Hassanein Alwan, profile picture
Uploaded byHassanein Alwan
DOCX, PDF409 views

Planning for contingencies

The document discusses the importance of contingency planning in information technology security, detailing the components of contingency plans including incident response plans, disaster recovery plans, and business continuity plans. It emphasizes the need for organizations to prepare for unexpected events that threaten their operations and outlines procedures for detecting, responding to, and recovering from incidents. The overall goal is to minimize disruption and restore operations efficiently while ensuring that critical functions continue during and after disasters.

Embed presentation

Download to read offline
1 Information Technology Security Planning for Contingencies Prepared by Hassanein Alwan Malik 2017 University Of Technology Iraq Master of Science
2 Chapter Overview The third chapter of the book will articulate the need for contingency planning and explore the major components of contingency planning. In this chapter, the reader will learn how to create a simple set of contingency plans using business impactanalysis and prepare and execute a test of contingency plans. Chapter Objectives When you complete this chapter, you will be able to:  Understand the need for contingency planning  Know the major components of contingency planning  Create a simple set of contingency plans, using business impact analysis  Prepare and execute a test of contingency plans  Understand the unified contingency plan approach Introduction This chapter focuses on planning for the unexpected event, when the use of technology is disrupted and business operations come close to a standstill. “Procedures are required that will permit the organization to continue essential functions if information technology supportis interrupted.” On average, over 40% of businesses that don'thave a disaster plan go out of business after a major loss. What Is Contingency Planning? The overall planning for unexpected events is called contingency planning (CP). CP is the process bywhich organizational planners position their organizations to prepare for, detect, react to, and recover from events that threaten the security of information resources and assets, both human and artificial. The main goal of CP is the restoration to normal modes of operation with minimum costand disruption to normal business activities after an unexpected event.
3 CP Components Incident responseplan (IRP) focuses on immediate responseto an incident. Disaster recovery plan (DRP) focuses on restoring operations at the primary site after disasters occur. Business continuity plan (BCP) facilitates establishment of operations at an alternate site, until the organization is able to either resume operations back at their primary site or select a new primary location. To ensure continuity across all of the CP processes during the planning process, contingency planners should:  Identify the mission- or business-critical functions.  Identify the resources that supportthe critical functions.  Anticipate potential contingencies or disasters.  Select contingency planning strategies.  Implement selected strategy.  Test and revise contingency plans. Four teams of individuals are involved in contingency planning and contingency operations (CP consists of four major components): 1. Business impact analysis (BIA) / The CP team 2. The incident response(IR plan) / team. 3. The disaster recovery (DR plan) / team 4. The business continuity plan (BC plan) / team
4 Components of Contingency Planning 2. Incident Response The incident responseplan (IRP) is a detailed set of processes and procedures that anticipate, detect, and mitigate the impact of an unexpected event that might compromise information resources and assets. The CP team creates three scenario of incident-handling IR procedures: During the incident First, planners develop and document the procedures that must be performed during the incident. These procedures are grouped and assigned to individuals. After the incident Once the procedures for handling an incident are drafted, planners develop and document the procedures that must be performed immediately after the incident has ceased. Separate functional areas may develop different procedures. Before the incident Finally, the planners draft a third set of procedures, thosetasks that must be performed to prepare for the incident. These procedures include the details of the data backup schedules, disaster recovery preparation, training schedules, testing plans, copies of service agreements, and business continuity plans.
5 Figure 2-1 Example of IRP incident-handling procedures 2.1 DetectionIncident The challenge for every IR team is determining whether an event is the productof routine systems use or an actual incident. Incident classification is the process ofexamining a possible incident, or incident candidate, and determining whether or not it constitutes an actual incident.
