Disaster Recovery. Sanjay Goel School of Business University at Albany, SUNY

Size: px
Start display at page:

Download "Disaster Recovery. Sanjay Goel School of Business University at Albany, SUNY"

Transcription

1 Disaster Recovery Sanjay Goel School of Business

2 Disasters Definitions Disaster is an event that may lead to some subsequent events that are not desirable, can cause destruction on a large scale, and loss of property, life...etc Disasters are catastrophic events as opposed to normal failures that can be handled by controls imposed in organizations Disasters can be natural or man made Tsunami, Thailand, 2004 Public Domain by Creator David Rydevik 2

3 Disasters Natural Disasters A natural disaster is the consequence of a combination of a naturally occurring physical event e.g. volcanic eruption, earthquake, landslide that may lead to significant damage of life, property or operations Mount Pinatubo eruption, 1991 U.S. Federal Govt. Public Domain Tsunami in Sumatra, 2004 U.S. Federal Govt. Public Domain 3

4 Disasters Man-made Disasters Disasters involving human intent, negligence, error or involving a failure of a system are called humanmade disasters. Space Shuttle Challenger, 1986 NASA Public Domain Hurricane Katarina,

5 September 11 Disaster Case Study 6

6 Disasters September 11 - lessons People and Information Virtually everything else was replaceable or re-creatable was vital Communications were difficult Crisis Management became critical command post and friends Communicate well-being of company Finances are strained 7

7 Disaster Recovery September 11 - lessons Alternate workplaces IT issues were significant Tapes were inaccessible, poor backup, slow recovery Disaster recovery staff were not dispersed in some cases Lack of automation Paper records lost Supply chain severely impacted 8

8 Disaster Recovery September 11 - lessons NY Economic impact = US$83B 57,000 job loss by % of Office Space lost in NY 25 %: power outage of over 8 hours (since 1997) Key needs during disasters People Information Technology Facilities Connectivity Supply Chain 9

9 Disaster Recovery Impact on Organizations September 11 and Hurricane Katarina happen once in a while! Disasters can happen around you in every day life. 10

10 Disaster Recovery Impact on Organizations E-commerce down Applications down Lost billings records Lost business information Used against you Lost business Lost market share Higher expenses Opportunity Costs Customer perception Investor uncertainty Lender uncertainty Hiring slowdown Employee turnover Impact to brand and image Lost revenue Business interruption Competitiveness Litigation Company reputation End-users cannot do their jobs IT operations disrupted Customers cannot access data Suppliers cannot complete service Higher phone volume Lost orders Customer care calls disconnected Investor filings Supplier misunderstandings Customer contracts unmet Service levels unmet 11

11 Disaster Recovery Events that can lead to disasters Logical Outage Damage to Premises Software bug Virus/hack Storms Data corruption Hurricane Accidental deletion of data Fire DOS Attack Power Outage Component Outage Terrorism/War CPU fault Disk failure Network Card Failure Software Fiber cuts Flooding / Water leaks 12

12 Disaster Recovery Consequences of Disasters Tangible losses 1. Employee productivity loss (62%) 2. Data loss (43%) 3. Reduction in profits (40%) 4. Damage to customer relationships (38%) 5. Reduction in revenue (27%) Intangible losses Reputation Market Criminal Liability Customer Satisfaction Stock Price Brand Equity Source: VERITAS Disaster Recovery Research, Sept

13 Disaster Recovery Scenario 1: Small Organization Local organization No data center facilities Limited budget/resources available Small closet with non-enterprise equipment Sprinkler system malfunction Sprinkler soaks equipment Servers short DSL router crashes HD head crash No personnel injured 14

14 Disaster Recovery Scenario 2: Large Organization National/Multi-national organization Data center facilities Large budget Multiple personnel Data center in large city Bomb/Explosion Explosion in data center building Some personnel injured Most equipment destroyed Onsite backups destroyed 15

15 Disaster Recovery Levels Large organizations typically have a two-level disaster recovery plan. Level 1: Build enough redundancy in network and equipment to recover from a minor disaster, such as loss of a major server or portion of the network (Business Continuity) Level 2: Create contingency plans if the services are completely disabled (Contingency Planning) 16

16 Disaster Recovery Business Continuity Business Continuity Planning involves identification of potential impacts of catastrophic failures that threaten the survival of an organization and provides a framework for building resilience and capability for an effective response which protects the organizational assets including property, reputation, brand value (Adapted from: British Standards Institute PAS56) 17

17 Disaster Recovery Business Contingency Planning (BCP) BCP reduces the impact of business interruption to an acceptable level following large scale disruptions due to catastrophic failures by resumption of interrupted business functions. These may include Recovering operations using alternate equipment Performing affected business processes using manual methods. It also assists management in providing customer confidence and service satisfaction, as crisis management control can assist the corporation in maintaining market share, and can provide the basis to promote industry images. 18

18 Disaster Recovery Business Contingency Planning Cont d. Business Contingency Planning provides a control on revenue loss and cash flow exposures during any business interruption. Each business function is analyzed to define the consequences of an outage of service in quantifiable financial terms, operational impacts, and legal or regulatory restrictions. These consequences are then assessed by management who defines the point at which the consequences are unacceptable. That point becomes the recovery time frame. 19

19 Disaster Recovery Business Contingency Planning Cont d. BCP identifies recovery alternatives to restore critical business functions which are weighed using cost benefit analysis Solutions are selected to obtain a balance between acceptable potential losses and acceptable onetime and annual costs A recovery plan is developed around the recovery solution authorized by management The recovery plan is exercised to train the recovery organization, to define changes necessary in the plan to strengthen it, and to provide a tested vehicle which when executed will permit an effective resumption of interrupted business functions or computer operations 20

20 Disaster Recovery BCP Objectives Ensure continuity and survival of the business, protect corporate assets, provide management control of risks and exposures, provide preventative measures where appropriate, and to take proactive management control of any business interruption. The business continuity plan answers several questions How do I reestablish my business function? What is a disaster? When do the impacts begin? How much loss can be tolerated? What are the options? What will a recovery plan cost? How much is enough? 21

21 Disaster Recovery External Vendors Contract with professional disaster recovery firms to provide second level support for major disasters. Disaster recovery firms offer services such as, secure storage for backups, Complete networked data center that clients can use it their network is destroyed. Full services are expensive, but worthwhile when disruption can cause large losses to revenue 22

22 Plan 23

23 Disaster Recovery The Plan Disaster Recovery Plan Describes how an organization deals with potential disasters Consists of precautions taken such that the effects of a disaster are minimized, and the organization is able to maintain or quickly resume mission-critical functions Planning involves an analysis of business processes and continuity needs; it may also include a significant focus on disaster prevention. Critical organizational assets include People Data and systems Communications & Networking Challenges include Data growth at 50-80% per year (Gartner) & Increasing complexity of IT infrastructure 24

24 Disaster Recovery Objectives Plan responses to possible disasters, providing for partial or complete recovery of all data, application software, network components, and physical facilities. Develop backup and recovery controls that enable an organization to recover its data and restart its application software should some part of the network fail. Address anomalous situations, such as, destruction of main database or the data center itself. 25

25 Disaster Recovery Disaster Recovery Plan (Elements) Names of responsible individuals Staff assignments and responsibilities List of priorities of fix-firsts Location of alternative facilities. Recovery procedures for data communications facilities, servers and application systems. Actions to be taken under various contingencies. Manual processes. Updating & testing procedures. Safe storage of data, software and the plan itself. 26

