SlideShare a Scribd company logo

Planning for contingencies

â€ĸDownload as DOCX, PDFâ€ĸ
â€ĸ
Hassanein Alwan
Hassanein Alwan

This study will articulate the need for contingency planning and explore the major components of contingency planning. the reader will learn how to create a simple set of contingency plans using business impact analysis and prepare and execute a test of contingency plans.

Education
1 of 12
1 Information Technology Security Planning for Contingencies Prepared by Hassanein Alwan Malik 2017 University Of Technology Iraq Master of Science
2 Chapter Overview The third chapter of the book will articulate the need for contingency planning and explore the major components of contingency planning. In this chapter, the reader will learn how to create a simple set of contingency plans using business impactanalysis and prepare and execute a test of contingency plans. Chapter Objectives When you complete this chapter, you will be able to: ī‚ˇ Understand the need for contingency planning ī‚ˇ Know the major components of contingency planning ī‚ˇ Create a simple set of contingency plans, using business impact analysis ī‚ˇ Prepare and execute a test of contingency plans ī‚ˇ Understand the unified contingency plan approach Introduction This chapter focuses on planning for the unexpected event, when the use of technology is disrupted and business operations come close to a standstill. “Procedures are required that will permit the organization to continue essential functions if information technology supportis interrupted.” On average, over 40% of businesses that don'thave a disaster plan go out of business after a major loss. What Is Contingency Planning? The overall planning for unexpected events is called contingency planning (CP). CP is the process bywhich organizational planners position their organizations to prepare for, detect, react to, and recover from events that threaten the security of information resources and assets, both human and artificial. The main goal of CP is the restoration to normal modes of operation with minimum costand disruption to normal business activities after an unexpected event.
3 CP Components Incident responseplan (IRP) focuses on immediate responseto an incident. Disaster recovery plan (DRP) focuses on restoring operations at the primary site after disasters occur. Business continuity plan (BCP) facilitates establishment of operations at an alternate site, until the organization is able to either resume operations back at their primary site or select a new primary location. To ensure continuity across all of the CP processes during the planning process, contingency planners should: ī‚ˇ Identify the mission- or business-critical functions. ī‚ˇ Identify the resources that supportthe critical functions. ī‚ˇ Anticipate potential contingencies or disasters. ī‚ˇ Select contingency planning strategies. ī‚ˇ Implement selected strategy. ī‚ˇ Test and revise contingency plans. Four teams of individuals are involved in contingency planning and contingency operations (CP consists of four major components): 1. Business impact analysis (BIA) / The CP team 2. The incident response(IR plan) / team. 3. The disaster recovery (DR plan) / team 4. The business continuity plan (BC plan) / team
4 Components of Contingency Planning 2. Incident Response The incident responseplan (IRP) is a detailed set of processes and procedures that anticipate, detect, and mitigate the impact of an unexpected event that might compromise information resources and assets. The CP team creates three scenario of incident-handling IR procedures: During the incident First, planners develop and document the procedures that must be performed during the incident. These procedures are grouped and assigned to individuals. After the incident Once the procedures for handling an incident are drafted, planners develop and document the procedures that must be performed immediately after the incident has ceased. Separate functional areas may develop different procedures. Before the incident Finally, the planners draft a third set of procedures, thosetasks that must be performed to prepare for the incident. These procedures include the details of the data backup schedules, disaster recovery preparation, training schedules, testing plans, copies of service agreements, and business continuity plans.
5 Figure 2-1 Example of IRP incident-handling procedures 2.1 DetectionIncident The challenge for every IR team is determining whether an event is the productof routine systems use or an actual incident. Incident classification is the process ofexamining a possible incident, or incident candidate, and determining whether or not it constitutes an actual incident.
6 There are three categories of incident indicators: possible, probable, and definite.. 2.1.1 Possible indicators: ī‚ˇ Presence of unfamiliar files. ī‚ˇ Presence or execution of unknown programs or processes. ī‚ˇ Unusual consumption of computing resources. ī‚ˇ Unusual system crashes. 2.1.2 Probable indicators: ī‚ˇ Activities at unexpected times. ī‚ˇ Presence of new accounts. ī‚ˇ Reported attacks. ī‚ˇ Notification from IDS. 2.1.3 Definite indicators: ī‚ˇ Use of dormant accounts. ī‚ˇ Changes to logs. ī‚ˇ Presence of hacker tools. ī‚ˇ Notifications by partner or peer. ī‚ˇ Notification by hacker. 2.2 Incident Response Once an actual incident has been confirmed and properly classified, the IR team moves from the detection phase to the reaction phase. In the incident responsephase, a number of action steps taken by the IR team and others must occurquickly and may occurconcurrently.
