This document discusses disaster recovery and business continuity planning. It begins by noting some key compliance regulations and then defines the key differences between disaster recovery and business continuity. Disaster recovery focuses on recovering data in the event of data loss, while business continuity aims to ensure continuous business operations despite system failures or disasters. The document provides guidance on identifying critical systems, acceptable downtimes, and appropriate disaster recovery and business continuity solutions. It also stresses the importance of testing plans before disasters occur.

1. Thrive. Grow. Achieve.
Disaster Recovery
Vs
Business Continuity
Kerry Mickelson
September, 13 2018

2. DISASTER RECOVERY/BUSINESS CONTINUITY
2

3. WHY PLANNING IS IMPORTANT
3

4. ATTENDEES WILL LEARN:
• What is ROI?
• What is Risk?
• Examples of Good and Bad Disaster Recovery
• Differences between Disaster Recovery and Business Continuity
• Preparing and Testing your DR and BC plans
HIPAA
GLBA
FISMA
PCI
SOX
FINRA
Notice of Security
Breach
State Laws

5. AGENDA
THE DIFFERENCES BETWEEN DISASTER RECOVERY AND
BUSINESS CONTINUITY
The Essentials of Teaching

6. DISASTER RECOVERY IS A SUBSET OF BUSINESS
CONTINUITY
6

7. DISASTER RECOVERY
7
DISASTER RECOVERY IS A SUBSET, A SMALL PART OF OVERALL
BUSINESS CONTINUITY.
SAVING DATA WITH THE SOLE PURPOSE OF BEING ABLE TO
RECOVER IT IN THE EVENT OF A DISASTER

8. BUSINESS CONTINUITY
8
BUSINESS CONTINUITY TYPICALLY REFERS TO THE MANAGEMENT
OVERSIGHT AND PLANNING INVOLVED WITH ENSURING THE
CONTINUOUS OPERATION OF IT FUNCTIONS IN THE CASE OF SYSTEM
OR ENTERPRISE DISASTERS.
THE WHOLE POINT OF BUSINESS CONTINUITY IS TO CONTINUE TO DO
BUSINESS DURING A FAILURE OR DISASTER.

9. WHAT’S MY RISK?
DOWNTIME?
REPUTATION?
$$$ ?
9

10. MAKING HEADLINES
10

11. DISASTER RECOVERY - SIMPLIFIED
11
SOMETHING HAPPENED TO MY DATA

12. BUSINESS CONTINUITY- SIMPLIFIED
12
SOMETHING HAPPENED TO MY BUILDING
THE WHOLE POINT OF BUSINESS CONTINUITY IS TO CONTINUE TO DO
BUSINESS DURING A FAILURE OR DISASTER.
IN BASIC TERMS, IT MEANS THAT WHEN A FAILURE OR DISASTER
HAPPENS, THAT DATA IS STILL ACCESSIBLE WITH LITTLE TO NO
DOWNTIME.

13. COMMON CAUSES OF DATA LOSS
STAFF DELETION
MALICIOUS ACTIVITY
RANSOMWARE
HARDWARE FAILURE
SOFTWARE FAILURE
INCLEMENT WEATHER
13

14. DISASTER RECOVERY
14
1. IDENTIFY CRITICAL SYSTEMS
2. DETERMINE ACCEPTABLE DOWNTIME
3. SELECT APPROPRIATE SOLUTION(S)
4. TEST BEFORE DISASTER STRIKES

15. DISASTER RECOVERY - PITFALLS
15
NO OFFSITE COMPONENT
WRONG SOLUTION
BACKUPS VULNERABLE TO SAME THREATS
INCOMPLETE SELECTIONS
TIME OF RECOVERY
NOT TESTED UNTIL A DISASTER

16. TECHNOLOGIES THAT MAKE BACKUPS
BETTER
16
VIRTUALIZATION
CLOUD

17. BUSINESS CONTINUITY
17
1. IDENTIFY THE SCOPE
2. IDENTIFY KEY BUSINESS AREAS
3. IDENTIFY CRITICAL FUNCTIONS
4. IDENTIFY DEPENDENCIES BETWEEN VARIOUS
BUSINESS AREAS AND FUNCTIONS
5. DETERMINE ACCEPTABLE DOWNTIME FOR EACH
CRITICAL FUNCTION
6. CREATE A PLAN TO MAINTAIN OPERATIONS

18. BUSINESS CONTINUITY TESTING
18
Test at least once a year
DO NOT take down your network
Table Top Exercise
- Get the team in a room
- Walk through the plan
- Look for holes
- If an individual piece needs to be tested, test it
individually
- If pieces have a relationship, test the
relationship at each step

19. QUESTIONS?
19