The document discusses business continuity and disaster recovery plans. It describes how to conduct a business impact analysis to determine critical business processes and their recovery time objectives. It then discusses various disaster recovery strategies like hot sites, warm sites, and cold sites. The document also covers topics like defining recovery point objectives, classifying services, testing plans, and auditing business continuity plans.
Business continuity and disaster recovery are not the same but complement each other. Planning on BCP and DRP is necessary for all business. This slide contains information on how to achieve and maintain them.
Let’s understand the concepts of business continuity and Disaster Recovery in brief. To know more, visit: www.eccouncil.org/business-continuity-and-disaster-recovery
Successful leaders and managers are always keen to expect the unexpected and plan for it. the More you plan is the less you react, and the less you react, the less you make mistakes.
Disruptions to your business can result in data risk, revenue loss, and Failure to deliver services
That’s why organizations need strong business continuity planning.
Business continuity and disaster recovery are not the same but complement each other. Planning on BCP and DRP is necessary for all business. This slide contains information on how to achieve and maintain them.
Let’s understand the concepts of business continuity and Disaster Recovery in brief. To know more, visit: www.eccouncil.org/business-continuity-and-disaster-recovery
Successful leaders and managers are always keen to expect the unexpected and plan for it. the More you plan is the less you react, and the less you react, the less you make mistakes.
Disruptions to your business can result in data risk, revenue loss, and Failure to deliver services
That’s why organizations need strong business continuity planning.
Best Practices in Disaster Recovery Planning and TestingAxcient
Axcient and industry expert Paul Kirvan have put together this presentation on avoiding common disaster recovery mistakes and leveraging industry best practices to create a technology disaster recovery plan that works best for you.
This presentation gives you the many elements necessary of a well-executed disaster recovery plan, including:
- Guidelines for creating your own Disaster Recovery plan
- A checklist of key items to consider based on your business objectives
- The common mistakes and pitfalls to avoid
- Technology considerations for Disaster Recovery
- Tips for planning and executing a successful Disaster Recovery test
Whether you're in the process of creating a disaster recovery plan or you already have one in place, this presentation will guide you through the steps you need to follow to help ensure your plan is complete.
Presenter:
Ali Bin Mohammed AlMuwaijei
Chief Risk Manager, Municipality & Planning Dept-Ajman
Risk and Business Continuity Management
Enterprise Risk Management
This complete deck is oriented to make sure you do not lag in your presentations. Our creatively crafted slides come with apt research and planning. This exclusive deck with twenty four slides is here to help you to strategize, plan, analyse, or segment the topic with clear understanding and apprehension. Utilize ready to use presentation slides on Incident Management Powerpoint Presentation Slides with all sorts of editable templates, charts and graphs, overviews, analysis templates. It is usable for marking important decisions and covering critical issues. Display and present all possible kinds of underlying nuances, progress factors for an all inclusive presentation for the teams. This presentation deck can be used by all professionals, managers, individuals, internal external teams involved in any company organization.
This file was presented by me during the study circle meeting at the Mangalore Branch of Southern India Regional Council of the Institute of Chartered Accountants of India.
This handout was provided at the OCNC Business Emergency Preparedness Series workshop hosted by the Orange County Emergency Services and The Chamber on April 11, 2019.
IT-Centric Disaster Recovery & Business ContinuitySteve Susina
This presentation was delivered to the Business Resumption Planners Association of Chicago meeting on 3/11/2010.
IT leaders who assume responsibility for their firm's DR/BC efforts need to understand how to build a cross-organization strategy that transcends IT organizational boundaries. In the presentation, we discuss the need for IT leaders to reach across the aisles to work with Line-of-Business leaders, and present a six-step framework on how to accomplish a cross-business IT-centric strategy.
Best Practices in Disaster Recovery Planning and TestingAxcient
Axcient and industry expert Paul Kirvan have put together this presentation on avoiding common disaster recovery mistakes and leveraging industry best practices to create a technology disaster recovery plan that works best for you.
This presentation gives you the many elements necessary of a well-executed disaster recovery plan, including:
- Guidelines for creating your own Disaster Recovery plan
- A checklist of key items to consider based on your business objectives
- The common mistakes and pitfalls to avoid
- Technology considerations for Disaster Recovery
- Tips for planning and executing a successful Disaster Recovery test
Whether you're in the process of creating a disaster recovery plan or you already have one in place, this presentation will guide you through the steps you need to follow to help ensure your plan is complete.
Presenter:
Ali Bin Mohammed AlMuwaijei
Chief Risk Manager, Municipality & Planning Dept-Ajman
Risk and Business Continuity Management
Enterprise Risk Management
This complete deck is oriented to make sure you do not lag in your presentations. Our creatively crafted slides come with apt research and planning. This exclusive deck with twenty four slides is here to help you to strategize, plan, analyse, or segment the topic with clear understanding and apprehension. Utilize ready to use presentation slides on Incident Management Powerpoint Presentation Slides with all sorts of editable templates, charts and graphs, overviews, analysis templates. It is usable for marking important decisions and covering critical issues. Display and present all possible kinds of underlying nuances, progress factors for an all inclusive presentation for the teams. This presentation deck can be used by all professionals, managers, individuals, internal external teams involved in any company organization.
This file was presented by me during the study circle meeting at the Mangalore Branch of Southern India Regional Council of the Institute of Chartered Accountants of India.
This handout was provided at the OCNC Business Emergency Preparedness Series workshop hosted by the Orange County Emergency Services and The Chamber on April 11, 2019.
IT-Centric Disaster Recovery & Business ContinuitySteve Susina
This presentation was delivered to the Business Resumption Planners Association of Chicago meeting on 3/11/2010.
IT leaders who assume responsibility for their firm's DR/BC efforts need to understand how to build a cross-organization strategy that transcends IT organizational boundaries. In the presentation, we discuss the need for IT leaders to reach across the aisles to work with Line-of-Business leaders, and present a six-step framework on how to accomplish a cross-business IT-centric strategy.