6 There are three categories of incident indicators: possible, probable, and definite.. 2.1.1 Possible indicators:  Presence of unfamiliar files.  Presence or execution of unknown programs or processes.  Unusual consumption of computing resources.  Unusual system crashes. 2.1.2 Probable indicators:  Activities at unexpected times.  Presence of new accounts.  Reported attacks.  Notification from IDS. 2.1.3 Definite indicators:  Use of dormant accounts.  Changes to logs.  Presence of hacker tools.  Notifications by partner or peer.  Notification by hacker. 2.2 Incident Response Once an actual incident has been confirmed and properly classified, the IR team moves from the detection phase to the reaction phase. In the incident responsephase, a number of action steps taken by the IR team and others must occurquickly and may occurconcurrently.
7 2.2.1 Notification of Key Personnel As soonas the IR team determines that an incident is in progress, the right people must be immediately notified in the right order. There are two ways to activate an alert roster:  Sequentially  Hierarchically 2.2.2 Documenting an Incident As soonas an incident has been confirmed and the notification process is underway, the team should begin to document it. The documentation should record the who, what, when, where, why and how of each action taken while the incident is occurring. 2.2.3 Incident Containment Strategies One of the most critical components of IR is to stop the incident or contain its scopeor impact. containment strategies include the following:  Disabling compromised user accounts  Reconfiguring a firewall to block the problem traffic  Temporarily disabling the compromised process orservice  Taking down the conduit application or server—for example, the e-mail server  Stopping all computers and network devices 2.2.4 Incident Escalation At some point in time the incident may increase in scopeorseverity to the point that the IRP cannot adequately handle the event. Each organization will have to determine, during the business impact analysis, the point at which the incident becomes a disaster. The organization must also document when to involve outside response.
8 2.3 Incident Recovery Once the incident has been contained, and system control regained, incident recovery can begin. The IR team must assess the full extent of the damage in order to determine what must be done to restore the systems. Once the extent of the damage of IR has been determined, the recovery process begins:  Identify the Weaknesses that allowed the incident to occurand spread. Resolve them.  Evaluate monitoring capabilities (if present).  Restore the data from backups.  Restore the services and processesin use.  Continuously monitor the system.  Restore the confidence of the members of the organization’s communities of interest. 2.4 Law EnforcementInvolvement When an incident violates civil or criminal law, it is the organization’s responsibility to notify the proper authorities. Selecting the appropriate law enforcement agency depends on the type of crime committed.  Federal  State  Local
9 3. Disaster Recovery Disaster recovery planning (DRP) is the preparation for and recovery from a disaster, whether natural or man-made. In general, an incident is a disaster when: 1) The organization is unable to contain or control the impact of an incident. 2) The level of damage or destruction from an incident is so severe the organization is unable to quickly recover. Figure 3-1 Incident response and disaster recovery
10 The key role of a DRP is defining how to reestablish operations at the location where the organization is usually located. 3.1 DisasterClassifications A DRP can classify disasters in a number of ways. The most common method is to separate natural disasters, from man-made disasters. Another way of classifying disasters is by speed of development.  Rapid onset disasters  Slow onset disasters 3.2 Planning for Recover To plan for disaster, the CP team engages in scenario development and impact analysis, and thus categorizes the level of threat each potential disaster poses. When generating a disaster recovery scenario, start first with the most important asset – people. Do you have the human resources with the appropriate organizational knowledge to restore business operations? The key points the CP team must build into the DRP include:  Clear delegation of roles and responsibilities.  Execution of the alert roster and notification of key personnel.  Clear establishment of priorities.  Documentation of the disaster.  Action steps to relief the impact of the disaster on the operations of the organization.
11 3.3 Responding to the Disaster When a disaster strikes and the DRP is activated, actual events can at times outstrip even the best of plans. To be prepared, the CP team should incorporate a degree of flexibility into the DRP. 4. Business Continuity Planning Business continuity planning ensures that critical business functions can continue if a disaster occurs. The BCP is activated and executed concurrently with the DRP when the disaster is major or long term and requires fuller and complex restoration of information and information resources. While the BCP reestablishes critical business functions at an alternate site, the DRP team focuses on the reestablishment of the technical infrastructure and business operations at the primary site. 4.1 Continuity Strategies A CP team can choosefrom several continuity strategies in its planning for business continuity. The determining factor is usually cost. In general there are three exclusive-use options:  hot sites,  warm sites,  cold sites,
12 Figure 4-1 Disaster recovery and business continuity planning Figure 4-2 Contingency planning implementation timeline

