630 likes | 907 Views
Disaster Recovery Planning Business Continuity Planning. Business Continuity. Designed to - Minimize the effect of a disaster Ensure the continuation of critical business functions You define and identify the critical business functions. DRP and BCP. DRP –
E N D
Disaster Recovery Planning Business Continuity Planning CISSP All-in-one. Shon Harris
Business Continuity • Designed to - • Minimize the effect of a disaster • Ensure the continuation of critical business functions • You define and identify the critical business functions CISSP All-in-one. Shon Harris
DRP and BCP • DRP – • “Oh my goodness, the sky is falling,” • BCP • “Okay, the sky fell. Now, how do we stay in business until someone can put the sky back where it belongs?” CISSP All-in-one. Shon Harris
Natural Disasters • Businesses must plan to meet any of the events that could effect day-today operations . • Hurricanes • Floods • Fire • Power outages CISSP All-in-one. Shon Harris
Business Continuity and CIA • CIA very important in BCP • But Availability moves to the forefront • Loss of data is the most devastating interruption • 65% of businesses would go out of business if they had to close for one week due to a disaster or disruption CISSP All-in-one. Shon Harris
BCP Phases • Initiate project • Perform BIA • Create Strategy • Create Plan • Implement plan • Test Plan • Maintain Plan CISSP All-in-one. Shon Harris
BCP – Project Initiation • Identify core business functions and why. • Obtain management support • Identify a business continuity coordinator • leader for the BCP team • oversee the development, implementation, and testing of the continuity and disaster recovery plans. • Representatives from each department must be involved with not only the planning stages but also the testing and implementation stages. CISSP All-in-one. Shon Harris
Recovery Planning • What is Recover Planning • Developing a plan • Proactive approach for preparing for disaster before it takes place to • Minimize loss • Ensure availability of critical systems and equipment CISSP All-in-one. Shon Harris
Key Business Functions • Accounting • Data processing • Customer support • Communications • IT support • Purchasing CISSP All-in-one. Shon Harris
BCP – Project Initiation • BCP team work with the management staff to develop • the ultimate goals of the plan, • identify the critical parts of the business that must be dealt with first during a disaster, • ascertain the priorities of departments and tasks. • continuity planning policy statement developed • lays out the scope of the BCP project • the team member roles • goals of the project. CISSP All-in-one. Shon Harris
BCP - Team • The BCP team’s responsibilities are as follows: • Identifying regulatory and legal requirements that must be met • Identifying all possible vulnerabilities and threats • Estimating the possibilities of these threats and the loss potential • Performing a BIA • Outlining which departments, systems, and processes must be up and running before any others • Developing procedures and steps in resuming business after a disaster CISSP All-in-one. Shon Harris
BCP Team • Senior executives on the BCP team oversee budgets. • BCP chair gives directions to employees immediately after the disaster CISSP All-in-one. Shon Harris
BIA • A business impact analysis (BIA) is considered a functional analysis, in which a team • collects data through interviews and documentary sources • documents business functions, • activities, and transactions • develops a hierarchy of business functions • applies a classification scheme to indicate each individual function’s criticality level. CISSP All-in-one. Shon Harris
Business Impact Analysis (BIA) • The best place an organization can start • You will need a BCP policy before BIA • Evaluates what processes are critical to the organization's survival • Not all processes will be needed immediately. Only key services required. • Estimates potential loss and damage • Enables organizations to develop viable alternatives CISSP All-in-one. Shon Harris
BIA - Risk Assessment • Define the threat • Natural? • Man-made? • Technical? • Assign a dollar amount or value to the threat – risk analysis • Evaluate the risk to business operations CISSP All-in-one. Shon Harris
BIA • Loss criteria: • Loss in reputation and public confidence • Loss of competitive advantages • Increase in operational expenses • Violations of contract agreements • Violations of legal and regulatory requirements • Delayed income costs • Loss in revenue • Loss in productivity CISSP All-in-one. Shon Harris
BIA • The BIA identifies • the company’s critical systems that are needed for survival • Resources critical systems rely on • estimates the outage time that can be tolerated by the company • Maximum Tolerable Downtime (MTD) • The outage time that can be endured by a company • MTD estimates • Nonessential 30 days • Normal 7 days • Important 72 hours • Urgent 24 hours • Critical Minutes to hours CISSP All-in-one. Shon Harris