PECB Webinar: Rethinking Business Continuity: Applying ISO 22301 to improve r...PECB
The webinar covers:
• Determine the critical business and technology functions in your organization
• Understand the basics of a business continuity and disaster recovery plan
• Overcome obstacles when implementing a business continuity program for the first time
• Develop the necessary expertise to support your organization in implementing the ISO 22301 standard for organizational resilience.
Presenter:
This webinar was presented by Bryan Strawser, Principal Consultant & CEO at Bryghtpath LLC, who has more than 21 years of experience.
Link of the recorded session published on YouTube: https://youtu.be/GG8XKN5GlKU
Presenter: Sagarika Chakraborty
1.1 Risk Mapping in India
1.2 Understanding Business Continuity Planning
1.3 Business Continuity Planning and Risk Management
Dr Goh Moh Heng Building Your Organization Business Continuity Management Com...BCM Institute
Dr Goh shares his presentation on Building Your Organization Business Continuity Management Competency during the recent World Continuity Congress Malaysia 9 September 2014
NCB Capital, Saudi Arabia’s largest investment bank
The NCBC been awarded a Corporate Business Continuity Management (BCM) Certification by the British Standards Institute (BSI) in June 2010
NCB Capital the first investment company to get the BS 25999 certification in MENA(Middle east and North Africa) region.
A short presentation of the essentials of business continuity planning. Often put on the back burner because it's seems too complex. Whereas the principles are quite straightforward.
November 2014 Webinar - Disaster Recovery Worthy of a Zombie ApocalypseRapidScale
80% of companies that do not recover from a data loss within one month are likely to go out of business in the immediate future (Bernstein Crisis Management). With Disaster Recovery and Business Continuity, a business is able to survive and thrive after a disaster has struck.
This presentation focuses on how you can automate much of your disaster recovery testing for VMware environments so you can assure your failovers, and assure your VMs will be recovered within your RTO's.
Disaster Recovery Mastered
Handsout Seminar 23 juni 2011
Disaster Recovery/Business Continuity
Uw data en IT-infrastructuur: kogelvrij of vogelvrij?
Georganiseerd door Minoc Business Press
Building a Business Continuity CapabilityRod Davis
A detailed overview of the business continuity / disaster recovery planning process. Gives numerous tips for effective execution of plan development. Emphasizes development of a true recovery capability through exercises which reveal weaknesses in the plan or technology leading to improvements.
Disaster Recovery: Understanding Trend, Methodology, Solution, and StandardPT Datacomm Diangraha
Disaster Recovery (DR)
Provides the technical ability to maintain critical services in the event of any unplanned incident that threatens these services or the technical infrastructure required to maintain them.
The Cost of Doing Nothing: A Ransomware Backup StoryQuest
This on-demand webcast shows you how you shield your organization from such attacks – as well as how to respond if ransomware does penetrate your organization. Baseline Technologies’ Mike Crowley gives you the inside track on how ransomware works and how to lower your risk of ransomware attacks.
Enterprise grade disaster recovery without breaking the bankactualtechmedia
Perform a cost comparison of 3 DR strategies
View a comprehensive breakdown of DR infrastructure costs
Address the benefits of cloud-based DR
Draw from use cases of enterprises who have reduced IT expenditures with cloud DR
http://www.actualtech.io/enterprise-grade-disaster-recovery/
Are your backups are too big, and do they take too long? Are you worried you won’t get all of your data back? Do you waste hours managing complicated, temperamental backup implementations? Join is as we discuss innovative ways to improve your backups, make them more predictable, shrink backup windows, over-perform on SLAs, and reliably recover your data—every time, on time. Hear how other organizations are developing smarter backup strategies that align their recovery requirements to their business objectives, reduce stored data by up to 95% while boosting backup speeds as much as 200%.
Disaster and RecoveryBusiness Impact AnalysisSystem .docxduketjoy27252
Disaster and Recovery
Business Impact Analysis
System Description/Purpose
Impact to business if degradation
Estimated Downtime
Resource Requirements.
Business Contingency Plan
Incident Response Policy
Purpose
Identifying and Reporting Incidents
Mitigation and Containment
Questions?
Overview
Shawn Kirkland
Purpose
Determine mission/business processes and recovery criticality.
Identify resource requirements.
Identify recovery priorities for system resources.
System Description/Purpose
Impact to business if degradation
Estimated Downtime
Resource Requirements.
Business Impact Analysis
Shawn Kirkland
Determine mission/business processes and recovery criticality. Mission/business processes supported by the system are identified and the impact of a system disruption to those processes is determined along with outage impacts and estimated downtime. The downtime should reflect the maximum that an organization can tolerate while still maintaining the mission.
Identify resource requirements. Realistic recovery efforts require a thorough evaluation of the resources required to resume mission/business processes and related interdependencies as quickly as possible. Examples of resources that should be identified include facilities, personnel, equipment, software, data files, system components, and vital records.
Identify recovery priorities for system resources. Based upon the results from the previous activities, system resources can more clearly be linked to critical mission/business processes. Priority levels can be established for sequencing recovery activities and resources.
This document is used to build the Dream Landing’s Database Server Information System Contingency Plan (ISCP) and is included as a key component of the ISCP. It also may be used to support the development of other contingency plans associated with the system, including, but not limited to, the Disaster Recovery Plan (DRP) or Cyber Incident Response Plan.
3
Operating System
Microsoft Windows Server 2008 R2
Application
Microsoft SQL Server 2008 Enterprise Edition
Hardware
Dell R720
Location
Server Rack on second floor server room.
Connection
System Administrator connects via local area network.
Other users connect remotely
DR Method
1 Full backup weekly and dailies every day.
3 hours after close of business.
