The Technology Trilogy:



Similar documents
Business Unit CONTINGENCY PLAN

Business Continuity Plan

5 Common Disasters that Strike Small Businesses

Business Continuity Position Description

Creating a Business Continuity Plan for your Health Center

By: Tracy Hall. Community Bank Auditors Group Taking Your Business Continuity Plan To The Next Level. June 9, 2015

EHRs and Information Availability: Are You At Risk?

D2-02_01 Disaster Recovery in the modern EPU

2015 CEO & Board University Taking Your Business Continuity Plan To The Next Level. Tracy L. Hall, MBCP

NCUA LETTER TO CREDIT UNIONS

Audit Report. Management and Security of Office of Budget and Program Analysis Information Technology Resources. U.S. Department of Agriculture

Information Technology Security Review April 16, 2012

Audit, Finance and Legislative Committee Mayor Craig Lowe, Chair Mayor-Commissioner Pro Tem Thomas Hawkins, Member

Disaster Recovery and Business Continuity Plan

Unit Guide to Business Continuity/Resumption Planning

Enterprise Security Tactical Plan

Prepared by Rod Davis, ABCP, MCSA November, 2011

Risk Management Guide for Information Technology Systems. NIST SP Overview

State of South Carolina Policy Guidance and Training

EMERGENCY PREPAREDNESS PLAN Business Continuity Plan

Disaster Recovery Policy

Company Management System. Business Continuity in SIA

Cyber Security & State Energy Assurance Plans

Office of Inspector General

Table of Contents... 1

DRAFT Revised Guide to the National CDEM Plan 2015 July 2015

Business Continuity Planning for Schools, Departments & Support Units

Disaster Recovery. 1.1 Introduction. 1.2 Reasons for Disaster Recovery. EKAM Solutions Ltd Disaster Recovery

WORK PERFORMED UNDER AGREEMENT DE-OE SUBMITTED BY Idaho Office of Energy Resources 322 E. Front St. P.O. Box Boise, ID

JUMP START DISASTER RECOVERY PLAN FOR HOSPITALITY

A Best Practices Point of View from. Data Backup and Disaster Recovery Planning

Managing Information Resources and IT Security

GEARS Cyber-Security Services

Intel Business Continuity Practices

Identify and Protect Your Vital Records

Business Continuity Planning and Disaster Recovery Planning

SCOPE; ENFORCEMENT; AUTHORITY; EXCEPTIONS

Disaster Preparedness & Response

MANAGED WORKSTATIONS: Keeping your IT running

IM-93-1 ADP System Security Requirements and Review Process - Federal Guidelines

Institute for Business Continuity Training 1623 Military Road, # 377 Niagara Falls, NY

Continuity of Operations Planning. A step by step guide for business

Microsoft Services Premier Support. Security Services Catalogue

Security Risk Assessment Tool

RSA ARCHER BUSINESS CONTINUITY MANAGEMENT AND OPERATIONS Solution Brief

Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD.

Appendix. Key Areas of Concern. i. Inadequate coverage of cybersecurity risk assessment exercises

Business Impact Analysis (BIA) and Risk Mitigation

Preemptive security solutions for healthcare

Ensure Absolute Protection with Our Backup and Data Recovery Services. ds-inc.com (609)

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA

Why Crisis Response and Business Continuity Plans Fail

ICS for LAUSD EOC and DOC Operation

End of Support Should Not End Your Business. Challenge of Legacy Systems

Ohio Supercomputer Center

It also provides guidance for rapid alerting and warning to key officials and the general public of a potential or occurring emergency or disaster.

What Dynamic Business IT Support Really Means For Your Business. ds-inc.com (609)

ESKITP6034 IT Disaster Recovery Level 4 Role

HIPAA Security. 2 Security Standards: Administrative Safeguards. Security Topics

PHASE 9: OPERATIONS AND MAINTENANCE PHASE

Legislative Audit Division State of Montana. Criminal Justice Information Network (CJIN)

CYBER SECURITY GUIDANCE

Subject: Internal Audit of Information Technology Disaster Recovery Plan

DISASTER RECOVERY ebook FACING DISASTERS HEAD ON

Assessing Your Disaster. Andrews Hooper Pavlik PLC. Andrews Hooper Pavlik PLC

Disaster Recovery & Business Continuity. James Adamson Library Systems Office

Information Resource Management Directive USAP Contingency & Disaster Recovery Program

Why Should Companies Take a Closer Look at Business Continuity Planning?

This presentation will introduce you to the concepts and terminology related to disaster recovery planning for businesses.

