Toronto Public Library Disaster Recovery recommended safeguards and controls



Similar documents
SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0

DISASTER RECOVERY AND CONTINGENCY PLANNING CHECKLIST FOR ICT SYSTEMS

Post-Class Quiz: Business Continuity & Disaster Recovery Planning Domain

Ohio Supercomputer Center

Supplier Security Assessment Questionnaire

INSIDE. Preventing Data Loss. > Disaster Recovery Types and Categories. > Disaster Recovery Site Types. > Disaster Recovery Procedure Lists

Client Security Risk Assessment Questionnaire

Disaster Recovery Plan (DRP) / Business Continuity Plan (BCP)

The University of Iowa. Enterprise Information Technology Disaster Plan. Version 3.1

Disaster Recovery & Business Continuity Dell IT Executive Learning Series

Itron Cloud Services Offering

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 13 Business Continuity

Template Courtesy of: Cloudnition LLC 55 W. 22 nd St Suite 115 Lombard, IL (630)

Blackboard Collaborate Web Conferencing Hosted Environment Technical Infrastructure and Security

Assessing Your Disaster. Andrews Hooper Pavlik PLC. Andrews Hooper Pavlik PLC

Information Systems Security Assessment

Birkenhead Sixth Form College IT Disaster Recovery Plan

UCS Level 2 Report Issued to

Risk Assessment Guide

Five keys to a more secure data environment

CISSP Common Body of Knowledge: Business Continuity & Disaster Recovery Planning Domain Version: 5.9.2

IT Disaster Recovery Plan Template

StratusLIVE for Fundraisers Cloud Operations

DISASTER RECOVERY AND BUSINESS CONTINUITY

Music Recording Studio Security Program Security Assessment Version 1.1

SAS 70 Type II Audits

How to Design and Implement a Successful Disaster Recovery Plan

BUSINESS CONTINUITY PLAN OVERVIEW

Created By: 2009 Windows Server Security Best Practices Committee. Revised By: 2014 Windows Server Security Best Practices Committee

ITMF Disaster Recovery and Business Continuity Committee Report for the UGA IT Master Plan

Secure, Scalable and Reliable Cloud Analytics from FusionOps

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

<Client Name> IT Disaster Recovery Plan Template. By Paul Kirvan, CISA, CISSP, FBCI, CBCP

Information Security Risk Assessment Checklist. A High-Level Tool to Assist USG Institutions with Risk Analysis

IT Sr. Systems Administrator

Aljex Software, Inc. Business Continuity & Disaster Recovery Plan. Last Updated: June 16, 2009

Disaster Recovery for Small Businesses

MSP Service Matrix. Servers

APPENDIX 3 TO SCHEDULE 3.3 SECURITY SERVICES SOW

Contact us for a free consultation today! officemove@aie195.com

DISASTER RECOVERY. Omniture Disaster Plan. June 2, 2008 Version 2.0

Understanding Sage CRM Cloud

White Paper: Librestream Security Overview

Data Center Infrastructure & Managed Services Outline

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

Business Continuity Plan

Security from a customer s perspective. Halogen s approach to security

Disaster Recovery Plan Checklist

RL Solutions Hosting Service Level Agreement

DRAFT Disaster Recovery Policy Template

IT Service Management

HIPAA Privacy and Security Risk Assessment and Action Planning

Prepared by Rod Davis, ABCP, MCSA November, 2011

Ezi Managed Services Pty Ltd Introduction to Our Managed Service Agreement

Introduction to WatServ & Cloud Computing for Microsoft Dynamics

Small Business IT Risk Assessment

Las Vegas Datacenter Overview. Product Overview and Data Sheet. Created on 6/18/2014 3:49:00 PM

OKHAHLAMBA LOCAL MUNICIPALITY

Perceptive Software Platform Services

Interactive-Network Disaster Recovery

APPENDIX 7. ICT Disaster Recovery Plan

Clovis Municipal School District Information Technology (IT) Disaster Recovery Plan

Tailored Technologies LLC

APPENDIX 7. ICT Disaster Recovery Plan

Security Policy JUNE 1, SalesNOW. Security Policy v v

Disaster Recovery 101. Sudarshan Ranganath & Matthew Phillips Ellucian

Disaster Recovery. 1.1 Introduction. 1.2 Reasons for Disaster Recovery. EKAM Solutions Ltd Disaster Recovery

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

APPENDIX G ASP/SaaS SECURITY ASSESSMENT CHECKLIST

EMERGENCY PREPAREDNESS PLAN Business Continuity Plan

Business Continuity Planning and Disaster Recovery Planning

IT General Controls Domain COBIT Domain Control Objective Control Activity Test Plan Test of Controls Results

