SlideShare a Scribd company logo

MISO L008 Disaster Recovery Plan

Download as PPTX, PDF
Jan Wong
Jan Wong
Business
1 of 27
ManagementInformation Systemsin Organizations DISASTER RECOVERY PLAN Prepared by: Jan Wong
The Learning Outcomes At the end of this session you should be able to: the importance ofdisaster recovery in an organization EXAMINE the steps in risk management approach DESCRIBE backup systems and system recovery DISCUSS
Danger Jeopardy Threat RISKS Peril Menace Hazard
Thinking about risk ,[object Object]
Impact (cost) if it happensIs it possible to protect against every risk? What is RISK? “The chance of a negative outcome”
A risk-management approachhelps identify threats and select cost-effective security measures. Risk-management analysis can be enhanced by the use of DSS software packages. Calculations can be used to compare the expected loss with the cost of preventing it. A business continuity planoutlines the process in which businesses should recover from a major disaster Risk ManagementApproach “What is it all about?”
What are the STEPS in RISK MGMT.?
STEP 1: Determine the value and importance of assets Infrastructure: hardware, networks, security environment itself Software environment Staff Cost of replacement Cost of loss of use Assessment of assets
STEP 2: List all potential threats Review the current protection/controls system Record weaknesses in the current protection system in view of all the potential threats Vulnerability of assets
STEP 3: Assess the probability of damage Specify the tangible and intangible losses that may result Loss analysis
STEP 4: Provide a description of available controls that should be considered – general, application, network etc Probability of successful defense The cost Protection analysis
STEP 5: Compare cost and benefits Decide on which controls to install Cost Benefit Analysis
Intended to: Prevent accidental hazards Deter intentional acts Detect problems ASAP Enhance damage recovery Correct problems comprehensively Controls to Mitigate Risk
Increasing the Reliability of Systems Fault tolerance to keep the information systems working, even if some parts fail. Intelligent Systems for Early Detection of problems Detecting intrusion IT Security in the 21st Security
Why do we need to back up systems? Because systems fail Impact From minor irritation to business closedown Back up system to: Periodic in Local storage Periodic in Remote storage Mirror site – local Mirror site – distant Withstand fault tolerance Backing-up Systems
System Disaster – it happens! Think about: Loss of power Cyber crime Traumatic damage Hardware failure Statutory Requirement
System Recovery and Business Continuity Is there a relationship between the two? Here are some key thoughts about disaster recovery by Knoll (1986): The purpose of a recovery plan is to keep the business running after a disaster occurs Recovery planning is part of asset protection Planning should focus first on recovery from a total loss of all capabilities
How to ensure that the recovery system works Proof of capability usually involves some kind of what-if analysis that shows that the recovery plan is current All critical applications must be identified and their recovery procedures addressed in the plan
Disaster Recovery Plan In other words: BACK UP PROCEDURES In the event of a major disaster it may be necessary to move to another back up location.
Disaster Recovery Plan Considerations Customers Facilities Communications Infrastructure Disaster Recovery Plan Knowledge Workers Computer Equipment Business Information PGM
Disaster Recovery Plan HOT SITE VENDORS External hot site vendors provide access to a fully configured back up data center. Following the 1989 San Francisco earthquake Charles Schwab were up and running in New Jersey the following morning. PGM
Disaster Recovery Plan COLD SITE VENDORS Provide empty office space with special flooring, wiring and ventilation. In an emergency the affected company moves its own or leased computers to the cold site. These back up sites may work well for a company with centralised computing facilities but what can a company with a distributed network system do? PGM
Physical access control Uninterrupted power supply (UPS) Generator Humidity control Temperature control Water Detector Raised Floors Fire Extinguisher Alarm Methods to Control & Secure I.S. PGM
THINGS TO TAKE NOTE OFF Risk management approach (the 5 steps) What are the different risk mitigation controls? Types of back-up systems What is a disaster recovery plan? What should be considered in a disaster recovery plan?
Managing System Security
IT’S TIME FOR SOME DISCUSSIONS! List and briefly describe the steps involved in risk analysis of controls. Define and describe a disaster recovery plan. What are “hot” and “cold” recovery sites? Explain why risk management should involve the following elements: threats, exposure associated with each threat, risk of each threat occurring, and cost of controls, as well as assessment of their effectiveness. Why should information control and security be a prime concern to management?
IT’S TIME FOR ANIN-CLASS ACTIVITY! Get into groups of 5-6 members Using the Risk Management Approach (5-Steps), apply it to your company / one company of your choice as below: GSC Cinemas Ticketing / Fashion Retail (brick-and-mortar) / IBM / Malaysian Airlines Ticketing / Hilton Hotel Reservation / Facebook Suggest which Risk Mitigation Control should you implement and how it can help you mitigate your risk Present your approach the class

Recommended

L008 Disaster Recovery Plan (2016)
L008 Disaster Recovery Plan (2016)L008 Disaster Recovery Plan (2016)
L008 Disaster Recovery Plan (2016)Jan Wong
 
L007 Managing System Security (2016)
L007 Managing System Security (2016)L007 Managing System Security (2016)
L007 Managing System Security (2016)Jan Wong
 
MISO L007 managing system security
MISO L007 managing system securityMISO L007 managing system security
MISO L007 managing system securityJan Wong
 