System Description
Shawn Kirkland
The Dream Landing’s database server is comprised of Microsoft SQL Server 2008 Enterprise Edition installed and running on Microsoft Windows Server 2008 R2; this platform is housed on a Dell R720 server-class system. The database server is located in the server rack located on the second floor server room. Local administrators connect directly through the local area network; other users connect indirectly through the web server. Daily snapshot backup operations are conducted every day 3 hours after close of business.
4
ImpactMission/Business ProcessDescriptionQuery customer recordDatabase retrieval of customer.
Enterprise-Grade Disaster Recovery Without Breaking the BankDonna Perlstein
Until recently, enterprise-grade DR had been prohibitively expensive, leaving many companies with high risk levels and unreliable solutions. Now, many organizations are enjoying top-of- the-line disaster recovery at a fraction of the price, thanks to the rapid development of cloud technology. CloudEndure and Actual Tech Media are thrilled to present this presentation, with a cost comparison of 3 Disaster Recovery Strategies, and much more.
Enterprise-Grade Disaster Recovery Without Breaking the BankCloudEndure
Until recently, enterprise-grade DR had been prohibitively expensive, leaving many companies with high risk levels and unreliable solutions. Now, many organizations are enjoying top-of- the-line disaster recovery at a fraction of the price, thanks to the rapid development of cloud technology. CloudEndure and Actual Tech Media are thrilled to present this presentation, with a cost comparison of 3 Disaster Recovery Strategies, and much more.
Similar to Business continuity and disaster recovery (20)
The purpose of this paper is to examine the main security problems in electronic voting systems, particularly security threats to DRE voting systems and security threats to the Internet voting systems. It will focus on how security problems can be addressed. The paper is divided into four parts. The first part will pinpoint the criteria of using electronic voting systems while focusing on the main security problems in DRE and Internet based voting systems and will suggest their solutions. The second and third parts will propose secure reference architecture for electronic and internet based voting systems while the last part will be the conclusion.
The cloud computing paradigm is still evolving, but has recently gained tremendous momentum. However, security and privacy issues pose as the key roadblock to its fast adoption. In this paper we present security and privacy challenges that are exacerbated by the unique aspects of clouds and show how they're related to various delivery and deployment models. We discuss various approaches to address these challenges, existing solutions, and future work needed to provide a trustworthy cloud computing environment.
Proposed pricing model for cloud computingAdeel Javaid
Cloud computing is an emerging technology of business computing and it is becoming a development trend. The process of entering into the cloud is generally in the form of queue, so that each user needs to wait until the current user is being served. In the system, each Cloud Computing User (CCU) requests Cloud Computing Service Provider (CCSP) to use the resources, if CCU(cloud computing user) finds that the server is busy then the user has to wait till the current user completes the job which leads to more queue length and increased waiting time. So to solve this problem, it is the work of CCSP’s to provide service to users with less waiting time otherwise there is a chance that the user might be leaving from queue. CCSP’s can use multiple servers for reducing queue length and waiting time. In this paper, we have shown how the multiple servers can reduce the mean queue length and waiting time. Our approach is to treat a multiserver system as an M/M/m queuing model, such that a profit maximization model could be worked out.
Wireless Sensor Networks (WSNs) are distributed and independent sensors that are connected and worked together to measure quantities such as temperature, humidity, pressure, noise levels or vibrations. WSNs can measure vehicular movement (velocity, location, etc.) and monitor conditions such as lightning condition, soil makeup and motion. Nowadays, WSNs are utilized in many common applications such as vehicle applications. Some of vehicle applications are: vehicle tracking and detection, tire pressure monitoring, vehicle speed detection, vehicle direction indicator, traffic control, reversing aid sensors etc. Such applications can be divided in major categories such as safety, security, environment and logistics. To implement WSN in an application and have an efficient system, we need to consider about WSN technology, and its components. This paper is aimed at providing reliable software architecture of WSN that could be implemented for better performance and working.
This part provides a template for developing a marketing strategy for the smaller organization. The format is a workbook style with many forms to help provide a solid guide for executing the strategy concepts discussed earlier. A complete marketing strategy document will be in much more detail than provided by the forms and questions. You will want to refer to the text for a detailed discussion of the concepts before filling in the forms.
Toyota Motor Corporation's vehicle production system is a way of "making things" that is sometimes referred to as a "lean manufacturing system" or a "Just-in-Time (JIT) system," and has come to be well known and studied worldwide.
In Cloud, existing vulnerabilities, threats, and associated attacks raise several security concerns. Vulnerabilities in Cloud can be defined as the loopholes in the security architecture of Cloud, which can be exploited by an adversary via sophisticated techniques to gain access to the network and other infrastructure resources. In these slides, we discuss major Cloud specific vulnerabilities, which pose serious threats to Cloud computing.
Cracking the Workplace Discipline Code Main.pptxWorkforce Group
Cultivating and maintaining discipline within teams is a critical differentiator for successful organisations.
Forward-thinking leaders and business managers understand the impact that discipline has on organisational success. A disciplined workforce operates with clarity, focus, and a shared understanding of expectations, ultimately driving better results, optimising productivity, and facilitating seamless collaboration.
Although discipline is not a one-size-fits-all approach, it can help create a work environment that encourages personal growth and accountability rather than solely relying on punitive measures.
In this deck, you will learn the significance of workplace discipline for organisational success. You’ll also learn
• Four (4) workplace discipline methods you should consider
• The best and most practical approach to implementing workplace discipline.
• Three (3) key tips to maintain a disciplined workplace.
Skye Residences | Extended Stay Residences Near Toronto Airportmarketingjdass
Experience unparalleled EXTENDED STAY and comfort at Skye Residences located just minutes from Toronto Airport. Discover sophisticated accommodations tailored for discerning travelers.
