Upload
niesha
View
45
Download
5
Tags:
Embed Size (px)
DESCRIPTION
Disaster Recovery Planning Business Continuity Planning. Business Continuity. Designed to - Minimize the effect of a disaster Ensure the continuation of critical business functions You define and identify the critical business functions. DRP and BCP. DRP – - PowerPoint PPT Presentation
Citation preview
CISSP All-in-one. Shon Harris 1
Disaster Recovery Planning
Business Continuity Planning
CISSP All-in-one. Shon Harris 2
Business Continuity
• Designed to -– Minimize the effect of a disaster– Ensure the continuation of critical business
functions• You define and identify the critical business
functions
CISSP All-in-one. Shon Harris 3
DRP and BCP
• DRP – – “Oh my goodness, the sky is falling,”
• BCP – “Okay, the sky fell. Now, how do we stay in
business until someone can put the sky back where it belongs?”
CISSP All-in-one. Shon Harris 4
Natural Disasters
• Businesses must plan to meet any of the events that could effect day-to day operations .– Hurricanes – Floods– Fire – Power outages
CISSP All-in-one. Shon Harris 5
Business Continuity and CIA
• CIA very important in BCP
• But Availability moves to the forefront
• Loss of data is the most devastating interruption
• 65% of businesses would go out of business if they had to close for one week due to a disaster or disruption
CISSP All-in-one. Shon Harris 6
BCP Phases
• Initiate project
• Perform BIA
• Create Strategy
• Create Plan
• Implement plan
• Test Plan
• Maintain Plan
CISSP All-in-one. Shon Harris 7
BCP – Project Initiation
• Identify core business functions and why.• Obtain management support• Identify a business continuity coordinator
– leader for the BCP team– oversee the development, implementation, and
testing of the continuity and disaster recovery plans.
• Representatives from each department must be involved with not only the planning stages but also the testing and implementation stages.
CISSP All-in-one. Shon Harris 8
Recovery Planning
• What is Recover Planning– Developing a plan– Proactive approach for preparing for disaster
before it takes place to• Minimize loss• Ensure availability of critical systems and
equipment
CISSP All-in-one. Shon Harris 9
Key Business Functions
• Accounting
• Data processing
• Customer support
• Communications
• IT support
• Purchasing
CISSP All-in-one. Shon Harris 10
BCP – Project Initiation
• BCP team work with the management staff to develop– the ultimate goals of the plan, – identify the critical parts of the business that must be
dealt with first during a disaster,– ascertain the priorities of departments and tasks.
• continuity planning policy statement developed– lays out the scope of the BCP project– the team member roles– goals of the project.
CISSP All-in-one. Shon Harris 11
BCP - Team
• The BCP team’s responsibilities are as follows:– Identifying regulatory and legal requirements that
must be met– Identifying all possible vulnerabilities and threats– Estimating the possibilities of these threats and the
loss potential– Performing a BIA– Outlining which departments, systems, and processes
must be up and running before any others– Developing procedures and steps in resuming
business after a disaster
CISSP All-in-one. Shon Harris 12
BCP Team
• Senior executives on the BCP team oversee budgets.
• BCP chair gives directions to employees immediately after the disaster
CISSP All-in-one. Shon Harris 13
BIA
• A business impact analysis (BIA) is considered a functional analysis, in which a team– collects data through interviews and
documentary sources – documents business functions,– activities, and transactions – develops a hierarchy of business functions– applies a classification scheme to indicate
each individual function’s criticality level.
CISSP All-in-one. Shon Harris 14
Business Impact Analysis (BIA)
• The best place an organization can start– You will need a BCP policy before BIA
• Evaluates what processes are critical to the organization's survival
• Not all processes will be needed immediately. Only key services required.
• Estimates potential loss and damage
• Enables organizations to develop viable alternatives
CISSP All-in-one. Shon Harris 15
BIA - Risk Assessment
• Define the threat– Natural?– Man-made?– Technical?
