bcp-dr
-
Upload
tapas-bhattacharya -
Category
Documents
-
view
219 -
download
0
Transcript of bcp-dr
-
8/9/2019 bcp-dr
1/61
Business Continuity& Disaster Recovery
Business Impact AnalysisRPO/RTO
Disaster RecoveryTesting, Backups, Audit
-
8/9/2019 bcp-dr
2/61
Ackno ledgments!aterial is sourced "rom#
CISA Review Manual 2009 , $ % ', I(ACA) All rig*ts reserved) +sed ypermission)CISA Certified Information Systems Auditor All-in-One Exam uide! Peter- .regory, !c.ra -ill
Aut*or# (usan 0 1incke, P*D+niv) o" 2isconsin Parkside
Revie ers/Contri utors# Todd Burri & !egan Reid
3unded y 4ational (cience 3oundation 54(36 Course, Curriculum and1a oratory Improvement 5CC1I6 grant '7898:# In"ormation (ecurity# Audit,Case (tudy, and (ervice 1earning)
Any opinions, "indings, and conclusions or recommendations e;pressed in t*ismaterial are t*ose o" t*e aut*or and/or source5s6 and do not necessarilyre"lect t*e vie s o" t*e 4ational (cience 3oundation)
-
8/9/2019 bcp-dr
3/61
O e e;amples "or# Incremental ackup, di""erentialackup=De"ine cloud computing, In"rastructure as a (ervice, Plat"orm as (ervice,(o"t are as a (ervice, Private cloud, Community cloud, Pu lic cloud,-y rid cloud)
=Develop a Business Continuity Plan=Per"orm a Business Impact Analasys
-
8/9/2019 bcp-dr
4/61
Imagine a company?
Bank it* @ !illion accounts, socialsecurity num ers, credit cards, loans?
Airline serving 9 , people on %9"lig*ts daily?P*armacy system "illing 9 million
prescriptions per year, some o" t*eprescriptions are li"e saving?3actory it* % employees producing% , products per day using ro ots?
-
8/9/2019 bcp-dr
5/61
Imagine a system "ailure?
(erver "ailureDisk (ystem "ailure-acker reak in
Denial o" (ervice attack;tended po er "ailure
(no storm(py are!alevolent virus or orm
art* uake, tornadomployee error or revenge
-o ill t*is a""ect eac*usiness
-
8/9/2019 bcp-dr
6/61
3irst (tep#
Business Impact Analysis2*ic* usiness processes are o" strategicimportance
2*at disasters could occur2*at impact ould t*ey *ave on t*eorgani>ation "inancially 1egally On
*uman li"e On reputation2*at is t*e re uired recovery time period Ans ers o tained via uestionnaire,
intervie s, or meeting it* key users o" IT
-
8/9/2019 bcp-dr
7/61
vent Damage Classi"ication
Negligible # 4o signi"icant cost or damageMinor # A non negligi le event it* no material or
"inancial impact on t*e usinessMajor # Impacts one or more departments and mayimpact outside clients
Crisis # -as a ma
-
8/9/2019 bcp-dr
8/61
2ork ook#
Disasters and ImpactProblematic Event
or IncidentAffected Business Process(es)
(Assumes a university)
Impact Classification Effect on finances! legal
liability! "uman life!reputation
Fire Class rooms, businessdepartments
Crisis, at times Major,Human life
Hacking Attack Registration, advising, Major,
Legal liability
Net ork
!navailable
Registration, advising,
classes, "ome ork,education
Crisis
#ocialengineering,$Fraud
Registration, Major,
Legal liability
#erver Failure%&isk$server'
Registration, advising,classes, "ome ork,
education(
Major, at times) Crisis
-
8/9/2019 bcp-dr
9/61
Recovery Time# TermsInterruption #indo$ # Time duration organi>ation can ait
et een point o" "ailure and service resumption%ervice &elivery 'bjective (%&') 1evel o" service in Alternate!ode
Ma imum *olerable 'utage # !a; time in Alternate !ode
Regular (ervice
Alternate !ode
Regular (ervice
Interruption2indo
!a;imum Tolera le Outage
(DO
Interruption
Time?