7 2.2.1 Notification of Key Personnel As soonas the IR team determines that an incident is in progress, the right people must be immediately notified in the right order. There are two ways to activate an alert roster: ī‚ˇ Sequentially ī‚ˇ Hierarchically 2.2.2 Documenting an Incident As soonas an incident has been confirmed and the notification process is underway, the team should begin to document it. The documentation should record the who, what, when, where, why and how of each action taken while the incident is occurring. 2.2.3 Incident Containment Strategies One of the most critical components of IR is to stop the incident or contain its scopeor impact. containment strategies include the following: īƒŧ Disabling compromised user accounts īƒŧ Reconfiguring a firewall to block the problem traffic īƒŧ Temporarily disabling the compromised process orservice īƒŧ Taking down the conduit application or server—for example, the e-mail server īƒŧ Stopping all computers and network devices 2.2.4 Incident Escalation At some point in time the incident may increase in scopeorseverity to the point that the IRP cannot adequately handle the event. Each organization will have to determine, during the business impact analysis, the point at which the incident becomes a disaster. The organization must also document when to involve outside response.
8 2.3 Incident Recovery Once the incident has been contained, and system control regained, incident recovery can begin. The IR team must assess the full extent of the damage in order to determine what must be done to restore the systems. Once the extent of the damage of IR has been determined, the recovery process begins: ī‚ˇ Identify the Weaknesses that allowed the incident to occurand spread. Resolve them. ī‚ˇ Evaluate monitoring capabilities (if present). ī‚ˇ Restore the data from backups. ī‚ˇ Restore the services and processesin use. ī‚ˇ Continuously monitor the system. ī‚ˇ Restore the confidence of the members of the organization’s communities of interest. 2.4 Law EnforcementInvolvement When an incident violates civil or criminal law, it is the organization’s responsibility to notify the proper authorities. Selecting the appropriate law enforcement agency depends on the type of crime committed. ī‚ˇ Federal ī‚ˇ State ī‚ˇ Local
9 3. Disaster Recovery Disaster recovery planning (DRP) is the preparation for and recovery from a disaster, whether natural or man-made. In general, an incident is a disaster when: 1) The organization is unable to contain or control the impact of an incident. 2) The level of damage or destruction from an incident is so severe the organization is unable to quickly recover. Figure 3-1 Incident response and disaster recovery
10 The key role of a DRP is defining how to reestablish operations at the location where the organization is usually located. 3.1 DisasterClassifications A DRP can classify disasters in a number of ways. The most common method is to separate natural disasters, from man-made disasters. Another way of classifying disasters is by speed of development. ī‚ˇ Rapid onset disasters ī‚ˇ Slow onset disasters 3.2 Planning for Recover To plan for disaster, the CP team engages in scenario development and impact analysis, and thus categorizes the level of threat each potential disaster poses. When generating a disaster recovery scenario, start first with the most important asset – people. Do you have the human resources with the appropriate organizational knowledge to restore business operations? The key points the CP team must build into the DRP include: ī‚ˇ Clear delegation of roles and responsibilities. ī‚ˇ Execution of the alert roster and notification of key personnel. ī‚ˇ Clear establishment of priorities. ī‚ˇ Documentation of the disaster. ī‚ˇ Action steps to relief the impact of the disaster on the operations of the organization.
11 3.3 Responding to the Disaster When a disaster strikes and the DRP is activated, actual events can at times outstrip even the best of plans. To be prepared, the CP team should incorporate a degree of flexibility into the DRP. 4. Business Continuity Planning Business continuity planning ensures that critical business functions can continue if a disaster occurs. The BCP is activated and executed concurrently with the DRP when the disaster is major or long term and requires fuller and complex restoration of information and information resources. While the BCP reestablishes critical business functions at an alternate site, the DRP team focuses on the reestablishment of the technical infrastructure and business operations at the primary site. 4.1 Continuity Strategies A CP team can choosefrom several continuity strategies in its planning for business continuity. The determining factor is usually cost. In general there are three exclusive-use options: ī‚ˇ hot sites, ī‚ˇ warm sites, ī‚ˇ cold sites,
12 Figure 4-1 Disaster recovery and business continuity planning Figure 4-2 Contingency planning implementation timeline

Recommended

Security risk management
Security risk managementSecurity risk management
Security risk managementG Prachi
 
Importance Of A Security Policy
Importance Of A Security PolicyImportance Of A Security Policy
Importance Of A Security Policycharlesgarrett
 
Introduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsIntroduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsToÃąo Herrera
 
