SlideShare a Scribd company logo

BCS 307 Lecture 6.pdf

J
John119649

This document discusses emergency response and disaster recovery. It begins with an overview of emergency management and response plans. It emphasizes the importance of keeping emergency plans simple. It then discusses establishing clear roles and responsibilities through an Emergency Response Team and Crisis Management Team. The remainder of the document provides details on various aspects of emergency response, including checklists for activation, recovery, and IT tasks. It also covers disaster recovery, computer incident response, and crisis communications. The overall message is the importance of planning, coordination, and clearly defined roles for responding to and recovering from emergency situations.

Business
1 of 22
Download to read offline
BCS 307 - BUSINESS CONTINUITY PLANNING JOHN AMBELE MWAIPOPO INFORMATION SCIENCE DEPARTMENT JORDAN UNIVERSITY COLLEGE
Emergency Response and Recovery Layout of this Lecture Emergency management overview Emergency response plans Crisis management Disaster recovery IT recovery Business continuity
Basic rule about planning for emergencies is this: keep it simple. The more complicated your emergency response plans are the less likely they will be effective in a real emergency. It’s sometimes easy to over engineer a plan in the relative calm of everyday business activities. When an emergency strikes, people are not likely to remember a lot of rules, procedures, and details. Creating your emergency response and disaster recovery (DR) activities, you should strive to keep things really simple. Once the emergency has subsided, you can use more complex plans to begin restoring business operations. Emergency Response and Recovery
 Regardless of how your company is organized, managed, and run, your emergency management process should follow a very simple rule: assign clear roles.  If no one knows who’s in charge or who has the authority to make decisions, nothing gets done.  If everyone believes they have the authority to make decisions, chaos will reign. Emergency Response Plans  The emergency response is the immediate response to the incident.  May be outside of IT immediate responsibilities as a professional, but it’s important for you to understand how companies respond to emergencies so you can coordinate your BC/DR activities.  It’s important you understand team roles and responsibilities, as well as timing and sequence of emergency response activities so you can activate your IT BC/DR tasks in an appropriate and helpful manner.  If fire breaks out, the emergency response is evacuating the building and calling the fire department while perhaps having trained employees use fire extinguishers to try to control the blaze.  Develop an emergency response plan that meets the needs of your company. Emergency Management Overview
 The basic set of emergency response tasks are these:  Protect personnel  Contain incident  Implement command and control (ERT, Crisis Management Team (CMT) step in)  Emergency response and triage (medical, evacuation, search, and rescue)  Assess impact and effect  Notification  Next steps  The response procedures, in order of importance, are: (1) protection of people, (2) containment of the emergency, and (3) assessment of the situation. These should be your priorities.  Each plan should include:  Roles and responsibilities: who’s on the team and what they should do in an emergency.  Tools and equipment; for those emergency roles should be identified (fire extinguishers, first-aid kits, hard hats etc.).  Resources should be acquired or identified.  Actions and procedures should be developed. Emergency Management Overview
 Company should have an ERT with defined roles and responsibilities for team members.  Each person should clearly know the bounds of their authority and to whom they should turn for help or for escalation of issues. Emergency Response Teams  ERT leader is responsible for activating and coordinating the emergency response and for notifying civil authorities such as the police or fire department, contacting hospitals or paramedics, and so on.  The ERT leader should also be a member of the CMT and should coordinate closely with the CMT to ensure that the appropriate level of BC/DR activation occurs in a timely manner.  Emergency response and DR activities can occur in parallel.  Only trained members of the ERT can address the actual emergency, which may include medical staff, evacuation or shelter-in-place leaders, search and rescue staff, and the CMT manager and/or a corporate executive contact.  CMT members assess damage, evaluate options, and implement the BC/DR plan as soon as possible.
 ERT is responsible for ensuring that the proper communication equipment is available prior to an event.  ERT members should receive training on the aspects of the job they’ll be expected to perform in an emergency.  Emergency response training may include:  Relocation and evacuation safety and techniques  Firefighting equipment, safety, and techniques  Search and rescue safety and techniques  Hazardous material handling  Chemical spills or leaks (liquid, airborne, etc.)  CPR, first aid, and emergency medical skills  Water safety, water rescue  Cold weather survival  Emergency shutoff/shutdown procedures  Damage assessment and control  Type of training required depends a company, the nature of its business and its geographical location. Emergency Response Teams
 Declaring an emergency, disaster, or crisis event that must be managed, begin implementing BC/DR plan.  CMT responsible for making the high-level decisions; for coordinating efforts of internal and external staff, vendors, and contractors; and for determining the most appropriate responses to situations as they occur. Emergency response and disaster recovery  CMT oversees ERT and the DR team(s).  Once an emergency occurs, the ERT leader should take charge of managing the emergency itself.  ERT should be quickly released back to emergency duties while someone from the CMT documents the information provided by the ERT.  CMT coordinates activities related to initiating the DR efforts.  Once the ERT leader has notified the CMT that the actual emergency has ceased and that DR can begin, the CMT takes over coordinating all activities.  Once the DR efforts conclude and business continuity efforts begin, the CMT winds down and operations may resume through normal management channels.  This is a decision each company must make based on its unique structure, but in general, the CMT leader should manage the situation until it makes sense to hand over control to the operations team. Crisis Management Team
Alternate facilities review and management  CMT is responsible for overseeing the activities related to DR and business continuity at alternate sites.  CMT review activities for activating alternate site and have final authority on decisions needed related to alternate site, such as bringing additional services, equipment, or vendors if original arrangements do not meet current needs.  CMT are responsible for resolving problems, issues that arise and are the final decision makers for escalated issues. Crisis communications  Covers a lot of territory and involve numerous teams working in a coordinated fashion.  Messages communicated from the ERT and DR team(s) should originate from or be approved by the CMT.  Avoid having multiple sources of communications going out since it can cause confusion, error, frustration, and worse.  ERT and DR team(s) to communicate directly with the CMT and allow the CMT to act as the single spokesperson for all communication about the crisis to executives, other company departments, and outside entities.  This ensures that the message is correct and consistent.  Crisis Communication Plan should adhere to three simple rules for effective crisis communication: 1. Always tell the truth. 2. Appoint a spokesperson to be the face and voice of the company with the media. 3. Provide information that addresses who, when, what, where, why, and how. Crisis Management Team
Human resources  HRs representative should be included on the CMT so that they can specifically address the needs of employees and maintain a communication channel with employees through preplanned methods.  Should track employees who may be injured from the event or not available for work due to leave of absence, vacations, and so on.  Should provide support for injured employees and their families, including facilitating access to emergency or ongoing medical or psychological services.  Assist employees with financial, legal, and insurance issues related to the injury or death of an employee or family member.  Prepare and update an employee head count to determine who is available for recovery operations and who may be available later for business continuity activities.  If temporary staff or contractors are needed, they can help select, manage, oversee, and monitor temporary staff as well as manage timecards and other payments for such staff.  Determine the status of payroll and ensure employees get paid in a timely manner.  Pro-actively addressing these concerns will also reduce the number of calls, e-mails, and contacts related to questions about payroll, freeing up time to address other HR-related concerns. Crisis Management Team
Legal  Depending on the nature of the disaster or disruption, you may need to have the CMT contact legal counsel.  Firm’s lawyers review or approve emergency contracts; review language in agreements with vendors, suppliers, or contractors; review documents related to injury, death, or property damage; or address regulatory issues.  Soon as CMT is activated, it should contact legal counsel and notify them of the event so they can provide appropriate information, feedback, and guidance throughout the remainder of the event and during its aftermath. Insurance  Insurance is a risk transference method and one used by many, if not all, businesses today.  Firm is required to hold certain types of insurance.  BC/DR plan should have contact information for insurance company representatives, and they should be notified upon activation of the CMT.  CMT may also perform an initial damage assessment and document it for the insurance company.  This include taking photographs or video images as well as making detailed notes.  Members of the CMT team should gather documents related to insurance claims and submit loss estimates to the insurance company.  CMT review insurance documents to determine exclusions, limitations (financial, time, location, cause, etc.), or maximums on various policies.  Issues with insurance should be escalated to management and/or legal counsel for review and resolution. Crisis Management Team