IT Disaster Recovery Plan
IT Disaster Recovery PlanIT Disaster Recovery Plan
IT Disaster Recovery PlanCallOneTel
 
case studies on risk management in IT enabled organisation(vadodara)
case studies on risk management in IT enabled organisation(vadodara)case studies on risk management in IT enabled organisation(vadodara)
case studies on risk management in IT enabled organisation(vadodara)ishan parikh production
 
Information Security Risk Management
Information Security Risk Management Information Security Risk Management
Information Security Risk Management Ersoy AKSOY
 
An Introduction to Disaster Recovery Planning
An Introduction to Disaster Recovery PlanningAn Introduction to Disaster Recovery Planning
An Introduction to Disaster Recovery PlanningNEBizRecovery
 
Pertemuan 15 disaster recovery plan
Pertemuan 15 disaster recovery planPertemuan 15 disaster recovery plan
Pertemuan 15 disaster recovery plannewbie2019
 

Recommended

L008 Disaster Recovery Plan (2016)
L008 Disaster Recovery Plan (2016)L008 Disaster Recovery Plan (2016)
L008 Disaster Recovery Plan (2016)Jan Wong
 
L007 Managing System Security (2016)
L007 Managing System Security (2016)L007 Managing System Security (2016)
L007 Managing System Security (2016)Jan Wong
 
MISO L007 managing system security
MISO L007 managing system securityMISO L007 managing system security
MISO L007 managing system securityJan Wong
 
IT Disaster Recovery Plan
IT Disaster Recovery PlanIT Disaster Recovery Plan
IT Disaster Recovery PlanCallOneTel
 
case studies on risk management in IT enabled organisation(vadodara)
case studies on risk management in IT enabled organisation(vadodara)case studies on risk management in IT enabled organisation(vadodara)
case studies on risk management in IT enabled organisation(vadodara)ishan parikh production
 
Information Security Risk Management
Information Security Risk Management Information Security Risk Management
Information Security Risk Management Ersoy AKSOY
 
An Introduction to Disaster Recovery Planning
An Introduction to Disaster Recovery PlanningAn Introduction to Disaster Recovery Planning
An Introduction to Disaster Recovery PlanningNEBizRecovery
 
Pertemuan 15 disaster recovery plan
Pertemuan 15 disaster recovery planPertemuan 15 disaster recovery plan
Pertemuan 15 disaster recovery plannewbie2019
 
Integrated Risk Management
Integrated Risk ManagementIntegrated Risk Management
Integrated Risk ManagementOmicron Systems
 
Best Practices and ROI for Risk-based Vulnerability Management
Best Practices and ROI for Risk-based Vulnerability ManagementBest Practices and ROI for Risk-based Vulnerability Management
Best Practices and ROI for Risk-based Vulnerability ManagementResolver Inc.
 
Contingency Planning And Disaster Recovery Planning
Contingency Planning And Disaster Recovery PlanningContingency Planning And Disaster Recovery Planning
Contingency Planning And Disaster Recovery Planningmmohamme1124
 
Business Continuity & Disaster Recovery
Business Continuity & Disaster RecoveryBusiness Continuity & Disaster Recovery
Business Continuity & Disaster RecoveryEC-Council
 
Risk Assessment Case Study
Risk Assessment Case StudyRisk Assessment Case Study
Risk Assessment Case StudyPraveen Vackayil
 
Effective Vulnerability Management
Effective Vulnerability ManagementEffective Vulnerability Management
Effective Vulnerability ManagementVicky Ames
 
Vulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize RiskVulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize RiskAlienVault
 
Magic quadrant for operational risk management solutions
Magic quadrant for operational risk management solutions Magic quadrant for operational risk management solutions
Magic quadrant for operational risk management solutions Deepak Kamboj
 
Disaster Recovery Plan
Disaster Recovery Plan Disaster Recovery Plan
Disaster Recovery Plan Emilie Gray
 
Web Application Vulnerability Management
Web Application Vulnerability ManagementWeb Application Vulnerability Management
Web Application Vulnerability Managementjpubal
 
Information Security
Information SecurityInformation Security
Information Securitychenpingling
 
Security Policies and Standards
Security Policies and StandardsSecurity Policies and Standards
Security Policies and Standardsprimeteacher32
 
Enterprise Class Vulnerability Management Like A Boss
Enterprise Class Vulnerability Management Like A BossEnterprise Class Vulnerability Management Like A Boss
Enterprise Class Vulnerability Management Like A Bossrbrockway
 
Business Contingency Planning
Business Contingency PlanningBusiness Contingency Planning
Business Contingency Planningahmad bassiouny
 
Understanding the security_organization
Understanding the security_organizationUnderstanding the security_organization
Understanding the security_organizationDan Morrill
 
Security Organization/ Infrastructure
Security Organization/ InfrastructureSecurity Organization/ Infrastructure
Security Organization/ InfrastructurePriyank Hada
 
Step by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohaniStep by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohaniYaser Alrefai
 
Is Your Vulnerability Management Program Irrelevant?
Is Your Vulnerability Management Program Irrelevant?Is Your Vulnerability Management Program Irrelevant?
Is Your Vulnerability Management Program Irrelevant?Skybox Security
 
MISO L001 Digital Economy (2016)
MISO L001 Digital Economy (2016)MISO L001 Digital Economy (2016)
MISO L001 Digital Economy (2016)Jan Wong
 
MISO L001 digital economy
MISO L001 digital economyMISO L001 digital economy
MISO L001 digital economyJan Wong
 
MISO L002 it concepts and management
MISO L002 it concepts and managementMISO L002 it concepts and management
MISO L002 it concepts and managementJan Wong
 
Decision Making for Entrepreneurs
Decision Making for EntrepreneursDecision Making for Entrepreneurs
Decision Making for EntrepreneursJan Wong
 

More Related Content

What's hot

Integrated Risk Management
Integrated Risk ManagementIntegrated Risk Management
Integrated Risk ManagementOmicron Systems
 
Best Practices and ROI for Risk-based Vulnerability Management
Best Practices and ROI for Risk-based Vulnerability ManagementBest Practices and ROI for Risk-based Vulnerability Management
Best Practices and ROI for Risk-based Vulnerability ManagementResolver Inc.
 