Website Link :
https://skyeresidences.com/
https://skyeresidences.com/about-us/
https://skyeresidences.com/gallery/
https://skyeresidences.com/rooms/
https://skyeresidences.com/near-by-attractions/
https://skyeresidences.com/commute/
https://skyeresidences.com/contact/
https://skyeresidences.com/queen-suite-with-sofa-bed/
https://skyeresidences.com/queen-suite-with-sofa-bed-and-balcony/
https://skyeresidences.com/queen-suite-with-sofa-bed-accessible/
https://skyeresidences.com/2-bedroom-deluxe-queen-suite-with-sofa-bed/
https://skyeresidences.com/2-bedroom-deluxe-king-queen-suite-with-sofa-bed/
https://skyeresidences.com/2-bedroom-deluxe-queen-suite-with-sofa-bed-accessible/
#Skye Residences Etobicoke, #Skye Residences Near Toronto Airport, #Skye Residences Toronto, #Skye Hotel Toronto, #Skye Hotel Near Toronto Airport, #Hotel Near Toronto Airport, #Near Toronto Airport Accommodation, #Suites Near Toronto Airport, #Etobicoke Suites Near Airport, #Hotel Near Toronto Pearson International Airport, #Toronto Airport Suite Rentals, #Pearson Airport Hotel Suites
Buy Verified PayPal Account | Buy Google 5 Star Reviewsusawebmarket
Buy Verified PayPal Account
Looking to buy verified PayPal accounts? Discover 7 expert tips for safely purchasing a verified PayPal account in 2024. Ensure security and reliability for your transactions.
PayPal Services Features-
🟢 Email Access
🟢 Bank Added
🟢 Card Verified
🟢 Full SSN Provided
🟢 Phone Number Access
🟢 Driving License Copy
🟢 Fasted Delivery
Client Satisfaction is Our First priority. Our services is very appropriate to buy. We assume that the first-rate way to purchase our offerings is to order on the website. If you have any worry in our cooperation usually You can order us on Skype or Telegram.
24/7 Hours Reply/Please Contact
usawebmarketEmail: support@usawebmarket.com
Skype: usawebmarket
Telegram: @usawebmarket
WhatsApp: +1(218) 203-5951
USA WEB MARKET is the Best Verified PayPal, Payoneer, Cash App, Skrill, Neteller, Stripe Account and SEO, SMM Service provider.100%Satisfection granted.100% replacement Granted.
RMD24 | Retail media: hoe zet je dit in als je geen AH of Unilever bent? Heid...BBPMedia1
Grote partijen zijn al een tijdje onderweg met retail media. Ondertussen worden in dit domein ook de kansen zichtbaar voor andere spelers in de markt. Maar met die kansen ontstaan ook vragen: Zelf retail media worden of erop adverteren? In welke fase van de funnel past het en hoe integreer je het in een mediaplan? Wat is nu precies het verschil met marketplaces en Programmatic ads? In dit half uur beslechten we de dilemma's en krijg je antwoorden op wanneer het voor jou tijd is om de volgende stap te zetten.
"𝑩𝑬𝑮𝑼𝑵 𝑾𝑰𝑻𝑯 𝑻𝑱 𝑰𝑺 𝑯𝑨𝑳𝑭 𝑫𝑶𝑵𝑬"
𝐓𝐉 𝐂𝐨𝐦𝐬 (𝐓𝐉 𝐂𝐨𝐦𝐦𝐮𝐧𝐢𝐜𝐚𝐭𝐢𝐨𝐧𝐬) is a professional event agency that includes experts in the event-organizing market in Vietnam, Korea, and ASEAN countries. We provide unlimited types of events from Music concerts, Fan meetings, and Culture festivals to Corporate events, Internal company events, Golf tournaments, MICE events, and Exhibitions.
𝐓𝐉 𝐂𝐨𝐦𝐬 provides unlimited package services including such as Event organizing, Event planning, Event production, Manpower, PR marketing, Design 2D/3D, VIP protocols, Interpreter agency, etc.
Sports events - Golf competitions/billiards competitions/company sports events: dynamic and challenging
⭐ 𝐅𝐞𝐚𝐭𝐮𝐫𝐞𝐝 𝐩𝐫𝐨𝐣𝐞𝐜𝐭𝐬:
➢ 2024 BAEKHYUN [Lonsdaleite] IN HO CHI MINH
➢ SUPER JUNIOR-L.S.S. THE SHOW : Th3ee Guys in HO CHI MINH
➢FreenBecky 1st Fan Meeting in Vietnam
➢CHILDREN ART EXHIBITION 2024: BEYOND BARRIERS
➢ WOW K-Music Festival 2023
➢ Winner [CROSS] Tour in HCM
➢ Super Show 9 in HCM with Super Junior
➢ HCMC - Gyeongsangbuk-do Culture and Tourism Festival
➢ Korean Vietnam Partnership - Fair with LG
➢ Korean President visits Samsung Electronics R&D Center
➢ Vietnam Food Expo with Lotte Wellfood
"𝐄𝐯𝐞𝐫𝐲 𝐞𝐯𝐞𝐧𝐭 𝐢𝐬 𝐚 𝐬𝐭𝐨𝐫𝐲, 𝐚 𝐬𝐩𝐞𝐜𝐢𝐚𝐥 𝐣𝐨𝐮𝐫𝐧𝐞𝐲. 𝐖𝐞 𝐚𝐥𝐰𝐚𝐲𝐬 𝐛𝐞𝐥𝐢𝐞𝐯𝐞 𝐭𝐡𝐚𝐭 𝐬𝐡𝐨𝐫𝐭𝐥𝐲 𝐲𝐨𝐮 𝐰𝐢𝐥𝐥 𝐛𝐞 𝐚 𝐩𝐚𝐫𝐭 𝐨𝐟 𝐨𝐮𝐫 𝐬𝐭𝐨𝐫𝐢𝐞𝐬."
What are the main advantages of using HR recruiter services.pdfHumanResourceDimensi1
HR recruiter services offer top talents to companies according to their specific needs. They handle all recruitment tasks from job posting to onboarding and help companies concentrate on their business growth. With their expertise and years of experience, they streamline the hiring process and save time and resources for the company.
