By Tareq Hanaysha , MISSM Candidate
ISSM 511 -Introduction to Information Systems Security
Concordia University College Of Alberta
2/18/2015DR & BCP 1
2/18/2015DR & BCP 2
1. Introduction & Definition of DR and BCP
2.Diefferences and purposes
3.DR & BCP Objectives
4. Major Component of DR & BCP
5. Best Practices
6.Refrences
6.Conclusion
2/18/2015DR & BCP 3
Planning for the worst while hoping that it won’t happen is
something that all security professionals do, disaster recovery
for business continuity has always been a key part for the job .
disaster: is any event that has a
significant impact on an
enterprise's ability to conduct
normal business like
earthquakes, extreme weather,
other natural disasters,
pandemics and terrorism.
Disaster Recovery Plan: Includes
the information and procedures
needed to resume an organization's
operation after some sort of disaster.
Sometimes the plan is split into
several plans, one to address
recoverable disasters (e.g., loss of a
server) and a more comprehensive
business continuity plan for use in
total loss situations.
SIMILAR TERMS: Contingency Plan,
Business Resumption Plan, Continuity
Plan
2/18/2015DR & BCP 4
Business Continuity :is the
enterprise-wide proactive
business process by which we
manage the risks we operate
within.
It addresses all aspects of the
business: People, Processes,
Resources and Technology
(PPRT)
The goal is: preventing or
mitigating the risks we can and
preparing for recovery from
those we cannot, or choose not
to prevent.
Business continuity plans: are
designed to help organisations
protect themselves from the
losses to infrastructure and
resources caused by natural
disasters, pandemics and
terrorism.
Preparation is the key: You fight
like you train!
SIMILAR TERMS: Contingency
Planning, Business Resumption
Planning, Corporate
Contingency Planning, Business
Interruption Planning, Disaster
Preparedness.
2/18/2015DR & BCP 5
Plan Purpose Scope
Business Continuity Plan
(BCP)
Provide procedures for
sustaining essential
business operations
while recovering from a
significant disruption
Addresses business
processes; IT addressed
based only on its support
for business process
Disaster Recovery Plan
(DRP)
Provide detailed
procedures to facilitate
recovery of capabilities
at an alternate site
Often IT-focused; limited
to major disruptions with
long-term effects
2/18/2015DR & BCP 6
1. Limit severity of the event and the magnitude of loss
2. Minimize extent of the interruption
3. Identify critical resources
4. Identify critical functions
5. Define a process to protect critical resources
6. Define alternatives for continuing critical functions
7. Minimize decision making during a crisis
8. Train personnel
9. Continual review and maintenance
10. Integration of Business Continuity with Enterprise Strategic Planning
2/18/2015DR & BCP 7
Disaster recovery
planning
components :
1. Establishment of the
Recovery Team(s)
2. Development of
Recovery Procedures
3. Training of the
Recovery Team(s)
4. Change Management
to keep plan current
5. Provision of
Necessary Resources
(Beans, Bombs and
Bubbas…)
6. Arrangement for
alternate technology
platform, and retrieval
of backup data
2/18/2015DR & BCP 8
Business
Continuity Plan
Component
1. Establishment of
Cross-Functional
Team(s)
2. Inventory of
People, Processes,
Resources and
Technology (PPRT)
3. Risk/Threat
Identification and
Categorization
4. Impact Analysis
and Loss Estimation
5. Prevention,
Mitigation and
Recovery
Strategizing
6. Gap Analysis
and Resolution
Planning
2/18/2015DR & BCP 9
Plan Scope and Support
Senior Management Support (tone at the top)
Defined objectives, policies, scope and success factors and requirements
Standard terms and assumptions
Project plan and budget
Risk Analysis
Risks – Quantitative and Qualitative
Threats – Natural and Man Made
Vulnerabilities – Possibilities of threats occurring have been taken into account
Figure 2-1 Contingency Planning as an Element of Risk Management Implementation
2/18/2015DR & BCP 10
Business Impact Analysis
Time criticality
RTO & RPO
Critical Business Units/Functions
Results based on established quantitative and qualitative metrics
Recovery Strategies
Reasonable strategies identified
Advantages and Disadvantages
Cost vs. Benefit
Business unit buy-in
The BCP Plan
Scope and Objective
Business Recovery Organization
Escalation, Notification, Activation
Resumption, Recovery, Restoration
Maintenance, Testing
2/18/2015DR & BCP 11
Plan Maintenance
Defined timetables
Version control
Changes
Plan Testing
Periodic and methodical
Address major components
Goals objectives for each test
Monitor, analyze, report
Training and Awareness
Plan existence
Responsibilities
Various training methods
2/18/2015DR & BCP 12
Thinking systematically about risk, mitigating risks, and proactively
planning an optimized BCM program is something every company, large
or small, can and should do.
2/18/2015DR & BCP 13
NIST: National Institute of Standards and Technology.
Many Sample DRPs can be seen at www.drj.com.
Planning, a chapter of the book Disaster Recovery Planning: Preparing For The
Unthinkable by Jon Toigo.
www.disasterrecoveryworld.com is a commercial site that also provides excellent
resources, and explains the COBRA method of analysis.
www.crisis-management-and-disaster-recovery.com
Business continuity planning / management (BCM) from wikipedia.org
2/18/2015DR & BCP 14

Business continuity & Disaster recovery planing

  • 1.