• Assign a dollar amount or value to the threat – risk analysis
• Evaluate the risk to business operations
CISSP All-in-one. Shon Harris 16
BIA
• Loss criteria:– Loss in reputation and public confidence– Loss of competitive advantages– Increase in operational expenses– Violations of contract agreements– Violations of legal and regulatory requirements– Delayed income costs– Loss in revenue– Loss in productivity
CISSP All-in-one. Shon Harris 17
BIA• The BIA identifies
– the company’s critical systems that are needed for survival
– Resources critical systems rely on– estimates the outage time that can be tolerated by
the company• Maximum Tolerable Downtime (MTD)
– The outage time that can be endured by a company
• MTD estimates – Nonessential 30 days– Normal 7 days– Important 72 hours– Urgent 24 hours– Critical Minutes to hours
CISSP All-in-one. Shon Harris 18
Interdependences
• Define essential business functions• Identify interdependencies between functions
and departments • Discover possible disruptions in one department
affect others • Identify and document threats to
interdepartmental communication • Provide alternative methods to restore
functionality• Provide a rationale statement for each threat
CISSP All-in-one. Shon Harris 19
Policies
• Must be implemented to back up the organization's choices
• CISSP code of ethics – Always put employees first.
• Number one goal should employee– Protection– Health– Well-being
CISSP All-in-one. Shon Harris 20
Facility Recovery
• Three main categories of disruptions – Nondisaster - disruption in service because of device
malfunction or failure.• solution could include hardware, software, or file restoration.
– Disaster - event that causes the entire facility to be unusable for a day or longer
• Facility destroyed partially.• Business impacted temporarily • Alternate processing facility until main facility is repaired and
usable• Restoration of software and data from offsite copies.
– Catastrophe event that destroys the facility altogether. • Short-term solution - offsite facility• Long-term solution - rebuild the original facility.
CISSP All-in-one. Shon Harris 21
MTBF and MTTR
• BCP team needs to identify MTBF and MTTR for all hardware and devices
• Manufactures and vendors have this data• MTBF - estimated lifetime of equipment.
– approximately when a particular device will need to be replaced.
• MTTR - estimate of how long it will take to fix a piece of equipment and get it back into production.
CISSP All-in-one. Shon Harris 22
Hardware Backup
• Hot sites– Fully-configured– Ready to operate within FEW hours– Leased or rented
• Warm sites– Partially configured – only peripheral devices– May take several days to make operational– Get computer, software and hardware to be functional
• Cold sites– Have only the basic environmental infrastructure.
Routers, cables etc.– May take several weeks to be operational
CISSP All-in-one. Shon Harris 23
Hardware Backup
– Redundant site• Hot site• Owned and maintained by the company• Operational immediately
– Mobile (rolling hot) sites. Equipment in a tractor trailer. E.g. Red Cross
– multiple processing centers• Multiple facilities throughout the world• Data processing moves from one center to another
if interruption is detected.
CISSP All-in-one. Shon Harris 24
Hardware Backup
• Hot site – back-up tapes and equipment periodically tested.
• Warm site – back up tapes and equipment brought to the original site to be tested
• If company depends on the warm site– Original equipment and media taken to warm
site to be tested.
CISSP All-in-one. Shon Harris 25
Offsite location
• Back up facility at least 5 miles away
• Low to medium environments – 15 miles
• Critical operations – 50-200 miles
CISSP All-in-one. Shon Harris 26
Reciprocal Agreements
• Agreements with another company.– How long will the facility be available?– How much assistance will their staff supply?– How quickly can we move into the facility? – Are there interoperability issues? – Do conflicts of interests apply? – How would change control and configuration
management be handled? – How often can drills and testing take place?
CISSP All-in-one. Shon Harris 27
Software Backup
• At least two copies of the company’s operating system software and critical applications. – One copy stored onsite– other copy stored at a offsite location.
• Copies must be– tested periodically– re-created when new versions are rolled out.
CISSP All-in-one. Shon Harris 28
Software Escrow• Protection mechanism for the customer• Third party holds the source code, backups of
the compiled code, manuals, and other supporting materials.