SECURITY. Risk & Compliance Services

Cyber Incident Response

Business Continuity Planning Preparing Your Organization

SYMANTEC 2010 SMB INFORMATION PROTECTION SURVEY. Symantec 2010 SMB Information Protection Survey. Global Data

RLI PROFESSIONAL SERVICES GROUP PROFESSIONAL LEARNING EVENT PSGLE 125. When Disaster Strikes Are You Prepared?

Cisco Unified Communications Predeployment, Deployment, and Postdeployment Service Bundle

CRITICAL INFRASTRUCTURE PROTECTION BUILDING ORGANIZATIONAL RESILIENCE

Business Continuity Information Gathering Template

Management of IT Risks

AUDITING A BCP PLAN. Thomas Bronack Auditing a BCP Plan presentation Page: 1

Data Privacy and Gramm- Leach-Bliley Act Section 501(b)

FINAL May Guideline on Security Systems for Safeguarding Customer Information

Temple university. Auditing a business continuity management BCM. November, 2015

U.S. Fire Administration. The Critical Infrastructure Protection Process Job Aid

Chapter 1: An Overview of Emergency Preparedness and Business Continuity

U.S. ELECTION ASSISTANCE COMMISSION OFFICE OF INSPECTOR GENERAL

Introduction to Business Continuity Planning. PCDC Introduction. Objectives. MPCA Series on Business Continuity Planning

NHS 24 - Business Continuity Strategy

Information Resource Management Directive USAP Information Security Awareness, Training and Education Program

BUSINESS CONTINUITY PLANNING

BUSINESS CONTINUITY POLICY

Business Continuity and Disaster Survival Strategies for the Small and Mid Size Business.

Implement security solutions that help protect your IT systems and facilitate your On Demand Business initiatives.

How To Write A Cybersecurity Framework

State of Minnesota. Enterprise Security Strategic Plan. Fiscal Years

Strategic Risk Management for School Board Trustees

Emergence of Business Continuity to Ensure Business and IT Operations

White Paper THE FIVE STEPS TO MANAGING THIRD-PARTY RISK. By James Christiansen, VP, Information Risk Management

Sustainable Service Delivery

Memorandum. ACTION: Report on Computer Security Controls of Financial Management System, FTA FE May 23, 2000.

Transcription:

The Technology Trilogy: Security, Disaster Recovery, & Business Continuity Information Technology Services for Colleges and Universities www.thinkeduserve.com

The Technology Trilogy: Security, Disaster Recovery & Business Continuity One of the hottest topics today regardless of the source is the protection of information. Newspapers, popular magazines, broadcast television, blogs, and government reports are discussing how information technology can and has been compromised, and ways to avoid being the victim of an attack. Colleges and universities are particularly vulnerable because of the sensitive nature of the information stored and processed social security numbers, credit card information, financial information, addresses, personal schedules and transcripts are particularly enticing to identity theft criminals. In addition to unwanted and uninvited intrusion, colleges and university must also be aware of their vulnerabilities to natural disasters, and to threats toward people, systems and buildings. Tornadoes, hurricanes, and earthquakes can wreak havoc on the continuity of university business operations. And, many institutions fail to plan in the event critical staff members are unable to perform their duties. State legislatures, boards of trustees and Presidents are now requiring comprehensive disaster recovery plans. In most cases, the disaster recovery plan provides for an alternate computing environment should there be a fire or flood, and identifies backup procedures. Often, this is focused entirely on the technology environment, and neglects to fully address business continuity in the event of a disaster. We believe that taking a holistic approach to Security, Disaster Recovery and Business Continuity provides the framework for maximum protection and will significantly reduce downtime in the event of a disaster. Our model aligns these three most vulnerable points (security, disaster recovery, and business continuity), and connects all three to create an environment that is: Resistant to attack Able to quickly and efficiently recover from any disruption Able to continue to perform business operations within institutional expectations The Trilogy Model was developed to strengthen each planning process, identify and address all vulnerabilities proactively, and reduce the time and effort required to develop separate plans. And, because the model integrates a wider range of users it also helps to reinforce the individuals role in security, disaster recovery and business continuity. Confidential Page 2 EduServe 2012