More Related Content

PPTX
Incident Investigation Safety Training 2015
byKyleMurry
 
PPT
IT Security management and risk assessment
byCAS
 
PPT
Disaster Recovery Plan for IT
byhhuihhui
 
PPTX
hira-training-190407052212.pptx
byDebabrataRanasingha
 
PDF
Contingency Planning Guide
byrlynes
 
PPTX
Risk assessment
byShehnaz Alam
 
PDF
Risks threats and vulnerabilities
byManish Chaurasia
 
PDF
Business continuity and recovery planning for manufacturing
byARC Advisory Group
 
Incident Investigation Safety Training 2015
byKyleMurry
 
IT Security management and risk assessment
byCAS
 
Disaster Recovery Plan for IT
byhhuihhui
 
hira-training-190407052212.pptx
byDebabrataRanasingha
 
Contingency Planning Guide
byrlynes
 
Risk assessment
byShehnaz Alam
 
Risks threats and vulnerabilities
byManish Chaurasia
 
Business continuity and recovery planning for manufacturing
byARC Advisory Group
 

What's hot

PPTX
Plan your security
byCapt Rajeshwar singh
 
PDF
HIRARC : Made Simple to Understand
bymrazali
 
DOCX
Chapter 10 planning_for_contingencies
byhusseinalshomali
 
PDF
SAFETY TIPS OF ELECTRICAL POWER TOOLS.pdf
byTewodrosAlemayehu9
 
PPT
Information Assurance And Security - Chapter 1 - Lesson 3
byMLG College of Learning, Inc
 
PPT
SECURITY AWARENESS
byFelix Jumamoy
 
PDF
Security Development Lifecycle Tools
byn|u - The Open Security Community
 
PPT
Risk assessment
byWessam Galey
 
PDF
Risk Assessments
byJoAnna Cheshire
 
PPTX
Rescue at heights westfields 2017
byMoses Kartey
 
PPT
Cpp flash cards practice questions
byDaniel Kilgore, CPP
 
PPSX
Board and Cyber Security
byLeon Fouche
 
PDF
RA-11058.pdf
byXDXDXD25
 
PPT
Computer Forensic
byTawhidur Rahman
 
PDF
General Workplace Safety
byAlphaStaff
 
PDF
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
byJustinBrown267905
 
PDF
A simplified guide to Risk Assessment in Occupational Health & Safety
byWessam Atif
 
PPTX
Disaster Recovery Plan
bymhdpaknejad
 
PDF
Business continuity overview
byRod Davis
 
PDF
Human factors and the dirty dozen
byJonathan Kyffin
 
Plan your security
byCapt Rajeshwar singh
 
HIRARC : Made Simple to Understand
bymrazali
 
Chapter 10 planning_for_contingencies
byhusseinalshomali
 
SAFETY TIPS OF ELECTRICAL POWER TOOLS.pdf
byTewodrosAlemayehu9
 
Information Assurance And Security - Chapter 1 - Lesson 3
byMLG College of Learning, Inc
 
SECURITY AWARENESS
byFelix Jumamoy
 
Security Development Lifecycle Tools
byn|u - The Open Security Community
 
Risk assessment
byWessam Galey
 
Risk Assessments
byJoAnna Cheshire
 
Rescue at heights westfields 2017
byMoses Kartey
 
Cpp flash cards practice questions
byDaniel Kilgore, CPP
 
Board and Cyber Security
byLeon Fouche
 
RA-11058.pdf
byXDXDXD25
 
Computer Forensic
byTawhidur Rahman
 
General Workplace Safety
byAlphaStaff
 
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
byJustinBrown267905
 
A simplified guide to Risk Assessment in Occupational Health & Safety
byWessam Atif
 
Disaster Recovery Plan
bymhdpaknejad
 
Business continuity overview
byRod Davis
 
Human factors and the dirty dozen
byJonathan Kyffin
 

Similar to Planning for contingencies

PPTX
Risk crisis nad management
byPasangdolmoTamang
 
PDF
domain 2 for certified cybersecurity pfd
bytinotenda13
 
PPT
IT Business Continuity Planning 2004
byDonald E. Hester
 
PPTX
9780840024220 ppt ch11
byKristin Harrison
 
PDF
5 Steps to Improve Your Incident Response Plan
byResilient Systems
 
PPTX
BLE 1213 PSM (SESSION 4).pptx- Contextual principles of Physical Security Man...
byMajor K. Subramaniam Kmaravehlu
 
