Disaster and Recovery
Business Impact Analysis
System Description/Purpose
Impact to business if degradation
Estimated Downtime
Resource Requirements.
Business Contingency Plan
Incident Response Policy
Purpose
Identifying and Reporting Incidents
Mitigation and Containment
Questions?
Overview
Shawn Kirkland
Purpose
Determine mission/business processes and recovery criticality.
Identify resource requirements.
Identify recovery priorities for system resources.
System Description/Purpose
Impact to business if degradation
Estimated Downtime
Resource Requirements.
Business Impact Analysis
Shawn Kirkland
Determine mission/business processes and recovery criticality. Mission/business processes supported by the system are identified and the impact of a system disruption to those processes is determined along with outage impacts and estimated downtime. The downtime should reflect the maximum that an organization can tolerate while still maintaining the mission.
Identify resource requirements. Realistic recovery efforts require a thorough evaluation of the resources required to resume mission/business processes and related interdependencies as quickly as possible. Examples of resources that should be identified include facilities, personnel, equipment, software, data files, system components, and vital records.
Identify recovery priorities for system resources. Based upon the results from the previous activities, system resources can more clearly be linked to critical mission/business processes. Priority levels can be established for sequencing recovery activities and resources.
This document is used to build the Dream Landing’s Database Server Information System Contingency Plan (ISCP) and is included as a key component of the ISCP. It also may be used to support the development of other contingency plans associated with the system, including, but not limited to, the Disaster Recovery Plan (DRP) or Cyber Incident Response Plan.
3
Operating System
Microsoft Windows Server 2008 R2
Application
Microsoft SQL Server 2008 Enterprise Edition
Hardware
Dell R720
Location
Server Rack on second floor server room.
Connection
System Administrator connects via local area network.
Other users connect remotely
DR Method
1 Full backup weekly and dailies every day.
3 hours after close of business.
System Description
Shawn Kirkland
The Dream Landing’s database server is comprised of Microsoft SQL Server 2008 Enterprise Edition installed and running on Microsoft Windows Server 2008 R2; this platform is housed on a Dell R720 server-class system. The database server is located in the server rack located on the second floor server room. Local administrators connect directly through the local area network; other users connect indirectly through the web server. Daily snapshot backup operations are conducted every day 3 hours after close of business.
4
ImpactMission/Business ProcessDescriptionQuery customer recordDatabase retrieval of customer.
Disaster and RecoveryBusiness Impact AnalysisSystem .docx
1. Disaster and Recovery
Business Impact Analysis
System Description/Purpose
Impact to business if degradation
Estimated Downtime
Resource Requirements.
Business Contingency Plan
Incident Response Policy
Purpose
Identifying and Reporting Incidents
Mitigation and Containment
Questions?
Overview
Shawn Kirkland
Purpose
Determine mission/business processes and recovery criticality.
Identify resource requirements.
Identify recovery priorities for system resources.
System Description/Purpose
Impact to business if degradation
Estimated Downtime
Resource Requirements.
2. Business Impact Analysis
Shawn Kirkland
Determine mission/business processes and recovery criticality.
Mission/business processes supported by the system are
identified and the impact of a system disruption to those
processes is determined along with outage impacts and
estimated downtime. The downtime should reflect the
maximum that an organization can tolerate while still
maintaining the mission.
Identify resource requirements. Realistic recovery efforts
require a thorough evaluation of the resources required to
resume mission/business processes and related
interdependencies as quickly as possible. Examples of
resources that should be identified include facilities, personnel,
equipment, software, data files, system components, and vital
records.
Identify recovery priorities for system resources. Based upon
the results from the previous activities, system resources can
more clearly be linked to critical mission/business processes.
Priority levels can be established for sequencing recovery
activities and resources.
This document is used to build the Dream Landing’s Database
Server Information System Contingency Plan (ISCP) and is
included as a key component of the ISCP. It also may be used
to support the development of other contingency plans
associated with the system, including, but not limited to, the
Disaster Recovery Plan (DRP) or Cyber Incident Response Plan.
3
3. Operating System
Microsoft Windows Server 2008 R2
Application
Microsoft SQL Server 2008 Enterprise Edition
Hardware
Dell R720
Location
Server Rack on second floor server room.
Connection
System Administrator connects via local area network.
Other users connect remotely
DR Method
1 Full backup weekly and dailies every day.
3 hours after close of business.
System Description
Shawn Kirkland
The Dream Landing’s database server is comprised of Microsoft
SQL Server 2008 Enterprise Edition installed and running on
Microsoft Windows Server 2008 R2; this platform is housed on
a Dell R720 server-class system. The database server is located
in the server rack located on the second floor server room.