26 Disaster Recovery Prevention (Best Solution) Create network redundancy Protect from natural disasters Set your office away from a flood plane Prevent theft Prevent computer virus attacks Prevent DOS attacks Redundancy & fault tolerance Uninterruptible power supplies (UPS) Fault-tolerant servers Disk mirroring Disk duplexing 27

27 Disaster Recovery Natural Disasters (Prevention) The best solution is to have a completely redundant network that duplicates every network component, but in a different location. Stopping disasters is difficult. The most fundamental principle is to decentralize network resources. Steps should be taken based on the expected risk of specific type of disaster (e.g. flood, earth quake, etc.) 28

28 Disaster Recovery Equipment Theft (Prevention) Equipment theft can lead to serious disruptions if adequate precautions against it are not taken. Industry sources indicate that about $1 billion is lost each year to theft of computers and related equipment (USA statistic). For this reason, security plans should include an evaluation of ways to prevent equipment theft. 29

29 Disaster Recovery Prevention (Best Solution) Viruses and worms can lead to catastrophic failures by disruption of networks and destroying the integrity of data and systems Several different types of viruses and worms exist Macro viruses attach themselves to documents and become active when the files are opened are also common. These can also facilitate bot infections in organizations Anti-virus software packages are available to check disks and files to ensure that they are virus-free. Incoming messages are one of the most common source of viruses. Attachments to incoming should be routinely checked for viruses Use of filtering programs should be considered 30

30 Disaster Recovery Assessing Needs Wks Days Hrs Mins Secs Secs Mins Hrs Days Wks Recovery Point Recovery Time Tape Backup Replication Snapshots Periodic Replication Clustering Snapshots Tape Restore Recovery Point Objective Amount of data loss acceptable The point to which data must be restored Recovery Time Objective Amount of time it takes to come back online The time by which data must be restored 31

31 Disaster Recovery Data Backup How often do you backup your data? Backup is the foundation of any good DR strategy as it is a point-in-time snapshot of data. The more often you backup the safer you are. How much data loss can you afford? (RPO) Data is critical to success of organizations and must be protected at all costs. New laws and regulations also dictate requirements for acceptable data loss. Not all data is created equal, and because there s a high cost associated with safeguarding data, pick and choose what to protect. How much downtime can you afford? (RTO) Clustering (fastest) and Bare Metal Restore (fast) simply automate the tasks of getting back to business faster. The more critical the system the higher the need for automation. 32

32 Disaster Recovery Preventative Controls Security policies, firewalls Backups Redundancy Employee (cross-training) Resource (power, network, utility) Hardware (servers, ups, etc.) ID staff and enforce strict access control Training Testing & revisions Documentation Facility access (evacuation) Licensing compliance review Risk assessment 33

33 Disaster Recovery Strategies to recover Prioritize Services (based on time, safety) Risk assessment (based on time of year) Notification & communications (tree process, cell phones vs. VoIP vs. traditional means) Local TV & radio news resources Verification of strategies & plans Need buy-in from staff, unions, management Contingency for non-locatable staff Alternate workspace locations Business continuity measures Coordinate with FEMA, law enforcement (&other agencies) 34

34 Disaster Recovery Strategies to recover ID unrecoverable scenarios Configuration management ID mission-critical data Ongoing or fail back strategy for extended disasters Identify coordinators (and chain of command) Escalation process Prioritize & allocate resources Reassign resources Skills matrix Work with partners & clients 35

35 Disaster Recovery IT Contingency Plan Regular communication with IT staff Identify critical services Testing of recovered services Follow documented procedures to fix problems Contingency clause with vendors, service providers, contractors Relocate services away from affected area (rent, lease, safer space within building) Monitor systems continuously Work with disaster recovery team Test and validate systems one by one based on priority 36

36 Risk 37

37 Risk Definition Risk perception of uncertainty in events that occur and actions taken. Risks encountered in everyday decision-making Multiple ways to consider risks: Risk as feelings Risk as analysis Risk as politics We primarily evaluate risk intuitively (as feelings) 38

38 Risk Opposing Views Statisticians Probabilities Consequences of Adverse Events Quantifiable Social scientists Invented to cope with uncertainties Dependent on perception Risk perception: blending of science and judgment with important psychological, social, cultural, and political factors 39

39 Risk Human Factors Uncertainty in computing risk is unavoidable Reactions to risk based on emotion, rather than scientific evidence. When people become outraged, they may overreact. If people are not outraged, they may under-react. An industrial process producing an unpronounceable chemical is a much less acceptable risk than something more everyday, like driving or eating junk food. 40

40 Risk Human Factors Risk comparisons may be more clear than using absolute numbers Emotions must be considered with scientific evidence. People become uneasy when scientists are not certain about the risk posed by a hazard (effect, severity, or prevalence). Rather than diminish legitimate concerns or heighten illegitimate ones, psychological factors must be addressed to encourage constructive action. 41

41 Risk Formal Definition Risk is the probability that a specific threat will successfully exploit a vulnerability causing a loss. Risks are evaluated by three distinguishing characteristics: 1. Loss associated with an event, e.g., disclosure of confidential data, lost time and revenues. 2. Likelihood that event will occur, i.e. probability of occurrence 3. Degree risk outcome can be influenced, i.e. controls Various forms of threats exist Different stakeholders have different perceptions Several sources of threats exist simultaneously 42

42 Risk Risk Management Process How Bad (Consequences)? What can go wrong (Initiating Events)? How Often (Likelihood of failure)? Aggregate Risk (Likelihood of consequences calculated for every possible combination of precipitating events) Risk is the probability that a specific threat will successfully exploit a vulnerability causing a loss. Measures to reduce the consequences of risk until they reach acceptable levels (Benefits > Aggregated Risk) 43

43 Risk Example #1: Caveman Going to Hunt Potential Accidents Being eaten by prey Being mistakenly hurt by tribe member Accidentally getting hurt on terrain How Bad (Consequences) Injury Death Hazard Control (Reduce likelihood of damage) Avoid dangerous terrain Scare animals with fire or sticks Hide from animals Hunt in groups Protection & Damage Limitation (Reduce Consequences) Apply first aid Run once animal follows you Risk = Consequence x Likelihood Cost-Benefit Analysis Total Risk Food Total Benefit 44

44 Risk Example #2: Participating in Sports Event Potential Accidents Collision Slipping Tripping How Bad (Consequences) Out for Match Out for Season Broken Bone Sprained Muscle Torn Ligament Hazard Control (Reduce likelihood of damage) Training Being Careful Using proper footwear & protective gear Following Rules Protection & Damage Limitation (Reduce Consequences) First Aid Ambulance Medical & Hospital Services Risk = Consequence x Likelihood Cost-Benefit Analysis Total Risk Thrill & Pride Total Benefit 45

45 Risk Example #3: Driving to Work Potential Accidents Head on Collision Side/Rear-end impact Hit pedestrian Overturn Car Carjacking How Bad (Consequences) Vehicle Damage Traffic Ticket Death Insurance Premium Hike Injury Hazard Control (Reduce likelihood of damage) License Proper road & signal construction Safety Barriers Police Surveillance & speed control Obeying traffic rules Protection & Damage Limitation (Reduce Consequences) Having Airbags Installed in Vehicle Wearing Seatbelts First Aid & Hospitalization Causes Fatigue Poor Judgment Environmental Conditions Failure to see traffic signals Risk = Consequence x Likelihood Cost-Benefit Analysis Total Risk Employment Total Benefit 46