Contingency Planning And Disaster Recovery Planning
Contingency Planning And Disaster Recovery PlanningContingency Planning And Disaster Recovery Planning
Contingency Planning And Disaster Recovery Planningmmohamme1124
 
Business Continuity & Disaster Recovery
Business Continuity & Disaster RecoveryBusiness Continuity & Disaster Recovery
Business Continuity & Disaster RecoveryEC-Council
 
Risk Assessment Case Study
Risk Assessment Case StudyRisk Assessment Case Study
Risk Assessment Case StudyPraveen Vackayil
 
Effective Vulnerability Management
Effective Vulnerability ManagementEffective Vulnerability Management
Effective Vulnerability ManagementVicky Ames
 
Vulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize RiskVulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize RiskAlienVault
 
Magic quadrant for operational risk management solutions
Magic quadrant for operational risk management solutions Magic quadrant for operational risk management solutions
Magic quadrant for operational risk management solutions Deepak Kamboj
 
Disaster Recovery Plan
Disaster Recovery Plan Disaster Recovery Plan
Disaster Recovery Plan Emilie Gray
 
Web Application Vulnerability Management
Web Application Vulnerability ManagementWeb Application Vulnerability Management
Web Application Vulnerability Managementjpubal
 
Information Security
Information SecurityInformation Security
Information Securitychenpingling
 
Security Policies and Standards
Security Policies and StandardsSecurity Policies and Standards
Security Policies and Standardsprimeteacher32
 
Enterprise Class Vulnerability Management Like A Boss
Enterprise Class Vulnerability Management Like A BossEnterprise Class Vulnerability Management Like A Boss
Enterprise Class Vulnerability Management Like A Bossrbrockway
 
Business Contingency Planning
Business Contingency PlanningBusiness Contingency Planning
Business Contingency Planningahmad bassiouny
 
Understanding the security_organization
Understanding the security_organizationUnderstanding the security_organization
Understanding the security_organizationDan Morrill
 
Security Organization/ Infrastructure
Security Organization/ InfrastructureSecurity Organization/ Infrastructure
Security Organization/ InfrastructurePriyank Hada
 
Step by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohaniStep by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohaniYaser Alrefai
 
Is Your Vulnerability Management Program Irrelevant?
Is Your Vulnerability Management Program Irrelevant?Is Your Vulnerability Management Program Irrelevant?
Is Your Vulnerability Management Program Irrelevant?Skybox Security
 

What's hot (18)

Integrated Risk Management
Integrated Risk ManagementIntegrated Risk Management
Integrated Risk Management
 
Best Practices and ROI for Risk-based Vulnerability Management
Best Practices and ROI for Risk-based Vulnerability ManagementBest Practices and ROI for Risk-based Vulnerability Management
Best Practices and ROI for Risk-based Vulnerability Management
 
Contingency Planning And Disaster Recovery Planning
Contingency Planning And Disaster Recovery PlanningContingency Planning And Disaster Recovery Planning
Contingency Planning And Disaster Recovery Planning
 
Business Continuity & Disaster Recovery
Business Continuity & Disaster RecoveryBusiness Continuity & Disaster Recovery
Business Continuity & Disaster Recovery
 
Risk Assessment Case Study
Risk Assessment Case StudyRisk Assessment Case Study
Risk Assessment Case Study
 
Effective Vulnerability Management
Effective Vulnerability ManagementEffective Vulnerability Management
Effective Vulnerability Management
 
Vulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize RiskVulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize Risk
 
Magic quadrant for operational risk management solutions
Magic quadrant for operational risk management solutions Magic quadrant for operational risk management solutions
Magic quadrant for operational risk management solutions
 
Disaster Recovery Plan
Disaster Recovery Plan Disaster Recovery Plan
Disaster Recovery Plan
 
Web Application Vulnerability Management
Web Application Vulnerability ManagementWeb Application Vulnerability Management
Web Application Vulnerability Management
 
Information Security
Information SecurityInformation Security
Information Security
 
Security Policies and Standards
Security Policies and StandardsSecurity Policies and Standards
Security Policies and Standards
 
Enterprise Class Vulnerability Management Like A Boss
Enterprise Class Vulnerability Management Like A BossEnterprise Class Vulnerability Management Like A Boss
Enterprise Class Vulnerability Management Like A Boss
 
Business Contingency Planning
Business Contingency PlanningBusiness Contingency Planning
Business Contingency Planning
 
Understanding the security_organization
Understanding the security_organizationUnderstanding the security_organization
Understanding the security_organization
 
Security Organization/ Infrastructure
Security Organization/ InfrastructureSecurity Organization/ Infrastructure
Security Organization/ Infrastructure
 
Step by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohaniStep by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohani
 
Is Your Vulnerability Management Program Irrelevant?
Is Your Vulnerability Management Program Irrelevant?Is Your Vulnerability Management Program Irrelevant?
Is Your Vulnerability Management Program Irrelevant?
 