Finance  CMT should have representatives from the financial department to assess the status of the company.  They assess the cash availability of the company, the viability (or advisability) of processing employee payroll early, or to provide advances to employees.  Financial representatives assess status of the accounts payable and receivable to ensure bills and invoices are issued in a relatively timely manner and that revenue and payments are received in a timely manner as well.  A process for managing, tracking, and monitoring expenditures during the disaster or disruption should be implemented and managed by the financial representative (s) on the CMT.  Estimates for repairs and other expenditures should be submitted to this team for review and approval.  Upon resumption of business operations, the financial team should assess the status of the company’s finances and report to executives or senior management. Crisis Management Team
Disaster Recovery  Activation and emergency response checklists  Develop a variety of checklists, which can be extremely useful in making quick decisions for moving forward.  Checklists can help remind you of critical steps to take, regardless of the situation.  Activation checklists delineate activities and triggers that take place prior to and during plan activation.  Remember, there may be some minor events that do not trigger the activation of the BC/DR plan.  Emergency response checklists can be referenced in the immediate aftermath of a disaster affecting (or likely to affect) human safety. Recovery checklists  Specific steps to be taken should be defined in your BC/DR plan.  Note that these initial recovery checklists typically precede any actual IT recovery tasks.  Pay special attention to any information you may need to complete tasks successfully since access to this information may not be available until after IT recovery has commenced.  IT recovery commence till physical, safety personnel, travel, financial, and other areas are addressed first.
IT recovery tasks  Tasks needed recovering IT systems are familiar to you, but they should be delineated within your BC/DR plan.  Sub-team should have a set of guidelines and procedures for how and when they will perform their work.  Note dependencies within the checklist so that teams don’t work at cross-purposes.  Add items to the checklist as checkpoints for these purposes, much like milestones are used in project plans.  Restoration of network and systems infrastructure must be complete before any of the other IT recovery checklists can be completed.  After recovery of network infrastructure, end-user connectivity and other dependent network services are complete, it is often confusing to know in what order to restore applications.  It maybe impossible to bring all critical systems back online simultaneously within the allowable recovery time objective (RTO).  Identify and prioritizing application restore order based on changing circumstances on the ground.  CMT and DR teams communicate regularly during recovery operations in order to provide up-to-date information on restoration activities and in order to change direction at a moment’s notice based on CMT guidance.  Application recovery document should be step-by-step procedures to fully restore and test the application and any associated databases, data sets or real-time interfaces. Disaster Recovery
Computer incident response  Recovering from disasters that cause damage to physical structures or loss of IT equipment, IT recovery also involves responding to, stopping, and repairing problems caused by system failures, security breaches, or intentional data corruption or destruction.  Depending on the nature or severity of the attack or incident, you may need to activate a computer incident response team (CIRT).  IT departments have some process in place for addressing and managing a computer incident.  An incident is defined as any activity outside normal operations, whether intentional or not; whether man-made or not.  Example, the theft in the middle of the night of a corporate server is an incident. A Web site hack or a network security breach is also an incident. A database corruption issue or a failed hard drive is also an incident.  From a CIRT and members of the team, have defined roles and responsibilities and be trained in their roles.  For example, if you have staff responsible for monitoring network security and they notice a potential breach through a particular port, they should also know how to shut down that port and have the network permissions that enable them to do so. If all they know how to do is monitor the log file or traffic, for example, and have no idea how to shut down a port or stop the problem, it could be hours before the problem is addressed. Disaster Recovery
CIRT responsibilities  For CIRT to be effective, duties must be well defined. There are five major areas of responsibility for the CIRT team. These are:  Monitor  Alert and mobilize  Assess and stabilize  Resolve  Review  Monitor. Every network must be monitored for a variety of events. Failure events indicate a problem has occurred such as a hardware failure or the failure of a particular software service to start or stop appropriately. Other events are tracked in log files for later review or auditing. These might include failed login attempts or notification of a change to security settings.  Other incidents may include unusual increases in certain types of network traffic or excessive attempts to login to secure areas of the network.  Whether the event stems from intentional or unintentional acts, the network needs to be monitored. Disaster Recovery
 CIRT should be involved helping to determine what should be monitored and assisting in monitoring the network. Not all events have significance and sometimes only through seeing recurring events that a pattern can be discerned.  Having experienced team members monitor the network will help reduce the lag time between an unwanted event and a response.  While a serious security breach might not cause you to activate all or part of your BC/DR plan.  The point is that your CIRT team should monitor the network activity and take appropriate action, regardless of the source of the problem.  Alert and mobilize. Once an unusual, unwanted, or suspicious event has occurred, the CIRT member should alert appropriate team members and mobilize for action.  This may involve shutting down servers, firewalls, e-mail, or other services, removing offending hosts from the network, or turning off network ports once the offending host is identified.  Alerting and mobilizing should have the effect of stopping or containing the immediate impact of the event while still being able to preserve, secure, and document any evidence or artifacts. Disaster Recovery
 Assess and stabilize. After the immediate threat has been halted, the CIRT team assesses the situation and attempts to stabilize it.  For example, if data have been stolen or databases have been corrupted, the nature and extent of the event must be assessed and steps must be taken to stabilize the situation.  In many cases, this phase takes the longest because determining exactly what happened can be challenging. If you have members of your team that have been trained in computer forensics, they would head up this segment of work. If you do not have members of your team trained in this area, you should decide whether it would be advisable to provide this training to staff or hire an outside computer forensics expert.  Outside consultants can be helpful in this case for the simple fact that they work in this arena day in and day out and are most likely more up to date and experienced in this area than staff that occasionally goes to training and rarely (if ever) puts that training to use.  The decision is yours based on the skills, expertise, and budget of your company. Having in-house expertise can be a good first step and you can always hire an outside expert on an as-needed basis.  Defined maximum tolerable downtime (MTD) and other recovery metrics. Disaster Recovery
 Resolve. After determining the nature and extent of the incident, CIRT can determine the best resolution and implement it.  Resolution may involve bringing an offending host up on an isolated network, taking disk-based snapshots of the offending system to preserve any digital evidence, eradicating the malware or virus, identifying and mitigating all vulnerabilities that were exploited, resetting passwords or removing rogue accounts, restoring from backups, updating operating systems or applications, modifying permissions, or changing settings on servers, firewalls, or routers.  In addition, additional monitoring should be implemented to look for future related activity.  Review. After event has been resolved, the CIRT should convene a meeting to determine how the incident occurred, what lessons were learned, and what could be done to avoid such a problem in the future.  Within the scope of a BC/DR plan, this might involve understanding how the recovery process worked, understanding how to improve risk mitigation for similar threats in the future, and what could be done differently in the future to decrease downtime, decrease impact, and improve time to resolution.  Other topics that should be discussed include any improvements to evidence gathering and handling, required incident reporting (internal and external), and any improvements which could have helped detect the vulnerability sooner. Disaster Recovery
Business Continuity  Business continuity begins when DR ends.  DR efforts include stopping the effect of the disaster and getting basic operations set up. For example, if your building was destroyed, DR would include salvaging anything from the building you could, activating an alternate work site, activating an alternate computing site and setting up and restoring network components, servers, and systems.  Now DR, from an IT perspective, is complete, business continuity kicks in.  These steps include managing business processes in work-around mode, if needed, and assessing the status of operations and beginning to normalize operations.  For example, it’s possible that some systems can be restored almost immediately, whereas other systems may take several days or a week to restore. The workarounds in place may allow some operations to resume but others to remain dormant. Backlogs in some areas are created, data gets out of sync, and the state of the business is perhaps more chaotic now.  Part of the challenge of the business continuity phase is determining what should be restored, what should be salvaged, and what should be replaced.  Repairing and replacing have their own sets of challenges and the options should be reviewed prior to making decisions to move forward.
Some of the factors to be considered include: Executive/administrative Business operations IT operations—infrastructure IT operations—end users Communications Facilities, security, and safety Business Continuity
BCS 307 Lecture 6.pdf