PDF
Fundamental Concepts of Data Security _Business Continuity
bySibtainHaider13
 
PDF
Integration of Cyber Events into Emergency Planning
byDavid Sweigert
 
PPTX
Week02-Planning for Organizational Readiness_reduced.pptx
bypshah21
 
PPT
Bcp coop training taxpayer services 1-15-09
byRichard Turner
 
PPT
Disaster recovery & business continuity
byDhani Ahmad
 
PPSX
9 Bcp+Drp
byAlfred Ouyang
 
DOCX
RUNNING HEADER Disaster Recovery Plan Information and Documentat.docx
byanhlodge
 
PDF
Cybersecurity Incident Response Planning.pdf
byCiente
 
PPTX
Chapter 12: Business Continuity Management
byNada G.Youssef
 
PPTX
DR luncheon presentation
byseishi1
 
PPTX
Sec4
byAnne Starr
 
PPTX
Lecture 06 - Incident Management and SOC.pptx
byprasadsanjaya2
 
PDF
The Ultimate Guide To Business Continuity
byEnvision Technology Advisors
 
ODP
Cissp Week 24
byjemtallon
 
Risk crisis nad management
byPasangdolmoTamang
 
domain 2 for certified cybersecurity pfd
bytinotenda13
 
IT Business Continuity Planning 2004
byDonald E. Hester
 
9780840024220 ppt ch11
byKristin Harrison
 
5 Steps to Improve Your Incident Response Plan
byResilient Systems
 
BLE 1213 PSM (SESSION 4).pptx- Contextual principles of Physical Security Man...
byMajor K. Subramaniam Kmaravehlu
 
Fundamental Concepts of Data Security _Business Continuity
bySibtainHaider13
 
Integration of Cyber Events into Emergency Planning
byDavid Sweigert
 
Week02-Planning for Organizational Readiness_reduced.pptx
bypshah21
 
Bcp coop training taxpayer services 1-15-09
byRichard Turner
 
Disaster recovery & business continuity
byDhani Ahmad
 
9 Bcp+Drp
byAlfred Ouyang
 
RUNNING HEADER Disaster Recovery Plan Information and Documentat.docx
byanhlodge
 
Cybersecurity Incident Response Planning.pdf
byCiente
 
Chapter 12: Business Continuity Management
byNada G.Youssef
 
DR luncheon presentation
byseishi1
 
Sec4
byAnne Starr
 
Lecture 06 - Incident Management and SOC.pptx
byprasadsanjaya2
 
The Ultimate Guide To Business Continuity
byEnvision Technology Advisors
 
Cissp Week 24
byjemtallon
 

More from Hassanein Alwan

PDF
Feasibility study
byHassanein Alwan
 
PDF
ARABIC TEXT MINING AND ROUGH SET THEORY FOR DECISION SUPPORT SYSTEM.
byHassanein Alwan
 
PDF
Community Engagement
byHassanein Alwan
 
PPTX
Data Management
byHassanein Alwan
 
DOCX
video comparison
byHassanein Alwan
 
DOCX
Data link layer
byHassanein Alwan
 
DOCX
data replication
byHassanein Alwan
 
DOCX
deep learning
byHassanein Alwan
 
PPTX
Project Organizations
byHassanein Alwan
 
Feasibility study
byHassanein Alwan
 
ARABIC TEXT MINING AND ROUGH SET THEORY FOR DECISION SUPPORT SYSTEM.
byHassanein Alwan
 
Community Engagement
byHassanein Alwan
 
Data Management
byHassanein Alwan
 
video comparison
byHassanein Alwan
 
Data link layer
byHassanein Alwan
 
data replication
byHassanein Alwan
 
deep learning
byHassanein Alwan
 
Project Organizations
byHassanein Alwan
 

Recently uploaded

PDF
Application of ICT Lecture 3 ICT in Education.pdf
byKhalil Khan Marwat
 
PDF
Application of Information and Communication Technology Content.pdf
byKhalil Khan Marwat
 