Viewers also liked

MISO L001 Digital Economy (2016)
MISO L001 Digital Economy (2016)MISO L001 Digital Economy (2016)
MISO L001 Digital Economy (2016)Jan Wong
 
MISO L001 digital economy
MISO L001 digital economyMISO L001 digital economy
MISO L001 digital economyJan Wong
 
MISO L002 it concepts and management
MISO L002 it concepts and managementMISO L002 it concepts and management
MISO L002 it concepts and managementJan Wong
 
Decision Making for Entrepreneurs
Decision Making for EntrepreneursDecision Making for Entrepreneurs
Decision Making for EntrepreneursJan Wong
 
Disaster Recovery Plan for IT
Disaster Recovery Plan for ITDisaster Recovery Plan for IT
Disaster Recovery Plan for IThhuihhui
 
MISO L003 network computing
MISO L003 network computingMISO L003 network computing
MISO L003 network computingJan Wong
 
MISO L005 Understanding ERP
MISO L005 Understanding ERPMISO L005 Understanding ERP
MISO L005 Understanding ERPJan Wong
 
MISO L006 IT Strategy
MISO L006 IT StrategyMISO L006 IT Strategy
MISO L006 IT StrategyJan Wong
 
MISO L004 e commerce.ppt
MISO L004 e commerce.pptMISO L004 e commerce.ppt
MISO L004 e commerce.pptJan Wong
 
Disaster Recovery Presentation
Disaster Recovery PresentationDisaster Recovery Presentation
Disaster Recovery PresentationTimSchaefer
 
Business continuity & disaster recovery planning (BCP & DRP)
Business continuity & disaster recovery planning (BCP & DRP)Business continuity & disaster recovery planning (BCP & DRP)
Business continuity & disaster recovery planning (BCP & DRP)Narudom Roongsiriwong, CISSP
 
Slide presentation storage_craft_backup_disaster_recovery_for_microsoft_syste...
Slide presentation storage_craft_backup_disaster_recovery_for_microsoft_syste...Slide presentation storage_craft_backup_disaster_recovery_for_microsoft_syste...
Slide presentation storage_craft_backup_disaster_recovery_for_microsoft_syste...StorageCraft Benelux
 
Information system managment disaster recovery
Information system managment disaster recoveryInformation system managment disaster recovery
Information system managment disaster recoveryRavi Singh Shekhawat
 
Sql disaster recovery
Sql disaster recoverySql disaster recovery
Sql disaster recoverySqlperfomance
 
Backup, Restore, and Disaster Recovery
Backup, Restore, and Disaster RecoveryBackup, Restore, and Disaster Recovery
Backup, Restore, and Disaster RecoveryMongoDB
 

Viewers also liked (17)

MISO L001 Digital Economy (2016)
MISO L001 Digital Economy (2016)MISO L001 Digital Economy (2016)
MISO L001 Digital Economy (2016)
 
MISO L001 digital economy
MISO L001 digital economyMISO L001 digital economy
MISO L001 digital economy
 
MISO L002 it concepts and management
MISO L002 it concepts and managementMISO L002 it concepts and management
MISO L002 it concepts and management
 
Decision Making for Entrepreneurs
Decision Making for EntrepreneursDecision Making for Entrepreneurs
Decision Making for Entrepreneurs
 
Disaster Recovery Plan for IT
Disaster Recovery Plan for ITDisaster Recovery Plan for IT
Disaster Recovery Plan for IT
 
MISO L003 network computing
MISO L003 network computingMISO L003 network computing
MISO L003 network computing
 
MISO L005 Understanding ERP
MISO L005 Understanding ERPMISO L005 Understanding ERP
MISO L005 Understanding ERP
 
MISO L006 IT Strategy
MISO L006 IT StrategyMISO L006 IT Strategy
MISO L006 IT Strategy
 
MISO L010
MISO L010MISO L010
MISO L010
 
MISO L004 e commerce.ppt
MISO L004 e commerce.pptMISO L004 e commerce.ppt
MISO L004 e commerce.ppt
 
Disaster Recovery Plan
Disaster Recovery PlanDisaster Recovery Plan
Disaster Recovery Plan
 
Disaster Recovery Presentation
Disaster Recovery PresentationDisaster Recovery Presentation
Disaster Recovery Presentation
 
Business continuity & disaster recovery planning (BCP & DRP)
Business continuity & disaster recovery planning (BCP & DRP)Business continuity & disaster recovery planning (BCP & DRP)
Business continuity & disaster recovery planning (BCP & DRP)
 
Slide presentation storage_craft_backup_disaster_recovery_for_microsoft_syste...
Slide presentation storage_craft_backup_disaster_recovery_for_microsoft_syste...Slide presentation storage_craft_backup_disaster_recovery_for_microsoft_syste...
Slide presentation storage_craft_backup_disaster_recovery_for_microsoft_syste...
 