Unveiling the Secrets How Does Generative AI Work.pdfSam H
At its core, generative artificial intelligence relies on the concept of generative models, which serve as engines that churn out entirely new data resembling their training data. It is like a sculptor who has studied so many forms found in nature and then uses this knowledge to create sculptures from his imagination that have never been seen before anywhere else. If taken to cyberspace, gans work almost the same way.
VAT Registration Outlined In UAE: Benefits and Requirementsuae taxgpt
Vat Registration is a legal obligation for businesses meeting the threshold requirement, helping companies avoid fines and ramifications. Contact now!
https://viralsocialtrends.com/vat-registration-outlined-in-uae/
Kseniya Leshchenko: Shared development support service model as the way to ma...Lviv Startup Club
Kseniya Leshchenko: Shared development support service model as the way to make small projects with small budgets profitable for the company (UA)
Kyiv PMDay 2024 Summer
Website – www.pmday.org
Youtube – https://www.youtube.com/startuplviv
FB – https://www.facebook.com/pmdayconference
3.0 Project 2_ Developing My Brand Identity Kit.pptxtanyjahb
A personal brand exploration presentation summarizes an individual's unique qualities and goals, covering strengths, values, passions, and target audience. It helps individuals understand what makes them stand out, their desired image, and how they aim to achieve it.
Improving profitability for small businessBen Wann
In this comprehensive presentation, we will explore strategies and practical tips for enhancing profitability in small businesses. Tailored to meet the unique challenges faced by small enterprises, this session covers various aspects that directly impact the bottom line. Attendees will learn how to optimize operational efficiency, manage expenses, and increase revenue through innovative marketing and customer engagement techniques.
2. Imagine a company…
Bank with 1 Million accounts, social
security numbers, credit cards, loans…
Airline serving 50,000 people on 250
flights daily…
Pharmacy system filling 5 million
prescriptions per year, some of the
prescriptions are life-saving…
Factory with 200 employees producing
200,000 products per day using robots…
3. Imagine a system failure…
Server failure
Disk System failure
Hacker break-in
Denial of Service attack
Extended power failure
Snow storm
Spyware
Malevolent virus or worm
Earthquake, tornado
Employee error or revenge
How will this affect each
business?
4. First Step:
Business Impact Analysis
Which business processes are of strategic
importance?
What disasters could occur?
What impact would they have on the
organization financially? Legally? On
human life? On reputation?
What is the required recovery time period?
Answers obtained via questionnaire,
interviews, or meeting with key users of IT
5. Event Damage Classification
Negligible: No significant cost or damage
Minor: A non-negligible event with no material or
financial impact on the business
Major: Impacts one or more departments and may
impact outside clients
Crisis: Has a major material or financial impact on
the business
Minor, Major, & Crisis events should be
documented and tracked to repair
6. Workbook:
Disasters and Impact
Problematic Event
or Incident
Affected Business Process(es)
(Assumes a university)
Impact Classification &
Effect on finances, legal
liability, human life,
reputation
Fire Class rooms, business
departments
Crisis, at times Major,
Human life
Hacking Attack Registration, advising, Major,
Legal liability
Network
Unavailable
Registration, advising, classes,
homework, education
Crisis
Social
engineering, /Fraud
Registration, Major,
Legal liability
Server Failure
(Disk/server)
Registration, advising, classes,
homework, education.
Major, at times: Crisis
7. Recovery Time: Terms
Interruption Window: Time duration organization can wait
between point of failure and service resumption
Service Delivery Objective (SDO): Level of service in Alternate
Mode
Maximum Tolerable Outage: Max time in Alternate Mode
Regular Service
Alternate Mode
Regular
Service
Interruption
Window
Maximum Tolerable Outage
SDO
Interruption
Time…
Disaster
Recovery
Plan Implemented
Restoration
Plan Implemented
8. Definitions
Business Continuity: Offer critical services in
event of disruption
Disaster Recovery: Survive interruption to
computer information systems
Alternate Process Mode: Service offered by
backup system
Disaster Recovery Plan (DRP): How to transition
to Alternate Process Mode
Restoration Plan: How to return to regular system
mode
9. Classification of Services
Critical $$$$: Cannot be performed manually.
Tolerance to interruption is very low
Vital $$: Can be performed manually for very short
time
Sensitive $: Can be performed manually for a
period of time, but may cost more in staff
Nonsensitive ¢: Can be performed manually for
an extended period of time with little additional
cost and minimal recovery effort
10. Determine Criticality of Business
Processes
Corporate
Sales (1) Shipping (2) Engineering (3)
Web Service (1) Sales Calls (2)
Product A (1)
Product B (2)
Product C (3)
Product A (1)
Orders (1)
Inventory (2)
Product B (2)
11. RPO and RTO
How far back can you fail to? How long can you operate without a system?
One week’s worth of data? Which services can last how long?
Interruption
1 1 1
Hour Day Week
Recovery Point Objective Recovery Time Objective
Interruption
1 1 1
Week Day Hour
13. Business Impact Analysis
Summary
Service Recovery
Point
Objective
(Hours)
Recovery
Time
Objective
(Hours)
Critical
Resources
(Computer,
people,
peripherals)
Special Notes
(Unusual treatment at
Specific times, unusual risk
conditions)
Registratio
n
0 hours 4 hours SOLAR,
network
Registrar
High priority during Nov-
Jan,
March-June, August.
Personnel 2 hours 8 hours PeopleSoft Can operate manually for
some time
Teaching 1 day 1 hour D2L,
network,
faculty files
During school semester:
high priority.