Local administrators connect directly through the local area
network; other users connect indirectly through the web server.
Daily snapshot backup operations are conducted every day 3
hours after close of business.
4
ImpactMission/Business ProcessDescriptionQuery customer
recordDatabase retrieval of customer information (e.g. address,
phone, payment information)Store customer
transactionRecording of customer purchases and
4. creditsAuthenticate user name and passwordStored procedure
verifying user credentials
Impact values
Severe = $100,000
Moderate = $50,000
Minimal = $10,000
Mission/Business ProcessImpact
CategoryMinimalModerateHighSevereImpactQuery customer
recordxMinimalStore customer transactionxSevereAuthenticate
user name and passwordxModerate
Jamarcus White
Impact values for assessing category impact:
Severe = $100,000
Moderate = $50,000
Minimal = $10,000
Mission/Business Process
Impact Category
MinimalModerateHighSevereImpact
Query customer recordxMinimal
Store customer transactionxSevere
Authenticate user name and passwordxModerate
5
Estimated DowntimeMission/Business
ProcessMTDRTORPOQuery customer record48 hours24 hours8
hoursStore customer transaction24 hours12 hours4
hoursAuthenticate user name and password36 hours24 hours8
hours
MTD
RTO
5. RPO
Jamarcus White
Maximum Tolerable Downtime (MTD). The MTD represents
the total amount of time leaders/managers are willing to accept
for a mission/business process outage or disruption and includes
all impact considerations. Determining MTD is important
because it could leave continuity planners with imprecise
direction on (1) selection of an appropriate recovery method,
and (2) the depth of detail which will be required when
developing recovery procedures, including their scope and
content.
Recovery Time Objective (RTO). RTO defines the maximum
amount of time that a system resource can remain unavailable
before there is an unacceptable impact on other system
resources, supported mission/business processes, and the MTD.
Determining the information system resource RTO is important
for selecting appropriate technologies that are best suited for
meeting the MTD.
Recovery Point Objective (RPO). The RPO represents the point
in time, prior to a disruption or system outage, to which
mission/business process data must be recovered (given the
most recent backup copy of the data) after an outage.
6
Resource RequirementsSystem
Resource/ComponentPlatform/OS/Version (as
applicable)DescriptionServer-class SystemDell R720Rack-
mounted systemWindows Server2008 R2Host operating
systemMicrosoft SQL Server2008Database management
systemDatabase filesLatest, or latest snapshot if neededBinary
6. files containing data
Garrett Grey
System Resource/ComponentPlatform/OS/Version (as
applicable)Description
Server-class SystemDell R720Rack-mounted system
Windows Server2008 R2Host operating system
Microsoft SQL Server2008Database management system
Database filesLatest, or latest snapshot if neededBinary files
containing data
7
CEO consults department leads to consider time for recovery
and determine need for business contingency.
CEO announces business contingency is in effect.
CEO works with local authorities to ensure human safety as
needed.
Network managers and technicians move network operations to
warm site.
IT managers and technicians assess ability to move existing
systems to warm site.
IT managers and technicians requisition new equipment to be
delivered to warm site as needed.
Technicians validate warm site's network infrastructure and
telecommunications capabilities.
IT managers and technicians install/restore systems at warm
site.
Technicians connect systems to warm site network.
Technicians update public domain name records.
Technicians inform customer service representatives of changes
to telephone numbers, public IP addresses, etc.
Customer service representatives contact customers with new
7. contact information.
Business Contingency plan
Garrett Grey
Try to summarize this the best you can. Don’t read word for
word as that will bore the planet into sleeping. Use the
imagination.
8
Purpose
Scope
Definitions
Incident Response Policy
Garrett Grey
Just say “ In the IR Policy we have Purpose, Scope, and
Definitions. This slide is just for show really.
9
Purpose
Scope
Definitions
Information Systems
Security Incident
Physical Security
Purpose
8. Dallas Jones
1.2 Purpose
The purpose of this policy is to outlay protocols and guidelines
on how to effectively respond to incidents or events that affects
the computers, data, or networks of Dream Land Department of
Information Resources.
1.3 Scope
This policy explicitly applies to all departments and individual
users of Dream Landing. Users who travel remotely and VPN
into the main office shall also adhere to this policy. Any
individual who has been issued an electronic or compute device,
which includes cell phones, pagers, PDAs, iPads, and Android
devices, maintains a fiduciary obligation to this organization.
All networking resources, including servers, PCs, switches,
routers, firewalls, and additional compute equipment is included
within this policy.