Interdependences • Define essential business functions • Identify interdependencies between functions and departments • Discover possible disruptions in one department affect others • Identify and document threats to interdepartmental communication • Provide alternative methods to restore functionality • Provide a rationale statement for each threat CISSP All-in-one. Shon Harris
Policies • Must be implemented to back up the organization's choices • CISSP code of ethics – Always put employees first. • Number one goal should employee • Protection • Health • Well-being CISSP All-in-one. Shon Harris
Facility Recovery • Three main categories of disruptions • Nondisaster - disruption in service because of device malfunction or failure. • solution could include hardware, software, or file restoration. • Disaster - event that causes the entire facility to be unusable for a day or longer • Facility destroyed partially. • Business impacted temporarily • Alternate processing facility until main facility is repaired and usable • Restoration of software and data from offsite copies. • Catastrophe eventthat destroys the facility altogether. • Short-term solution - offsite facility • Long-term solution - rebuild the original facility. CISSP All-in-one. Shon Harris
MTBF and MTTR • BCP team needs to identify MTBF and MTTR for all hardware and devices • Manufactures and vendors have this data • MTBF - estimated lifetime of equipment. • approximately when a particular device will need to be replaced. • MTTR - estimate of how long it will take to fix a piece of equipment and get it back into production. CISSP All-in-one. Shon Harris
Hardware Backup • Hot sites • Fully-configured • Ready to operate within FEW hours • Leased or rented • Warm sites • Partially configured – only peripheral devices • May take several days to make operational • Get computer, software and hardware to be functional • Cold sites • Have only the basic environmental infrastructure. Routers, cables etc. • May take several weeks to be operational CISSP All-in-one. Shon Harris
Hardware Backup • Redundant site • Hot site • Owned and maintained by the company • Operational immediately • Mobile (rolling hot) sites. Equipment in a tractor trailer. E.g. Red Cross • multiple processing centers • Multiple facilities throughout the world • Data processing moves from one center to another if interruption is detected. CISSP All-in-one. Shon Harris
Hardware Backup • Hot site – back-up tapes and equipment periodically tested. • Warm site – back up tapes and equipment brought to the original site to be tested • If company depends on the warm site • Original equipment and media taken to warm site to be tested. CISSP All-in-one. Shon Harris
Offsite location • Back up facility at least 5 miles away • Low to medium environments – 15 miles • Critical operations – 50-200 miles CISSP All-in-one. Shon Harris
Reciprocal Agreements • Agreements with another company. • How long will the facility be available? • How much assistance will their staff supply? • How quickly can we move into the facility? • Are there interoperability issues? • Do conflicts of interests apply? • How would change control and configuration management be handled? • How often can drills and testing take place? CISSP All-in-one. Shon Harris
Software Backup • At least two copies of the company’s operating system software and critical applications. • One copy stored onsite • other copy stored at a offsite location. • Copies must be • tested periodically • re-created when new versions are rolled out. CISSP All-in-one. Shon Harris
Software Escrow • Protection mechanism for the customer • Third party holds the source code, backups of the compiled code, manuals, and other supporting materials. • A contract between the software vendor, customer, and third party outlines who can do what and when with the source code. • Customer can have access to the source code only if • vendor goes out of business • is unable to carry out stated responsibilities • is in breach of the original contract. CISSP All-in-one. Shon Harris
Choosing a Backup Facility • Are they open 24 x 7? • How secure is the facility? • Same controls at the back-up facility CISSP All-in-one. Shon Harris
Data Backup • full backup • All data is backed up and saved • Full backup is combined with differential or incremental backup • differential backup • backs up the files that have been modified since the last full backup. • When the data needs to be restored, the full backup is laid down first and then the differential backup is put down on top of it. CISSP All-in-one. Shon Harris