Recommended

Bcrm chapter2
Bcrm chapter2Bcrm chapter2
Bcrm chapter2Victor Bui
 
Crisis communication
Crisis communicationCrisis communication
Crisis communicationMahmoud Shaqria
 
Pre loss interactive
Pre loss interactivePre loss interactive
Pre loss interactiveservicemastervero
 
How to Prepare for Crisis
How to Prepare for CrisisHow to Prepare for Crisis
How to Prepare for CrisisMuhammad Rawaha Saleem
 
Coordinating Security Response and Crisis Management Planning
Coordinating Security Response and Crisis Management PlanningCoordinating Security Response and Crisis Management Planning
Coordinating Security Response and Crisis Management PlanningCognizant
 
Crisis Management Team Framework
Crisis Management Team FrameworkCrisis Management Team Framework
Crisis Management Team FrameworkMelissa Holsberg
 
1Running head DISASTER RECOVERY PLAN2DISASTER RECOVERY PLAN.docx
1Running head DISASTER RECOVERY PLAN2DISASTER RECOVERY PLAN.docx1Running head DISASTER RECOVERY PLAN2DISASTER RECOVERY PLAN.docx
1Running head DISASTER RECOVERY PLAN2DISASTER RECOVERY PLAN.docxfelicidaddinwoodie
 
Cd and-power-disaster-recovery-plan
Cd and-power-disaster-recovery-planCd and-power-disaster-recovery-plan
Cd and-power-disaster-recovery-plangotpowerinc
 

