
      SchoolDude University 2009
    • Emergency Operations Center (EOC)
      • Determine overall strategy and priorities.
      • Allocate resources.
      • Manage the incident.
      • Ensure objectives are met.
      • Ensure strategies are followed.
      SchoolDude University 2009
    • Develop a Staged Shutdown
      • Move from simple preparedness to ceasing operations.
      • Protect assets while staff is available to do the work.
      • Ensure that mission-critical operations are the last to be stopped.
      • Ensure shutdown can be reversed if needed.
      SchoolDude University 2009
    • Exemplary District Plans
        • Fairfax County (VA) Public Schools
          • www.fcps.edu/emergencyplan
        • Montgomery County (MD) Public Schools
          • www.mcps.k12.md.us/info/emergency/
        • North Carolina’s Critical Incident Response Kit Project
          • www.ncjjdp.org/cpsv/cirk/cirk.htm
      SchoolDude University 2009
    • Those who have lived it!
      • Dr. Sheryl Abshire, Ph.D
      • Chief Technology Officer
      • Calcasieu Parish Public Schools, Lake Charles, LA
      • Robert Gravina,
      • Chief Technology Officer
      • Poway Unified School District, CA
      • Wayne Howard
      • Technology Director
      • Platte Canyon School District
      SchoolDude University 2009
    • Calcasieu Parish School System (LA)
      • Hurricane Rita struck the Louisiana / Texas border on September 24, 2005 as a category 3 storm with 120 mph sustained winds. Calcasieu Parish was hit by the hurricane eyewall and the east quadrant which has the strongest winds.
      • 34,000 students and 5,000 staff displaced
      • 2008 experienced Ike and Gustav
      SchoolDude University 2009
    • Calcasieu Parish School System
      • Every school damaged. Many schools in Calcasieu Parish received extensive roof and water damage. The lack of power afterwards promoted mold and mildew growth.
      • 24 hours after Rita hit, the CPSB web and email servers were back up and providing information to evacuees across the country.
      • 34 days later, CPSB schools reopened.
      SchoolDude University 2009
    • Calcasieu Parish School System
      • Many didn’t see IT as the recovery team – yet they took the initiative and were ready when disaster hit. Take the leadership if no one else is doing it.
      SchoolDude University 2009
    • Calcasieu Parish School System
      • Document during response and
      • recovery
      • Pictures
      • Written records
      • Items destroyed or damaged
      • Items purchased
      SchoolDude University 2009
    • Calcasieu Parish School System
      • Don’t just create a plan—
      • communicate and practice it
      SchoolDude University 2009
    • Calcasieu Parish School System
      • Develop a culture of preparedness.
      • Revisit and actively practice the plan.
      • Conduct periodic audits of the plan.
      SchoolDude University 2009 Practice, Practice, Practice
    • Calcasieu Parish School System
      • Staff
      • Power and capabilities
      • Computer and storage options
      • Facilities
      • Records and files
      • Communication methods
      SchoolDude University 2009 Redundancy, Redundancy, Redundancy
    • Calcasieu Parish School System
      • You can’t over plan:
      • Identify mission critical operations
      • Think strategically
      • Pay attention to detail
      SchoolDude University 2009 “ A plan needs to exist before it is needed. Making one on the fly is too late.”
    • Poway Unified School District Poway, CA
      • Poway is the third largest school district in San Diego County covering 100 square miles and serving approximately 33,000 students.
      • During the fires of 2007, the school district became the county’s communication center.
      SchoolDude University 2009
    • Poway Unified School District
      • School Business Continuity
      • Work on creating a stable and reliable network for your organization
      SchoolDude University 2009
    • Poway Unified School District
      • Servers that can handle capacity in an emergency
        • You may be the best form of communication in your area
      • Clean data
      • Online access
      • Bandwidth for learning
      • Opening up applications to your stakeholders
      SchoolDude University 2009
    • Poway Unified School District
      • Secure dedicated equipment, software,
      • supplies
      • Capacity to Rebuild/Disaster Recovery
        • Tape Drives and Juke Box (must be the same as what you are currently using)
        • Back up server (work with your vendor)
        • Estimated time to recover
        • Personnel availability (cross training)
      SchoolDude University 2009
    • Poway Unified School District
      • Moving your EOC
      • What would you do if you had to evacuate your EOC?
      • Could you set up a fully functional IT Department?
      • How long would it take?
      • Would you be able to have access to your network?
      SchoolDude University 2009
    • Poway Unified School District
      • Remote Learning
      • The Bird Flu, “when, not if”
      • Applications that allow for anywhere, anytime learning
      • Content Management Systems
      • Online interactive tools
      • Online courses
      SchoolDude University 2009
    • Poway Unified School District
      • What Worked…..
      • Multiple Communications Systems
        • Auto dialers
        • Webpage
        • Content systems
      SchoolDude University 2009
    • Platte Canyon School District, CO
      • Mountain Community – 45 minutes from Denver
      • Approx 1300 students
      • Platte Canyon High School - 480 students
      • Preparations in place after Columbine shootings
      • Lone intruder shot student
      SchoolDude University 2009
    • Platte Canyon School District
      • Communications and coordination with police was key
      • Separate communication channels
      • Cameras
      • Constant testing
      • and update
      SchoolDude University 2009
      • “ It’s not the plan that’s important—it’s the planning.”
      • Graeme Edwards
      SchoolDude University 2009
    • What are You Doing?
      • Tips to share with colleagues
      • What will you do now?
      SchoolDude University 2009
    • Consortium for School Networking SchoolDude University 2009 www.cosn.org www.cosn.org/itcrisisprep
    • Thank you Sponsors SchoolDude University 2009
      • Linda Sharp
      • CoSN Project Director
      • IT Crisis Preparedness
      • [email_address]
      SchoolDude University 2009 Hope is Not a Strategy!