Business Continuity and Capacity Building

Similar documents
How to Build a Disaster Recovery Plan

Does it state the management commitment and set out the organizational approach to managing information security?

Our Colorado region is offering a FREE Disaster Recovery Review promotional through June 30, 2009!

Best Practices in Disaster Recovery Planning and Testing

Disaster Recovery for Small Businesses

White Paper: Librestream Security Overview

Which Backup Option is Best?

Data Backup Options for SME s

5 Essential Benefits of Hybrid Cloud Backup

Offsite Backup with Fast Recovery

Disaster Recovery and Business Continuity What Every Executive Needs to Know

Business Continuity Planning (BCP) / Disaster Recovery (DR)

Backup & Disaster Recovery

BACKUP ESSENTIALS FOR PROTECTING YOUR DATA AND YOUR BUSINESS. Disasters happen. Don t wait until it s too late.

Version: Page 1 of 5

Disaster Recovery Planning

Continuity of Operations Planning. A step by step guide for business

AUDITING A BCP PLAN. Thomas Bronack Auditing a BCP Plan presentation Page: 1

How to Build a Comprehensive Business Continuity Plan

Disaster Recovery. 1.1 Introduction. 1.2 Reasons for Disaster Recovery. EKAM Solutions Ltd Disaster Recovery

Ensure Absolute Protection with Our Backup and Data Recovery Services. ds-inc.com (609)

High Availability and Disaster Recovery for Exchange Servers Through a Mailbox Replication Approach

Availability and Disaster Recovery: Basic Principles

Cloud Computing. Chapter 10 Disaster Recovery and Business Continuity and the Cloud

Virtual Infrastructure Security

INSIDE. Preventing Data Loss. > Disaster Recovery Types and Categories. > Disaster Recovery Site Types. > Disaster Recovery Procedure Lists

Table of Contents... 1

Protecting Official Records as Evidence in the Cloud Environment. Anne Thurston

Which Backup Option is Best?

10 Hidden IT Risks That Threaten Your Practice

Constructing a successful business continuity plan

A Best Practices Point of View from. Data Backup and Disaster Recovery Planning

ACTUALLY TEST YOUR PLAN. Disaster Recovery using Shadow Protect. March Madness Lunch & Learn. 1 AGENDA

Planning a Backup Strategy

Desktop Scenario Self Assessment Exercise Page 1

Disaster Recovery: Helping Non-Profits to Plan, Prepare & Recover. By: Lynn Do

BNA FEDERAL CREDIT UNION DISASTER RECOVERY PLAN

SOUTH LAKELAND DISTRICT COUNCIL INTERNAL AUDIT FINAL REPORT IT IT Backup, Recovery and Disaster Recovery Planning

Introduction. Read on and learn some facts about backup and recovery that could protect your small business.

Which Backup Option is Best?

July 30, Internal Audit Report Information Technology Business Continuity Plan Information Technology Department

DEFINING THE RIGH DATA PROTECTION STRATEGY

Business Continuity and Disaster Recovery Planning

Business Continuity Planning (BCP) / Disaster Recovery (DR)

Perforce Backup Strategy & Disaster Recovery at National Instruments

BUSINESS CONTINUITY PLAN OVERVIEW

a Disaster Recovery Plan

MANAGED WORKSTATIONS: Keeping your IT running

Disaster Recovery Planning Process

This white paper describes the three reasons why backup is a strategic element of your IT plan and why it is critical to your business that you plan

Ohio Supercomputer Center

2014 REPORT ON THE STATE OF DATA BACKUP FOR SMBS

How To Back Up A Virtual Machine

MAXIMUM PROTECTION, MINIMUM DOWNTIME

THE NEXT GENERATION OF DATA INSURANCE

Business Continuity Planning Principles and Best Practices Tom Hinkel and Zach Duke

HA / DR Jargon Buster High Availability / Disaster Recovery

Choosing the Right Cloud Service Provider. A guide to asking the right questions

Combining Onsite and Cloud Backup

STEP-BY-STEP BUSINESS CONTINUITY AND EMERGENCY PLANNING MAY

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

What You Should Know About Cloud- Based Data Backup

What are the benefits of Cloud Computing for Small Business?