    By Tareq Hanaysha, MISSM Candidate ISSM 511 -Introduction to Information Systems Security Concordia University College Of Alberta 2/18/2015DR & BCP 1
  • 2.
    2/18/2015DR & BCP2 1. Introduction & Definition of DR and BCP 2.Diefferences and purposes 3.DR & BCP Objectives 4. Major Component of DR & BCP 5. Best Practices 6.Refrences 6.Conclusion
  • 3.
    2/18/2015DR & BCP3 Planning for the worst while hoping that it won’t happen is something that all security professionals do, disaster recovery for business continuity has always been a key part for the job . disaster: is any event that has a significant impact on an enterprise's ability to conduct normal business like earthquakes, extreme weather, other natural disasters, pandemics and terrorism. Disaster Recovery Plan: Includes the information and procedures needed to resume an organization's operation after some sort of disaster. Sometimes the plan is split into several plans, one to address recoverable disasters (e.g., loss of a server) and a more comprehensive business continuity plan for use in total loss situations. SIMILAR TERMS: Contingency Plan, Business Resumption Plan, Continuity Plan
  • 4.
    2/18/2015DR & BCP4 Business Continuity :is the enterprise-wide proactive business process by which we manage the risks we operate within. It addresses all aspects of the business: People, Processes, Resources and Technology (PPRT) The goal is: preventing or mitigating the risks we can and preparing for recovery from those we cannot, or choose not to prevent. Business continuity plans: are designed to help organisations protect themselves from the losses to infrastructure and resources caused by natural disasters, pandemics and terrorism. Preparation is the key: You fight like you train! SIMILAR TERMS: Contingency Planning, Business Resumption Planning, Corporate Contingency Planning, Business Interruption Planning, Disaster Preparedness.
  • 5.
    2/18/2015DR & BCP5 Plan Purpose Scope Business Continuity Plan (BCP) Provide procedures for sustaining essential business operations while recovering from a significant disruption Addresses business processes; IT addressed based only on its support for business process Disaster Recovery Plan (DRP) Provide detailed procedures to facilitate recovery of capabilities at an alternate site Often IT-focused; limited to major disruptions with long-term effects
  • 6.
    2/18/2015DR & BCP6 1. Limit severity of the event and the magnitude of loss 2. Minimize extent of the interruption 3. Identify critical resources 4. Identify critical functions 5. Define a process to protect critical resources 6. Define alternatives for continuing critical functions 7. Minimize decision making during a crisis 8. Train personnel 9. Continual review and maintenance 10. Integration of Business Continuity with Enterprise Strategic Planning
  • 7.
    2/18/2015DR & BCP7 Disaster recovery planning components : 1. Establishment of the Recovery Team(s) 2. Development of Recovery Procedures 3. Training of the Recovery Team(s) 4. Change Management to keep plan current 5. Provision of Necessary Resources (Beans, Bombs and Bubbas…) 6. Arrangement for alternate technology platform, and retrieval of backup data
  • 8.
    2/18/2015DR & BCP8 Business Continuity Plan Component 1. Establishment of Cross-Functional Team(s) 2. Inventory of People, Processes, Resources and Technology (PPRT) 3. Risk/Threat Identification and Categorization 4. Impact Analysis and Loss Estimation 5. Prevention, Mitigation and Recovery Strategizing 6. Gap Analysis and Resolution Planning
  • 9.
    2/18/2015DR & BCP9 Plan Scope and Support Senior Management Support (tone at the top) Defined objectives, policies, scope and success factors and requirements Standard terms and assumptions Project plan and budget Risk Analysis Risks – Quantitative and Qualitative Threats – Natural and Man Made Vulnerabilities – Possibilities of threats occurring have been taken into account Figure 2-1 Contingency Planning as an Element of Risk Management Implementation
  • 10.
    2/18/2015DR & BCP10 Business Impact Analysis Time criticality RTO & RPO Critical Business Units/Functions Results based on established quantitative and qualitative metrics Recovery Strategies Reasonable strategies identified Advantages and Disadvantages Cost vs. Benefit Business unit buy-in The BCP Plan Scope and Objective Business Recovery Organization Escalation, Notification, Activation Resumption, Recovery, Restoration Maintenance, Testing
  • 11.
    2/18/2015DR & BCP11 Plan Maintenance Defined timetables Version control Changes Plan Testing Periodic and methodical Address major components Goals objectives for each test Monitor, analyze, report Training and Awareness Plan existence Responsibilities Various training methods
  • 12.
    2/18/2015DR & BCP12 Thinking systematically about risk, mitigating risks, and proactively planning an optimized BCM program is something every company, large or small, can and should do.
  • 13.
    2/18/2015DR & BCP13 NIST: National Institute of Standards and Technology. Many Sample DRPs can be seen at www.drj.com. Planning, a chapter of the book Disaster Recovery Planning: Preparing For The Unthinkable by Jon Toigo. www.disasterrecoveryworld.com is a commercial site that also provides excellent resources, and explains the COBRA method of analysis. www.crisis-management-and-disaster-recovery.com Business continuity planning / management (BCM) from wikipedia.org
  • 14.