The Trilogy Model: Planning Process & Standards The National Institute of Standards and Technology developed a set of guidelines for Disaster Recovery and Business Continuity Plans. The Trilogy Model utilizes the NIST guidelines to ensure that all plans meet state and federal regulations. The Trilogy Model provides a comprehensive approach to data collection as well as an organization for including the appropriate people within the organization. The communication and facilitation structure is critical for the success of the plan development. Elements of quality assurance and practical change management are interwoven throughout the structure. Trilogy Model Facilitation and Communication Structure Establish Expectations and Scope Determine the Expectations from State Regulations, Board, President, Executive Cabinet Provide guidance on best practices Identify Key Individuals and Specify Roles Establish decision tree Develop Trilogy Organization Identify participants and roles in the development of the plan Deploy Communications Plan Identify Repository for Documents Create communication website Develop email lists Create consistent formats to simplify training Review Processes for Quality Disseminate new processes to key individuals for review Test new processes and document any changes Report Progress Regularly Report milestones and major decisions to Executive Team and get feedback Communicate progress and new initiatives to the organization Confidential Page 3 EduServe 2012

The facilitation and communication structure provide the guidelines for deploying the actual Security, Disaster Recovery and Business Continuity process. This process is managed by a project manager who is able to guide the institution through each step of the model. The Trilogy Process is illustrated below: Initiate Trilogy Process Plan Maintenance Evaluate/Test Security Plan Testing, Training & Evaluation Review/ Enhance Security Policies & Environment The Trilogy Model Draft Comprehensive Trilogy Plan Conduct Business Impact Analysis Develop Recovery Strategies Identify Preventative Measures Confidential Page 4 EduServe 2012

In essence, the process includes: Assessment of the current security environment and direction for strengthening and hardening the infrastructure and policies. Contingency Policy & Organization The organization establishes a policy that provides the authority and guidance to develop a plan. In addition, it establishes an appropriate organizational structure to react and participate in contingency planning as well as disaster recovery. Business Impact Analysis Every organization must identify its critical systems and components to ensure business continuity. It must determine what the impact of system loss may be and determine recovery priorities. Identify Preventative Measures Through the analysis, potential hazards will be identified and recommendations for remediation and prevention will be listed. Develop Recovery Strategies Working with the staff and administration, a series of recovery strategies will be developed. In addition to the strategies, costs and resources will be identified. Create the Contingency Plan From the data gathered from the first four steps in the series, the actual Contingency Plan document can be written. This document will provide the institution with specific procedures for recovery as well as all other pertinent information such as personnel contact information, memoranda of understanding, etc. Test, Train and Evaluate Testing enables the plan deficiencies to be identified and addresses as well as evaluate the ability of the recovery staff to implement the plan effectively. Periodic, systematic training for all recovery personnel is essential as well. Plan Maintenance In order to ensure that the plan remains viable it must be updated periodically. This should part of an overall strategy, and testing and revision should occur regularly. Confidential Page 5 EduServe 2012

Sample Table of Contents Below is a sample Table of Contents for a comprehensive Trilogy Plan: Security Policy and Organization Security Policy Statement Network Policies and Procedures Contingency Planning Policy and Organization Contingency Planning Policy Statement Scope of Plan Contingency Planning Organization and Authorization Communications Plan Business Impact Analysis Critical IT Resources Recovery Priorities Preventive Controls Disruption Impacts Alternate Sites Recovery Strategies Backup Methodology Equipment Replacement Staff Roles and Responsibilities Costs Plan Activation Supporting Information Notification/Activation Procedures Recovery Sequence & Procedures Reconstitution Procedures Testing, Training and Evaluation Testing Procedures Plan Alteration Procedures Development of comprehensive contingency plans requires extraordinary expertise. expertise includes: Such Tactical Planning Knowledge of Contingency Planning Standards Organizational Leadership and Group Facilitation Skills Information Technology & Systems Design Network and Infrastructure Design Confidential Page 6 EduServe 2012

Business Process Analysis Technical Writing Presentation Skills In addition, developing a contingency plan requires many dedicated hours to collect information, document processes, develop strategies and create an effective planning document. Many institutions have found it not only cost effective, but far more efficient to utilize the services of a contingency planning consultant to facilitate the process. Conclusion EduServe is a management consulting firm specializing in higher education. EduServe is dedicated to helping colleges and universities accomplish their mission through maximizing human performance and realizing technology's potential. Our mission is to produce extraordinary results for the colleges and universities we serve. Higher education management is our core business; as expert practitioners, EduServe consultants have an average of 20 years each serving higher education. EduServe understands the challenges you face. We guide you in the use of best practices and in adopting emerging methods for effective institutional and technology management. Our unique blend of leadership, management and planning expertise allows us to work creatively with our clients to build workable strategies and deliver measurable results. For more information on EduServe s Contingency Planning services and deliverables, please contact us: Confidential Page 7 EduServe 2012

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information