Recommended

Bcrm chapter2
Bcrm chapter2Bcrm chapter2
Bcrm chapter2Victor Bui
 
Crisis communication
Crisis communicationCrisis communication
Crisis communicationMahmoud Shaqria
 
Pre loss interactive
Pre loss interactivePre loss interactive
Pre loss interactiveservicemastervero
 
How to Prepare for Crisis
How to Prepare for CrisisHow to Prepare for Crisis
How to Prepare for CrisisMuhammad Rawaha Saleem
 
Coordinating Security Response and Crisis Management Planning
Coordinating Security Response and Crisis Management PlanningCoordinating Security Response and Crisis Management Planning
Coordinating Security Response and Crisis Management PlanningCognizant
 
Crisis Management Team Framework
Crisis Management Team FrameworkCrisis Management Team Framework
Crisis Management Team FrameworkMelissa Holsberg
 
1Running head DISASTER RECOVERY PLAN2DISASTER RECOVERY PLAN.docx
1Running head DISASTER RECOVERY PLAN2DISASTER RECOVERY PLAN.docx1Running head DISASTER RECOVERY PLAN2DISASTER RECOVERY PLAN.docx
1Running head DISASTER RECOVERY PLAN2DISASTER RECOVERY PLAN.docxfelicidaddinwoodie
 
Cd and-power-disaster-recovery-plan
Cd and-power-disaster-recovery-planCd and-power-disaster-recovery-plan
Cd and-power-disaster-recovery-plangotpowerinc
 
Session 4 - Crisis Management 2-8-2024 1213.pptx
Session 4 - Crisis Management 2-8-2024 1213.pptxSession 4 - Crisis Management 2-8-2024 1213.pptx
Session 4 - Crisis Management 2-8-2024 1213.pptxMohamedRashad398974
 
Managing Our Risky Business - Risk Management
Managing Our Risky Business - Risk ManagementManaging Our Risky Business - Risk Management
Managing Our Risky Business - Risk ManagementADvisors Marketing Group
 
Crisis management
Crisis managementCrisis management
Crisis managementRemas Mohamed
 
Crisis management and communications
Crisis management and communicationsCrisis management and communications
Crisis management and communicationsDaniel Galle
 
Planning for contingencies
Planning for contingenciesPlanning for contingencies
Planning for contingenciesHassanein Alwan
 
Crisis Management and Communications by W. Timothy Coombs, P.docx
Crisis Management and Communications by W. Timothy Coombs, P.docxCrisis Management and Communications by W. Timothy Coombs, P.docx
Crisis Management and Communications by W. Timothy Coombs, P.docxfaithxdunce63732
 
Interactive_Com_Pre_Loss_Brochure
Interactive_Com_Pre_Loss_BrochureInteractive_Com_Pre_Loss_Brochure
Interactive_Com_Pre_Loss_BrochureImad Achmar
 
Severe Weather Preparedness and Resiliency
Severe Weather Preparedness and ResiliencySevere Weather Preparedness and Resiliency
Severe Weather Preparedness and ResiliencyMissionMode
 
Disaster Plan Presentation
Disaster Plan PresentationDisaster Plan Presentation
Disaster Plan Presentationfloodcontrol
 
Business continuity in general
Business continuity in generalBusiness continuity in general
Business continuity in generalJohn Johari
 
Contingency Plan WAK BANKS ATM
Contingency Plan WAK BANKS ATMContingency Plan WAK BANKS ATM
Contingency Plan WAK BANKS ATMWajahat Ali Khan
 
Business risks
Business risksBusiness risks
Business risksRasa Paškevičiūtė
 
Idaho Mass Casualty Incident Response
Idaho Mass Casualty Incident ResponseIdaho Mass Casualty Incident Response
Idaho Mass Casualty Incident ResponseNick Nudell
 
Practical_Guide_for_Disaster_Avoidance
Practical_Guide_for_Disaster_AvoidancePractical_Guide_for_Disaster_Avoidance
Practical_Guide_for_Disaster_AvoidanceJoe Soroka
 
Emergency response planning
Emergency response planningEmergency response planning
Emergency response planningFire Protection Association of Pakistan
 
Crisis Management
Crisis ManagementCrisis Management
Crisis ManagementImpulsive Maya
 
Crisis management
Crisis managementCrisis management
Crisis managementAhmed EL-KOSAIRY
 
Campofrío Crisis Management Protocol
Campofrío Crisis Management ProtocolCampofrío Crisis Management Protocol
Campofrío Crisis Management ProtocolGabriel Shpilt
 
Crisis Management
Crisis ManagementCrisis Management
Crisis ManagementArshaful Hoque
 
Question 6 lesson 2 asses 9 ca
Question 6 lesson 2 asses 9 caQuestion 6 lesson 2 asses 9 ca
Question 6 lesson 2 asses 9 caBluecare
 
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With RoomVIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Roomdivyansh0kumar0
 
Progress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitProgress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitHolger Mueller
 

More Related Content

Similar to BCS 307 Lecture 6.pdf

Session 4 - Crisis Management 2-8-2024 1213.pptx
Session 4 - Crisis Management 2-8-2024 1213.pptxSession 4 - Crisis Management 2-8-2024 1213.pptx
Session 4 - Crisis Management 2-8-2024 1213.pptxMohamedRashad398974
 
Managing Our Risky Business - Risk Management
Managing Our Risky Business - Risk ManagementManaging Our Risky Business - Risk Management
Managing Our Risky Business - Risk ManagementADvisors Marketing Group
 
Crisis management and communications
Crisis management and communicationsCrisis management and communications
Crisis management and communicationsDaniel Galle
 
Planning for contingencies
Planning for contingenciesPlanning for contingencies
Planning for contingenciesHassanein Alwan
 