Information system managment disaster recovery
Information system managment disaster recoveryInformation system managment disaster recovery
Information system managment disaster recovery
 
Sql disaster recovery
Sql disaster recoverySql disaster recovery
Sql disaster recovery
 
Backup, Restore, and Disaster Recovery
Backup, Restore, and Disaster RecoveryBackup, Restore, and Disaster Recovery
Backup, Restore, and Disaster Recovery
 

Similar to MISO L008 Disaster Recovery Plan

Planning and Deploying an Effective Vulnerability Management Program
Planning and Deploying an Effective Vulnerability Management ProgramPlanning and Deploying an Effective Vulnerability Management Program
Planning and Deploying an Effective Vulnerability Management ProgramSasha Nunke
 
Contingency Plan WAK BANKS ATM
Contingency Plan WAK BANKS ATMContingency Plan WAK BANKS ATM
Contingency Plan WAK BANKS ATMWajahat Ali Khan
 
PSIM: Why Should I Be Interested?
PSIM: Why Should I Be Interested?PSIM: Why Should I Be Interested?
PSIM: Why Should I Be Interested?Adlan Hussain
 
What is dr and bc 12-2017
What is dr and bc 12-2017What is dr and bc 12-2017
What is dr and bc 12-2017Atef Yassin
 
RUNNING HEADER Disaster Recovery Plan Information and Documentat.docx
RUNNING HEADER Disaster Recovery Plan Information and Documentat.docxRUNNING HEADER Disaster Recovery Plan Information and Documentat.docx
RUNNING HEADER Disaster Recovery Plan Information and Documentat.docxanhlodge
 
Risk Management
Risk ManagementRisk Management
Risk Managementijtsrd
 
Risk management ii
Risk management iiRisk management ii
Risk management iiDhani Ahmad
 
Enterprise Security Critical Security Functions version 1.0
Enterprise Security Critical Security Functions version 1.0Enterprise Security Critical Security Functions version 1.0
Enterprise Security Critical Security Functions version 1.0Marc-Andre Heroux
 
Five Mistakes of Vulnerability Management
Five Mistakes of Vulnerability ManagementFive Mistakes of Vulnerability Management
Five Mistakes of Vulnerability ManagementAnton Chuvakin
 
Risk Management: A Holistic Organizational Approach
Risk Management: A Holistic Organizational ApproachRisk Management: A Holistic Organizational Approach
Risk Management: A Holistic Organizational ApproachGraydon McKee
 
Security Considerations in Process Control and SCADA Environments
Security Considerations in Process Control and SCADA EnvironmentsSecurity Considerations in Process Control and SCADA Environments
Security Considerations in Process Control and SCADA Environmentsamiable_indian
 
Risk Management
Risk Management Risk Management
Risk Management Kapil Rode
 
Building a Business Continuity Capability
Building a Business Continuity CapabilityBuilding a Business Continuity Capability
Building a Business Continuity CapabilityRod Davis
 
Disaster Recovery Planning
Disaster Recovery PlanningDisaster Recovery Planning
Disaster Recovery PlanningSoetam Rizky
 
Forkomil 2009 Soetam
Forkomil 2009 SoetamForkomil 2009 Soetam
Forkomil 2009 SoetamSoetam Rizky
 
Chapter 1Managing RiskTHE FOLLOWING COMPTIA SECURITY+ EXAM OBJ.docx
Chapter 1Managing RiskTHE FOLLOWING COMPTIA SECURITY+ EXAM OBJ.docxChapter 1Managing RiskTHE FOLLOWING COMPTIA SECURITY+ EXAM OBJ.docx
Chapter 1Managing RiskTHE FOLLOWING COMPTIA SECURITY+ EXAM OBJ.docxwalterl4
 
Enterprise security management II
Enterprise security management IIEnterprise security management II
Enterprise security management IIzapp0
 

Similar to MISO L008 Disaster Recovery Plan (20)

Defense In Depth Using NIST 800-30
Defense In Depth Using NIST 800-30Defense In Depth Using NIST 800-30
Defense In Depth Using NIST 800-30
 
Planning and Deploying an Effective Vulnerability Management Program
Planning and Deploying an Effective Vulnerability Management ProgramPlanning and Deploying an Effective Vulnerability Management Program
Planning and Deploying an Effective Vulnerability Management Program
 
Contingency Plan WAK BANKS ATM
Contingency Plan WAK BANKS ATMContingency Plan WAK BANKS ATM
Contingency Plan WAK BANKS ATM
 
PSIM: Why Should I Be Interested?
PSIM: Why Should I Be Interested?PSIM: Why Should I Be Interested?
PSIM: Why Should I Be Interested?
 
What is dr and bc 12-2017
What is dr and bc 12-2017What is dr and bc 12-2017
What is dr and bc 12-2017
 
RUNNING HEADER Disaster Recovery Plan Information and Documentat.docx
RUNNING HEADER Disaster Recovery Plan Information and Documentat.docxRUNNING HEADER Disaster Recovery Plan Information and Documentat.docx
RUNNING HEADER Disaster Recovery Plan Information and Documentat.docx
 
Risk Management
Risk ManagementRisk Management
Risk Management
 
Risk management ii
Risk management iiRisk management ii
Risk management ii
 
Enterprise Security Critical Security Functions version 1.0
Enterprise Security Critical Security Functions version 1.0Enterprise Security Critical Security Functions version 1.0
Enterprise Security Critical Security Functions version 1.0
 
Risks in cc
Risks in ccRisks in cc
Risks in cc
 
Five Mistakes of Vulnerability Management
Five Mistakes of Vulnerability ManagementFive Mistakes of Vulnerability Management
Five Mistakes of Vulnerability Management
 