Chapter 5 Planning for Security-students.ppt
Chapter 5 Planning for Security-students.pptChapter 5 Planning for Security-students.ppt
Chapter 5 Planning for Security-students.pptShruthi48
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)Ahmed Ayman
 
Security management concepts and principles
Security management concepts and principlesSecurity management concepts and principles
Security management concepts and principlesDivya Tiwari
 
Security policies
Security policiesSecurity policies
Security policiesNishant Pahad
 
Introduction to security
Introduction to securityIntroduction to security
Introduction to securityMostafa Elgamala
 

Recommended

Security risk management
Security risk managementSecurity risk management
Security risk managementG Prachi
 
Importance Of A Security Policy
Importance Of A Security PolicyImportance Of A Security Policy
Importance Of A Security Policycharlesgarrett
 
Introduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsIntroduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsToÃąo Herrera
 
Chapter 5 Planning for Security-students.ppt
Chapter 5 Planning for Security-students.pptChapter 5 Planning for Security-students.ppt
Chapter 5 Planning for Security-students.pptShruthi48
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)Ahmed Ayman
 
Security management concepts and principles
Security management concepts and principlesSecurity management concepts and principles
Security management concepts and principlesDivya Tiwari
 
Security policies
Security policiesSecurity policies
Security policiesNishant Pahad
 
Introduction to security
Introduction to securityIntroduction to security
Introduction to securityMostafa Elgamala
 
Information Security Risk Management
Information Security Risk Management Information Security Risk Management
Information Security Risk Management Ersoy AKSOY
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterMichael Nickle
 
Personnel security
Personnel securityPersonnel security
Personnel securityPLN9 Security Services Pvt. Ltd.
 
Security operation center
Security operation centerSecurity operation center
Security operation centerMuthuKumaran267
 
Security and personnel
Security and personnelSecurity and personnel
Security and personnelDhani Ahmad
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation centerMuhammad Sahputra
 
8. operations security
8. operations security8. operations security
8. operations security7wounders
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations centerCMR WORLD TECH
 
Design of security architecture in Information Technology
Design of security architecture in Information TechnologyDesign of security architecture in Information Technology
Design of security architecture in Information Technologytrainersenthil14
 
Risks threats and vulnerabilities
Risks threats and vulnerabilitiesRisks threats and vulnerabilities
Risks threats and vulnerabilitiesManish Chaurasia
 
Cyber security and demonstration of security tools
Cyber security and demonstration of security toolsCyber security and demonstration of security tools
Cyber security and demonstration of security toolsVicky Fernandes
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITYPranjalShah18
 
Cybersecurity Assessment Framework - Slideshare.pptx
Cybersecurity Assessment Framework - Slideshare.pptxCybersecurity Assessment Framework - Slideshare.pptx
Cybersecurity Assessment Framework - Slideshare.pptxAzra'ee Mamat
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Edureka!
 
Cybersecurity Employee Training
Cybersecurity Employee TrainingCybersecurity Employee Training
Cybersecurity Employee TrainingPaige Rasid
 
Information Security and the SDLC
Information Security and the SDLCInformation Security and the SDLC
Information Security and the SDLCBDPA Charlotte - Information Technology Thought Leaders
 
Soc
SocSoc
SocMukesh Chaudhari
 
Network security
Network securityNetwork security
Network securitytoamma
 
Basics of Cyber Security
Basics of Cyber SecurityBasics of Cyber Security
Basics of Cyber SecurityNikunj Thakkar
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessSirius
 
Disaster recovery plan sample 2
Disaster recovery plan sample 2Disaster recovery plan sample 2
Disaster recovery plan sample 2AbenetAsmellash
 
Pertemuan 15 disaster recovery plan
Pertemuan 15 disaster recovery planPertemuan 15 disaster recovery plan
Pertemuan 15 disaster recovery plannewbie2019
 

More Related Content

What's hot

Information Security Risk Management
Information Security Risk Management Information Security Risk Management
Information Security Risk Management Ersoy AKSOY
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterMichael Nickle
 
Security operation center
Security operation centerSecurity operation center
Security operation centerMuthuKumaran267
 
Security and personnel
Security and personnelSecurity and personnel
Security and personnelDhani Ahmad
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation centerMuhammad Sahputra
 
8. operations security
8. operations security8. operations security
8. operations security7wounders
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations centerCMR WORLD TECH
 
Design of security architecture in Information Technology
Design of security architecture in Information TechnologyDesign of security architecture in Information Technology
Design of security architecture in Information Technologytrainersenthil14
 
Risks threats and vulnerabilities
Risks threats and vulnerabilitiesRisks threats and vulnerabilities
Risks threats and vulnerabilitiesManish Chaurasia
 
Cyber security and demonstration of security tools
Cyber security and demonstration of security toolsCyber security and demonstration of security tools
Cyber security and demonstration of security toolsVicky Fernandes
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITYPranjalShah18
 
Cybersecurity Assessment Framework - Slideshare.pptx
Cybersecurity Assessment Framework - Slideshare.pptxCybersecurity Assessment Framework - Slideshare.pptx
Cybersecurity Assessment Framework - Slideshare.pptxAzra'ee Mamat
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Edureka!
 