46 Disaster Recovery Risk Risk is defined as the expected losses as a result of potential threats that can manifest themselves and cause damage to assets. Risk can be analyzed by assessing the probability of an event, the vulnerability of the elements at risk, and the value of assets that are in danger Risk assessment forms an important input in disaster management, in the design of development plans, and in emergency response planning. Disaster planning should follow the same procedure as routine risk assessment but typically covers more catastrophic events 47

47 Disaster Recovery Risk Concept Map Threats exploit system vulnerabilities which expose system assets. Security controls protect against threats by meeting security requirements established on the basis of asset values. Source: Australian Standard Handbook of Information Security Risk Management HB

48 Disaster Recovery Risk Analysis Matrix Based Approach 49

49 Matrix Based Approach Methodology Consists of three matrices Vulnerability Matrix: Links assets to vulnerabilities Threat Matrix: Links vulnerabilities to threats Control Matrix: Links threats to the controls Step 1 Identify the assets & compute the relative importance of assets Step 2 List assets in the columns of the matrix. List vulnerabilities in the rows within the matrix. The value row should contain asset values. Rank the assets based on the impact to the organization. Compute the aggregate value of relative importance of different vulnerabilities 50

50 Matrix Based Approach Methodology Step 3 Add aggregate values of vulnerabilities from vulnerability matrix to the column side of the threat matrix Identify the threats and add them to the row side of the threat matrix Determine the relative influence of threats on the vulnerabilities Compute aggregate values of importance of different threats Step 4 Add aggregate values of threats from the threat matrix to the column side of control matrix Identify the controls and add them to the row side of the control matrix Compute aggregate values of importance of different controls 51

51 Matrix Based Approach Determining L/M/H There needs to be a threshold for determining the correlations within the matrices. For each matrix, the thresholds can be different. This can be done in two ways: Qualitatively determined relative to other correlations e.g. asset1/vulnerability1 (L) is much lower than asset3/vulnerability3 (H) correlation. asset2/vulnerability2 correlation is in-between (M) Quantitatively determined by setting limits e.g. if no correlation (0), if lower than 10% correlation (L), if lower than 35% medium (M), if greater than 35% (H) 52

52 Matrix Based Approach Extension of L/M/H Although the example provided gives 4 different levels (Not Relevant, Low, Medium, and High), organizations may choose to have more levels for finer grained evaluation. For example: Not Relevant (0) Very Low (1) Low (2) Medium-Low (3) Medium (4) Medium-High (5) High (6) 53

53 Matrix Based Approach Assets and Vulnerabilities Scale Not Relevant - 0 Low 1 Medium 3 High 9 Vulnerabilities Assets & Costs Value Critical Infrastructure Trade Secrets (IP) Client Secrets Reputation (Trust) Lost Sales/Revenue Cleanup Costs Info/ Integrity Hardware Software Services Relative Impact Web Servers Compute Servers Firewalls Routers Client Nodes Databases Customize matrix to assets & vulnerabilities applicable to case Compute cost of each asset and put them in the value row Determine correlation with vulnerability and asset (L/M/H) Compute the sum of product of vulnerability & asset values; add to impact column 54

54 Matrix Based Approach Vulnerabilities and Threats Scale Not Relevant - 0 Low 1 Medium 3 High 9 Threats Vulnerabilities Value Web Servers Compute Servers Firewalls Routers Client Nodes Databases Relative Threat Importance Hacking Attacks Floods Earthquakes Human Errors Insider Attacks Hurricane Complete matrix based on the specific case Add values from the Impact column of the previous matrix Determine association between threat and vulnerability Compute aggregate exposure values by multiplying impact and the associations 55

55 Matrix Based Approach Threats and Controls Threats Scale Not Relevant - 0 Low 1 Medium 3 High 9 Controls Value Firewalls IDS Single Sign-On DMZ Training Security Policy Network Configuration Hardening of Environment Denial of Service Spoofing Customize matrix based on the specific case Add values from the relative exposure column of the previous matrix Determine impact of different controls on different threats Compute the aggregate value of benefit of each control Malicious Code Human Errors Insider Attacks Intrusion Spam Physical Damage Value of Control 56

56 When Disaster s Happen? 57

57 When Disasters Happen Physical Damage Flood/leak Fire Lightning damage Insects/rodents Mechanical shock Overheating Damage to media Natural disasters 58

58 When Disasters Happen Mechanical Failure Hard drive failure Power supply failure Other failure leading to physical damage Media (CD-ROM, tape) decay 59

59 When Disasters Happen Human Error Accidental file deletion Accidental file replacement Loss of entire system (e.g., lost laptop) Loss of media (e.g., CDRWs, USB keys) 60

60 When Disasters Happen Malice & Evil Malware (viruses, worms, trojans, spyware) Disgruntled employees External attackers Theft of systems or media Arson Terrorism 61

61 When Disasters Happen Layered Defense Human error or malicious attack can damage data on hard drives Backup tapes can be damaged by viruses or natural disasters that destroy the tapes Since no single defense is perfect, you must layer your defenses Multiple backups over time (archival backups) Copies stored in multiple locations (business continuity backups) 62

62 When Disasters Happen Creating a Plan Determine the systems to back up through risk analysis Assign responsibility for performing the backups? Determine the priority of systems to restore (e.g., do you restore the payroll system before the marketing web site?) Create a recovery plan with clear chain of command to initiate recovery. Keep backup copies offline 63

63 Disaster Recovery Plan 64

64 Disaster Recovery Plan Definitions A disaster recovery plan is a comprehensive statement of consistent actions to be taken before, during and after a disaster. The primary objective of disaster recovery planning is to protect the organization in the event that all or part of its operations and/or computer services are rendered unusable. The plan should minimize disruption of operations and ensure organizational stability and an orderly recovery after a disaster. Other objectives of disaster recovery planning include: Provide a sense of security for employees Minimize risk of delays Guarantee the reliability of standby systems Provide a standard for testing the plan. Minimize decision-making during a disaster The plan should be documented and tested 65

65 Disaster Recovery Plan Reasons Insurance alone is insufficient to manage disaster recovery since it does not compensate for the loss of business during the interruption There are several reasons to have a disaster recovery plan Minimizing potential economic loss Decreasing potential exposures Reducing the probability of occurrence Reducing disruptions to operations Ensuring organizational stability Providing an orderly recovery Minimizing insurance premiums Reducing reliance on certain key individuals Protecting the assets of the organization Ensuring the safety of personnel and customers Minimizing decision-making during a disastrous event Minimizing legal liability 66

66 Disaster Recovery Plan Obtain Top Management Commitment Management should endorse the disaster planning effort It should be responsible for coordinating the planning efforts and ensuring its dissemination in the organization. Resources must be committed to the development of an effective plan. Both financial and labor resources must be provided 67

67 Disaster Recovery Plan Establish a Planning Committee A planning committee should oversee the development and implementation of the plan. It should include representatives from all functional areas of the organization. Key committee members should include the Information Security Officer, Chief Information Officer, operations manager and the data processing manager. The committee should be responsible for defining the scope of the plan. 68