Data Backup • incremental backup • backs up all the files that have changed since the last full or incremental backup • When the data needs to be restored • First full backup • Then each incremental backup is laid down on top of it in the proper order. • Incremental backup is quicker than differential but takes longer to restore. CISSP All-in-one. Shon Harris
Data backup • If backup and restoration processes simplistic and straightforward • full backup • But requires a lot of hard drive space and time. • A differential backup takes more time in the backing up phase than an incremental backup • but it also takes less time to restore than an incremental backup, • Restoration of a differential backup two step process • Incremental backup – every incremental backup has to be restored in the correct sequence. CISSP All-in-one. Shon Harris
Electronic Backup • disk-shadowing • two physical disks • data is written to both at the same time for redundancy. • If one disk fails, the other is readily available. • Expensive • Provides high degree of fault tolerance CISSP All-in-one. Shon Harris
Electronic Backup • Electronic vaulting (backup files) • makes copies of files as they are modified and periodically transmits them to an offsite backup site. • Takes place in batches and moves the entire file that has been updated • Remote journaling (transaction logs) • only includes moving the journal or transaction logs to the offsite facility, not the actual files. • Takes place in real time and transmits only changes to files. • If and when data is corrupted and needs to be restored, only retrieve logs and rebuild the data • efficient for database recovery CISSP All-in-one. Shon Harris
Electronic Backup • Hierarchical storage management (HSM) • Includes optical disks, magnetic disks and tapes • faster media holds frequently used files • Older files backed up on slower less expensive media • storage area network (SAN) • Several storage systems connected together to form a single backup network. • Switches are used to create a switching fabric • switching fabric enables several devices to communicate with back-end storage devices • provides redundancy and fault tolerance • Off-site or on-site? CISSP All-in-one. Shon Harris
Restoration and Implementation CISSP All-in-one. Shon Harris
Plan Development Categories • End-user environment • Backup alternatives • Recovery • Restoration CISSP All-in-one. Shon Harris
End-User Environment • How will users be notified of the disaster? • Who will instruct them? • How will backups be retrieved? • Some employees may need to report to work during the disaster. CISSP All-in-one. Shon Harris
Backup Alternatives • Hardware • Data • Personnel • Off-site facilities CISSP All-in-one. Shon Harris
Documentation • Procedures • May need to include - • How to reinstall images • Configuration of OS and servers • installation of- • Other utilities • Proprietary software • Important for knowledge management CISSP All-in-one. Shon Harris
Recovery and Restoration • Restoration team • When a disaster happens team must know how to - • Install OS • Configure workstations and servers • String wires and cabling • Configure networking services • Restore systems CISSP All-in-one. Shon Harris
Tests CISSP All-in-one. Shon Harris
DRP Test • Testing DRP • Most important in DR planning • Untested plan is worthless • Create test documents • Test criteria • Types CISSP All-in-one. Shon Harris
Testing DRP • Testing must be - • Conducted in an orderly, standardized fashion • Executed on a regular basis • No demonstrated recovery ability exists until the DRP is tested CISSP All-in-one. Shon Harris
Testing DRP • Testing • Verifies the accuracy of the recovery procedures • Prepares and trains personnel to execute during emergency • Verifies the processing capability of the alternate backup site CISSP All-in-one. Shon Harris
Creating the Test Document • Test scenarios • Entire system? • Portion of the system? • Back-up system • Reasons for the test • Change in hardware, software, operational environment • Objectives of the test • Type of tests • Testing schedule CISSP All-in-one. Shon Harris
Creating the Test Document • Duration of the test – hour, day, weekend, week • Specific test steps • Who will be the participants? • The task assignments of the test • Resources and services required CISSP All-in-one. Shon Harris
Test Criteria • Must not disrupt normal business functions • Should not affect availability for the entire organization • Should start with easy areas to build skills and confidence • Purpose is to find weaknesses, update and retest CISSP All-in-one. Shon Harris
DRP Types • Checklist of the plan to cover all critical items. • Structured walk through with business unit managers • Ensures accuracy of the plan • Simulation. • Parallel • Fail a system when back-up running • Full-interruption • Needs approval of the management CISSP All-in-one. Shon Harris
Simulation • Practice session • To avoid the DRP causing the disaster • Enacts recovery procedures CISSP All-in-one. Shon Harris