Work
Book
Partial BIA for a university
14. RAID – Data Mirroring
ABCDABCD
AB CD Parity
AB CD
RAID 0: Striping RAID 1: Mirroring
Higher Level RAID: Striping & Redundancy
Redundant Array of Independent Disks
15. Network Disaster Recovery
Redundancy
Includes:
Routing protocols
Fail-over
Multiple paths
Alternative Routing
>1 Medium or
> 1 network provider
Diverse Routing
Multiple paths,
1 medium type
Last-mile circuit protection
E.g., Local: microwave & cable
Long-haul network diversity
Redundant network providers
Voice Recovery
Voice communication backup
16. Disruption vs. Recovery Costs
Cost
Time
Service Downtime
Alternative Recovery Strategies
Minimum Cost
* Hot Site
* Warm Site
* Cold Site
17. Alternative Recovery Strategies
Hot Site: Fully configured, ready to operate within hours
Warm Site: Ready to operate within days: no or low power
main computer. Does contain disks, network, peripherals.
Cold Site: Ready to operate within weeks. Contains
electrical wiring, air conditioning, flooring
Duplicate or Redundant Info. Processing Facility:
Standby hot site within the organization
Reciprocal Agreement with another organization or
division
Mobile Site: Fully- or partially-configured trailer comes to
your site, with microwave or satellite communications
18. What is Cloud Computing?
Database
App Server
Laptop
PC
Web Server
Cloud
Computing
VPN Server
19. This would cost $200/month.This would cost
$200/month.
Introduction to Cloud
NIST Visual Model of Cloud Computing Definition
National Institute of Standards and Technology, www.cloudstandards.org
20. Cloud Service Models
Software(SaaS): Provider
runs own applications on
cloud infrastructure.
Platform(PaaS):
Consumer provides apps;
provider provides system
and development
environment.
Infrastructure(laaS):
Provides customers
access to processing,
storage, networks or other
fundamental resources
21. Cloud Deployment Models
Private Cloud: Dedicated to one organization
Community Cloud: Several organizations with
shared concerns share computer facilities
Public Cloud: Available to the public or a
large industry group
Hybrid Cloud: Two or more clouds (private,
community or public clouds) remain distinct but
are bound together by standardized or
proprietary technology
22. Major Areas of Security
Concerns
Multi-tenancy: Your app is on same server with other
organizations.
Need: segmentation, isolation, policy
Service Level Agreement (SLA): Defines performance,
security policy, availability, backup, location,
compliance, audit issues
Your Coverage: Total security = your portion + provider
portion
Responsibility varies for IAAS vs. PAAS vs. SAAS
You can transfer security responsibility but not
accountability
23. Hot Site
Contractual costs include: basic subscription,
monthly fee, testing charges, activation costs,
and hourly/daily use charges
Contractual issues include: other subscriber
access, speed of access, configurations, staff
assistance, audit & test
Hot site is for emergency use – not long term
May offer warm or cold site for extended
durations
24. Reciprocal Agreements
Advantage: Low cost
Problems may include:
Quick access
Compatibility (computer, software, …)
Resource availability: computer, network, staff
Priority of visitor
Security (less a problem if same organization)
Testing required
Susceptibility to same disasters
Length of welcomed stay
25. RPO Controls
Data File and
System/Directory
Location
RPO
(Hours)
Special Treatment
(Backup period, RAID, File
Retention Strategies)
Registration 0 hours RAID.
Mobile Site?
Teaching 1 day Daily backups.
Facilities Computer Center as
Redundant info processing center
Work
Book
26. Business Continuity Process
Perform Business Impact Analysis
Prioritize services to support critical business
processes
Determine alternate processing modes for
critical and vital services
Develop the Disaster Recovery plan for IS
systems recovery
Develop BCP for business operations recovery
and continuation
Test the plans
Maintain plans
27. Question
The amount of data transactions that are
allowed to be lost following a computer
failure (i.e., duration of orphan data) is the:
1.Recovery Time Objective
2.Recovery Point Objective
3.Service Delivery Objective
4.Maximum Tolerable Outage
28. Question
When the RTO is large, this is associated
with:
1. Critical applications
2. A speedy alternative recovery strategy
3. Sensitive or nonsensitive services
4. An extensive restoration plan
29. Question
When the RPO is very short, the best
solution is:
1. Cold site
2. Data mirroring
3. A detailed and efficient Disaster
Recovery Plan
4. An accurate Business Continuity Plan
31. An Incident Occurs…
Security officer
declares disaster
Call Security
Officer (SO)
or committee
member
SO follows
pre-established
protocol
Emergency Response
Team: Human life:
First concern
Phone tree notifies
relevant participants
IT follows Disaster
Recovery Plan
Public relations
interfaces with media
(everyone else quiet)
Mgmt, legal
council act
32. Concerns for a BCP/DR Plan
Evacuation plan: People’s lives always take first
priority
Disaster declaration: Who, how, for what?
Responsibility: Who covers necessary disaster
recovery functions
Procedures for Disaster Recovery
Procedures for Alternate Mode operation
Resource Allocation: During recovery & continued
operation
Copies of the plan should be off-site
34. BCP Documents
Focus: IT Business
Event
Recovery
Disaster Recovery Plan
Procedures to recover at
alternate site
Business Recovery Plan
Recover business after a
disaster
IT Contingency Plan:
Recovers major
application or system
Occupant Emergency Plan:
Protect life and assets during
physical threat
Cyber Incident
Response Plan:
Malicious cyber incident
Crisis Communication Plan:
Provide status reports to public
and personnel
Business
Continuity
Business Continuity Plan
Continuity of Operations Plan
Longer duration outages
35. Workbook
Business Continuity Overview
Classifica-
tion
(Critical or
Vital)
Business
Process
Incident or
Problematic
Event(s)
Procedure for Handling
(Section 5)
Vital Registration Computer
Failure
If total failure,
forward requests to UW-System
Otherwise, use 1-week-old
database for read purposes only
Critical Teaching Computer
Failure
Faculty DB Recovery Procedure
36. MTBF = MTTF + MTTR
• Mean Time to Repair (MTTR)
• Mean Time Between Failure (MTBF)
Measure of availability:
• 5 9s = 99.999% of time working = 5 ½
minutes of failure per year.
works repair works repair works
1 day 84 days
37. Disaster Recovery
Test Execution
Always tested in this order:
Desk-Based Evaluation/Paper Test: A
group steps through a paper procedure and
mentally performs each step.