68 Disaster Recovery Plan Perform Risk Analysis Disaster Recovery Plan should be linked closely with risk assessment of the organization All the assets, vulnerabilities and threats should be comprehensively collected The primary focus should however be on the more catastrophic events, including natural, technical and human threats. The plan should be written for the worst case scenario Each functional area of the organization should be analyzed to determine the potential consequence and impact associated with several disaster scenarios. The risk assessment should also include the safety of critical documents and vital records. 69

69 Disaster Recovery Plan Establish Critical Needs Critical needs are defined as the procedures and equipment essential to continue operations in case of a disaster To determine critical needs All the operations and processes of each department should be documented They should be ranked in order of priority (Essential, important and non-essential.) The maximum time that the organization can operate without each critical system should be also determined Critical areas include Functional operations Key personnel Information Processing Systems Service Documentation Vital records Policies and procedures 70

70 Disaster Recovery Plan Strategies Elements to Consider: Facilities Hardware Software Communications Data files Customer services User operations Management Information Systems End-user systems Other processing operations Options for recovery Hot sites Warm sites Cold sites Reciprocal agreements Two data centers Multiple computers Service centers Consortium arrangement Vendor supplied equipment 71

71 Disaster Recovery Plan Emergency Information to Collect Backup position listing Hardware and software Critical telephone numbers inventory Communications inventory Notification checklist Distribution register Office supply inventory Documentation inventory Off-site storage location Equipment inventory inventory Forms inventory Software and data files Insurance Policy inventory backup/retention schedules Main computer hardware Telephone inventory inventory Temporary location Master call list specifications Master vendor list Other materials and documentation 72

72 Disaster Recovery Plan Writing the Plan First an outline for detailed procedures in the plan needs to be created The outline should be approved by the top management This outline becomes the table of content for the plan Plan should Provide roadmap for detailed procedures Identify the scope clearly Identify any potential redundancies in the plan 73

73 Disaster Recovery Plan Creating Detailed Procedures Create a standard template for all detailed procedures Makes training and dissemination easier Removes ambiguities in the plan Facilitates collaboration during writing Procedures should include pre & post disaster procedures Plan should include provisions for periodic evaluation and revisions Specific teams should be created for different functional areas (i.e. administration, facilities, logistics, user support, computer backup, restoration, etc.) 74

74 Disaster Recovery Plan Creating Detailed Procedures Cont d. Each team should have a leader and different personnel on the team should have clearly delineated roles. Management team should be created to coordinate the recovery process, access damage, activate the recovery plan, and work with team leaders Despite the management structure teams may need to operate autonomously during the disaster Management team members should set priorities, policies and procedures in case of unforeseen contingencies 75

75 Disaster Recovery Plan Validation & Testing of Procedures The procedures should be validated periodically (at least annually) Validation procedures should be a part of the plan Validation of the procedures would help in Determining the reliability of backup facilities & procedures Identify weaknesses in the procedures Provide training to the different teams Protect the company from legal liabilities (due diligence) 76

76 Disaster Recovery Plan Testing Entire Plan The initial testing involves a walk-through of the entire plan Plan should be updated if any discrepancies or inconsistencies are observed The testing of the plan should be done in sections first to avoid large scale work disruptions Testing procedures may vary considerably Checklist tests Simulation tests Parallel tests Full interruption tests 77

Disaster Recovery Planning Process

Disaster Recovery Planning Process Disaster Recovery Planning Process By Geoffrey H. Wold Part I of III This is the first of a three-part series that describes the planning process related to disaster recovery. Based on the various considerations

More information

Business Continuity Plan

Business Continuity Plan Business Continuity Plan October 2007 Agenda Business continuity plan definition Evolution of the business continuity plan Business continuity plan life cycle FFIEC & Business continuity plan Questions

More information

Business Continuity and Disaster Recovery Planning from an Information Technology Perspective

Business Continuity and Disaster Recovery Planning from an Information Technology Perspective Business Continuity and Disaster Recovery Planning from an Information Technology Perspective Presenter: David Bird, Director of Sales, Business Technology Consultant phone: 215-672-7100 email: dbird@quatro.com

More information

Temple university. Auditing a business continuity management BCM. November, 2015

Temple university. Auditing a business continuity management BCM. November, 2015 Temple university Auditing a business continuity management BCM November, 2015 Auditing BCM Agenda 1. Introduction 2. Definitions 3. Standards 4. BCM key elements IT Governance class - IT audit program

More information

Disaster Recovery. 1.1 Introduction. 1.2 Reasons for Disaster Recovery. EKAM Solutions Ltd Disaster Recovery

Disaster Recovery. 1.1 Introduction. 1.2 Reasons for Disaster Recovery. EKAM Solutions Ltd Disaster Recovery Disaster Recovery 1.1 Introduction Every day, there is the chance that some sort of business interruption, crisis, disaster, or emergency will occur. Anything that prevents access to key processes and

More information

Disaster Recovery Planning Process

Disaster Recovery Planning Process Page 1 of 5 Disaster Recovery Planning Process By Geoffrey H. Wold Part II of III This is the second of a three-part series that describes specific methods for organizing and writing a comprehensive disaster

More information

Disaster Recovery Plan (DRP) / Business Continuity Plan (BCP)

Disaster Recovery Plan (DRP) / Business Continuity Plan (BCP) Preface Computer systems are the core tool of today s business and are vital to every business from the smallest to giant organizations. Money transactions, customer service are just simple examples. Despite

More information

Business Continuity Planning and Disaster Recovery Planning. Ed Crowley IAM/IEM

Business Continuity Planning and Disaster Recovery Planning. Ed Crowley IAM/IEM Business Continuity Planning and Disaster Recovery Planning Ed Crowley IAM/IEM 1 Goals Compare and contrast aspects of business continuity Execute disaster recovery plans and procedures 2 Topics Business

More information

Offsite Disaster Recovery Plan

Offsite Disaster Recovery Plan 1 Offsite Disaster Recovery Plan Offsite Disaster Recovery Plan Presented By: Natan Verkhovsky President Disty Portal Inc. 2 Offsite Disaster Recovery Plan Introduction This document is a comprehensive

More information

EMERGENCY PREPAREDNESS PLAN Business Continuity Plan

EMERGENCY PREPAREDNESS PLAN Business Continuity Plan EMERGENCY PREPAREDNESS PLAN Business Continuity Plan GIS Bankers Insurance Group Powered by DISASTER PREPAREDNESS Implementation Small Business Guide to Business Continuity Planning Surviving a Catastrophic

More information

Business Continuity Planning and Disaster Recovery Planning

Business Continuity Planning and Disaster Recovery Planning Business Continuity Planning and Disaster Recovery Planning Ed Crowley IAM/IEM 1 ISC 2 Key Areas of Knowledge Understand business continuity requirements 1. Develop and document project scope and plan

More information

Business Continuity Planning in IT

Business Continuity Planning in IT Introduction: Business Continuity Planning in IT The more your business relies on its IT systems, the more you need to consider how unexpected disruptions might affect your business. These disruptions

More information

Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0

Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0 Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0 Unless otherwise stated, these Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies

More information

Business Continuity and Disaster Survival Strategies for the Small and Mid Size Business. www.integrit-network.com