Crisis Management and Communications by W. Timothy Coombs, P.docx
Crisis Management and Communications by W. Timothy Coombs, P.docxCrisis Management and Communications by W. Timothy Coombs, P.docx
Crisis Management and Communications by W. Timothy Coombs, P.docxfaithxdunce63732
 
Interactive_Com_Pre_Loss_Brochure
Interactive_Com_Pre_Loss_BrochureInteractive_Com_Pre_Loss_Brochure
Interactive_Com_Pre_Loss_BrochureImad Achmar
 
Severe Weather Preparedness and Resiliency
Severe Weather Preparedness and ResiliencySevere Weather Preparedness and Resiliency
Severe Weather Preparedness and ResiliencyMissionMode
 
Disaster Plan Presentation
Disaster Plan PresentationDisaster Plan Presentation
Disaster Plan Presentationfloodcontrol
 
Business continuity in general
Business continuity in generalBusiness continuity in general
Business continuity in generalJohn Johari
 
Contingency Plan WAK BANKS ATM
Contingency Plan WAK BANKS ATMContingency Plan WAK BANKS ATM
Contingency Plan WAK BANKS ATMWajahat Ali Khan
 
Idaho Mass Casualty Incident Response
Idaho Mass Casualty Incident ResponseIdaho Mass Casualty Incident Response
Idaho Mass Casualty Incident ResponseNick Nudell
 
Practical_Guide_for_Disaster_Avoidance
Practical_Guide_for_Disaster_AvoidancePractical_Guide_for_Disaster_Avoidance
Practical_Guide_for_Disaster_AvoidanceJoe Soroka
 
Campofrío Crisis Management Protocol
Campofrío Crisis Management ProtocolCampofrío Crisis Management Protocol
Campofrío Crisis Management ProtocolGabriel Shpilt
 
Question 6 lesson 2 asses 9 ca
Question 6 lesson 2 asses 9 caQuestion 6 lesson 2 asses 9 ca
Question 6 lesson 2 asses 9 caBluecare
 

Similar to BCS 307 Lecture 6.pdf (20)

Session 4 - Crisis Management 2-8-2024 1213.pptx
Session 4 - Crisis Management 2-8-2024 1213.pptxSession 4 - Crisis Management 2-8-2024 1213.pptx
Session 4 - Crisis Management 2-8-2024 1213.pptx
 
Managing Our Risky Business - Risk Management
Managing Our Risky Business - Risk ManagementManaging Our Risky Business - Risk Management
Managing Our Risky Business - Risk Management
 
Crisis management
Crisis managementCrisis management
Crisis management
 
Crisis management and communications
Crisis management and communicationsCrisis management and communications
Crisis management and communications
 
Planning for contingencies
Planning for contingenciesPlanning for contingencies
Planning for contingencies
 
Crisis Management and Communications by W. Timothy Coombs, P.docx
Crisis Management and Communications by W. Timothy Coombs, P.docxCrisis Management and Communications by W. Timothy Coombs, P.docx
Crisis Management and Communications by W. Timothy Coombs, P.docx
 
Interactive_Com_Pre_Loss_Brochure
Interactive_Com_Pre_Loss_BrochureInteractive_Com_Pre_Loss_Brochure
Interactive_Com_Pre_Loss_Brochure
 
Severe Weather Preparedness and Resiliency
Severe Weather Preparedness and ResiliencySevere Weather Preparedness and Resiliency
Severe Weather Preparedness and Resiliency
 
Disaster Plan Presentation
Disaster Plan PresentationDisaster Plan Presentation
Disaster Plan Presentation
 
Business continuity in general
Business continuity in generalBusiness continuity in general
Business continuity in general
 
Contingency Plan WAK BANKS ATM
Contingency Plan WAK BANKS ATMContingency Plan WAK BANKS ATM
Contingency Plan WAK BANKS ATM
 
Business risks
Business risksBusiness risks
Business risks
 
Idaho Mass Casualty Incident Response
Idaho Mass Casualty Incident ResponseIdaho Mass Casualty Incident Response
Idaho Mass Casualty Incident Response
 
Practical_Guide_for_Disaster_Avoidance
Practical_Guide_for_Disaster_AvoidancePractical_Guide_for_Disaster_Avoidance
Practical_Guide_for_Disaster_Avoidance
 
Emergency response planning
Emergency response planningEmergency response planning
Emergency response planning
 
Crisis Management
Crisis ManagementCrisis Management
Crisis Management
 
Crisis management
Crisis managementCrisis management
Crisis management
 
Campofrío Crisis Management Protocol
Campofrío Crisis Management ProtocolCampofrío Crisis Management Protocol
Campofrío Crisis Management Protocol
 
Crisis Management
Crisis ManagementCrisis Management
Crisis Management
 
Question 6 lesson 2 asses 9 ca
Question 6 lesson 2 asses 9 caQuestion 6 lesson 2 asses 9 ca
Question 6 lesson 2 asses 9 ca
 

Recently uploaded

VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With RoomVIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Roomdivyansh0kumar0
 
Progress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitProgress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitHolger Mueller
 
Vip Female Escorts Noida 9711199171 Greater Noida Escorts Service
Vip Female Escorts Noida 9711199171 Greater Noida Escorts ServiceVip Female Escorts Noida 9711199171 Greater Noida Escorts Service
Vip Female Escorts Noida 9711199171 Greater Noida Escorts Serviceankitnayak356677
 
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...lizamodels9
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableDipal Arora
 
Tech Startup Growth Hacking 101 - Basics on Growth Marketing
Tech Startup Growth Hacking 101 - Basics on Growth MarketingTech Startup Growth Hacking 101 - Basics on Growth Marketing
Tech Startup Growth Hacking 101 - Basics on Growth MarketingShawn Pang
 
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Dave Litwiller
 
Grateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfGrateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfPaul Menig
 
rishikeshgirls.in- Rishikesh call girl.pdf
rishikeshgirls.in- Rishikesh call girl.pdfrishikeshgirls.in- Rishikesh call girl.pdf
rishikeshgirls.in- Rishikesh call girl.pdfmuskan1121w
 