Risk Management: A Holistic Organizational Approach
Risk Management: A Holistic Organizational ApproachRisk Management: A Holistic Organizational Approach
Risk Management: A Holistic Organizational Approach
 
Security Considerations in Process Control and SCADA Environments
Security Considerations in Process Control and SCADA EnvironmentsSecurity Considerations in Process Control and SCADA Environments
Security Considerations in Process Control and SCADA Environments
 
Disaster Recovery
Disaster RecoveryDisaster Recovery
Disaster Recovery
 
Risk Management
Risk Management Risk Management
Risk Management
 
Building a Business Continuity Capability
Building a Business Continuity CapabilityBuilding a Business Continuity Capability
Building a Business Continuity Capability
 
Disaster Recovery Planning
Disaster Recovery PlanningDisaster Recovery Planning
Disaster Recovery Planning
 
Forkomil 2009 Soetam
Forkomil 2009 SoetamForkomil 2009 Soetam
Forkomil 2009 Soetam
 
Chapter 1Managing RiskTHE FOLLOWING COMPTIA SECURITY+ EXAM OBJ.docx
Chapter 1Managing RiskTHE FOLLOWING COMPTIA SECURITY+ EXAM OBJ.docxChapter 1Managing RiskTHE FOLLOWING COMPTIA SECURITY+ EXAM OBJ.docx
Chapter 1Managing RiskTHE FOLLOWING COMPTIA SECURITY+ EXAM OBJ.docx
 
Enterprise security management II
Enterprise security management IIEnterprise security management II
Enterprise security management II
 

More from Jan Wong

IS L06 Communications and Networks
IS L06 Communications and NetworksIS L06 Communications and Networks
IS L06 Communications and NetworksJan Wong
 
IS L05 Multimedia
IS L05 MultimediaIS L05 Multimedia
IS L05 MultimediaJan Wong
 
IS L04 Programming Language
IS L04 Programming LanguageIS L04 Programming Language
IS L04 Programming LanguageJan Wong
 
IS L07 - Security, Ethics and Privacy
IS L07 - Security, Ethics and PrivacyIS L07 - Security, Ethics and Privacy
IS L07 - Security, Ethics and PrivacyJan Wong
 
IS L03 - Database Management
IS L03 - Database ManagementIS L03 - Database Management
IS L03 - Database ManagementJan Wong
 
IS L02 - Development of Information Systems
IS L02 - Development of Information SystemsIS L02 - Development of Information Systems
IS L02 - Development of Information SystemsJan Wong
 
IS L01 - Introduction to Information Systems (2019)
IS L01 - Introduction to Information Systems (2019)IS L01 - Introduction to Information Systems (2019)
IS L01 - Introduction to Information Systems (2019)Jan Wong
 
L006 IT Strategy (2016)
L006 IT Strategy (2016)L006 IT Strategy (2016)
L006 IT Strategy (2016)Jan Wong
 
L004 E-Commerce (2016)
L004 E-Commerce (2016)L004 E-Commerce (2016)
L004 E-Commerce (2016)Jan Wong
 
L003 Network Computing (2016)
L003 Network Computing (2016)L003 Network Computing (2016)
L003 Network Computing (2016)Jan Wong
 
L002 IT Concepts & Management (2016)
L002 IT Concepts & Management (2016)L002 IT Concepts & Management (2016)
L002 IT Concepts & Management (2016)Jan Wong
 
Social Media for Entrepreneurs
Social Media for EntrepreneursSocial Media for Entrepreneurs
Social Media for EntrepreneursJan Wong
 
IS CH2 Database Management (p1)
IS CH2 Database Management (p1)IS CH2 Database Management (p1)
IS CH2 Database Management (p1)Jan Wong
 
IS CH1 Introduction to Information Systems
IS CH1 Introduction to Information SystemsIS CH1 Introduction to Information Systems
IS CH1 Introduction to Information SystemsJan Wong
 
IS CH2 Database Management (p2)
IS CH2 Database Management (p2)IS CH2 Database Management (p2)
IS CH2 Database Management (p2)Jan Wong
 

More from Jan Wong (15)

IS L06 Communications and Networks
IS L06 Communications and NetworksIS L06 Communications and Networks
IS L06 Communications and Networks
 
IS L05 Multimedia
IS L05 MultimediaIS L05 Multimedia
IS L05 Multimedia
 
IS L04 Programming Language
IS L04 Programming LanguageIS L04 Programming Language
IS L04 Programming Language
 
IS L07 - Security, Ethics and Privacy
IS L07 - Security, Ethics and PrivacyIS L07 - Security, Ethics and Privacy
IS L07 - Security, Ethics and Privacy
 
IS L03 - Database Management
IS L03 - Database ManagementIS L03 - Database Management
IS L03 - Database Management
 
IS L02 - Development of Information Systems
IS L02 - Development of Information SystemsIS L02 - Development of Information Systems
IS L02 - Development of Information Systems
 
IS L01 - Introduction to Information Systems (2019)
IS L01 - Introduction to Information Systems (2019)IS L01 - Introduction to Information Systems (2019)
IS L01 - Introduction to Information Systems (2019)
 
L006 IT Strategy (2016)
L006 IT Strategy (2016)L006 IT Strategy (2016)
L006 IT Strategy (2016)
 
L004 E-Commerce (2016)
L004 E-Commerce (2016)L004 E-Commerce (2016)
L004 E-Commerce (2016)
 