Cybersecurity Employee Training
Cybersecurity Employee TrainingCybersecurity Employee Training
Cybersecurity Employee TrainingPaige Rasid
 
Network security
Network securityNetwork security
Network securitytoamma
 
Basics of Cyber Security
Basics of Cyber SecurityBasics of Cyber Security
Basics of Cyber SecurityNikunj Thakkar
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessSirius
 

What's hot (20)

Information Security Risk Management
Information Security Risk Management Information Security Risk Management
Information Security Risk Management
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations Center
 
Personnel security
Personnel securityPersonnel security
Personnel security
 
Security operation center
Security operation centerSecurity operation center
Security operation center
 
Security and personnel
Security and personnelSecurity and personnel
Security and personnel
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
 
8. operations security
8. operations security8. operations security
8. operations security
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations center
 
Design of security architecture in Information Technology
Design of security architecture in Information TechnologyDesign of security architecture in Information Technology
Design of security architecture in Information Technology
 
Risks threats and vulnerabilities
Risks threats and vulnerabilitiesRisks threats and vulnerabilities
Risks threats and vulnerabilities
 
Cyber security and demonstration of security tools
Cyber security and demonstration of security toolsCyber security and demonstration of security tools
Cyber security and demonstration of security tools
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITY
 
Cybersecurity Assessment Framework - Slideshare.pptx
Cybersecurity Assessment Framework - Slideshare.pptxCybersecurity Assessment Framework - Slideshare.pptx
Cybersecurity Assessment Framework - Slideshare.pptx
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
 
Cybersecurity Employee Training
Cybersecurity Employee TrainingCybersecurity Employee Training
Cybersecurity Employee Training
 
Information Security and the SDLC
Information Security and the SDLCInformation Security and the SDLC
Information Security and the SDLC
 
Soc
SocSoc
Soc
 
Network security
Network securityNetwork security
Network security
 
Basics of Cyber Security
Basics of Cyber SecurityBasics of Cyber Security
Basics of Cyber Security
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to Success
 

Similar to Planning for contingencies

Disaster recovery plan sample 2
Disaster recovery plan sample 2Disaster recovery plan sample 2
Disaster recovery plan sample 2AbenetAsmellash
 
Pertemuan 15 disaster recovery plan
Pertemuan 15 disaster recovery planPertemuan 15 disaster recovery plan
Pertemuan 15 disaster recovery plannewbie2019
 
Information system managment disaster recovery
Information system managment disaster recoveryInformation system managment disaster recovery
Information system managment disaster recoveryRavi Singh Shekhawat
 
Risk crisis nad management
Risk crisis nad managementRisk crisis nad management
Risk crisis nad managementPasangdolmoTamang
 
1Running head DISASTER RECOVERY PLAN2DISASTER RECOVERY PLAN.docx
1Running head DISASTER RECOVERY PLAN2DISASTER RECOVERY PLAN.docx1Running head DISASTER RECOVERY PLAN2DISASTER RECOVERY PLAN.docx
1Running head DISASTER RECOVERY PLAN2DISASTER RECOVERY PLAN.docxfelicidaddinwoodie
 
Contingency Plan WAK BANKS ATM
Contingency Plan WAK BANKS ATMContingency Plan WAK BANKS ATM
Contingency Plan WAK BANKS ATMWajahat Ali Khan
 
Disaster Recovery Policy
Disaster Recovery PolicyDisaster Recovery Policy
Disaster Recovery PolicyContinuity Control
 
DISASTER RECOVERY 14Disaster RecoveryStude.docx
DISASTER RECOVERY 14Disaster RecoveryStude.docxDISASTER RECOVERY 14Disaster RecoveryStude.docx
DISASTER RECOVERY 14Disaster RecoveryStude.docxsalmonpybus
 
Coordinating Security Response and Crisis Management Planning
Coordinating Security Response and Crisis Management PlanningCoordinating Security Response and Crisis Management Planning
Coordinating Security Response and Crisis Management PlanningCognizant
 