Method 1 of 4: Understanding What Makes a Good Business Continuity Plan

Planning and Implementing Disaster Recovery for DICOM Medical Images

itg CloudBase is a suite of fully managed Hybrid & Private Cloud Services ready to support your business onwards and upwards into the future.

Planning for and Surviving a Data Disaster

10 Hidden IT Risks That Threaten Your Financial Services Firm

TO AN EFFECTIVE BUSINESS CONTINUITY PLAN

The 9 Ugliest Mistakes Made with Data Backup and How to Avoid Them

The Outsourced IT Hiring Guide

Business Continuity and Disaster Survival Strategies for the Small and Mid Size Business.

DISASTER RECOVERY WITH AWS

Beyond Disaster Recovery: Why Your Backup Plan Won t Work

Disaster Recovery: Protect Your Business & Prepare Your Digital Prepress Operations

Lunch and Learn: Modernize Your Data Protection Architecture with Multiple Tiers of Storage Session 17174, 12:30pm, Cedar

April 15, 2016 Presented by David Falldien. Disaster Recovery: For business continuity

The Big Bang: cloud resiliency and the data explosion

Data Loss in a Virtual Environment An Emerging Problem

Prevent Denial of Service Attacks with Availability Consulting

Planning for a Disaster Using Tivoli Storage Manager. Laura G. Buckley Storage Solutions Specialists, Inc.

The 10 Disaster Planning Essentials For A Small Business Network

Disaster Recovery Plan Checklist

Oregon-Montana Disaster Recovery Phase 1

Interactive-Network Disaster Recovery

Getting Your Practice Ahead

Business Continuity Plan

Post-Class Quiz: Business Continuity & Disaster Recovery Planning Domain

Build (develop) and document Acceptance Transition to production (installation) Operations and maintenance support (postinstallation)

SCOPE; ENFORCEMENT; AUTHORITY; EXCEPTIONS

The Business Case for Cloud Backup

Information Security Management: Business Continuity Planning. Presentation by Stanislav Nurilov March 9th, 2005 CS 996: Info. Sec. Mgmt.

CIS 523/423 Disaster Recovery Business Continuity

Business Continuity Plans- Technology. Preparation Instructions. Inventory and Assessment. System Backup Procedures

Disaster Recovery Planning Save Your Business

NETWORK SERVICES WITH SOME CREDIT UNIONS PROCESSING 800,000 TRANSACTIONS ANNUALLY AND MOVING OVER 500 MILLION, SYSTEM UPTIME IS CRITICAL.

WHAT WOULD HAPPEN TO YOUR BUSINESS IF YOU EXPERIENCED DATA LOSS?

Disaster Recovery & Business Continuity Dell IT Executive Learning Series

ITL BULLETIN FOR SEPTEMBER 2012 REVISED GUIDE HELPS ORGANIZATIONS HANDLE SECURITY-RELATED INCIDENTS

Transcription:

Business Continuity and Capacity Building April 10, 2015 Business Continuity and Capacity Building April 10, 2015 1 / 14

Developing Institutional Business Continuity Plans and Implications for Capacity Development Plans Business Continuity and Capacity Building April 10, 2015 2 / 14

Business continuity... is risk management + disaster recovery Being able to do business as usual What business are universities in? Education & Research... and sometimes more: ISP/ASP, data center, IXP Business Continuity and Capacity Building April 10, 2015 3 / 14

Where s the bottom line? While a university will typically not go bankrupt, there are disasters that are hard to recover from, and can tarnish the reputation and funding of a university: disruption to a flagship research program loss of student acamedic records / work breach of systems and dissemination of confidential information salaries, HR information Business Continuity and Capacity Building April 10, 2015 4 / 14

What is at risk (types of risk) Equipment damage/destruction/theft (loss of physical integrity) Infrastructure (network, data center/storage, cabling) Instruments (resarch labs/medical) Information (loss of data integrity) Loss of data Corruption of data These cause various degrees of Service disruptions and non-availability (combination of physical + data loss of integrity) Business Continuity and Capacity Building April 10, 2015 5 / 14

