200 likes | 349 Views
411 on 911: How Do You Handle an Emergency? . Rose Sklar Associate Registrar The University of Texas at Austin. Breach of Secured Data. Contact the Information Security Office (ISO). ISO Responsibilities: . ISO will: Have policies and procedures in place
E N D
411 on 911: How Do You Handle an Emergency? Rose Sklar Associate Registrar The University of Texas at Austin
Breach of Secured Data Contact the Information Security Office (ISO)
ISO Responsibilities: ISO will: • Have policies and procedures in place • Be responsible point of contact for University • Contact the proper authorities (both State & Federal) • Maintain evidence • Disclose incident to victims, as appropriate • Establish a Computer Incident Response Team (CIRT) • Follow up to close the case
Emergency Management Plan Four Phases: • Planning • Preparedness • Response • Recovery
Recovery Phase Business Continuity Plan Goal: To maintain business continuity during and after any disruptive event.
Business Continuity Plan (BCP) Objectives: • Minimal financial loss • Continued service to students, faculty & staff • Mitigate effects of disruptions on • Strategic plans • Reputation • Operations • Compliance with laws & regulations
Anatomy of the BCP • Business Impact Analysis • Risk Analysis and Assessment • Plan Development • Risk Monitoring & Training
Anatomy of the BCP • Business Impact Analysis • Risk Analysis and Assessment • Plan Development • Risk Monitoring & Training
Business Impact Analysis • Identify impact of uncontrolled event on business processes and its customers • Consider all departments and business functions • Estimate acceptable downtime • Estimate acceptable levels of data, operations and financial losses
Anatomy of the BCP • Business Impact Analysis • Risk Analysis and Assessment • Plan Development • Risk Monitoring & Training
Risk Analysis and Assessment • Prioritization of potential business disruptions • Gap Analysis of current BCP to newly established level of needs • Analysis of threats based upon impact as a whole, not just the nature of the threat
Anatomy of the BCP • Business Impact Analysis • Risk Analysis and Assessment • Plan Development • Risk Monitoring & Training
Plan Development • Involve other offices and persons as appropriate • Think outside of the box • Allow others to review the plan and provide feedback • Conduct a post-mortem review of the plan after every crisis
Plan Development The BCP should be: • Written & disseminated so groups can implement in timely manner. • Be specific regarding conditions that should prompt action. • Be specific regarding steps that should be taken. • Flexible • Effective in minimizing service disruptions and financial loss.
Anatomy of the BCP • Business Impact Analysis • Risk Analysis and Assessment • Plan Development • Risk Monitoring and Training
Risk Monitoring & Training • Test the BCP annually • Subject the BCP to independent audit and review • Update the BCP, based on changes to personnel, as well as internal & external environments • Ensure proper training for all personnel
Final thoughts about BCP • Planning should be on enterprise-wide basis • Thorough impact analysis and risk assessment is foundation of an effective BCP • BCP is more than recover of technology; it is recovery of a business • Effectiveness can only be validated through thorough testing • BCP and test results should be subjected to independent audit • BCP should be annually reviewed and updated
411 ON 911: Emergency Management Plan Janet Davis, Associate Registrar University of New Orleans Rose Sklar, Associate Registrar The University of Texas at Austin Dave Stones, Registrar Southwestern University