Practical_Guide_for_Disaster_Avoidance
Practical_Guide_for_Disaster_AvoidancePractical_Guide_for_Disaster_Avoidance
Practical_Guide_for_Disaster_AvoidanceJoe Soroka
 
Irs intro unit 3 basic features usfs ip (2)
Irs intro unit 3 basic features usfs ip (2)Irs intro unit 3 basic features usfs ip (2)
Irs intro unit 3 basic features usfs ip (2)neeraj verma
 
Cd and-power-disaster-recovery-plan
Cd and-power-disaster-recovery-planCd and-power-disaster-recovery-plan
Cd and-power-disaster-recovery-plangotpowerinc
 
Business Continuity Plan
Business Continuity PlanBusiness Continuity Plan
Business Continuity PlanBizPlanss
 
Topic Describe each of the elements of a Business Continuity Plan .docx
Topic Describe each of the elements of a Business Continuity Plan .docxTopic Describe each of the elements of a Business Continuity Plan .docx
Topic Describe each of the elements of a Business Continuity Plan .docxjuliennehar
 
IT4215-Info SecurityGroup-2-Disaster-Recovery-Plan-Final
IT4215-Info SecurityGroup-2-Disaster-Recovery-Plan-FinalIT4215-Info SecurityGroup-2-Disaster-Recovery-Plan-Final
IT4215-Info SecurityGroup-2-Disaster-Recovery-Plan-FinalMichael Valenti
 
ISOL 533 - Information Security and Risk Management DIS.docx
ISOL 533 - Information Security and Risk Management DIS.docxISOL 533 - Information Security and Risk Management DIS.docx
ISOL 533 - Information Security and Risk Management DIS.docxvrickens
 
Business continuity in general
Business continuity in generalBusiness continuity in general
Business continuity in generalJohn Johari
 
Irs intro unit 2 irs overview usfs ip (1)
Irs intro unit 2 irs overview usfs ip (1)Irs intro unit 2 irs overview usfs ip (1)
Irs intro unit 2 irs overview usfs ip (1)neeraj verma
 
Practical Guide to Managing Incidents Using LLM's and NLP.pdf
Practical Guide to Managing Incidents Using LLM's and NLP.pdfPractical Guide to Managing Incidents Using LLM's and NLP.pdf
Practical Guide to Managing Incidents Using LLM's and NLP.pdfChris Galvan
 

Similar to Planning for contingencies (20)

Disaster recovery plan sample 2
Disaster recovery plan sample 2Disaster recovery plan sample 2
Disaster recovery plan sample 2
 
Pertemuan 15 disaster recovery plan
Pertemuan 15 disaster recovery planPertemuan 15 disaster recovery plan
Pertemuan 15 disaster recovery plan
 
Information system managment disaster recovery
Information system managment disaster recoveryInformation system managment disaster recovery
Information system managment disaster recovery
 
Risk crisis nad management
Risk crisis nad managementRisk crisis nad management
Risk crisis nad management
 
1Running head DISASTER RECOVERY PLAN2DISASTER RECOVERY PLAN.docx
1Running head DISASTER RECOVERY PLAN2DISASTER RECOVERY PLAN.docx1Running head DISASTER RECOVERY PLAN2DISASTER RECOVERY PLAN.docx
1Running head DISASTER RECOVERY PLAN2DISASTER RECOVERY PLAN.docx
 
Contingency Plan WAK BANKS ATM
Contingency Plan WAK BANKS ATMContingency Plan WAK BANKS ATM
Contingency Plan WAK BANKS ATM
 
Disaster Recovery Policy
Disaster Recovery PolicyDisaster Recovery Policy
Disaster Recovery Policy
 
Emergency
EmergencyEmergency
Emergency
 
DISASTER RECOVERY 14Disaster RecoveryStude.docx
DISASTER RECOVERY 14Disaster RecoveryStude.docxDISASTER RECOVERY 14Disaster RecoveryStude.docx
DISASTER RECOVERY 14Disaster RecoveryStude.docx
 
Coordinating Security Response and Crisis Management Planning
Coordinating Security Response and Crisis Management PlanningCoordinating Security Response and Crisis Management Planning
Coordinating Security Response and Crisis Management Planning
 
Practical_Guide_for_Disaster_Avoidance
Practical_Guide_for_Disaster_AvoidancePractical_Guide_for_Disaster_Avoidance
Practical_Guide_for_Disaster_Avoidance
 
Irs intro unit 3 basic features usfs ip (2)
Irs intro unit 3 basic features usfs ip (2)Irs intro unit 3 basic features usfs ip (2)
Irs intro unit 3 basic features usfs ip (2)
 