Business Continuity and Disaster Survival Strategies for the Small and Mid Size Business. www.integrit-network.com Business Continuity and Disaster Survival Strategies for the Small and Mid Size Business www.integrit-network.com Business Continuity & Disaster Survival Strategies for the Small & Mid Size Business AGENDA:

More information

IT Disaster Recovery Plan Template

IT Disaster Recovery Plan Template HOPONE INTERNET CORP IT Disaster Recovery Plan Template Compliments of: Tim Sexton 1/1/2015 An information technology (IT) disaster recovery (DR) plan provides a structured approach for responding to unplanned

More information

DISASTER RECOVERY PLANNING GUIDE

DISASTER RECOVERY PLANNING GUIDE DISASTER RECOVERY PLANNING GUIDE AN INTRODUCTION TO BUSINESS CONTINUITY PLANNING FOR JD EDWARDS SOFTWARE CUSTOMERS www.wts.com WTS Disaster Recovery Planning Guide Page 1 Introduction This guide will provide

More information

FORMULATING YOUR BUSINESS CONTINUITY PLAN

FORMULATING YOUR BUSINESS CONTINUITY PLAN WHITE PAPER Page 0 Planning for the Worst Case Scenario: FORMULATING YOUR BUSINESS CONTINUITY PLAN 9 Wing Drive Cedar Knolls, NJ 07927 www.nac.net Page 1 Table of Contents Overview... 2 What is Disaster

More information

Business Continuity Planning and Disaster Recovery Planning

Business Continuity Planning and Disaster Recovery Planning 4 Business Continuity Planning and Disaster Recovery Planning Basic Concepts 1. Business Continuity Management: Business Continuity means maintaining the uninterrupted availability of all key business

More information

Business Continuity Glossary

Business Continuity Glossary Developed In Conjuction with Business Continuity Glossary ACTIVATION: The implementation of business continuity capabilities, procedures, activities, and plans in response to an emergency or disaster declaration;

More information

Domain 3 Business Continuity and Disaster Recovery Planning

Domain 3 Business Continuity and Disaster Recovery Planning Domain 3 Business Continuity and Disaster Recovery Planning Steps (ISC) 2 steps [Har10] Project initiation Business Impact Analysis (BIA) Recovery strategy Plan design and development Implementation Testing

More information

Information Security Management: Business Continuity Planning. Presentation by Stanislav Nurilov March 9th, 2005 CS 996: Info. Sec. Mgmt.

Information Security Management: Business Continuity Planning. Presentation by Stanislav Nurilov March 9th, 2005 CS 996: Info. Sec. Mgmt. Information Security Management: Business Continuity Planning Presentation by Stanislav Nurilov March 9th, 2005 CS 996: Info. Sec. Mgmt. Overview BCP: Definition BCP: Need for (Why?) BCP: When BCP: Who

More information

IT Disaster Recovery Plan Template. By Paul Kirvan, CISA, CISSP, FBCI, CBCP

<Client Name> IT Disaster Recovery Plan Template. By Paul Kirvan, CISA, CISSP, FBCI, CBCP IT Disaster Recovery Plan Template By Paul Kirvan, CISA, CISSP, FBCI, CBCP Revision History REVISION DATE NAME DESCRIPTION Original 1.0 2 Table of Contents Information Technology Statement

More information

Ohio Supercomputer Center

Ohio Supercomputer Center Ohio Supercomputer Center IT Business Continuity Planning No: Effective: OSC-13 06/02/2009 Issued By: Kevin Wohlever Director of Supercomputer Operations Published By: Ohio Supercomputer Center Original

More information

Business Continuity and Disaster Survival Strategies for the Small and Mid Size Business

Business Continuity and Disaster Survival Strategies for the Small and Mid Size Business Business Continuity and Disaster Survival Strategies for the Small and Mid Size Business Business Continuity & Disaster Survival Strategies for the Small and Mid Size Business AGENDA Welcome / Introduction

More information

Interactive-Network Disaster Recovery

Interactive-Network Disaster Recovery Interactive-Network Disaster Recovery BACKGROUND IT systems are vulnerable to a variety of disruptions, ranging from mild (e.g., short-term power outage, disk drive failure) to severe (e.g., terrorism,

More information

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 13 Business Continuity

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 13 Business Continuity Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 13 Business Continuity Objectives Define environmental controls Describe the components of redundancy planning List disaster recovery

More information

CISM Certified Information Security Manager

CISM Certified Information Security Manager CISM Certified Information Security Manager Firebrand Custom Designed Courseware Chapter 4 Information Security Incident Management Exam Relevance Ensure that the CISM candidate Establish an effective

More information

Cloud Computing. Chapter 10 Disaster Recovery and Business Continuity and the Cloud

Cloud Computing. Chapter 10 Disaster Recovery and Business Continuity and the Cloud Cloud Computing Chapter 10 Disaster Recovery and Business Continuity and the Cloud Learning Objectives Define and describe business continuity. Define and describe disaster recovery. Describe the benefits

More information

NEEDS BASED PLANNING FOR IT DISASTER RECOVERY

NEEDS BASED PLANNING FOR IT DISASTER RECOVERY The Define/Align/Approve Reference Series NEEDS BASED PLANNING FOR IT DISASTER RECOVERY Disaster recovery planning is essential it s also expensive. That s why every step taken and dollar spent must be

More information

Business Continuity Management

Business Continuity Management Business Continuity Management cliftonlarsonallen.com Introductions Brian Pye CliftonLarsonAllen Senior Manager Business Risk Services group 15 years of experience with Business Continuity Megan Moore

More information

Business Continuity Planning Guide

Business Continuity Planning Guide Business Continuity Planning Guide For Small Businesses Prepared by the City of Vaughan Emergency Planning Department 1 Business Continuity Planning Business Continuity Planning (BCP) is a planning process

More information

Q uick Guide to Disaster Recovery Planning An ITtoolkit.com White Paper

Q uick Guide to Disaster Recovery Planning An ITtoolkit.com White Paper This quick reference guide provides an introductory overview of the key principles and issues involved in IT related disaster recovery planning, including needs evaluation, goals, objectives and related

More information

Business Continuity and Disaster Recovery Planning

Business Continuity and Disaster Recovery Planning Business Continuity and Disaster Recovery Planning Jennifer Brandt, CISA A p r i l 16, 2015 HISTORY OF STINNETT & ASSOCIATES Stinnett & Associates (Stinnett) is a professional advisory firm offering services

More information

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA 1 Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand

More information

Disaster Preparedness & Response

Disaster Preparedness & Response 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 A B C E INTRODUCTION AND PURPOSE REVIEW ELEMENTS ABBREVIATIONS NCUA REFERENCES EXTERNAL REFERENCES Planning - Ensuring

More information

Building and Maintaining a Business Continuity Program

Building and Maintaining a Business Continuity Program Building and Maintaining a Business Continuity Program Successful strategies for financial institutions for effective preparation and recovery Table of Contents Introduction...3 This white paper was written

More information

DISASTER RECOVERY AND CONTINGENCY PLANNING CHECKLIST FOR ICT SYSTEMS

DISASTER RECOVERY AND CONTINGENCY PLANNING CHECKLIST FOR ICT SYSTEMS Appendix L DISASTER RECOVERY AND CONTINGENCY PLANNING CHECKLIST FOR ICT SYSTEMS I. GETTING READY A. Obtain written commitment from top management of support for contingency planning objectives. B. Assemble