PDF
Application of ICT Lecture 6 Digital Citizenship and Online Etiquette.pdf
byKhalil Khan Marwat
 
PDF
Overview of Ethiopian Agriculture: Systems and Economic Impact.pdf
byinebaseifu
 
PDF
Master3 Realms and Yoga All students by LDMMIA
by©LDMMIA, ©Reiki Yoga
 
PDF
1. AI for E-content Development: What and Why, 2. E- content Development thro...
byProf. Vinod Kumar Kanvaria
 
PPTX
INSTAGRAM: Where Moment Turns Into Stories.pptx
byandriemark51
 
PDF
Profiling, Placement, Pathways, and Pedagogies.pdf
byRHEAMARIMLA2
 
PDF
First Semester BCA Exam 2025 – Constitution Values – 1 Solved Answers.pdf
byKuvempu University
 
PDF
1.The-Story-of-Indian-Farming ppt/7th part 2/by k sandeep swamy(MSc,BEd)/samy...
bySandeep Swamy
 
PPTX
Capacity Building Programme for Teachers on Equitable and Inclusive Education
byMUKHTAR133762
 
PDF
Digital Transformation, AI, and ML in Pharma R&D and Manufacturing Workflows ...
byAjaz Hussain
 
PPTX
Redox Titration - Oxidation and Reduction
byKhushbu Shah
 
PDF
CHUYÊN ĐỀ ÔN LUYỆN TUYỂN SINH 9 LÊN 10 - MÔN TOÁN - CÓ LỜI GIẢI CHI TIẾT - TH...
byNguyen Thanh Tu Collection
 
PPTX
Throat painting and throat swab.....pptx
byAneetaSharma15
 
PPTX
Cash on Delivery (COD) in Odoo 19 website
byCeline George
 
PDF
Bahan Ajar Digital Journalism - Ade Putra Tunggali
byAdePutraTunggali
 
PPTX
Mixing Pharmaceutical Engineering .pptxx
byShraddha Bandgar
 
PPTX
How to use sorted() method in Odoo 18
byCeline George
 
PPTX
How to Manage Sorting Cart by Category in Odoo 18 POS
byCeline George
 
Application of ICT Lecture 3 ICT in Education.pdf
byKhalil Khan Marwat
 
Application of Information and Communication Technology Content.pdf
byKhalil Khan Marwat
 
Application of ICT Lecture 6 Digital Citizenship and Online Etiquette.pdf
byKhalil Khan Marwat
 
Overview of Ethiopian Agriculture: Systems and Economic Impact.pdf
byinebaseifu
 
Master3 Realms and Yoga All students by LDMMIA
by©LDMMIA, ©Reiki Yoga
 
1. AI for E-content Development: What and Why, 2. E- content Development thro...
byProf. Vinod Kumar Kanvaria
 
INSTAGRAM: Where Moment Turns Into Stories.pptx
byandriemark51
 
Profiling, Placement, Pathways, and Pedagogies.pdf
byRHEAMARIMLA2
 
First Semester BCA Exam 2025 – Constitution Values – 1 Solved Answers.pdf
byKuvempu University
 
1.The-Story-of-Indian-Farming ppt/7th part 2/by k sandeep swamy(MSc,BEd)/samy...
bySandeep Swamy
 
Capacity Building Programme for Teachers on Equitable and Inclusive Education
byMUKHTAR133762
 
Digital Transformation, AI, and ML in Pharma R&D and Manufacturing Workflows ...
byAjaz Hussain
 
Redox Titration - Oxidation and Reduction
byKhushbu Shah
 
CHUYÊN ĐỀ ÔN LUYỆN TUYỂN SINH 9 LÊN 10 - MÔN TOÁN - CÓ LỜI GIẢI CHI TIẾT - TH...
byNguyen Thanh Tu Collection
 