Cd and-power-disaster-recovery-plan
Cd and-power-disaster-recovery-planCd and-power-disaster-recovery-plan
Cd and-power-disaster-recovery-plan
 
Business Continuity Plan
Business Continuity PlanBusiness Continuity Plan
Business Continuity Plan
 
Topic Describe each of the elements of a Business Continuity Plan .docx
Topic Describe each of the elements of a Business Continuity Plan .docxTopic Describe each of the elements of a Business Continuity Plan .docx
Topic Describe each of the elements of a Business Continuity Plan .docx
 
IT4215-Info SecurityGroup-2-Disaster-Recovery-Plan-Final
IT4215-Info SecurityGroup-2-Disaster-Recovery-Plan-FinalIT4215-Info SecurityGroup-2-Disaster-Recovery-Plan-Final
IT4215-Info SecurityGroup-2-Disaster-Recovery-Plan-Final
 
ISOL 533 - Information Security and Risk Management DIS.docx
ISOL 533 - Information Security and Risk Management DIS.docxISOL 533 - Information Security and Risk Management DIS.docx
ISOL 533 - Information Security and Risk Management DIS.docx
 
Business continuity in general
Business continuity in generalBusiness continuity in general
Business continuity in general
 
Irs intro unit 2 irs overview usfs ip (1)
Irs intro unit 2 irs overview usfs ip (1)Irs intro unit 2 irs overview usfs ip (1)
Irs intro unit 2 irs overview usfs ip (1)
 
Practical Guide to Managing Incidents Using LLM's and NLP.pdf
Practical Guide to Managing Incidents Using LLM's and NLP.pdfPractical Guide to Managing Incidents Using LLM's and NLP.pdf
Practical Guide to Managing Incidents Using LLM's and NLP.pdf
 

More from Hassanein Alwan

ARABIC TEXT MINING AND ROUGH SET THEORY FOR DECISION SUPPORT SYSTEM.
ARABIC TEXT MINING AND ROUGH SET THEORY FOR DECISION SUPPORT SYSTEM.ARABIC TEXT MINING AND ROUGH SET THEORY FOR DECISION SUPPORT SYSTEM.
ARABIC TEXT MINING AND ROUGH SET THEORY FOR DECISION SUPPORT SYSTEM.Hassanein Alwan
 
Community Engagement
Community EngagementCommunity Engagement
Community EngagementHassanein Alwan
 
Project Organizations
Project Organizations Project Organizations
Project Organizations Hassanein Alwan
 

More from Hassanein Alwan (9)

Feasibility study
Feasibility studyFeasibility study
Feasibility study
 
ARABIC TEXT MINING AND ROUGH SET THEORY FOR DECISION SUPPORT SYSTEM.
ARABIC TEXT MINING AND ROUGH SET THEORY FOR DECISION SUPPORT SYSTEM.ARABIC TEXT MINING AND ROUGH SET THEORY FOR DECISION SUPPORT SYSTEM.
ARABIC TEXT MINING AND ROUGH SET THEORY FOR DECISION SUPPORT SYSTEM.
 
Community Engagement
Community EngagementCommunity Engagement
Community Engagement
 
Data Management
Data ManagementData Management
Data Management
 
video comparison
video comparison video comparison
video comparison
 
Data link layer
Data link layerData link layer
Data link layer
 
data replication
data replicationdata replication
data replication
 
deep learning
deep learningdeep learning
deep learning
 
Project Organizations
Project Organizations Project Organizations
Project Organizations
 

Recently uploaded

Meghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentMeghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentInMediaRes1
 
MARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupMARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupJonathanParaisoCruz
 
ESSENTIAL of (CS/IT/IS) class 06 (database)
ESSENTIAL of (CS/IT/IS) class 06 (database)ESSENTIAL of (CS/IT/IS) class 06 (database)
ESSENTIAL of (CS/IT/IS) class 06 (database)Dr. Mazin Mohamed alkathiri
 
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfUjwalaBharambe
 
Types of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxTypes of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxEyham Joco
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersSabitha Banu
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
18-04-UA_REPORT_MEDIALITERAĐĄY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAĐĄY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAĐĄY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAĐĄY_INDEX-DM_23-1-final-eng.pdfssuser54595a
 
Hierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementHierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementmkooblal
 
Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfPharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfMahmoud M. Sallam
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17Celine George
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersSabitha Banu
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Celine George
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTiammrhaywood
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 

Recently uploaded (20)

Meghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentMeghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media Component
 
MARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupMARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized Group
 
