Disaster & Recovery Planning Discussion

Disaster & Recovery Planning Discussion

(APA format)(250 words)

Connect with a professional writer in 5 simple steps

Please provide as many details about your writing struggle as possible

Academic level of your paper

Type of Paper

When is it due?

How many pages is this assigment?

1. What are five key elements that a security policy should have in order to remain viable over time?

2. Briefly describe three key downtime metrics

Principles of Incident Response and Disaster Recovery, 2nd Edition

Chapter 02

Planning for Organizational

Readiness

1

1

 

Objectives

Discuss why an individual or group needs to be appointed to create a contingency policy and plan

Describe the elements needed to begin the contingency planning process

Define business impact analysis and describe each of its components

List the steps needed to create and maintain a budget used for the contingency planning process

Principles of Incident Response and Disaster Recovery, 2nd Edition

2

 

2

Introduction

Planning for contingencies

Complex and demanding process

Systematic methodology

Organize the planning process

Prepare detailed and complete plans

Commit to maintaining those plans

Rehearse plans with a military rigor

Completed after normal working hours

Maintain the processes

Principles of Incident Response and Disaster Recovery, 2nd Edition

3

 

3

Beginning the Contingency Planning Process

Contingency planning management team (CPMT)

Consists of an individual or team

CPMT responsibilities

Obtain commitment and support

Manage and conducting the overall CP process

Write the master CP document

Conduct the business impact analysis (BIA)

Assist in identifying and prioritizing threats and attacks

Assist in identifying and prioritizing business functions

Principles of Incident Response and Disaster Recovery, 2nd Edition

4

 

4

Beginning the Contingency Planning Process (cont’d.)

CPMT responsibilities (cont’d.)

Organize and staff subordinate teams leadership

Incident response

Disaster recovery

Business continuity

Crisis management

Provide guidance to and integrate the work of the subordinate teams

Principles of Incident Response and Disaster Recovery, 2nd Edition

5

 

5

Beginning the Contingency Planning Process (cont’d.)

CPMT positions

Champion

Project manager

Team members

Representatives from other business units

Business managers

Information technology managers

Information security managers

Representatives from subordinate teams

 

 

Principles of Incident Response and Disaster Recovery, 2nd Edition

6

 

6

Beginning the Contingency Planning Process (cont’d.)

Principles of Incident Response and Disaster Recovery, 2nd Edition

7

 

7

Commitment and Support of Senior Management

Clear and formal senior executive management commitment required

Prevents CP process failure

Managers and employees provide time and resources

Support gained from communities of interest

Each should complement the others

Information security communities of interest

Information security managers and professionals

Information technology managers and professionals

General management managers and professional

Principles of Incident Response and Disaster Recovery, 2nd Edition

8

 

8

Information Security Management and Professionals

Protect information systems and stored information from attacks

Tightly focused on protecting system integrity and confidentiality

Sometimes lose sight of availability

Principles of Incident Response and Disaster Recovery, 2nd Edition

9

 

9

Information Technology Management and Professionals

Design, build, or operate information systems

IT managers and skilled professionals

Systems design, programming, networks

Related disciplines categorized as information technology (IT)

Same objectives as information security community

Focus

System creation and operation costs

System users ease of use

System creation timeliness; transaction response time

Principles of Incident Response and Disaster Recovery, 2nd Edition

10

 

10

Organizational Management and Professionals

Includes executive management, production management, human resources, accounting, legal, and others

IT community category reference

Users of information technology systems

Information security community category reference

Security subjects

All IT systems and information security objectives

Implement broader organizational community objectives and safeguard effective use and operation

Principles of Incident Response and Disaster Recovery, 2nd Edition

11

 

11

Elements Required to Begin Contingency Planning

Four required CP process elements

Planning methodology

Policy environment (enables planning process)

Understanding causes and effects of core precursor activities (business impact analysis)

Access to financial and other resources

Articulated and outlined by the planning budget

Development of CP policies and plans

Occurs once CPMT organized and staffed

Expands the four elements

Principles of Incident Response and Disaster Recovery, 2nd Edition

12

 

12

Elements Required to Begin Contingency Planning (cont’d.)

Complete CP development methodology adaption

NIST Special Publications 800-34, Rev. 1, Contingency Planning Guide for Federal Information Systems (2010)

Special Publications 800-61, Rev. 2, Computer Security Incident Handling Guide (2012)

Complete process

Form the CPMT

Develop contingency planning policy statement

Conduct the business impact analysis (BIA)

 

Principles of Incident Response and Disaster Recovery, 2nd Edition

13

 

13

Elements Required to Begin Contingency Planning (cont’d.)