Planning and Implementing Disaster Recovery for DICOM Medical Images

HIPAA Security Alert

Storage Guardian Remote Backup Restore and Archive Services

611 Tradewind Dr. Suite 100, Ancaster ON, L9G 4V5 (905) ext 244

Business Continuity Management and The Extended Enterprise

Computer Security: Principles and Practice

HIPAA Security COMPLIANCE Checklist For Employers

Building and Maintaining a Business Continuity Program

modules 1 & 2. Section: Information Security Effective: December 2005 Standard: Server Security Standard Revised: Policy Ref:

Business Impact Analysis (BIA) and Risk Mitigation

IT - General Controls Questionnaire

Qvidian Hosted Customer Technical Portfolio

Disaster Recovery (DR) Planning with the Cloud Desktop

How To Ensure The C.E.A.S.A

Transcription:

BCE Security Solutions Restricted Attachment 1 Toronto Public Library Disaster Recovery recommended safeguards and controls Final Prepared by: Bell Security Solutions Inc. Professional Services 333 Preston Street, Suite 1100 Ottawa, Ontario, Canada, K1S 5N4 Document issue: Final Date of issue: March 2006 Copyright Bell Security Solutions Inc., 2006

Notices Liability limitation BSSI s liability for all claims and damages arising from this contract including any warranty liabilities will be limited to a maximum value not to exceed the value of the contract under which this work was delivered, and liability for all indirect and consequential damages will be excluded. This document is based upon information which cannot be consider current more than 30 days past collection date, an is obsolete past this date. 2

Table of Contents 1 Introduction... 4 2 MTTR cost estimates for TPL data centre... 5 2.1 Scope... 5 2.2 Risk Categories... 5 2.2.1 Likelihood (frequency) categories... 5 2.2.2 Severity categories... 6 2.2.3 Risk levels... 6 2.3 Risk Matrix... 7 2.4 Cost matrix...10 3

1 Introduction In December 2005, BSSI delivered a disaster recovery plan to Toronto Public Library (TPL) for the TPL data centre which addressed the following high-level threats to TPL information management systems and services: Email outage Phone Service Outage Network outage Security breach Power outage Virus outbreak TPL has requested information regarding the benefit of different safeguard options in terms of mean time to recovery from any one of the identified threats. The following section is an estimate of mean-time-to-recovery (MTTR) for the TPL data centre under 7 typical availability recovery safeguard options. Tape back-up Cold site Warm site Hot site High availability site Managed / outsourced high-availability site Generator at local site 4

2 MTTR cost estimates for TPL data centre 2.1 Scope These estimates make the following assumptions about the size of the TPL infrastructure under consideration Asset Critical Services (Records Management, Finance, HR, Inventory, Email) Critical servers (hardware units) 100+ Number / Names All 2.2 Risk Categories 2.2.1 Likelihood (frequency) categories Category Description 1 Expected to occur more than once in a year or chance of occurring is greater than 50% in current year. Will definitely occur at some time. 2 Expected to occur less than one time per year less than 50% chance in the current year. Will probably occur. 3 Expected to occur less than once every 20 years or chance of occurring is less than 5% in the current year. Low probability but could happen. 4 Expected to occur less than once every 100 years or less than 1% in current year. Not expected to occur. 5

2.2.2 Severity categories Level Severity 1 Severity 2 Severity 3 Severity 4 Definition Complete data centre outage or no access to building; or all services unavailable; or outage > 3 days Significant impact on data centre services. All services impacted but not total outage; or very slow services, transactions not completing; or User s productivity and client service levels cut by more than half; or outage < 3 days but > 1 day Multiple servers down, certain services unavailable - but not total outage; or user s productivity and client service levels cut by less than half; or outage < 1 day but > 4 hours Data loss but servers functional or single server down. User productivity and client serviced slowed; or outage < 4 hours. 2.2.3 Risk levels The following risk matrix and definitions are prescribed by the Falconbridge Risk Management Program Framework. 1 II I I 2 III II I Likelihood Category 3 III II 4 III 4 3 2 1 Severity category Code Category Description I High Risk reduction required < 6 months or when required for project. II Medium Risk reduction required within appropriate specified period. III Low Verify that procedures or controls are in place. Very Low No mitigation required. 6