ESSENTIAL of (CS/IT/IS) class 06 (database)
ESSENTIAL of (CS/IT/IS) class 06 (database)ESSENTIAL of (CS/IT/IS) class 06 (database)
ESSENTIAL of (CS/IT/IS) class 06 (database)
 
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
 
Types of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxTypes of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptx
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginners
 
9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
18-04-UA_REPORT_MEDIALITERAĐĄY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAĐĄY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAĐĄY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAĐĄY_INDEX-DM_23-1-final-eng.pdf
 
Hierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementHierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of management
 
Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfPharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdf
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media Component
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for Beginners
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 

Planning for contingencies

  • 1. 1 Information Technology Security Planning for Contingencies Prepared by Hassanein Alwan Malik 2017 University Of Technology Iraq Master of Science
  • 2. 2 Chapter Overview The third chapter of the book will articulate the need for contingency planning and explore the major components of contingency planning. In this chapter, the reader will learn how to create a simple set of contingency plans using business impactanalysis and prepare and execute a test of contingency plans. Chapter Objectives When you complete this chapter, you will be able to: ī‚ˇ Understand the need for contingency planning ī‚ˇ Know the major components of contingency planning ī‚ˇ Create a simple set of contingency plans, using business impact analysis ī‚ˇ Prepare and execute a test of contingency plans ī‚ˇ Understand the unified contingency plan approach Introduction This chapter focuses on planning for the unexpected event, when the use of technology is disrupted and business operations come close to a standstill. “Procedures are required that will permit the organization to continue essential functions if information technology supportis interrupted.” On average, over 40% of businesses that don'thave a disaster plan go out of business after a major loss. What Is Contingency Planning? The overall planning for unexpected events is called contingency planning (CP). CP is the process bywhich organizational planners position their organizations to prepare for, detect, react to, and recover from events that threaten the security of information resources and assets, both human and artificial. The main goal of CP is the restoration to normal modes of operation with minimum costand disruption to normal business activities after an unexpected event.
  • 3. 3 CP Components Incident responseplan (IRP) focuses on immediate responseto an incident. Disaster recovery plan (DRP) focuses on restoring operations at the primary site after disasters occur. Business continuity plan (BCP) facilitates establishment of operations at an alternate site, until the organization is able to either resume operations back at their primary site or select a new primary location. To ensure continuity across all of the CP processes during the planning process, contingency planners should: ī‚ˇ Identify the mission- or business-critical functions. ī‚ˇ Identify the resources that supportthe critical functions. ī‚ˇ Anticipate potential contingencies or disasters. ī‚ˇ Select contingency planning strategies. ī‚ˇ Implement selected strategy. ī‚ˇ Test and revise contingency plans. Four teams of individuals are involved in contingency planning and contingency operations (CP consists of four major components): 1. Business impact analysis (BIA) / The CP team 2. The incident response(IR plan) / team. 3. The disaster recovery (DR plan) / team 4. The business continuity plan (BC plan) / team
  • 4. 4 Components of Contingency Planning 2. Incident Response The incident responseplan (IRP) is a detailed set of processes and procedures that anticipate, detect, and mitigate the impact of an unexpected event that might compromise information resources and assets. The CP team creates three scenario of incident-handling IR procedures: During the incident First, planners develop and document the procedures that must be performed during the incident. These procedures are grouped and assigned to individuals. After the incident Once the procedures for handling an incident are drafted, planners develop and document the procedures that must be performed immediately after the incident has ceased. Separate functional areas may develop different procedures. Before the incident Finally, the planners draft a third set of procedures, thosetasks that must be performed to prepare for the incident. These procedures include the details of the data backup schedules, disaster recovery preparation, training schedules, testing plans, copies of service agreements, and business continuity plans.
  • 5. 5 Figure 2-1 Example of IRP incident-handling procedures 2.1 DetectionIncident The challenge for every IR team is determining whether an event is the productof routine systems use or an actual incident. Incident classification is the process ofexamining a possible incident, or incident candidate, and determining whether or not it constitutes an actual incident.