L003 Network Computing (2016)
L003 Network Computing (2016)L003 Network Computing (2016)
L003 Network Computing (2016)
 
L002 IT Concepts & Management (2016)
L002 IT Concepts & Management (2016)L002 IT Concepts & Management (2016)
L002 IT Concepts & Management (2016)
 
Social Media for Entrepreneurs
Social Media for EntrepreneursSocial Media for Entrepreneurs
Social Media for Entrepreneurs
 
IS CH2 Database Management (p1)
IS CH2 Database Management (p1)IS CH2 Database Management (p1)
IS CH2 Database Management (p1)
 
IS CH1 Introduction to Information Systems
IS CH1 Introduction to Information SystemsIS CH1 Introduction to Information Systems
IS CH1 Introduction to Information Systems
 
IS CH2 Database Management (p2)
IS CH2 Database Management (p2)IS CH2 Database Management (p2)
IS CH2 Database Management (p2)
 

Recently uploaded

Chapter 9 PPT 4th edition.pdf internal audit
Chapter 9 PPT 4th edition.pdf internal auditChapter 9 PPT 4th edition.pdf internal audit
Chapter 9 PPT 4th edition.pdf internal auditNhtLNguyn9
 
Organizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessOrganizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessSeta Wicaksana
 
Cyber Security Training in Office Environment
Cyber Security Training in Office EnvironmentCyber Security Training in Office Environment
Cyber Security Training in Office Environmentelijahj01012
 
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCRashishs7044
 
Investment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy CheruiyotInvestment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy Cheruiyotictsugar
 
MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?Olivia Kresic
 
Unlocking the Future: Explore Web 3.0 Workshop to Start Earning Today!
Unlocking the Future: Explore Web 3.0 Workshop to Start Earning Today!Unlocking the Future: Explore Web 3.0 Workshop to Start Earning Today!
Unlocking the Future: Explore Web 3.0 Workshop to Start Earning Today!Doge Mining Website
 
Fordham -How effective decision-making is within the IT department - Analysis...
Fordham -How effective decision-making is within the IT department - Analysis...Fordham -How effective decision-making is within the IT department - Analysis...
Fordham -How effective decision-making is within the IT department - Analysis...Peter Ward
 
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCRashishs7044
 
8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCRashishs7044
 
Financial-Statement-Analysis-of-Coca-cola-Company.pptx
Financial-Statement-Analysis-of-Coca-cola-Company.pptxFinancial-Statement-Analysis-of-Coca-cola-Company.pptx
Financial-Statement-Analysis-of-Coca-cola-Company.pptxsaniyaimamuddin
 
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCRashishs7044
 
Annual General Meeting Presentation Slides
Annual General Meeting Presentation SlidesAnnual General Meeting Presentation Slides
Annual General Meeting Presentation SlidesKeppelCorporation
 
Guide Complete Set of Residential Architectural Drawings PDF
Guide Complete Set of Residential Architectural Drawings PDFGuide Complete Set of Residential Architectural Drawings PDF
Guide Complete Set of Residential Architectural Drawings PDFChandresh Chudasama
 
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607dollysharma2066
 
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deckPitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deckHajeJanKamps
 
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCRashishs7044
 
Memorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQMMemorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQMVoces Mineras
 

Recently uploaded (20)

Chapter 9 PPT 4th edition.pdf internal audit
Chapter 9 PPT 4th edition.pdf internal auditChapter 9 PPT 4th edition.pdf internal audit
Chapter 9 PPT 4th edition.pdf internal audit
 
Organizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessOrganizational Structure Running A Successful Business
Organizational Structure Running A Successful Business
 
Cyber Security Training in Office Environment
Cyber Security Training in Office EnvironmentCyber Security Training in Office Environment
Cyber Security Training in Office Environment
 
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
 
Investment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy CheruiyotInvestment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy Cheruiyot
 
MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?
 
Unlocking the Future: Explore Web 3.0 Workshop to Start Earning Today!
Unlocking the Future: Explore Web 3.0 Workshop to Start Earning Today!Unlocking the Future: Explore Web 3.0 Workshop to Start Earning Today!
Unlocking the Future: Explore Web 3.0 Workshop to Start Earning Today!
 
Fordham -How effective decision-making is within the IT department - Analysis...
Fordham -How effective decision-making is within the IT department - Analysis...Fordham -How effective decision-making is within the IT department - Analysis...
Fordham -How effective decision-making is within the IT department - Analysis...
 
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
 
8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR
 
Financial-Statement-Analysis-of-Coca-cola-Company.pptx
Financial-Statement-Analysis-of-Coca-cola-Company.pptxFinancial-Statement-Analysis-of-Coca-cola-Company.pptx
Financial-Statement-Analysis-of-Coca-cola-Company.pptx
 
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
 
Annual General Meeting Presentation Slides
Annual General Meeting Presentation SlidesAnnual General Meeting Presentation Slides
Annual General Meeting Presentation Slides
 
Guide Complete Set of Residential Architectural Drawings PDF
Guide Complete Set of Residential Architectural Drawings PDFGuide Complete Set of Residential Architectural Drawings PDF
Guide Complete Set of Residential Architectural Drawings PDF
 
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
 
Corporate Profile 47Billion Information Technology
Corporate Profile 47Billion Information TechnologyCorporate Profile 47Billion Information Technology
Corporate Profile 47Billion Information Technology
 