• A contract between the software vendor, customer, and third party outlines who can do what and when with the source code.
• Customer can have access to the source code only if– vendor goes out of business– is unable to carry out stated responsibilities– is in breach of the original contract.
CISSP All-in-one. Shon Harris 29
Choosing a Backup Facility
• Are they open 24 x 7?
• How secure is the facility?– Same controls at the back-up facility
CISSP All-in-one. Shon Harris 30
Data Backup
• full backup – All data is backed up and saved
• Full backup is combined with differential or incremental backup
• differential backup– backs up the files that have been modified since the
last full backup.– When the data needs to be restored, the full backup
is laid down first and then the differential backup is put down on top of it.
CISSP All-in-one. Shon Harris 31
Data Backup
• incremental backup– backs up all the files that have changed since
the last full or incremental backup – When the data needs to be restored
• First full backup• Then each incremental backup is laid down on top
of it in the proper order.
• Incremental backup is quicker than differential but takes longer to restore.
CISSP All-in-one. Shon Harris 32
Data backup
• If backup and restoration processes simplistic and straightforward– full backup– But requires a lot of hard drive space and time.
• A differential backup takes more time in the backing up phase than an incremental backup– but it also takes less time to restore than an
incremental backup, • Restoration of a differential backup two step
process• Incremental backup – every incremental backup
has to be restored in the correct sequence.
CISSP All-in-one. Shon Harris 33
Electronic Backup
• disk-shadowing– two physical disks– data is written to both at the same time for
redundancy. – If one disk fails, the other is readily available.– Expensive– Provides high degree of fault tolerance
CISSP All-in-one. Shon Harris 34
Electronic Backup
• Electronic vaulting (backup files)– makes copies of files as they are modified and
periodically transmits them to an offsite backup site.– Takes place in batches and moves the entire file that
has been updated• Remote journaling (transaction logs)
– only includes moving the journal or transaction logs to the offsite facility, not the actual files.
– Takes place in real time and transmits only changes to files.
– If and when data is corrupted and needs to be restored, only retrieve logs and rebuild the data
– efficient for database recovery
CISSP All-in-one. Shon Harris 35
Electronic Backup
• Hierarchical storage management (HSM)– Includes optical disks, magnetic disks and tapes– faster media holds frequently used files– Older files backed up on slower less expensive media
• storage area network (SAN)– Several storage systems connected together to form
a single backup network. – Switches are used to create a switching fabric
• switching fabric enables several devices to communicate with back-end storage devices
• provides redundancy and fault tolerance
• Off-site or on-site?
CISSP All-in-one. Shon Harris 36
Restoration and Implementation
CISSP All-in-one. Shon Harris 37
Plan Development Categories
• End-user environment
• Backup alternatives
• Recovery
• Restoration
CISSP All-in-one. Shon Harris 38
End-User Environment
• How will users be notified of the disaster?
• Who will instruct them?
• How will backups be retrieved?
• Some employees may need to report to work during the disaster.
CISSP All-in-one. Shon Harris 39
Backup Alternatives
• Hardware
• Data
• Personnel
• Off-site facilities
CISSP All-in-one. Shon Harris 40
Documentation
• Procedures
• May need to include -– How to reinstall images– Configuration of OS and servers– installation of-
• Other utilities• Proprietary software
• Important for knowledge management
CISSP All-in-one. Shon Harris 41
Recovery and Restoration
• Restoration team • When a disaster happens team must know
how to -– Install OS– Configure workstations and servers– String wires and cabling– Configure networking services– Restore systems
CISSP All-in-one. Shon Harris 42
Tests
CISSP All-in-one. Shon Harris 43
DRP Test
• Testing DRP – Most important in DR planning– Untested plan is worthless
• Create test documents
• Test criteria
• Types
CISSP All-in-one. Shon Harris 44
Testing DRP
• Testing must be -– Conducted in an orderly, standardized fashion– Executed on a regular basis
• No demonstrated recovery ability exists until the DRP is tested
CISSP All-in-one. Shon Harris 45
Testing DRP
• Testing – Verifies the accuracy of the recovery
procedures– Prepares and trains personnel to execute
during emergency– Verifies the processing capability of the
alternate backup site
CISSP All-in-one. Shon Harris 46
Creating the Test Document
• Test scenarios– Entire system?– Portion of the system?– Back-up system
• Reasons for the test– Change in hardware, software, operational
environment• Objectives of the test • Type of tests • Testing schedule
CISSP All-in-one. Shon Harris 47
Creating the Test Document
• Duration of the test – hour, day, weekend, week
• Specific test steps
• Who will be the participants?