Form subordinate planning teams

Develop subordinate planning policies

Integrate the BIA

Identify preventive controls

Organize response teams

Create contingency strategies

Develop subordinate plans

Ensure plan testing, training, and exercises

Ensure plan maintenance

Principles of Incident Response and Disaster Recovery, 2nd Edition

14

 

14

Contingency Planning Policy

Required for effective contingency planning

Purpose of policy

Define the CP operations scope

Establish managerial intent with regard to timetables for incident response

Recovery from disasters

Reestablishment of operations for continuity

Establish responsibility for the development and operations of the CPMT in general

Provide specifics on CP-related team constituencies

Principles of Incident Response and Disaster Recovery, 2nd Edition

15

 

15

Contingency Planning Policy (cont’d.)

CP policy sections

Introductory statement

Scope and purpose statement

Call for periodic risk assessment and BIA

Specification of major CP components to be designed

Call for, and guidance in, selection of recovery options and BC strategies

Requirement to test the plans on a regular basis

Identification of key regulations and standards impacting CP planning

 

Principles of Incident Response and Disaster Recovery, 2nd Edition

16

 

16

Contingency Planning Policy (cont’d.)

Identification of key individuals responsible for CP operations

Challenge to individual members

Asking for their support

Reinforcing their importance in the overall CP process

Additional administrative information

Each CP meeting should be documented

Principles of Incident Response and Disaster Recovery, 2nd Edition

17

 

17

Business Impact Analysis

Business impact analysis (BIA)

Investigation and assessment of the impact that various events or incidents can have on the organization

Provides detailed identification and prioritization of critical business functions

Different from the risk management process

Begins with prioritized list of threats and vulnerabilities

Question

If an attack succeeds, what do you do next?

 

Principles of Incident Response and Disaster Recovery, 2nd Edition

18

 

18

Business Impact Analysis (cont’d.)

Five “keys to BIA success”

Set the project scope carefully

Initiate data-gathering process

Find information senior managers need

Seek out objective rather than subjective data

Determine higher management needs prior to data collection

Gain validation of the results:

Derived from risk assessment and BIA

From owners of the business processes being examined

Principles of Incident Response and Disaster Recovery, 2nd Edition

19

 

19

Business Impact Analysis (cont’d.)

CPMT conducts the BIA in three stages

Principles of Incident Response and Disaster Recovery, 2nd Edition

20

 

20

Determine Mission/Business Processes and Recovery Criticality

First major BIA task

Analyze and prioritize business processes

Based on relationships to mission

Evaluate independently to compare with organization as a whole

Business process = “mission/business process”

Task performed in support of the overall mission

Collect critical information before prioritizing

Avoid “turf war”

Useful tool: BIA questionnaire

Principles of Incident Response and Disaster Recovery, 2nd Edition

21

 

21

Determine Mission/Business Processes and Recovery Criticality (cont’d.)

Weighted analysis table resolves most critical issues

Weighted analysis process

Identify organization categories

Assign weights to each category

Assigned weights add to a value of one (100 percent)

Identify various business functions

Importance value assessed on a scale of one to 10

Weights are multiplied by the scores in each category

Weights summed to obtain that business function’s overall value to the organization

 

 

Principles of Incident Response and Disaster Recovery, 2nd Edition

22

 

22

Determine Mission/Business Processes and Recovery Criticality (cont’d.)

Principles of Incident Response and Disaster Recovery, 2nd Edition

23

 

23

Determine Mission/Business Processes and Recovery Criticality (cont’d.)

NIST Business Process and Recovery Criticality

NIST Special Publication 800-34 Rev. 1

 

 

 

 

 

Large quantities of information needed

BIA data collection process needed

 

Principles of Incident Response and Disaster Recovery, 2nd Edition

24

 

24

Determine Mission/Business Processes and Recovery Criticality (cont’d.)

Principles of Incident Response and Disaster Recovery, 2nd Edition

25

 

25

Key Downtime Metrics

Maximum tolerable downtime (MTD)

Total amount of time the system owner/authorizing official willing to accept for a process outage

Includes all impact considerations

Recovery time objective (RTO)

Time period within which systems, applications, or functions must be recovered after an outage

Recovery point objective (RPO)

Point in time to which lost systems and data can be recovered after outage; determined by business unit

Principles of Incident Response and Disaster Recovery, 2nd Edition

26

 

26

Key Downtime Metrics (cont’d.)