2.3 Risk Matrix Major triggering events: Natural event o Lighting Strike / Electrical storm / Power surge o Tornado Local Environment Impacted o Hazardous Chemical External o o External fire Human Continuity External explosion o Pandemic, o Labour unrest Local Infrastructure Loss o Power Outage External cause o HVAC outage o Infrastructure failure Local Physical Impact o Catastrophic fire o Localized in-building fire o Accidental water release Vandalism / Sabotage o Physical o Logical virus, worm hacker Risk Table definitions: Event: threat or incident description Likelihood: as described above Severity: as described above Risks: resulting combination of likelihood and severity Existing safeguards: the systems, applications and processes and procedures currently in place to mitigate risks. Residual risk: the reduced risk / remaining risk after the mitigating systems, applications processes and procedures are taken into account. Recommendations: additional mitigating systems, applications processes and procedures to further mitigate risks. Best View risk: the reduced risk / remaining risk after recommended systems applications and processes have been put in place relation to industry standard mitigation practices (best view) 7

ll Security Solutions Inc. Event Likelihood Severity Risk Existing Safeguards Residual risk Site-survival events 1 Recommended safeguards Best view risk Natural event ice storm 4 1 Applies to all site-survival incidents III III 1. patch management and change management 2. maintenance SLAs for IM equipment to be tested and validated Storage Area Network back-up 3. creation of restore-from-back-up procedures Human Continuity labour 3 2 III III unrest Infra loss power outage external cause 1 1 Infra loss HVAC failure 2 1 equipment labelled (not all) Applies to external and internal infrastructure incidents Local Infra loss network failure 2 1 I II facility on-call procedures for normalized maintenance after-hours (untested and un-updated) Vandalism / Sabotage - physical 3 1 I partial outside lighting I partial outside camera coverage Vandalism / Sabotage logical virus/worm Vandalism / Sabotage logical hacker 4. security awareness training for DC staff 2 x battery UPS with max 1 hour (80KW, 35KW) - 5. disaster recovery procedures allows for soft shutdown of key applications in a. centralization of recovery procedures and documentation person on site - hard copy and softcopy** disaster recovery plan b. emergency communications management systems I II automated call-out systems shutdown procedures (untested) 6. auto-shutdown scripting 7. certification, accreditation and testing of procedures and processes start-up (untested) a. shutdown and start-up procedures I back-up procedures (untested) with off site b. back-up and restore processes I rotation monitoring of access points (untested) 2 2 II personnel identification passes issued III perimeter firewalls 8. diesel generator 1 day fuel supply 9. add second HVAC to DC for redundancy** 10. water monitoring above DC 11. fire monitoring above and below DC 12. zoned waterless suppression 13. add second door to DC Applies to Vandalism / sabotage physical incidents 14. visitor enrolment and tracking 15. physical access controls (proximity cards) on DC and secondary server-based anti-virus controls on UPS systems 2 1 I II 16. video monitoring in DC network maintenance contracts for network 17. cover over the outside windows into DC devices (SLAs untested and un-validated) Local Infra loss localized accidental water release 3 1 I waterless fire suppression for DC (FM 200) I Applies to Vandalism / sabotage logical 2 incidents 18. intrusion detection systems (IDS) for network** 19. vulnerability assessment (ethical hacking) 20. telephony VA for illicit modems and faxes 1 Events which will leave the data centre accessible to staff 2 Logical events are network-based or software-based. 8

ll Security Solutions Inc. Event Likelihood Severity Risk Existing Safeguards Residual risk Site abandonment events 3 Recommended safeguards Best view risk Natural event - tornado 4 1 III III Storage Area Network back-up 2 x battery UPS with max 1 hour (80KW, 35KW) - allows for soft shutdown of key Local environment chemical spill 3 1 II II applications in person on site disaster recovery plan shutdown procedures (untested) Local environment external fire 3 1 II start-up (untested) II back-up procedures (untested) with off site rotation Local environment external explosion equipment labelled (not all) 3 1 II facility on-call procedures for normalized maintenance after-hours (untested and unupdated) II 1. Disaster recovery site partial outside lighting Human Continuity - pandemic 2 1 I partial outside camera coverage I monitoring of access points (untested) personnel identification passes issued Local Infra loss catastrophic fire 4 1 III perimeter firewalls III server-based anti-virus network maintenance contracts for network devices (SLAs untested and un-validated) Local Infra loss localized inbuilding fire 3 2 III waterless fire suppression for DC (FM 200) III 3 Events resulting in prolonged site abandonment and therefore site-specific safeguards and controls are mooted. 9