7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...Paul Menig
 
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...lizamodels9
 
M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.Aaiza Hassan
 
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,noida100girls
 
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...lizamodels9
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANIlamathiKannappan
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Serviceritikaroy0888
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communicationskarancommunications
 
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,noida100girls
 

Recently uploaded (20)

VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With RoomVIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
 
Progress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitProgress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst Summit
 
Vip Female Escorts Noida 9711199171 Greater Noida Escorts Service
Vip Female Escorts Noida 9711199171 Greater Noida Escorts ServiceVip Female Escorts Noida 9711199171 Greater Noida Escorts Service
Vip Female Escorts Noida 9711199171 Greater Noida Escorts Service
 
Forklift Operations: Safety through Cartoons
Forklift Operations: Safety through CartoonsForklift Operations: Safety through Cartoons
Forklift Operations: Safety through Cartoons
 
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
 
Tech Startup Growth Hacking 101 - Basics on Growth Marketing
Tech Startup Growth Hacking 101 - Basics on Growth MarketingTech Startup Growth Hacking 101 - Basics on Growth Marketing
Tech Startup Growth Hacking 101 - Basics on Growth Marketing
 
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
 
Best Practices for Implementing an External Recruiting Partnership
Best Practices for Implementing an External Recruiting PartnershipBest Practices for Implementing an External Recruiting Partnership
Best Practices for Implementing an External Recruiting Partnership
 
Grateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfGrateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdf
 
rishikeshgirls.in- Rishikesh call girl.pdf
rishikeshgirls.in- Rishikesh call girl.pdfrishikeshgirls.in- Rishikesh call girl.pdf
rishikeshgirls.in- Rishikesh call girl.pdf
 
7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...
 
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
 
M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.
 
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
 
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMAN
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Service
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communications
 