NIST Special Publication 800-34 Rev. 1

Contains additional definitions for MTD, RTO, RPO

Reducing RTO requires mechanisms to shorten start-up time or provisions

To make data available online at a failover site

Reducing RPO requires mechanisms to increase data replication synchronicity between production systems and backup implementations

Critical need: avoid exceeding MTD

RTO must be shorter than MTD

Principles of Incident Response and Disaster Recovery, 2nd Edition

27

 

27

Cost Balance Point

Different for every organization and system

Based on financial constraint, operating requirement

Principles of Incident Response and Disaster Recovery, 2nd Edition

28

 

28

Prioritize Information Assets

Helpful to understand information assets used by prioritized processes

High-value information assets

May influence a particular business process valuation

Task normally performed as part of the risk-assessment function of risk management

Perform task now if organization has not performed this task

Principles of Incident Response and Disaster Recovery, 2nd Edition

29

 

29

Identify Resource Requirements

Need to determine resources needed to recover prioritized processes and associated assets

Resource intensive processes: IT functions

Resources require extensive sets of information processing, storage, and transmission

Supporting customer data, production data, and other organizational information

Business production-oriented processes

Require complex or expensive components to operate

Principles of Incident Response and Disaster Recovery, 2nd Edition

30

 

30

Principles of Incident Response and Disaster Recovery, 2nd Edition

31

 

31

Identify System Resource Recovery Priorities

Last stage of the BIA

Prioritize resources associated with the mission/business processes

Brings better understanding of what must be recovered first

Create additional weighted tables of the resources

Develop a custom-designed “to-do” list

Use a simple valuation scale

Primary/Secondary/Tertiary

Critical/Very important/Important/Routine

Principles of Incident Response and Disaster Recovery, 2nd Edition

32

 

32

BIA Data Collection

Not a discrete step

Methods

Online questionnaires

Facilitated data-gathering sessions

Process flows and interdependency studies

Risk assessment research

IT application or system logs

Financial reports and departmental budgets

BCP/DRP audit documentation

Production schedule

Principles of Incident Response and Disaster Recovery, 2nd Edition

33

 

33

Online Questionnaires

Online or printed questionnaire

Identify and classify

Business functions and impact they have on other organization areas

Enables a structured collection method

Collect information directly from those most knowledgeable

Examples

Web site for the Texas State Office of Risk Management BIA questionnaire areas

See Table 2-3 and Table 2-4

Principles of Incident Response and Disaster Recovery, 2nd Edition

34

 

34

Online Questionnaires (cont’d.)

Principles of Incident Response and Disaster Recovery, 2nd Edition

35

 

35

Online Questionnaires (cont’d.)

Principles of Incident Response and Disaster Recovery, 2nd Edition

36

 

36

Facilitated Data-Gathering Sessions

Focus group (facilitated data-gathering session)

Collecting information directly from the end users and business managers

Individuals brought together

Brainstorm answers to BIA process questions

To yield quantity or quality of information desired

Ensure a relaxed, productive session

Provide clear session structure

Encourage dialog

Restrict managers’ ability to take control

Principles of Incident Response and Disaster Recovery, 2nd Edition

37

 

37

Process Flows and Interdependency Studies

Systems diagramming

Documents ways systems operate

Charts process flows and interdependency studies

Used for both manual and automated systems

Common diagramming techniques

Use case diagrams and supporting use cases

Specifically designed to help understand interactions between entities and business functions

 

Principles of Incident Response and Disaster Recovery, 2nd Edition

38

 

38

Principles of Incident Response and Disaster Recovery, 2nd Edition

39

 

39

Process Flows and Interdependency Studies (cont’d.)

Principles of Incident Response and Disaster Recovery, 2nd Edition

40

 

40

Principles of Incident Response and Disaster Recovery, 2nd Edition

41

 

41

Process Flows and Interdependency Studies (cont’d.)

Uniform modeling language (UML) models

Class diagrams, sequence diagrams, collaboration diagrams

Traditional systems analysis and design approaches

Workflow, functional decomposition, and dataflow diagrams

Quite complex

Only use if organization has them in place

 

Principles of Incident Response and Disaster Recovery, 2nd Edition

42

 

42

Principles of Incident Response and Disaster Recovery, 2nd Edition

43

 

43

Principles of Incident Response and Disaster Recovery, 2nd Edition

44

 

44

Principles of Incident Response and Disaster Recovery, 2nd Edition

45

 

45

Risk Assessment Research

Risk assessment and risk management effort

Provides a wealth of information for BIA effort

Some modification may be necessary

Risk management process

Primary starting point for the BIA

Alternative efforts required if risk assessment not performed

Teams may collect information from outside sources on risk assessment

Principles of Incident Response and Disaster Recovery, 2nd Edition

46

 

46

IT Application or System Logs

IT staff

Valuable in determining categorical data

Frequency of occurrence

Probability of success

Provide information from various logs

Logs collect and provide reports

Failed login attempts, probes, scans, denial-of-service attacks, malware detected