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deckPitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
 
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
 
Memorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQMMemorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQM
 
Japan IT Week 2024 Brochure by 47Billion (English)
Japan IT Week 2024 Brochure by 47Billion (English)Japan IT Week 2024 Brochure by 47Billion (English)
Japan IT Week 2024 Brochure by 47Billion (English)
 

MISO L008 Disaster Recovery Plan

  • 1. ManagementInformation Systemsin Organizations DISASTER RECOVERY PLAN Prepared by: Jan Wong
  • 2. The Learning Outcomes At the end of this session you should be able to: the importance ofdisaster recovery in an organization EXAMINE the steps in risk management approach DESCRIBE backup systems and system recovery DISCUSS
  • 3. Danger Jeopardy Threat RISKS Peril Menace Hazard
  • 4.
  • 5. Impact (cost) if it happensIs it possible to protect against every risk? What is RISK? “The chance of a negative outcome”
  • 6. A risk-management approachhelps identify threats and select cost-effective security measures. Risk-management analysis can be enhanced by the use of DSS software packages. Calculations can be used to compare the expected loss with the cost of preventing it. A business continuity planoutlines the process in which businesses should recover from a major disaster Risk ManagementApproach “What is it all about?”
  • 7. What are the STEPS in RISK MGMT.?
  • 8. STEP 1: Determine the value and importance of assets Infrastructure: hardware, networks, security environment itself Software environment Staff Cost of replacement Cost of loss of use Assessment of assets
  • 9. STEP 2: List all potential threats Review the current protection/controls system Record weaknesses in the current protection system in view of all the potential threats Vulnerability of assets
  • 10. STEP 3: Assess the probability of damage Specify the tangible and intangible losses that may result Loss analysis
  • 11. STEP 4: Provide a description of available controls that should be considered – general, application, network etc Probability of successful defense The cost Protection analysis
  • 12. STEP 5: Compare cost and benefits Decide on which controls to install Cost Benefit Analysis
  • 13. Intended to: Prevent accidental hazards Deter intentional acts Detect problems ASAP Enhance damage recovery Correct problems comprehensively Controls to Mitigate Risk
  • 14. Increasing the Reliability of Systems Fault tolerance to keep the information systems working, even if some parts fail. Intelligent Systems for Early Detection of problems Detecting intrusion IT Security in the 21st Security
  • 15. Why do we need to back up systems? Because systems fail Impact From minor irritation to business closedown Back up system to: Periodic in Local storage Periodic in Remote storage Mirror site – local Mirror site – distant Withstand fault tolerance Backing-up Systems
  • 16. System Disaster – it happens! Think about: Loss of power Cyber crime Traumatic damage Hardware failure Statutory Requirement
  • 17. System Recovery and Business Continuity Is there a relationship between the two? Here are some key thoughts about disaster recovery by Knoll (1986): The purpose of a recovery plan is to keep the business running after a disaster occurs Recovery planning is part of asset protection Planning should focus first on recovery from a total loss of all capabilities
  • 18. How to ensure that the recovery system works Proof of capability usually involves some kind of what-if analysis that shows that the recovery plan is current All critical applications must be identified and their recovery procedures addressed in the plan
  • 19. Disaster Recovery Plan In other words: BACK UP PROCEDURES In the event of a major disaster it may be necessary to move to another back up location.
  • 20. Disaster Recovery Plan Considerations Customers Facilities Communications Infrastructure Disaster Recovery Plan Knowledge Workers Computer Equipment Business Information PGM
  • 21. Disaster Recovery Plan HOT SITE VENDORS External hot site vendors provide access to a fully configured back up data center. Following the 1989 San Francisco earthquake Charles Schwab were up and running in New Jersey the following morning. PGM
  • 22. Disaster Recovery Plan COLD SITE VENDORS Provide empty office space with special flooring, wiring and ventilation. In an emergency the affected company moves its own or leased computers to the cold site. These back up sites may work well for a company with centralised computing facilities but what can a company with a distributed network system do? PGM
  • 23. Physical access control Uninterrupted power supply (UPS) Generator Humidity control Temperature control Water Detector Raised Floors Fire Extinguisher Alarm Methods to Control & Secure I.S. PGM
  • 24. THINGS TO TAKE NOTE OFF Risk management approach (the 5 steps) What are the different risk mitigation controls? Types of back-up systems What is a disaster recovery plan? What should be considered in a disaster recovery plan?
  • 26. IT’S TIME FOR SOME DISCUSSIONS! List and briefly describe the steps involved in risk analysis of controls. Define and describe a disaster recovery plan. What are “hot” and “cold” recovery sites? Explain why risk management should involve the following elements: threats, exposure associated with each threat, risk of each threat occurring, and cost of controls, as well as assessment of their effectiveness. Why should information control and security be a prime concern to management?
  • 27. IT’S TIME FOR ANIN-CLASS ACTIVITY! Get into groups of 5-6 members Using the Risk Management Approach (5-Steps), apply it to your company / one company of your choice as below: GSC Cinemas Ticketing / Fashion Retail (brick-and-mortar) / IBM / Malaysian Airlines Ticketing / Hilton Hotel Reservation / Facebook Suggest which Risk Mitigation Control should you implement and how it can help you mitigate your risk Present your approach the class
  • 28. Coming soon… next class ManagementInformation Systemsin Organizations DISASTER RECOVERY PLAN What is a disaster recovery plan? How does it minimize risk?