Risk management: threat and risk analysis Risk Management and Business Continuity assume the following elements are in place: Security policies and the tools to enforce them (adm & technical) Monitoring, logging (technical) Change management (technical & project management) Documentation of processes and systems, including their criticality identify weak spots, what if scenarios Audit (all departments) Service Level Agreement (management & technical)... how many of these do you implement?... who is in charge of these processes? Business Continuity and Capacity Building April 10, 2015 6 / 14

Everyone is different Like any business, universities have aspects that make them unique. The people running your network have: a standard set of skills unique knowledge of your applications, systems, and data Acquiring knowledge and experience of the systems, applications, and network is a time consuming process. Staff retention should be a high priority! Business Continuity and Capacity Building April 10, 2015 7 / 14

Outsourcing vs in-house 2 scenarios that illustrate the need to have qualified staff with the right knowledge, regardless of whether some functions are handled by outside partners. 1 IT functions are in-house but staff isn t skilled / knowledgeable enough to implement Risk Assessment, Recovery and Contingency plans 2 Some core IT functions are outsourced in-house staff isn t qualified to assess the preparedness of the vendor that the functions are outsourced to Business Continuity and Capacity Building April 10, 2015 8 / 14

Beware of trivial problems (1/2) Seemingly innocuous events such as a router failure or a hard disk crash, typically in a cascade of events, can lead to failures that can halt the functioning of a university for a long period of time. 1 Case a disk fails, containing the only copy of the university s accounting system - no one identified that a) the disk was not redundant anymore (was it ever?) b) that no backup had been taken for 6+ months c) the knowledge on how to rebuild the data and/or restore from an older backup left with the employee who set the system up years ago => Mitigation: a criticality assessment would have likely noticed the risk. Also, in-house staff has better knowledge of the finance department than an external company would. Business Continuity and Capacity Building April 10, 2015 9 / 14

Beware of trivial problems (2/2) 2 Case a core equipment fails, and the backup equipment is not up to date configuration wise. The core equipment failed in a way that the configuration can t be recovered. Lots of time will be spent rebuilding the configuration manually, frantically trying to get hold of former employees who may remember the details. => Mitigation: change / configuration management processes, which can be automated, would have picked up the configuration from the equipment, thus saving lots of time. A properly qualified staff would have implemented the tools necessary to avoid such a failure. Business Continuity and Capacity Building April 10, 2015 10 / 14

More serious issues Case 1: offsite backup hasn t worked for months, a fire breaks out, destroying local storage and backup Case 2: the ERP/CRM system is in the cloud. The vendor goes bankrupt, and no provision was made to regularly back up and pull down data from the cloud vendor, back to the university. => Mitigation in case 1, in-house staff would have implemented automated, manually controlled reporting on backup processes, rather than rely on those of a the external vendor in case 2, in-house staff would have implemented a regularly scheduled backup process, and insisted that the vendor offer quarterly restore testing Business Continuity and Capacity Building April 10, 2015 11 / 14

Pyramid of risk 1. high impact, low occurrence (rare _ i.e.: earthquake, or other major chance of happening / \ disaster destroys building / DC / 1 \ 2. medium impact, / \ i.e.: core equipment failure or occasional / 2 \ flooding in a network node / \ 3. low impact, / 3 \ i.e.: disk failure, frequent / \ stolen eqpt How high in the pyramid do you still expect to be in business? Business Continuity and Capacity Building April 10, 2015 12 / 14

Key points staff retention of the critical staff should be high priority! external partners will never understand - or care about! - your environment as much as full time staff in-house staff needs to be trained and improve their skillsets so they can implement best practices, which go a long way to mitigating disasters, and also help them assess compliance in external vendors and services qualified staff, with a knowledge of your institution is more important than backup data centers, off site replication, etc. without them, even low impact events can severely disrupt business Business Continuity and Capacity Building April 10, 2015 13 / 14

Thank you! Business Continuity and Capacity Building April 10, 2015 14 / 14

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information