1.4 Definitions
Information Systems: is defined as computers/mainframes that
are used for collecting, storing processing data and delivering
information. The primary operating system used for this
information system is Microsoft Operating System (OS).
Servers are also defined as information systems because they
provide resources to be utilized for employees of Dream Land
organization and external users.
Security Incident: is defined as an event in which there is a
diversion from the normal security regulations. The
unintentional disclosure, compromise of data, an unauthorized
activity that disrupts the confidentiality, integrity, and/or the
availability of Information systems.
9. Physical Security: physical protocols put into place to prevent
human intrusion into a secure of confidential area. These
protocols include key-pads, dead-bolt lock doors, security
cameras, and personnel.
10
Employees
IT Technicians
Severity Levels
Level 1
Level 2
Level 3
Level 4
Identifying and Reporting Incidents
Dallas Jones
i. Employees: In the event of a Security incident, including
suspicious events, all users must report promptly to the
Computer Security Incident Response Team (CSIRT)/IT
Technician, and/or company owner for issues relating to but not
limited worms, viruses, spyware, malware, denial of service
attacks, or other unusual encounters.
ii. IT Technician: The IT Technician must examine and
determine if the attack is real and designate a severity level. If
the severity is of significant level to alert and seek additional
CSIRT support, the IT Technician will do so. The technician
may also contact the CERT Coordination Center, which has the
most recent information on viruses and worms.
Severity Levels
a) Severity Level One- a security incident that detected on an
10. internal system that can be handled by anti-virus software
(AVG)
b) Severity Level Two- small numbers of system probes
detected on external systems
c) Severity Level Three- if a penetration or denial of service
attempt(s) with limited impact on operations is detected and
anti-virus software cannot handle it, this severity should be
used because of potential risk to finances and public relation.
d) Severity Level Four- a threat to public safety or life
11
Eradication
Restoration
Log Of Security Incident
Annual Report
Mitigation and Containment
Dallas Jones
Eradication & Restoration
i. Eradication- Once the origins of the problem are identified,
all malicious code and corrupting Security incidents are
removed. The magnitude of damage must be assessed and a plan
of action prepared and communicated to the appropriate parties
ii. Restoration- Once the above protocols are taken care of and
upon authorization by the CSIRT/IT Technician and owner, the
availability of affected systems, devices and network can be
restored.
Documentation
i. Log of Security Incident – CSIRT/IT Technician shall
maintain a log of all Security Incidents recording the date, time
of recognition, the affected computer or device, a summary of
11. the intrusion and the corrective measure taken to solve the
issue.
I . Annual Report - CSIRT/IT Technician shall report annually
to the CEO providing statistics and summary-level information
about significant incidents reported, and provide
recommendation to mitigate from known risk.
12
Questions?
CONTINGENCY PLAN POLICY
PURPOSE
The Contingency Plan is established to reduce the threat of
theft, fraud and misuse of company resources through detailed
procedures that provide guidelines for the notification,
documentation, evaluation and assessment, monitoring and
auditing, training, and response and recovery relating to all
information security incidents that impact the confidentiality,
integrity, and availability of Dream Landing Information Data
and related networks.
The Contingency Plan is established to reduce the threat of
theft, fraud and misuse of company resources through detailed
procedures that provide guidelines for the notification,
response, and recovery of incidents from all threat levels that
impact the confidentiality, integrity, and availability of Dream
Landing Information Data and related networks.
To ensure the protection of all shareholders and informational
12. assets, strict adherence and enforcement of the plan is
mandatory. In order to maximize effectiveness and success of
normal operations, the plan will assign roles and
responsibilities to both management and subordinates, set rules
and regulations that govern all activities, designate resources
necessary for the plan’s implementation, and outline procedural
steps to ensure internal and external coordination.
ORGANIZATIONAL POSITION
Dream Landing has a legal and professional responsibility to its
shareholders to protect all sensitive, personal, and private
information. In order to fulfill this obligation, proactive
measures, timely responses, and immediate restoration of
critical business activities must be in compliance with Federal
and State laws.
APPLICABILITY/SCOPE
All functions, resources, and operations of Dream Landing are
subject to the guidelines and provisions of this policy. Use of
the following Dream Landings information assets and
networked systems subject to this policy include: Lenovo
Desktop PC'S, Laser Jet Printers, Dell Servers, Easy Book
Travel Booking Software, Heartland America Co Payment
client-server interface, Windows Server 2008 Network
Operating System, Gmail, SME Light HR Tools, and Office Pro
Security. Directors, officers, and employees, including
contractual employees, third party vendors and the secondary
affiliates of third party vendors who use, access, handle, and
maintain company software/hardware are subject and
subordinate to the terms of this policy.