• The task assignments of the test
• Resources and services required
CISSP All-in-one. Shon Harris 48
Test Criteria
• Must not disrupt normal business functions– Should not affect availability for the entire
organization
• Should start with easy areas to build skills and confidence
• Purpose is to find weaknesses, update and retest
CISSP All-in-one. Shon Harris 49
DRP Types
• Checklist of the plan to cover all critical items.• Structured walk through with business unit
managers– Ensures accuracy of the plan
• Simulation.• Parallel
– Fail a system when back-up running
• Full-interruption– Needs approval of the management
CISSP All-in-one. Shon Harris 50
Simulation
• Practice session– To avoid the DRP causing the disaster
• Enacts recovery procedures
CISSP All-in-one. Shon Harris 51
Parallel
• Full test using all personnel
• Primary processing does not stop
• Ensures processing will run at alternate site
• Tests some of the systems at the offsite facility
• Most common type of recovery plan testing
CISSP All-in-one. Shon Harris 52
Full-Interruption
• Disaster is replicated to the point of ceasing normal operations
• Plan is implemented as if it were a disaster• Original site is shut down and processing moves
to alternate site• Can cause its own disaster • Best way to test completely• Structured walk-thru must be completed before
full-interruption• Management approval necessary before test
CISSP All-in-one. Shon Harris 53
Teams and Emergency Response
• Teams that formulate DRP procedures
• Recovery team
• Salvage team– After disaster has occurred, salvage hardware
equipment, software and data
• Other issues
CISSP All-in-one. Shon Harris 54
DRP Procedures
• Primary elements of the disaster recovery process– Recovery team– Salvage team– Normal operations team– Other recovery issues
CISSP All-in-one. Shon Harris 55
Recovery Team
• Implements the recovery procedures in a disaster
• Gets critical functions operating at back-up site
• Retrieves materials from -– Off-site storage– Back-ups– Workstations
• Installs critical systems and applications
CISSP All-in-one. Shon Harris 56
Salvage Team
• Separate from recovery team
• Returns the primary site to normal operating conditions
• Safely cleans, repairs, and salvages the primary processing facility
CISSP All-in-one. Shon Harris 57
Other Recovery Issues
• Interfacing with external groups– Municipal emergency groups – fire, police,
ambulance, health services.
• Employee relations– Inherent responsibility to employees and their
families– Salaries must continue– Insurance must be adequate
CISSP All-in-one. Shon Harris 58
Other Recovery Issuesat the disaster site.
• Fraud and crime– Fraud perpetrators may try to capitalize on the
disaster– Vandalism and looting may occur
• Financial disbursement– Expense disbursement– Signed and authorized checks will be needed
CISSP All-in-one. Shon Harris 59
Other Recovery Issues
• Media relations– Unified response by management
• Train the spokesperson and salvage team
– Credible, trained, informed, spokesperson– Company should be accessible– Control dissemination of information
CISSP All-in-one. Shon Harris 60
Maintaining the plan
• Keep plan updated by– Make business continuity a part of every business decision.– Insert the maintenance responsibilities into job descriptions.– Include maintenance in personnel evaluations.– Perform internal audits that include disaster recovery and
continuity documentation and procedures.– Perform regular drills that use the plan.– Integrate the BCP into the current change management process.
• Simplest• most cost-effective• process-efficient
CISSP All-in-one. Shon Harris 61
Post Disaster
• After a disaster, when the primary facility is operational– Move least critical functions to the primary
facility first.