  • 6. 6 There are three categories of incident indicators: possible, probable, and definite.. 2.1.1 Possible indicators: ī‚ˇ Presence of unfamiliar files. ī‚ˇ Presence or execution of unknown programs or processes. ī‚ˇ Unusual consumption of computing resources. ī‚ˇ Unusual system crashes. 2.1.2 Probable indicators: ī‚ˇ Activities at unexpected times. ī‚ˇ Presence of new accounts. ī‚ˇ Reported attacks. ī‚ˇ Notification from IDS. 2.1.3 Definite indicators: ī‚ˇ Use of dormant accounts. ī‚ˇ Changes to logs. ī‚ˇ Presence of hacker tools. ī‚ˇ Notifications by partner or peer. ī‚ˇ Notification by hacker. 2.2 Incident Response Once an actual incident has been confirmed and properly classified, the IR team moves from the detection phase to the reaction phase. In the incident responsephase, a number of action steps taken by the IR team and others must occurquickly and may occurconcurrently.
  • 7. 7 2.2.1 Notification of Key Personnel As soonas the IR team determines that an incident is in progress, the right people must be immediately notified in the right order. There are two ways to activate an alert roster: ī‚ˇ Sequentially ī‚ˇ Hierarchically 2.2.2 Documenting an Incident As soonas an incident has been confirmed and the notification process is underway, the team should begin to document it. The documentation should record the who, what, when, where, why and how of each action taken while the incident is occurring. 2.2.3 Incident Containment Strategies One of the most critical components of IR is to stop the incident or contain its scopeor impact. containment strategies include the following: īƒŧ Disabling compromised user accounts īƒŧ Reconfiguring a firewall to block the problem traffic īƒŧ Temporarily disabling the compromised process orservice īƒŧ Taking down the conduit application or server—for example, the e-mail server īƒŧ Stopping all computers and network devices 2.2.4 Incident Escalation At some point in time the incident may increase in scopeorseverity to the point that the IRP cannot adequately handle the event. Each organization will have to determine, during the business impact analysis, the point at which the incident becomes a disaster. The organization must also document when to involve outside response.
  • 8. 8 2.3 Incident Recovery Once the incident has been contained, and system control regained, incident recovery can begin. The IR team must assess the full extent of the damage in order to determine what must be done to restore the systems. Once the extent of the damage of IR has been determined, the recovery process begins: ī‚ˇ Identify the Weaknesses that allowed the incident to occurand spread. Resolve them. ī‚ˇ Evaluate monitoring capabilities (if present). ī‚ˇ Restore the data from backups. ī‚ˇ Restore the services and processesin use. ī‚ˇ Continuously monitor the system. ī‚ˇ Restore the confidence of the members of the organization’s communities of interest. 2.4 Law EnforcementInvolvement When an incident violates civil or criminal law, it is the organization’s responsibility to notify the proper authorities. Selecting the appropriate law enforcement agency depends on the type of crime committed. ī‚ˇ Federal ī‚ˇ State ī‚ˇ Local
  • 9. 9 3. Disaster Recovery Disaster recovery planning (DRP) is the preparation for and recovery from a disaster, whether natural or man-made. In general, an incident is a disaster when: 1) The organization is unable to contain or control the impact of an incident. 2) The level of damage or destruction from an incident is so severe the organization is unable to quickly recover. Figure 3-1 Incident response and disaster recovery
  • 10. 10 The key role of a DRP is defining how to reestablish operations at the location where the organization is usually located. 3.1 DisasterClassifications A DRP can classify disasters in a number of ways. The most common method is to separate natural disasters, from man-made disasters. Another way of classifying disasters is by speed of development. ī‚ˇ Rapid onset disasters ī‚ˇ Slow onset disasters 3.2 Planning for Recover To plan for disaster, the CP team engages in scenario development and impact analysis, and thus categorizes the level of threat each potential disaster poses. When generating a disaster recovery scenario, start first with the most important asset – people. Do you have the human resources with the appropriate organizational knowledge to restore business operations? The key points the CP team must build into the DRP include: ī‚ˇ Clear delegation of roles and responsibilities. ī‚ˇ Execution of the alert roster and notification of key personnel. ī‚ˇ Clear establishment of priorities. ī‚ˇ Documentation of the disaster. ī‚ˇ Action steps to relief the impact of the disaster on the operations of the organization.
  • 11. 11 3.3 Responding to the Disaster When a disaster strikes and the DRP is activated, actual events can at times outstrip even the best of plans. To be prepared, the CP team should incorporate a degree of flexibility into the DRP. 4. Business Continuity Planning Business continuity planning ensures that critical business functions can continue if a disaster occurs. The BCP is activated and executed concurrently with the DRP when the disaster is major or long term and requires fuller and complex restoration of information and information resources. While the BCP reestablishes critical business functions at an alternate site, the DRP team focuses on the reestablishment of the technical infrastructure and business operations at the primary site. 4.1 Continuity Strategies A CP team can choosefrom several continuity strategies in its planning for business continuity. The determining factor is usually cost. In general there are three exclusive-use options: ī‚ˇ hot sites, ī‚ˇ warm sites, ī‚ˇ cold sites,
  • 12. 12 Figure 4-1 Disaster recovery and business continuity planning Figure 4-2 Contingency planning implementation timeline