More information

Birkenhead Sixth Form College IT Disaster Recovery Plan

Birkenhead Sixth Form College IT Disaster Recovery Plan Author: Role: Mal Blackburne College Learning Manager Page 1 of 14 Introduction...3 Objectives/Constraints...3 Assumptions...4 Incidents Requiring Action...4 Physical Safeguards...5 Types of Computer Service

More information

Cisco Disaster Recovery: Best Practices White Paper

Cisco Disaster Recovery: Best Practices White Paper Table of Contents Disaster Recovery: Best Practices White Paper...1 Introduction...1 Performance Indicators for Disaster Recovery...1 High Level Process Flow for Disaster Recovery...2 Management Awareness...2

More information

GOVERNMENT FINANCE OFFICERS ASSOCIATION OF MISSOURI SPRING 2012 CONFERENCE IT DISASTER PLAN

GOVERNMENT FINANCE OFFICERS ASSOCIATION OF MISSOURI SPRING 2012 CONFERENCE IT DISASTER PLAN GOVERNMENT FINANCE OFFICERS ASSOCIATION OF MISSOURI SPRING 2012 CONFERENCE IT DISASTER PLAN 2012 Sikich LLP. All Rights Reserved. Presented by: Scott Wegner Partner, Director Networking Services Sikich

More information

Assessing Your Disaster. Andrews Hooper Pavlik PLC. Andrews Hooper Pavlik PLC

Assessing Your Disaster. Andrews Hooper Pavlik PLC. Andrews Hooper Pavlik PLC Assessing Your Disaster Recovery Plans Gregory H. Soule, CPA, CISA, CISSP, CFE Andrews Hooper Pavlik PLC Andrews Hooper Pavlik PLC Agenda Business Continuity Concepts Impact Analysis Risk Assessment Risk

More information

The 9 Ugliest Mistakes Made with Data Backup and How to Avoid Them

The 9 Ugliest Mistakes Made with Data Backup and How to Avoid Them The 9 Ugliest Mistakes Made with Data Backup and How to Avoid Them If your data is important to your business and you cannot afford to have your operations halted for days even weeks due to data loss or

More information

Disaster Recovery Planning

Disaster Recovery Planning NASA IV & V ANNUAL WORKSHOP 202 The 4th International Workshop on Independent Verification & Validation of Software Disaster Recovery Planning Divya Krishnamoorthy Mailam Engineering College, Mailam. (Affiliated

More information

Course: Information Security Management in e-governance. Day 2. Session 5: Disaster Recovery Planning

Course: Information Security Management in e-governance. Day 2. Session 5: Disaster Recovery Planning Course: Information Security Management in e-governance Day 2 Session 5: Disaster Recovery Planning Agenda Introduction to Disaster Recovery Planning (DRP) Need for disaster recovery planning Approach

More information

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Four

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Four Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Four Data Handling in University Business Impact Analysis ( BIA ) Agenda Overview Terminologies Performing

More information

How to Design and Implement a Successful Disaster Recovery Plan

How to Design and Implement a Successful Disaster Recovery Plan How to Design and Implement a Successful Disaster Recovery Plan Feb. 21 ASA Office-Administrative Section is Sponsored by Today s ASAPro Webinar is Brought to You by the How to Ask a Question Questions

More information

www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014

www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014 www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014 Agenda Key Definitions Risks Business Continuity Management Program BCM Capability Assessment Process BCM Value Proposition

More information

Business Continuity Planning (BCP) / Disaster Recovery (DR)

Business Continuity Planning (BCP) / Disaster Recovery (DR) Business Continuity Planning (BCP) / Disaster Recovery (DR) Introduction Interruptions to business functions can result from major natural disasters such as earthquakes, floods, and fires, or from man-made

More information

Business Continuity Planning (BCP) & Disaster Recovery Planning (DRP).

Business Continuity Planning (BCP) & Disaster Recovery Planning (DRP). Business Continuity Planning (BCP) & Disaster Recovery Planning (DRP). Ed Fortin President Fortin Consulting Paul Godden Consultant & Quotation Author Friday 24 th February 2012 Business Continuity Planning

More information

Business continuity plan

Business continuity plan Business continuity plan CONTENTS INTRODUCTION 2 - Scope - Components BUSINESS IMPACT ANALYSIS 3 - Business Affairs - Information Technology RISK ASSESSMENT 5 - Broad Categories of Hazards - Hazard Table

More information

Why Should Companies Take a Closer Look at Business Continuity Planning?

Why Should Companies Take a Closer Look at Business Continuity Planning? whitepaper Why Should Companies Take a Closer Look at Business Continuity Planning? How Datalink s business continuity and disaster recovery solutions can help organizations lessen the impact of disasters

More information

The Benefits of Continuous Data Protection (CDP) for IBM i and AIX Environments

The Benefits of Continuous Data Protection (CDP) for IBM i and AIX Environments The Benefits of Continuous Data Protection (CDP) for IBM i and AIX Environments New flexible technologies enable quick and easy recovery of data to any point in time. Introduction Downtime and data loss

More information

85-01-55 Overview of Business Continuity Planning Sally Meglathery Payoff

85-01-55 Overview of Business Continuity Planning Sally Meglathery Payoff 85-01-55 Overview of Business Continuity Planning Sally Meglathery Payoff Because a business continuity plan affects all functional units within the organization, each functional unit must participate

More information

IF DISASTER STRIKES IS YOUR BUSINESS READY?

IF DISASTER STRIKES IS YOUR BUSINESS READY? 1 IF DISASTER STRIKES IS YOUR BUSINESS READY? DISASTER RECOVERY and BUSINESS CONTINUITY: WHAT YOU NEED TO KNOW Realize the Power of Technology Many business owners put off disaster planning, perhaps thinking

More information

Continuity of Operations Planning. A step by step guide for business

Continuity of Operations Planning. A step by step guide for business What is a COOP? Continuity of Operations Planning A step by step guide for business A Continuity Of Operations Plan (COOP) is a MANAGEMENT APPROVED set of agreed-to preparations and sufficient procedures

More information

Abhi Rathinavelu Foster School of Business

Abhi Rathinavelu Foster School of Business Abhi Rathinavelu Foster School of Business What is Disaster? A disaster is considered any incident or event that results in a major interruption of business operations Major: Earthquake >5.0, Volcanic

More information

Disaster Recovery Planning

Disaster Recovery Planning Disaster Recovery Planning NOW or NEVER Disaster Recovery Team Aura Advanced Technologies Aura Advanced Technologies Inc 1301-1121 Sixth Avenue SW Calgary, Alberta T2P 5J4 Phone: 403-269-6123 Fax: 403-269-6169

More information

Assessment of natural hazards, man made hazards, technical and societal related risks and associated impact.

Assessment of natural hazards, man made hazards, technical and societal related risks and associated impact. Aon Business Continuity Planning The Aon Business Continuity Planning practice provides consulting services that allow Aon clients to measure and manage their strategic and tactical risks through Crisis

More information

Nine Steps to Smart Security for Small Businesses

Nine Steps to Smart Security for Small Businesses Nine Steps to Smart Security for Small Businesses by David Lacey Co-Founder, Jericho Forum Courtesy of TABLE OF CONTENTS INTRODUCTION... 1 WHY SHOULD I BOTHER?... 1 AREN T FIREWALLS AND ANTI-VIRUS ENOUGH?...