Preparedness Test: Part of the full test is
performed. Different parts are tested
regularly.
Full Operational Test: Simulation of a full
disaster
38. Business Continuity Test Types
Checklist Review: Reviews coverage of plan – are all
important concerns covered?
Structured Walkthrough: Reviews all aspects of plan,
often walking through different scenarios
Simulation Test: Execute plan based upon a specific
scenario, without alternate site
Parallel Test: Bring up alternate off-site facility, without
bringing down regular site
Full-Interruption: Move processing from regular site to
alternate site.
39. Testing Objectives
Main objective: existing plans will result in
successful recovery of infrastructure & business
processes
Also can:
• Identify gaps or errors
• Verify assumptions
• Test time lines
• Train and coordinate staff
40. Testing Procedures
Tests start simple and
become more challenging
with progress
Include an independent 3rd
party (e.g. auditor) to
observe test
Retain documentation for
audit reviews
Develop test
objectives
Execute Test
Evaluate Test
Develop recommendations
to improve test effectiveness
Follow-Up to ensure
recommendations
implemented
41. Test Stages
PreTest: Set the Stage
Set up equipment
Prepare staff
Test: Actual test
PostTest: Cleanup
Returning resources
Calculate metrics: Time required, %
success rate in processing, ratio of
successful transactions in Alternate mode
vs. normal mode
Delete test data
Evaluate plan
Implement improvements
PreTest
Test
PostTest
42. Gap Analysis
Comparing Current Level with Desired Level
• Which processes need to be improved?
• Where is staff or equipment lacking?
• Where does additional coordination need
to occur?
43. Insurance
IPF &
Equipment
Data & Media Employee
Damage
Business Interruption:
Loss of profit due to IS
interruption
Valuable Papers &
Records: Covers cash
value of lost/damaged
paper & records
Fidelity Coverage:
Loss from dishonest
employees
Extra Expense:
Extra cost of operation
following IPF damage
Media Reconstruction
Cost of reproduction of
media
Errors & Omissions:
Liability for error resulting
in loss to client
IS Equipment &
Facilities: Loss of IPF &
equipment due to
damage
Media Transportation
Loss of data during xport
IPF = Information Processing Facility
44. Auditing BCP
Includes:
Is BIA complete with RPO/RTO defined for all services?
Is the BCP in-line with business goals, effective, and current?
Is it clear who does what in the BCP and DRP?
Is everyone trained, competent, and happy with their jobs?
Is the DRP detailed, maintained, and tested?
Is the BCP and DRP consistent in their recovery coverage?
Are people listed in the BCP/phone tree current and do they have a
copy of BC manual?
Are the backup/recovery procedures being followed?
Does the hot site have correct copies of all software?
Is the backup site maintained to expectations, and are the
expectations effective?
Was the DRP test documented well, and was the DRP updated?
45. Summary of BC Security
Controls
• RAID
• Backups: Incremental backup, differential
backup
• Networks: Diverse routing, alternative routing
• Alternative Site: Hot site, warm site, cold site,
reciprocal agreement, mobile site
• Testing: checklist, structured walkthrough,
simulation, parallel, full interruption
• Insurance
46. Question
The FIRST thing that should be done when you discover
an intruder has hacked into your computer system is to:
1. Disconnect the computer facilities from the computer
network to hopefully disconnect the attacker
2. Power down the server to prevent further loss of
confidentiality and data integrity.
3. Call the manager.
4. Follow the directions of the Incident Response Plan.
47. Question
During an audit of the business continuity
plan, the finding of MOST concern is:
1. The phone tree has not been double-
checked in 6 months
2. The Business Impact Analysis has not
been updated this year
3. A test of the backup-recovery system is
not performed regularly
4. The backup library site lacks a UPS
48. Question
The first and most important BCP test is the:
1. Fully operational test
2. Preparedness test
3. Security test
4. Desk-based paper test
49. Question
When a disaster occurs, the highest
priority is:
1.Ensuring everyone is safe
2.Minimizing data loss by saving important
data
3.Recovery of backup tapes
4.Calling a manager
50. Question
A documented process where one
determines the most crucial IT operations
from the business perspective
1.Business Continuity Plan
2.Disaster Recovery Plan
3.Restoration Plan
4.Business Impact Analysis
51. Question
The PRIMARY goal of the Post-Test is:
1. Write a report for audit purposes
2. Return to normal processing
3. Evaluate test effectiveness and update
the response plan
4. Report on test to management
52. Question
A test that verifies that the alternate site
successfully can process transactions is
known as:
1. Structured walkthrough
2. Parallel test
3. Simulation test
4. Preparedness test
53. Vocabulary
•Business Continuity Plan (BCP), Business Impact Analysis
(BIA), RAID, Disaster Recovery Plan (DRP)
•Hot site, warm site, cold site, reciprocal agreement, mobile site
•Interruption window, Maximum tolerable outage, Service
delivery objective
•Recovery point objective (RPO), Recovery time objective
(RTO)
•Desk based or paper test, preparedness test, fully operational
test,
•Test: checklist, structured walkthrough, simulation test, parallel
test, full interruption, pretest, post-test
•Diverse routing, alternative routing
•Incremental backup, differential backup
•Define cloud computing, Infrastructure as a Service, Platform
as Service, Software as a Service, Private cloud, Community
cloud, Public cloud, Hybrid cloud.
54. Interactive Crossword Puzzle
To get more practice the vocabulary from
this section click on the picture below. For
a word bank look at the previous slide.
Definitions adapted from:
All-In-One CISA Exam Guide
55. HEALTH FIRST CASE STUDY
Business Impact Analysis & Business Continuity
Jamie Ramon MD
Doctor
Chris Ramon RD
Dietician
Terry
Licensed
Practicing Nurse
Pat
Software Consultant
56. Step 1: Define Threats
Resulting in Business Disruption
Key questions:
•Which business processes
are of strategic importance?