RESPONSIBILITY
It is the responsibility of Dream Landing, under the direction of
the Information Security Officer (ISO), Mr. Chen, in
conjunction with the IT Technician and Privacy Officer (PO),
Matt Dudley, to define, implement, administer, enforce, and
13. monitor all procedures outlined throughout the Contingency
Plan (CP). Mr. Chen periodically reviews, evaluates, and tests
the plan for updates, changes and modifications and ensures
compliance within applicable Federal and State laws. The ISO,
Mr. Chen directs all actions taken by staff, personnel,
contractors, and vendors in response to security incidents.
All employees will comply fully and completely with the policy
and procedures detailed in this document to include: reading
and the learning the material outlined in the CP
Handbook/Manual, thereby ensuring their ability to thoroughly
carry out each articulated step in the IR plan, attend training,
report incidents, perform routine safeguards, and follow the
directives of the ISO/PO as instructed.
The Human Resources Department, Legal Council, and Office
of Public Relations will work in coordination with the ISO/PO
to ensure compliance with all Federal and State Laws, Privacy
Rights Rules and Regulations, with special consideration for
Public and Community Interests.
In summary, it is the responsibility of all shareholders to know,
enact, and comply with all policy, procedures, rules, and
regulations of the Contingency Plan, report all incidents of
security threats/breaches, and to periodically attend training on
all elements of the plan.
Reporting Structure
The ISO is the Primary Director of the plan, to whom all are
subordinate..
The PO is Secondary to the ISO, to whom he directly reports.
All employees, contractors, vendors, and business partners are
subordinate to the ISO/PO,
14. to whom they directly report.
ASSESSMENT AND EVALUATION
The ISO and the PO are responsible for testing and validating
the plan. Testing shall be administered semi-annually. The
testing shall include risk assessment and a business impact
analysis performed by the CPMT. The purpose of this testing is
to ensure that the shareholders of the company are
knowledgeable and capable of performing assigned tasks in
accordance with the contingency plan. It is also to ensure that
the plan effectively identifies and minimizes threats, details and
characterizes the appropriate responses, and allows the
restoration of all normal operations within a reasonable time.
CONTINGENCY PLAN POLICY
The CP team composed of the ISO, Mr Chen, and the PO, Matt
Dudley, will define, implement, administer, enforce, monitor,
develop, test, and maintain the Dream Landing Contingency
Plan. The plan should contain the following:
Identity of all mission critical applications, ranked according to
their priority and maximum permissible outage.
Provide an inventory of all hardware and software that comprise
the network system.
Schedule frequency of all application, data, software, and
databases backup.
Identify where back up are stored and who has access.
Identify the roles and responsibilities of all stakeholders.
Identify the name, contact information, and service provided by
all third party vendors.
15. Set and establish procedural steps in the preparation, address,
and remediation of identified security threats.
Detail and establish standards of appropriate use and security
measures for all hardware, software, and data assets.
Detail and establish the notification, documentation, and
reporting process for all security incidents.
Detail and establish testing, monitoring, and evaluation
procedures for the contingency plan.
Provide for the training on all details of the Contingency Plan
to all stakeholders.
Empower the necessary internal departments to make available
their services and coordinate activities with the committee in
the administration and facilitation of the Contingency Plan, to
include the HR, Legal, and Public Relations Department.
COMPLIANCE
All stakeholders that process applications critical to the
performance of Dream Landings mission are subject to the
technical and operation requirements set by the PCI Security
Standard Council that ensures the protection of customer/client
data in the processing of credit card payments through routine
inventory of IT systems and processes for credit card payments,
the remediation of any known vulnerabilities in the services
provided, and full compliance reporting to the respective banks
and card companies of which we do business.
SUPPLEMENTAL INFORMATION
Third party vendors, who are equal stakeholders in the CP are
as follows:
19. Matt Dudley
xxx-xxx-xxxx
BUSINESS IMPACT ANALYSIS
OVERVIEW
This Business Impact Analysis (BIA) is developed as part of the
Dream Landing Contingency Plan.
PURPOSE
This report will identify essential business functions of Dream
Landing and provide recovery objectives and service restoration
priorities necessary in the event of information asset disruption,
compromise or failure.
SYSTEM DESCRIPTION
Dream Landing uses 8 Lenovo desktop computers and a HP
multifunction printer connected to a Dell server via a 1GB
Ethernet LAN. A cable modem provides 30 Mb/sec connectivity
via the company’s Internet Service Provider, Charter
Communications. Dream Landing leases a comprehensive travel
booking software, Easy Book, from the SaaS