More information

DISASTER PLANNING AND RECOVERY

DISASTER PLANNING AND RECOVERY PLANNING IS THE KEY TO SUCCESSFUL DISASTER RECOVERY Source: US State Government Disaster Recovery Markets by Frost & Sullivan, A Global Growth Consulting Company DISASTER PLANNING AND RECOVERY In the aftermath

More information

Managing business risk

Managing business risk Managing business risk What senior managers need to know about business continuity bell.ca/businesscontinuity Information and Communications Technology (ICT) has become more vital than ever to the success

More information

IT Disaster Recovery and Business Resumption Planning Standards

IT Disaster Recovery and Business Resumption Planning Standards Information Technology Disaster Recovery and Business IT Disaster Recovery and Business Adopted by the Information Services Board (ISB) on May 28, 1992 Policy No: Also see: 500-P1, 502-G1 Supersedes No:

More information

The Impact of Corporate Preparedness. For Audio: (1) Listen through PC speakers, OR (2) Dial 484 589 1010 and use access code 488 870 467

The Impact of Corporate Preparedness. For Audio: (1) Listen through PC speakers, OR (2) Dial 484 589 1010 and use access code 488 870 467 The Impact of Corporate Preparedness on the Bottom Line For Audio: (1) Listen through PC speakers, OR (2) Dial 484 589 1010 and use access code 488 870 467 Prepare to Survive. Bob Boyd President & CEO

More information

Business Continuity Planning for Schools, Departments & Support Units

Business Continuity Planning for Schools, Departments & Support Units Business Continuity Planning for Schools, Departments & Support Units 1 What is Business Continuity Planning? Examples Planning for an adverse, major or catastrophic event that would cause a disruption

More information

Clinic Business Continuity Plan Guidelines

Clinic Business Continuity Plan Guidelines Clinic Business Continuity Plan Guidelines Emergency notification contacts: Primary Role Name Address Home phone Mobile/Cell phone Business Continuity Plan Coordinator QSP Business Continuity Plan Coordinator

More information

Management of IT Risks

Management of IT Risks 10 number 39 // 2-2006 Management of IT Risks Esther Cerdeño Deputy Director of IT MAPFRE REASEGUROS (Spain) The market needs insurers to study the feasibility of insuring costs relating to loss of information;

More information

Business Continuity and Disaster Planning

Business Continuity and Disaster Planning WHITE PAPER Business Continuity and Disaster Planning A guide to preparing for the unexpected Robert Drewniak Director, Strategic & Advisory Services Disasters are not always the result of high winds and

More information

Clinic Business Continuity Plan Guidelines

Clinic Business Continuity Plan Guidelines Clinic Business Continuity Plan Guidelines Published: January 2015 Table of Contents Emergency Notification Contacts Primary... 2 Emergency Notification Contacts Backups (in case primary is unavailable)...

More information

Beyond Effective Security. The Art and Science of Business Continuity Planning

Beyond Effective Security. The Art and Science of Business Continuity Planning Beyond Effective Security The Art and Science of Business Continuity Planning Fred Young, CIPM, CRM Executive Director Risk Management RE/MAX International Holdings, Inc The Wildlife Experience Business

More information

TO AN EFFECTIVE BUSINESS CONTINUITY PLAN

TO AN EFFECTIVE BUSINESS CONTINUITY PLAN 5 STEPS TO AN EFFECTIVE BUSINESS CONTINUITY PLAN Introduction The Snowpocalypse of 2015 brought one winter storm after another, paralyzing the eastern half of the United States. It knocked out power for

More information

NCUA LETTER TO CREDIT UNIONS

NCUA LETTER TO CREDIT UNIONS NCUA LETTER TO CREDIT UNIONS NATIONAL CREDIT UNION ADMINISTRATION 1775 Duke Street, Alexandria, VA 22314 DATE: December 2001 LETTER NO.: 01-CU-21 TO: SUBJ: ENCL: All Federally Insured Credit Unions Disaster

More information

Federal Financial Institutions Examination Council FFIEC. Business Continuity Planning BCP MARCH 2003 MARCH 2008 IT EXAMINATION

Federal Financial Institutions Examination Council FFIEC. Business Continuity Planning BCP MARCH 2003 MARCH 2008 IT EXAMINATION Federal Financial Institutions Examination Council FFIEC Business Continuity Planning MARCH 2003 MARCH 2008 BCP IT EXAMINATION H ANDBOOK TABLE OF CONTENTS INTRODUCTION... 1 BOARD AND SENIOR MANAGEMENT

More information

Data Management Policies. Sage ERP Online

Data Management Policies. Sage ERP Online Sage ERP Online Sage ERP Online Table of Contents 1.0 Server Backup and Restore Policy... 3 1.1 Objectives... 3 1.2 Scope... 3 1.3 Responsibilities... 3 1.4 Policy... 4 1.5 Policy Violation... 5 1.6 Communication...

More information

Best Practices in Disaster Recovery Planning and Testing

Best Practices in Disaster Recovery Planning and Testing Best Practices in Disaster Recovery Planning and Testing axcient.com 2015. Axcient, Inc. All Rights Reserved. 1 Best Practices in Disaster Recovery Planning and Testing Disaster Recovery plans are widely

More information

EXIN Information Security Foundation based on ISO/IEC 27002. Sample Exam

EXIN Information Security Foundation based on ISO/IEC 27002. Sample Exam EXIN Information Security Foundation based on ISO/IEC 27002 Sample Exam Edition June 2016 Copyright 2016 EXIN All rights reserved. No part of this publication may be published, reproduced, copied or stored

More information

Four Steps to Disaster Recovery and Business Continuity using iscsi

Four Steps to Disaster Recovery and Business Continuity using iscsi White Paper Four Steps to Disaster Recovery and Business Continuity using iscsi It s a fact of business life physical, natural, and digital disasters do occur, and they interrupt operations and impact

More information

Post-Class Quiz: Business Continuity & Disaster Recovery Planning Domain

Post-Class Quiz: Business Continuity & Disaster Recovery Planning Domain 1. What is the most common planned performance duration for a continuity of operations plan (COOP)? A. 30 days B. 60 days C. 90 days D. It depends on the severity of a disaster. 2. What is the business

More information

THE NEXT GENERATION OF DATA INSURANCE

THE NEXT GENERATION OF DATA INSURANCE THE NEXT GENERATION OF DATA INSURANCE High Indemnity and Broad Coverage Against Permanent Loss A Data Insurance Licensing Ltd. White Paper Version 2013.4.4 Data Insurance Licensing Ltd. THE NEXT GENERATION

More information

Continuity Planning and Disaster Recovery

Continuity Planning and Disaster Recovery Responsible Officer: AVP - Information Technology Services & UC Chief Information Officer Responsible Office: IT - Information Technology Services Issuance Date: 7/27/2007 Effective Date: 7/27/2007 Scope:

More information

Disaster Recovery & Business Continuity Dell IT Executive Learning Series

Disaster Recovery & Business Continuity Dell IT Executive Learning Series Disaster Recovery & Business Continuity Dell IT Executive Learning Series Presented by Rich Armour, Debi Higdon & Mitchell McGovern THIS PRESENTATION SUMMARY IS FOR INFORMATIONAL PURPOSES ONLY AND MAY