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
 

BCS 307 Lecture 6.pdf

  • 1. BCS 307 - BUSINESS CONTINUITY PLANNING JOHN AMBELE MWAIPOPO INFORMATION SCIENCE DEPARTMENT JORDAN UNIVERSITY COLLEGE
  • 2. Emergency Response and Recovery Layout of this Lecture Emergency management overview Emergency response plans Crisis management Disaster recovery IT recovery Business continuity
  • 3. Basic rule about planning for emergencies is this: keep it simple. The more complicated your emergency response plans are the less likely they will be effective in a real emergency. It’s sometimes easy to over engineer a plan in the relative calm of everyday business activities. When an emergency strikes, people are not likely to remember a lot of rules, procedures, and details. Creating your emergency response and disaster recovery (DR) activities, you should strive to keep things really simple. Once the emergency has subsided, you can use more complex plans to begin restoring business operations. Emergency Response and Recovery
  • 4.  Regardless of how your company is organized, managed, and run, your emergency management process should follow a very simple rule: assign clear roles.  If no one knows who’s in charge or who has the authority to make decisions, nothing gets done.  If everyone believes they have the authority to make decisions, chaos will reign. Emergency Response Plans  The emergency response is the immediate response to the incident.  May be outside of IT immediate responsibilities as a professional, but it’s important for you to understand how companies respond to emergencies so you can coordinate your BC/DR activities.  It’s important you understand team roles and responsibilities, as well as timing and sequence of emergency response activities so you can activate your IT BC/DR tasks in an appropriate and helpful manner.  If fire breaks out, the emergency response is evacuating the building and calling the fire department while perhaps having trained employees use fire extinguishers to try to control the blaze.  Develop an emergency response plan that meets the needs of your company. Emergency Management Overview
  • 5.  The basic set of emergency response tasks are these:  Protect personnel  Contain incident  Implement command and control (ERT, Crisis Management Team (CMT) step in)  Emergency response and triage (medical, evacuation, search, and rescue)  Assess impact and effect  Notification  Next steps  The response procedures, in order of importance, are: (1) protection of people, (2) containment of the emergency, and (3) assessment of the situation. These should be your priorities.  Each plan should include:  Roles and responsibilities: who’s on the team and what they should do in an emergency.  Tools and equipment; for those emergency roles should be identified (fire extinguishers, first-aid kits, hard hats etc.).  Resources should be acquired or identified.  Actions and procedures should be developed. Emergency Management Overview
  • 6.  Company should have an ERT with defined roles and responsibilities for team members.  Each person should clearly know the bounds of their authority and to whom they should turn for help or for escalation of issues. Emergency Response Teams  ERT leader is responsible for activating and coordinating the emergency response and for notifying civil authorities such as the police or fire department, contacting hospitals or paramedics, and so on.  The ERT leader should also be a member of the CMT and should coordinate closely with the CMT to ensure that the appropriate level of BC/DR activation occurs in a timely manner.  Emergency response and DR activities can occur in parallel.  Only trained members of the ERT can address the actual emergency, which may include medical staff, evacuation or shelter-in-place leaders, search and rescue staff, and the CMT manager and/or a corporate executive contact.  CMT members assess damage, evaluate options, and implement the BC/DR plan as soon as possible.
  • 7.  ERT is responsible for ensuring that the proper communication equipment is available prior to an event.  ERT members should receive training on the aspects of the job they’ll be expected to perform in an emergency.  Emergency response training may include:  Relocation and evacuation safety and techniques  Firefighting equipment, safety, and techniques  Search and rescue safety and techniques  Hazardous material handling  Chemical spills or leaks (liquid, airborne, etc.)  CPR, first aid, and emergency medical skills  Water safety, water rescue  Cold weather survival  Emergency shutoff/shutdown procedures  Damage assessment and control  Type of training required depends a company, the nature of its business and its geographical location. Emergency Response Teams
  • 8.  Declaring an emergency, disaster, or crisis event that must be managed, begin implementing BC/DR plan.  CMT responsible for making the high-level decisions; for coordinating efforts of internal and external staff, vendors, and contractors; and for determining the most appropriate responses to situations as they occur. Emergency response and disaster recovery  CMT oversees ERT and the DR team(s).  Once an emergency occurs, the ERT leader should take charge of managing the emergency itself.  ERT should be quickly released back to emergency duties while someone from the CMT documents the information provided by the ERT.  CMT coordinates activities related to initiating the DR efforts.  Once the ERT leader has notified the CMT that the actual emergency has ceased and that DR can begin, the CMT takes over coordinating all activities.  Once the DR efforts conclude and business continuity efforts begin, the CMT winds down and operations may resume through normal management channels.  This is a decision each company must make based on its unique structure, but in general, the CMT leader should manage the situation until it makes sense to hand over control to the operations team. Crisis Management Team
  • 9. Alternate facilities review and management  CMT is responsible for overseeing the activities related to DR and business continuity at alternate sites.  CMT review activities for activating alternate site and have final authority on decisions needed related to alternate site, such as bringing additional services, equipment, or vendors if original arrangements do not meet current needs.  CMT are responsible for resolving problems, issues that arise and are the final decision makers for escalated issues. Crisis communications  Covers a lot of territory and involve numerous teams working in a coordinated fashion.  Messages communicated from the ERT and DR team(s) should originate from or be approved by the CMT.  Avoid having multiple sources of communications going out since it can cause confusion, error, frustration, and worse.  ERT and DR team(s) to communicate directly with the CMT and allow the CMT to act as the single spokesperson for all communication about the crisis to executives, other company departments, and outside entities.  This ensures that the message is correct and consistent.  Crisis Communication Plan should adhere to three simple rules for effective crisis communication: 1. Always tell the truth. 2. Appoint a spokesperson to be the face and voice of the company with the media. 3. Provide information that addresses who, when, what, where, why, and how. Crisis Management Team
  • 10. Human resources  HRs representative should be included on the CMT so that they can specifically address the needs of employees and maintain a communication channel with employees through preplanned methods.  Should track employees who may be injured from the event or not available for work due to leave of absence, vacations, and so on.  Should provide support for injured employees and their families, including facilitating access to emergency or ongoing medical or psychological services.  Assist employees with financial, legal, and insurance issues related to the injury or death of an employee or family member.  Prepare and update an employee head count to determine who is available for recovery operations and who may be available later for business continuity activities.  If temporary staff or contractors are needed, they can help select, manage, oversee, and monitor temporary staff as well as manage timecards and other payments for such staff.  Determine the status of payroll and ensure employees get paid in a timely manner.  Pro-actively addressing these concerns will also reduce the number of calls, e-mails, and contacts related to questions about payroll, freeing up time to address other HR-related concerns. Crisis Management Team
  • 11. Legal  Depending on the nature of the disaster or disruption, you may need to have the CMT contact legal counsel.  Firm’s lawyers review or approve emergency contracts; review language in agreements with vendors, suppliers, or contractors; review documents related to injury, death, or property damage; or address regulatory issues.  Soon as CMT is activated, it should contact legal counsel and notify them of the event so they can provide appropriate information, feedback, and guidance throughout the remainder of the event and during its aftermath. Insurance  Insurance is a risk transference method and one used by many, if not all, businesses today.  Firm is required to hold certain types of insurance.  BC/DR plan should have contact information for insurance company representatives, and they should be notified upon activation of the CMT.  CMT may also perform an initial damage assessment and document it for the insurance company.  This include taking photographs or video images as well as making detailed notes.  Members of the CMT team should gather documents related to insurance claims and submit loss estimates to the insurance company.  CMT review insurance documents to determine exclusions, limitations (financial, time, location, cause, etc.), or maximums on various policies.  Issues with insurance should be escalated to management and/or legal counsel for review and resolution. Crisis Management Team
  • 12. Finance  CMT should have representatives from the financial department to assess the status of the company.  They assess the cash availability of the company, the viability (or advisability) of processing employee payroll early, or to provide advances to employees.  Financial representatives assess status of the accounts payable and receivable to ensure bills and invoices are issued in a relatively timely manner and that revenue and payments are received in a timely manner as well.  A process for managing, tracking, and monitoring expenditures during the disaster or disruption should be implemented and managed by the financial representative (s) on the CMT.  Estimates for repairs and other expenditures should be submitted to this team for review and approval.  Upon resumption of business operations, the financial team should assess the status of the company’s finances and report to executives or senior management. Crisis Management Team