Throat painting and throat swab.....pptx
byAneetaSharma15
 
Cash on Delivery (COD) in Odoo 19 website
byCeline George
 
Bahan Ajar Digital Journalism - Ade Putra Tunggali
byAdePutraTunggali
 
Mixing Pharmaceutical Engineering .pptxx
byShraddha Bandgar
 
How to use sorted() method in Odoo 18
byCeline George
 
How to Manage Sorting Cart by Category in Odoo 18 POS
byCeline George
 

Planning for contingencies

  • 1.
    1 Information Technology Security Planningfor Contingencies Prepared by Hassanein Alwan Malik 2017 University Of Technology Iraq Master of Science
  • 2.
    2 Chapter Overview The thirdchapter of the book will articulate the need for contingency planning and explore the major components of contingency planning. In this chapter, the reader will learn how to create a simple set of contingency plans using business impactanalysis and prepare and execute a test of contingency plans. Chapter Objectives When you complete this chapter, you will be able to:  Understand the need for contingency planning  Know the major components of contingency planning  Create a simple set of contingency plans, using business impact analysis  Prepare and execute a test of contingency plans  Understand the unified contingency plan approach Introduction This chapter focuses on planning for the unexpected event, when the use of technology is disrupted and business operations come close to a standstill. “Procedures are required that will permit the organization to continue essential functions if information technology supportis interrupted.” On average, over 40% of businesses that don'thave a disaster plan go out of business after a major loss. What Is Contingency Planning? The overall planning for unexpected events is called contingency planning (CP). CP is the process bywhich organizational planners position their organizations to prepare for, detect, react to, and recover from events that threaten the security of information resources and assets, both human and artificial. The main goal of CP is the restoration to normal modes of operation with minimum costand disruption to normal business activities after an unexpected event.
  • 3.
    3 CP Components Incident responseplan(IRP) focuses on immediate responseto an incident. Disaster recovery plan (DRP) focuses on restoring operations at the primary site after disasters occur. Business continuity plan (BCP) facilitates establishment of operations at an alternate site, until the organization is able to either resume operations back at their primary site or select a new primary location. To ensure continuity across all of the CP processes during the planning process, contingency planners should:  Identify the mission- or business-critical functions.  Identify the resources that supportthe critical functions.  Anticipate potential contingencies or disasters.  Select contingency planning strategies.  Implement selected strategy.  Test and revise contingency plans. Four teams of individuals are involved in contingency planning and contingency operations (CP consists of four major components): 1. Business impact analysis (BIA) / The CP team 2. The incident response(IR plan) / team. 3. The disaster recovery (DR plan) / team 4. The business continuity plan (BC plan) / team
  • 4.
    4 Components of ContingencyPlanning 2. Incident Response The incident responseplan (IRP) is a detailed set of processes and procedures that anticipate, detect, and mitigate the impact of an unexpected event that might compromise information resources and assets. The CP team creates three scenario of incident-handling IR procedures: During the incident First, planners develop and document the procedures that must be performed during the incident. These procedures are grouped and assigned to individuals. After the incident Once the procedures for handling an incident are drafted, planners develop and document the procedures that must be performed immediately after the incident has ceased. Separate functional areas may develop different procedures. Before the incident Finally, the planners draft a third set of procedures, thosetasks that must be performed to prepare for the incident. These procedures include the details of the data backup schedules, disaster recovery preparation, training schedules, testing plans, copies of service agreements, and business continuity plans.
  • 5.
    5 Figure 2-1 Exampleof IRP incident-handling procedures 2.1 DetectionIncident The challenge for every IR team is determining whether an event is the productof routine systems use or an actual incident. Incident classification is the process ofexamining a possible incident, or incident candidate, and determining whether or not it constitutes an actual incident.
  • 6.
    6 There are threecategories of incident indicators: possible, probable, and definite.. 2.1.1 Possible indicators:  Presence of unfamiliar files.  Presence or execution of unknown programs or processes.  Unusual consumption of computing resources.  Unusual system crashes. 2.1.2 Probable indicators:  Activities at unexpected times.  Presence of new accounts.  Reported attacks.  Notification from IDS. 2.1.3 Definite indicators:  Use of dormant accounts.  Changes to logs.  Presence of hacker tools.  Notifications by partner or peer.  Notification by hacker. 2.2 Incident Response Once an actual incident has been confirmed and properly classified, the IR team moves from the detection phase to the reaction phase. In the incident responsephase, a number of action steps taken by the IR team and others must occurquickly and may occurconcurrently.