More information

Developing a Business Continuity Plan... More Than Disaster

Developing a Business Continuity Plan... More Than Disaster Developing a Business Continuity Plan..... More Than Disaster Recovery! April 19, 2010 UHY / MMA Business Survival Series Webinar Focus.... Understanding the components of Business Continuity Planning

More information

The Importance of Disaster Recovery for Data Protection

The Importance of Disaster Recovery for Data Protection The Importance of Disaster Recovery for Data Protection Eric R Schott Director, Product Management 2006 Summer Conference 2005 Annual June Conference 13th, 2006 October Sheraton 24-26 Nashua 2005, Hotel

More information

5 DEADLY MISTAKES THAT BUSINESS OWNERS MAKE WITH THEIR COMPUTER NETWORKS AND HOW TO PROTECT YOUR BUSINESS

5 DEADLY MISTAKES THAT BUSINESS OWNERS MAKE WITH THEIR COMPUTER NETWORKS AND HOW TO PROTECT YOUR BUSINESS 5 DEADLY MISTAKES THAT BUSINESS OWNERS MAKE WITH THEIR COMPUTER NETWORKS AND HOW TO PROTECT YOUR BUSINESS 1 Introduction As small and mid-sized companies rely more heavily on their computer networks to

More information

courtesy of F5 NETWORKS New Technologies For Disaster Recovery/Business Continuity overview f5 networks P

courtesy of F5 NETWORKS New Technologies For Disaster Recovery/Business Continuity overview f5 networks P courtesy of F5 NETWORKS New Technologies For Disaster Recovery/Business Continuity overview Business Continuity, Disaster Recovery and Data Center Consolidation IT managers today must be ready for the

More information

Unit Guide to Business Continuity/Resumption Planning

Unit Guide to Business Continuity/Resumption Planning Unit Guide to Business Continuity/Resumption Planning (February 2009) Revised June 2011 Executive Summary... 3 Purpose and Scope for a Unit Business Continuity Plan(BCP)... 3 Resumption Planning... 4 Assumptions

More information

HA / DR Jargon Buster High Availability / Disaster Recovery

HA / DR Jargon Buster High Availability / Disaster Recovery HA / DR Jargon Buster High Availability / Disaster Recovery Welcome to Maxava s Jargon Buster. Your quick reference guide to Maxava HA and industry technical terms related to High Availability and Disaster

More information

Business Continuity Planning for Risk Reduction

Business Continuity Planning for Risk Reduction Business Continuity Planning for Risk Reduction Ion PLUMB ionplumb@yahoo.com Andreea ZAMFIR zamfir_andreea_ileana@yahoo.com Delia TUDOR tudordelia@yahoo.com Faculty of Management Academy of Economic Studies

More information

Key Steps to a Secure Remote Workforce

Key Steps to a Secure Remote Workforce Key Steps to a Secure Remote Workforce Telecommuting benefits the employee and the company, the community and the environment. With the right security measures in place, there s no need to delay in creating

More information

Ohio Conference for Payroll Professionals Disaster Recovery

Ohio Conference for Payroll Professionals Disaster Recovery Ohio Conference for Payroll Professionals Disaster Recovery Speaker Bruce E. Phipps CPP 2011 APA Payroll Man of the Year Principal Product Manager US Legislative Analyst ORACLE Corporation bruce.phipps@oracle.com

More information

CRITICAL INFRASTRUCTURE PROTECTION BUILDING ORGANIZATIONAL RESILIENCE

CRITICAL INFRASTRUCTURE PROTECTION BUILDING ORGANIZATIONAL RESILIENCE 1 CRITICAL INFRASTRUCTURE PROTECTION BUILDING ORGANIZATIONAL RESILIENCE Gavin McLintock P.Eng. CISSP PCIP 2 METCALFE POWER STATION 16 April 2013 Sophisticated physical attack 27 Days outage $15.4 million

More information

What You Should Know About Cloud- Based Data Backup

What You Should Know About Cloud- Based Data Backup What You Should Know About Cloud- Based Data Backup An Executive s Guide to Data Backup and Disaster Recovery Matt Zeman 3Fold IT, LLC PO Box #1350 Grafton, WI 53024 Telephone: (844) 3Fold IT Email: Matt@3FoldIT.com

More information

BUSINESS CONTINUITY PLAN OVERVIEW

BUSINESS CONTINUITY PLAN OVERVIEW BUSINESS CONTINUITY PLAN OVERVIEW INTRODUCTION The purpose of this document is to provide Loomis customers with an overview of the company s Business Continuity Plan (BCP). Because of the specific and

More information

CONTINUITY OF OPERATIONS PLAN TEMPLATE

CONTINUITY OF OPERATIONS PLAN TEMPLATE CONTINUITY OF OPERATIONS PLAN TEMPLATE For Long-Term Care Facilities CALIFORNIA ASSOCIATION OF HEALTH FACILITIES DISASTER PREPAREDNESS PROGRAM TABLE OF CONTENTS TABLE OF CONTENTS...2 SECTION 1: INTRODUCTION...3

More information

Table of Contents... 1

Table of Contents... 1 ... 1 Chapter 1 Introduction... 4 1.1 Executive Summary... 4 1.2 Goals and Objectives... 5 1.3 Senior Management and Board of Directors Responsibilities... 5 1.4 Business Continuity Planning Processes...

More information

Blackboard Managed Hosting SM Disaster Recovery Planning Document

Blackboard Managed Hosting SM Disaster Recovery Planning Document BLACKBOARD MANAGED HOSTING Blackboard Managed Hosting SM Disaster Recovery Planning Document Prepared By: MH Services Modified Date: March 2009 Revision: 1.8 1. OBJECTIVES... 3 2. SCOPE... 3 3. ASSUMPTIONS...

More information

Federal Financial Institutions Examination Council FFIEC BCP. Business Continuity Planning MARCH 2003 IT EXAMINATION H ANDBOOK

Federal Financial Institutions Examination Council FFIEC BCP. Business Continuity Planning MARCH 2003 IT EXAMINATION H ANDBOOK Federal Financial Institutions Examination Council FFIEC Business Continuity Planning MARCH 2003 BCP IT EXAMINATION H ANDBOOK TABLE OF CONTENTS INTRODUCTION... 1 BOARD AND SENIOR MANAGEMENT RESPONSIBILITIES...

More information

Building a strong business continuity plan

Building a strong business continuity plan Building a strong business continuity plan Protect your clients and firm with a well-planned business continuity plan A solid business continuity plan (BCP) is about more than simply staying in compliance.

More information

Beyond Disaster Recovery: Why Your Backup Plan Won t Work

Beyond Disaster Recovery: Why Your Backup Plan Won t Work Beyond Disaster Recovery: Why Your Backup Plan Won t Work Contents Introduction... 3 The Data Backup Model - Upgraded for 2015... 4 Why Disaster Recovery Isn t Enough... 5 Business Consequences with DR-Only

More information

NHS 24 - Business Continuity Strategy

NHS 24 - Business Continuity Strategy NHS 24 - Strategy Version: 0.3 Issue Date: 20/09/2005 Status: Issued for Board Approval Status: draft Page 1 of 13 Table of Contents 1 INTRODUCTION...3 2 PURPOSE...3 3 SCOPE...3 4 ASSUMPTIONS...4 5 BUSINESS

More information