  • 13. Disaster Recovery  Activation and emergency response checklists  Develop a variety of checklists, which can be extremely useful in making quick decisions for moving forward.  Checklists can help remind you of critical steps to take, regardless of the situation.  Activation checklists delineate activities and triggers that take place prior to and during plan activation.  Remember, there may be some minor events that do not trigger the activation of the BC/DR plan.  Emergency response checklists can be referenced in the immediate aftermath of a disaster affecting (or likely to affect) human safety. Recovery checklists  Specific steps to be taken should be defined in your BC/DR plan.  Note that these initial recovery checklists typically precede any actual IT recovery tasks.  Pay special attention to any information you may need to complete tasks successfully since access to this information may not be available until after IT recovery has commenced.  IT recovery commence till physical, safety personnel, travel, financial, and other areas are addressed first.
  • 14. IT recovery tasks  Tasks needed recovering IT systems are familiar to you, but they should be delineated within your BC/DR plan.  Sub-team should have a set of guidelines and procedures for how and when they will perform their work.  Note dependencies within the checklist so that teams don’t work at cross-purposes.  Add items to the checklist as checkpoints for these purposes, much like milestones are used in project plans.  Restoration of network and systems infrastructure must be complete before any of the other IT recovery checklists can be completed.  After recovery of network infrastructure, end-user connectivity and other dependent network services are complete, it is often confusing to know in what order to restore applications.  It maybe impossible to bring all critical systems back online simultaneously within the allowable recovery time objective (RTO).  Identify and prioritizing application restore order based on changing circumstances on the ground.  CMT and DR teams communicate regularly during recovery operations in order to provide up-to-date information on restoration activities and in order to change direction at a moment’s notice based on CMT guidance.  Application recovery document should be step-by-step procedures to fully restore and test the application and any associated databases, data sets or real-time interfaces. Disaster Recovery
  • 15. Computer incident response  Recovering from disasters that cause damage to physical structures or loss of IT equipment, IT recovery also involves responding to, stopping, and repairing problems caused by system failures, security breaches, or intentional data corruption or destruction.  Depending on the nature or severity of the attack or incident, you may need to activate a computer incident response team (CIRT).  IT departments have some process in place for addressing and managing a computer incident.  An incident is defined as any activity outside normal operations, whether intentional or not; whether man-made or not.  Example, the theft in the middle of the night of a corporate server is an incident. A Web site hack or a network security breach is also an incident. A database corruption issue or a failed hard drive is also an incident.  From a CIRT and members of the team, have defined roles and responsibilities and be trained in their roles.  For example, if you have staff responsible for monitoring network security and they notice a potential breach through a particular port, they should also know how to shut down that port and have the network permissions that enable them to do so. If all they know how to do is monitor the log file or traffic, for example, and have no idea how to shut down a port or stop the problem, it could be hours before the problem is addressed. Disaster Recovery
  • 16. CIRT responsibilities  For CIRT to be effective, duties must be well defined. There are five major areas of responsibility for the CIRT team. These are:  Monitor  Alert and mobilize  Assess and stabilize  Resolve  Review  Monitor. Every network must be monitored for a variety of events. Failure events indicate a problem has occurred such as a hardware failure or the failure of a particular software service to start or stop appropriately. Other events are tracked in log files for later review or auditing. These might include failed login attempts or notification of a change to security settings.  Other incidents may include unusual increases in certain types of network traffic or excessive attempts to login to secure areas of the network.  Whether the event stems from intentional or unintentional acts, the network needs to be monitored. Disaster Recovery
  • 17.  CIRT should be involved helping to determine what should be monitored and assisting in monitoring the network. Not all events have significance and sometimes only through seeing recurring events that a pattern can be discerned.  Having experienced team members monitor the network will help reduce the lag time between an unwanted event and a response.  While a serious security breach might not cause you to activate all or part of your BC/DR plan.  The point is that your CIRT team should monitor the network activity and take appropriate action, regardless of the source of the problem.  Alert and mobilize. Once an unusual, unwanted, or suspicious event has occurred, the CIRT member should alert appropriate team members and mobilize for action.  This may involve shutting down servers, firewalls, e-mail, or other services, removing offending hosts from the network, or turning off network ports once the offending host is identified.  Alerting and mobilizing should have the effect of stopping or containing the immediate impact of the event while still being able to preserve, secure, and document any evidence or artifacts. Disaster Recovery
  • 18.  Assess and stabilize. After the immediate threat has been halted, the CIRT team assesses the situation and attempts to stabilize it.  For example, if data have been stolen or databases have been corrupted, the nature and extent of the event must be assessed and steps must be taken to stabilize the situation.  In many cases, this phase takes the longest because determining exactly what happened can be challenging. If you have members of your team that have been trained in computer forensics, they would head up this segment of work. If you do not have members of your team trained in this area, you should decide whether it would be advisable to provide this training to staff or hire an outside computer forensics expert.  Outside consultants can be helpful in this case for the simple fact that they work in this arena day in and day out and are most likely more up to date and experienced in this area than staff that occasionally goes to training and rarely (if ever) puts that training to use.  The decision is yours based on the skills, expertise, and budget of your company. Having in-house expertise can be a good first step and you can always hire an outside expert on an as-needed basis.  Defined maximum tolerable downtime (MTD) and other recovery metrics. Disaster Recovery
  • 19.  Resolve. After determining the nature and extent of the incident, CIRT can determine the best resolution and implement it.  Resolution may involve bringing an offending host up on an isolated network, taking disk-based snapshots of the offending system to preserve any digital evidence, eradicating the malware or virus, identifying and mitigating all vulnerabilities that were exploited, resetting passwords or removing rogue accounts, restoring from backups, updating operating systems or applications, modifying permissions, or changing settings on servers, firewalls, or routers.  In addition, additional monitoring should be implemented to look for future related activity.  Review. After event has been resolved, the CIRT should convene a meeting to determine how the incident occurred, what lessons were learned, and what could be done to avoid such a problem in the future.  Within the scope of a BC/DR plan, this might involve understanding how the recovery process worked, understanding how to improve risk mitigation for similar threats in the future, and what could be done differently in the future to decrease downtime, decrease impact, and improve time to resolution.  Other topics that should be discussed include any improvements to evidence gathering and handling, required incident reporting (internal and external), and any improvements which could have helped detect the vulnerability sooner. Disaster Recovery
  • 20. Business Continuity  Business continuity begins when DR ends.  DR efforts include stopping the effect of the disaster and getting basic operations set up. For example, if your building was destroyed, DR would include salvaging anything from the building you could, activating an alternate work site, activating an alternate computing site and setting up and restoring network components, servers, and systems.  Now DR, from an IT perspective, is complete, business continuity kicks in.  These steps include managing business processes in work-around mode, if needed, and assessing the status of operations and beginning to normalize operations.  For example, it’s possible that some systems can be restored almost immediately, whereas other systems may take several days or a week to restore. The workarounds in place may allow some operations to resume but others to remain dormant. Backlogs in some areas are created, data gets out of sync, and the state of the business is perhaps more chaotic now.  Part of the challenge of the business continuity phase is determining what should be restored, what should be salvaged, and what should be replaced.  Repairing and replacing have their own sets of challenges and the options should be reviewed prior to making decisions to move forward.
  • 21. Some of the factors to be considered include: Executive/administrative Business operations IT operations—infrastructure IT operations—end users Communications Facilities, security, and safety Business Continuity