Provides more accurate attack environment description

Principles of Incident Response and Disaster Recovery, 2nd Edition

47

 

47

Financial Reports and Departmental Budgets

Documents from normal operations

Provide insight into business operations

Costs and revenues provided by each functional area

Useful in prioritizing business areas and functions

Provides insight into the area’s profitability and revenues contribution

Calculating business impact most common method

Review financial reports and budgets

Lost sales, idle personnel costs, and other opportunity costs easily obtained

 

 

Principles of Incident Response and Disaster Recovery, 2nd Edition

48

 

48

Audit Documentation

Paid external consultant audits

Used by larger organizations and publicly traded firms

Audit function compliance

Federal and state regulations

National or international standards,

Part of proactive ongoing improvement program

Audit reports

Provide additional information for the BIA process

Principles of Incident Response and Disaster Recovery, 2nd Edition

49

 

49

Production Schedules

Information valuable in the completion of the BIA

Production schedules, marketing forecasts, productivity reports, other business documents

Include information collected from multiple sources

Rather than redundantly re-collecting it from the same sources

If information not collected directly by the BIA team

Make sure it is current and accurate

Undated information often worse than no information

Principles of Incident Response and Disaster Recovery, 2nd Edition

50

 

50

Budgeting for Contingency Operations

Incident response

May not require dedicated budgeting

Disaster recovery and business continuity

Require ongoing expenditures, investment, and service contracts to support their implementation

Many organizations are “self-insured”

Put money into an account

Draw upon it should replacements be required

Some organization forego “self-insured” investments

Due to tight budgets and drops in revenues

Principles of Incident Response and Disaster Recovery, 2nd Edition

51

 

51

Incident Response Budgeting

IR capabilities

Part of a normal IT budget

Data protection and response, backup and recovery methods

Uninterruptible power supplies (UPSs)

Antivirus/antispyware/antimalware software

Redundant arrays of independent disks (RAID)

Network-attached storage (NAS) or storage area networks (SANs)

Additional expenses

Protection of user data outside common storage areas

Principles of Incident Response and Disaster Recovery, 2nd Edition

52

 

52

Incident Response Budgeting (cont’d.)

Required budgeting

Maintenance of redundant equipment

Use the “rule of three”

Keep an online production system

Keep an online or very nearly online backup system

Keep an offline testing and development system

Online “hot” servers have redundancy incorporated

Backup or “warm ”server

Provides redundant functions standing by in a near-online state

Principles of Incident Response and Disaster Recovery, 2nd Edition

53

 

53

Disaster Recovery Budgeting

Number one DR budgetary expense

Insurance policies

Provide for the capabilities to rebuild and reestablish operations at the primary site

Data loss policies

Many organizations cannot afford them

Losses from a distributed denial-of-service attack (DDoS) not so familiar

Insurance difficult to estimate exactly

Many expenses not covered by insurance

Loss of water, electricity, data, and the like

Principles of Incident Response and Disaster Recovery, 2nd Edition

54

 

54

Business Continuity Budgeting

Requires the largest budget expenditure

Staggering cost to maintain high level of redundancy

Example: service level agreements (SLAs) for hot sites

Set aside “war chest” of funds for items needed during continuity operations

Safety deposit boxes at a local bank

Store corporate credit cards, purchase orders, cash

Consider nonsalaried employee overtime

Principles of Incident Response and Disaster Recovery, 2nd Edition

55

 

55

Crisis Management Budgeting

Fundamentals of crisis management

Focused physical and psychological losses associated with catastrophic disasters

Primary budget item

Employee salaries if unable to come to work

Establish a minimum budget for paid leave

Other items

Funeral and burial expenses; employee counseling services

Principles of Incident Response and Disaster Recovery, 2nd Edition

56

 

56

Summary

Approach CP using a systematic methodology

CPMT responsible for contingency policy and plans

Obtains commitment and support, manages the overall process, writes documents, conducts the BIA, organizes and staffs leadership, provides guidance

Roster includes champion, project manager, others

Effective CP begins with effective policy

Policy provides guidance from executives

Policy contains statements, calls for action, guidelines and additional administrative information

Principles of Incident Response and Disaster Recovery, 2nd Edition

57

 

57

Summary (cont’d.)

BIA: investigation and assessment of event impact

Detailed identification and prioritization of critical business functions

Key element: placing priorities and values on mission/business process

Insurance : number-one budgetary expense for DR

Larger deductibles provide lower monthly premiums

Set aside funds to cover deductibles

Business continuity: largest budget expenditure

Consider employee overtime, employee loss expenses

Principles of Incident Response and Disaster Recovery, 2nd Edition

58

 

58