•What disasters could
occur?
•What impact would they
have on the organization
financially? Legally? On
human life? On reputation?
Impact Classification
Negligible: No significant
cost or damage
Minor: A non-negligible event
with no material or financial
impact on the business
Major: Impacts one or more
departments and may impact
outside clients
Crisis: Has a major financial
impact on the business
57. Step 1: Define Threats
Resulting in Business Disruption
Problematic
Event or
Incident
Affected
Business
Process(es)
Impact Classification &
Effect on finances,
legal liability, human
life, reputation
Fire
Hacking incident
Network Unavailable
(E.g., ISP problem)
Social engineering,
fraud
Server Failure (E.g.,
Disk)
Power Failure
58. 1 1 1
Hour Day Week
Step 2: Define Recovery Objectives
Recovery Point Objective Recovery Time Objective
Interruption
Business
Process
Recovery
Time
Objective
(Hours)
Recovery
Point
Objective
(Hours)
Critical
Resources
(Computer,
people,
peripherals)
Special Notes
(Unusual treatment at
specific times, unusual risk
conditions)
1 1 1
Week Day Hour
59. Business Continuity
Step 3: Attaining Recovery Point Objective
(RPO)
Step 4: Attaining Recovery Time Objective
(RTO)
Classification
(Critical or
Vital)
Business
Process
Problem Event(s)
or Incident
Procedure for Handling
(Section 5)
60. Criticality Classification
Critical: Cannot be performed manually.
Tolerance to interruption is very low
Vital: Can be performed manually for very short
time
Sensitive: Can be performed manually for a
period of time, but may cost more in staff
Non-sensitive: Can be performed manually for an
extended period of time with little additional cost
and minimal recovery effort
Editor's Notes
This covers most of the CISA Chapter on Business Continuity and Disaster Recovery.
Different companies will react in different ways to problems. A bank may want to bring down a network as fast as possible if an intruder penetrates their network. A pharmacy may want to leave their network up as much as possible but doublecheck integrity – or decide to bring down a partial network.
This shows a lot of vocabulary in pictorial form. The alternate mode is not a full service mode.
It is a good idea to classify business processes. Upper management should do this.
We may decide that the Sales function is most critical (or perhaps not), and so Sales is number 1. If we don’t have sales, we don’t ship. Engineers can work at home on their projects. While their work is critical to backup, if they lose a week, it may mean ½ week lost productivity, resulting in lost salary. Within Sales, the web service is 50% of sales, and cannot be done manually, so it is rated number 1. The Sales calls can be done manually at home or most of our sales people are on the road anyway.
A note here is that sometimes the RTO varies by day of year (scheduling system for a school is most important the week before and first week of school.) Also, management and people involved with a database may disagree, in which case management sees the larger picture, and their opinion is most important. However a risk manager may consider both perspectives.
The interruption (red thing) is far to the right. If we want a short RPO, then RAID or disk mirroring is the best option. Otherwise we may want to save off a disk image. A slower recovery would involve tape.
RAID 1 and above use redundancy, offering survival if a single disk fails.
With redundancy, if one part fails, another part can take over. Diverse Routing means one provider, but multiple routes (or paths). Alternate Routing means multiple network providers, and/or multiple mediums (fiber, cable, radio) Long-haul = Long Distance Last-mile circuit = from office (or home) to service provider (local telco or cable company)
There is a curve showing the cost of having a system down, and another curve showing the cost of bringing an alternative system up quickly. The least cost is the cross-point of these two curves.
Hot, warm, cold, and mobile sites can be rented from special companies. Contracts must be carefully looked over. A duplicate info processing facility can be a computer system in another division of the company.
Some business processes are more important than other business processes. Sales is more important in the short term than engineering, and possibly more than the factory. That is why business processes are prioritized.
2
3---Large RTOs mean the application can run manually with little problem for an extended length of time. This is associated with services classified as sensitive or nonsensitive.
2---RPO requires recovery of data (gathered in the past) immediately. Therefore, the correct answer is data mirroring (or using redundant disks).
This activity diagram shows that some events can happen in parallel, including all the tasks to the right. In some cases there is a security committee, and anyone on the committee can decide a disaster has occurred. There is also a procedure that includes the criteria for making the declaration in the first place. Once that determination is made, disaster protocols can begin.
People’s lives take FIRST PRIORITY is often a question on a CISA or CISM exam.
Each of these potentially need addressing
Here Event Recovery is how to react or recover from the incident. Business Continuity is how Alternate Processing mode should operate.
Mean time means statistical average.
Start with the simplest tests and proceed to the more complex tests. From: All-in-One CISSP Exam Guide, 4 th Edition, Shon Harris, McGraw Hill, 2008
Testing incident response can start with easier operations and proceed to more complex. Often part of the problem is the long time it takes or the errors which are made, which can be optimized by practice.
When testing IR or DR, there are three stages for the testing.
This is an optional slide for Computer Scientists, but may be useful for MIS or IT majors. It is also necessary information for CISA applicants.
4
3---The most critical asset for a company is its data. The backup-restore must be tested to ensure that this critical data is always available.
The Desk-based paper test is the first of the three tests, and is considered to be the most critical to perform.
1
4. Business Impact Analysis
3
2
MINOR CHANGES TYPED FULL NAME INSTEAD OF ABBREVIATION (MEGAN)
Vocabulary answers with multiple words will include spaces between words. Definitions for crossword puzzle are adapted from CISA ® Certified Information Systems Auditor All-in-One Exam Guide, Peter H Gregory, McGraw-Hill Co., 2010.
There will be more threat ideas in the Workbook
There will be more threat ideas in the Workbook
A note here is that sometimes the RTO varies by day of year (scheduling system for a school is most important the week before and first week of school.) Also, management and people involved with a database may disagree, in which case management sees the larger picture, and their opinion is most important. However a risk manager may consider both perspectives.
The full procedure for handling would be documented in section 5 of the workbook.