  • 7.
    7 2.2.1 Notification ofKey Personnel As soonas the IR team determines that an incident is in progress, the right people must be immediately notified in the right order. There are two ways to activate an alert roster:  Sequentially  Hierarchically 2.2.2 Documenting an Incident As soonas an incident has been confirmed and the notification process is underway, the team should begin to document it. The documentation should record the who, what, when, where, why and how of each action taken while the incident is occurring. 2.2.3 Incident Containment Strategies One of the most critical components of IR is to stop the incident or contain its scopeor impact. containment strategies include the following:  Disabling compromised user accounts  Reconfiguring a firewall to block the problem traffic  Temporarily disabling the compromised process orservice  Taking down the conduit application or server—for example, the e-mail server  Stopping all computers and network devices 2.2.4 Incident Escalation At some point in time the incident may increase in scopeorseverity to the point that the IRP cannot adequately handle the event. Each organization will have to determine, during the business impact analysis, the point at which the incident becomes a disaster. The organization must also document when to involve outside response.
  • 8.
    8 2.3 Incident Recovery Oncethe incident has been contained, and system control regained, incident recovery can begin. The IR team must assess the full extent of the damage in order to determine what must be done to restore the systems. Once the extent of the damage of IR has been determined, the recovery process begins:  Identify the Weaknesses that allowed the incident to occurand spread. Resolve them.  Evaluate monitoring capabilities (if present).  Restore the data from backups.  Restore the services and processesin use.  Continuously monitor the system.  Restore the confidence of the members of the organization’s communities of interest. 2.4 Law EnforcementInvolvement When an incident violates civil or criminal law, it is the organization’s responsibility to notify the proper authorities. Selecting the appropriate law enforcement agency depends on the type of crime committed.  Federal  State  Local
  • 9.
    9 3. Disaster Recovery Disasterrecovery planning (DRP) is the preparation for and recovery from a disaster, whether natural or man-made. In general, an incident is a disaster when: 1) The organization is unable to contain or control the impact of an incident. 2) The level of damage or destruction from an incident is so severe the organization is unable to quickly recover. Figure 3-1 Incident response and disaster recovery
  • 10.
    10 The key roleof a DRP is defining how to reestablish operations at the location where the organization is usually located. 3.1 DisasterClassifications A DRP can classify disasters in a number of ways. The most common method is to separate natural disasters, from man-made disasters. Another way of classifying disasters is by speed of development.  Rapid onset disasters  Slow onset disasters 3.2 Planning for Recover To plan for disaster, the CP team engages in scenario development and impact analysis, and thus categorizes the level of threat each potential disaster poses. When generating a disaster recovery scenario, start first with the most important asset – people. Do you have the human resources with the appropriate organizational knowledge to restore business operations? The key points the CP team must build into the DRP include:  Clear delegation of roles and responsibilities.  Execution of the alert roster and notification of key personnel.  Clear establishment of priorities.  Documentation of the disaster.  Action steps to relief the impact of the disaster on the operations of the organization.
  • 11.
    11 3.3 Responding tothe Disaster When a disaster strikes and the DRP is activated, actual events can at times outstrip even the best of plans. To be prepared, the CP team should incorporate a degree of flexibility into the DRP. 4. Business Continuity Planning Business continuity planning ensures that critical business functions can continue if a disaster occurs. The BCP is activated and executed concurrently with the DRP when the disaster is major or long term and requires fuller and complex restoration of information and information resources. While the BCP reestablishes critical business functions at an alternate site, the DRP team focuses on the reestablishment of the technical infrastructure and business operations at the primary site. 4.1 Continuity Strategies A CP team can choosefrom several continuity strategies in its planning for business continuity. The determining factor is usually cost. In general there are three exclusive-use options:  hot sites,  warm sites,  cold sites,
  • 12.
    12 Figure 4-1 Disasterrecovery and business continuity planning Figure 4-2 Contingency planning implementation timeline