ll Security Solutions Inc. 2.4 Cost matrix The following costs are un-validated estimates for major upgrades. Precise cost estimates will depend upon proper requirements definitions, project planning and systems engineering. Safeguard name Description MTTR Set-up Cost Yearly ongoing Tape back-up A magnetic tape back-up system or DVD back-up systems. Back-up media managed with formalized controls and rotated off-site 2+ weeks existing existing Generator at local site Upgrade of local site with generator Site-survivable: major upgrade options Development of maintenance and testing procedures and plans Assumes that building can support generator with minor structural modifications on the ground floor (possibly located within the TPL photo room ) immediate $350,000 (procurement of generator systems and install of fuel and fire suppression systems, electrical design and implementation services, staff training, training simulations table top and functional, certification and accreditation services) $50,000 (equipment maintenance, staff training, additional rent, annual training simulations table top and functional) Site-abandonment: major upgrade options Cold stand-by A magnetic tape back-up system or DVD back-up systems. Back-up media managed with formalized controls and rotated off-site Physical recovery facilities maintained with necessary space, power, heating/cooling and telecom. No systems present. 1 week (critical applications) $500,000 (includes improvements to leased site and furniture, development of procurement checklist and vendor $250,000 (includes rent and minimum telecom subscription charges, annual training simulation table top) 10

ll Security Solutions Inc. Safeguard name Description MTTR Set-up Cost Yearly ongoing Warm stand-by Hot Stand-by Systems and software procured according to pre-defined list with pre-defined vendors. Assumes short-term occupancy (2 to 8 weeks) before main site is restored. Assumes dedicated site not shared facility. A magnetic tape back-up system or DVD back-up systems. Back-up media managed with formalized controls and rotated off-site Physical recovery facilities maintained with necessary space, power, heating/cooling, raised flooring and telecom. Servers and workstations are in place and available, but are not loaded with services, systems or data. Systems built according to existing build documentation and procedures. Tests performed on recovery procedures and systems on at least an annual basis. Assumes long-term occupancy (8 weeks 1 year) before main site is restored. Assumes dedicated site not shared facility. A magnetic tape back-up system or DVD back-up systems. Back-up media managed with formalized controls and rotated off-site Physical recovery facilities maintained with necessary space, power, heating/cooling, raised flooring and telecom. Servers are built and fully loaded with software and have identical configurations to operational units. Systems need to be powered up and loaded with back-up data according to documented procedures. 1 to 3 days (critical applications) 4 hours $4.5M qualification, development of recovery procedures, training simulation table top) $3M (includes physical site improvements, procurement of systems, development of recovery procedures / build documents, training simulation table top) (includes physical site improvements, procurement of systems and software, development recovery procedures / build documents, training simulations table top and functional, certification and accreditation Cost does not include activation costs during recovery add $1.5M) $750,000 (includes rent, minimum telecom subscription, hardware maintenance, update and management of procedures, annual training simulation table top) Cost includes amortization of equipment. $1M (includes rent, full telecom subscription, hardware/software maintenance, update and management of procedures, annual training simulations table top and functional, 1 maintenance FTE) 11

ll Security Solutions Inc. Safeguard name Description MTTR Set-up Cost Yearly ongoing Tests performed on recovery procedures and systems on at least an annual basis. Assumes long-term occupancy (8 weeks 1 year) before main site is restored. Assumes dedicated site not shared facility. services) High availability / mirrored facility Physical recovery facilities maintained with necessary space, power, heating/cooling, raised flooring and telecom. Servers are built and fully loaded with software and have identical configurations to operational units, including RAID drives and back-up capabilities. Back-up systems are synchronized over network with operational systems. (Mirrored) Routers and DNS configured to automatically re-route traffic to HA site Tests performed on recovery procedures and systems on at least an quarterly basis Multiple power sources including on-site generators Assumes long-term occupancy (8 weeks 1 year) before main site is restored. Assumes dedicated site not shared facility. immediate $5M (includes physical site improvements, procurement of systems and software, development of recovery procedures / build documents, integration services, training simulations table top and functional, certification and accreditation services) $2M (includes rent, full telecom subscription, hardware/software maintenance, update and management of procedures, annual training simulations table top and functional, 1 maintenance FTE) Managed / outsourced high-availability capability Same as High Availability but costs will reflect a managed services with a 12 month contract. Costs will assume the same size infrastructure is outsourced outsourcing few/selected components will reduce costs. Multiple power sources including on-site generators within SLA Assumes out-sourcing of day-to-day operational and Disaster sites and management immediate $0 (procurement of systems and software, development of recovery procedures / build documents, integration, training simulations table top and functional, certification and accreditation services) $9M (managed service fees + hardware/software maintenance update and management of procedures, annual training simulations table top and functional) 12

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information