DisasterRecoveryPlan Implemented
RestorationPlan Implemented
-
8/9/2019 bcp-dr
10/61
De"initions
Business Continuity # O""er critical services inevent o" disruption
&isaster +ecovery # (urvive interruption tocomputer in"ormation systemsAlternate Process Mode # (ervice o""ered y
ackup system
&isaster +ecovery Plan (&+P) # -o to transitionto Alternate Process !ode+estoration Plan # -o to return to regular systemmode
-
8/9/2019 bcp-dr
11/61
Classi"ication o" (ervices
Critical ,,,, # Cannot e per"ormed manually)Tolerance to interruption is very lo
-ital ,, # Can e per"ormed manually "or very s*orttime%ensitive , # Can e per"ormed manually "or aperiod o" time, ut may cost more in sta"" Nonsensitive . # Can e per"ormed manually "oran e;tended period o" time it* little additionalcost and minimal recovery e""ort
-
8/9/2019 bcp-dr
12/61
Determine Criticality o" Business
ProcessesCorporate
(ales 5@6 (*ipping 5%6 ngineering 576
2e (ervice 5@6 (ales Calls 5%6
Product A 5@6
Product B 5%6
Product C 576
Product A 5@6
Orders 5@6
Inventory 5%6
Product B 5%6
-
8/9/2019 bcp-dr
13/61
RPO and RTO
-o "ar ack can you "ail to -o long can you operate it*out a systemOne eek s ort* o" data 2*ic* services can last *o long
I n t e r r u p
t i o n
@ @ @-our Day 2eek
Recovery Point O
-
8/9/2019 bcp-dr
14/61
Recovery Point O
-
8/9/2019 bcp-dr
15/61
Business Impact Analysis (ummary
(ervice RecoveryPoint
O
-
8/9/2019 bcp-dr
16/61
RAID E Data !irroring
ABCD ABCD
AB CD Parity
AB CD
RAID # (triping RAID @# !irroring
-ig*er 1evel RAID# (triping & Redundancy
Redundant Array o" Independent Disks
-
8/9/2019 bcp-dr
17/61
4et ork Disaster Recovery
+edundancy
Includes#Routing protocols3ail over
!ultiple pat*s
Alternative +outing
F@ !edium or
F @ net ork provider
&iverse +outing
!ultiple pat*s,@ medium type
/ast0mile circuit protection )g), 1ocal# micro ave & ca le
/ong0"aul net$or1 diversityRedundant net ork providers
-oice +ecoveryGoice communication ackup
-
8/9/2019 bcp-dr
18/61
Disruption vs) Recovery Costs
Cost
Time
(ervice Do ntime
Alternative Recovery (trategies!inimum Cost
2 -ot (ite
2 2arm (ite
2 Cold (ite
-
8/9/2019 bcp-dr
19/61
Alternative Recovery (trategies
3ot %ite # 3ully con"igured, ready to operate it*in *ours#arm %ite # Ready to operate it*in days# no or lo po ermain computer) Does contain disks, net ork, perip*erals)Cold %ite # Ready to operate it*in eeks) Containselectrical iring, air conditioning, "looring&uplicate or +edundant Info4 Processing 5acility #(tand y *ot site it*in t*e organi>ation
+eciprocal Agreement it* anot*er organi>ation ordivisionMobile %ite # 3ully or partially con"igured trailer comes toyour site, it* micro ave or satellite communications
-
8/9/2019 bcp-dr
20/61
2*at is Cloud Computing
Data ase
App (erver
1aptop
PC
2e (erver CloudComputing
GP4 (erver
-
8/9/2019 bcp-dr
21/61
T*is ould cost H% /mont*)This would cost$200/month.
Introduction to Cloud
4I(T Gisual !odel o" Cloud Computing De"inition4ational Institute o" (tandards and Tec*nology, )cloudstandards)org
http://www.cloudstandards.org/http://www.cloudstandards.org/ -
8/9/2019 bcp-dr
22/61
Cloud (ervice !odels
%oft$are(%aa%) Providerruns o n applications oncloud in"rastructure)Platform(Paa%)Consumer provides appsprovider provides systemand developmentenvironment)Infrastructure(laa%)
Provides customersaccess to processing,storage, net orks or ot*er"undamental resources
-
8/9/2019 bcp-dr
23/61
Cloud Deployment !odels
Private Cloud Dedicated to one organi>ationCommunity Cloud (everal organi>ations it*
s*ared concerns s*are computer "acilitiesPublic Cloud Availa le to t*e pu lic or alarge industry group3ybrid Cloud T o or more clouds 5private,community or pu lic clouds6 remain distinct utare ound toget*er y standardi>ed orproprietary tec*nology
-
8/9/2019 bcp-dr
24/61
!a
-
8/9/2019 bcp-dr
25/61
-ot (ite
Contractual costs include# asic su scription,mont*ly "ee, testing c*arges, activation costs,
and *ourly/daily use c*argesContractual issues include# ot*er su scri eraccess, speed o" access, con"igurations, sta""assistance, audit & test-ot site is "or emergency use E not long term!ay o""er arm or cold site "or e;tendeddurations
-
8/9/2019 bcp-dr
26/61
Reciprocal Agreements
Advantage# 1o costPro lems may include#
Muick accessCompati ility 5computer, so"t are, ?6Resource availa ility# computer, net ork, sta"" Priority o" visitor
(ecurity 5less a pro lem i" same organi>ation6Testing re uired(uscepti ility to same disasters1engt* o" elcomed stay
-
8/9/2019 bcp-dr
27/61
RPO Controls&ata 5ile and
%ystem7&irectory/ocation
+P'(3ours)
%pecial *reatment(Bac1up period! +AI&! 5ile
+etention %trategies)
Registration *"ours RA5&(Mobile #ite6
2eac"ing 3 day &aily backups(
Facilities Computer Center asRedundant info processing center
2ork
Book
-
8/9/2019 bcp-dr
28/61
Business Continuity Process
Per"orm Business Impact AnalysisPrioriti>e services to support critical usinessprocessesDetermine alternate processing modes "orcritical and vital servicesDevelop t*e Disaster Recovery plan "or I(systems recoveryDevelop BCP "or usiness operations recoveryand continuationTest t*e plans!aintain plans
-
8/9/2019 bcp-dr
29/61
Muestion
T*e amount o" data transactions t*at areallo ed to e lost "ollo ing a computer
"ailure 5i)e), duration o" orp*an data6 is t*e#@)Recovery Time O
-
8/9/2019 bcp-dr
30/61
Muestion
2*en t*e RTO is large, t*is is associatedit*#
@) Critical applications%) A speedy alternative recovery strategy7) (ensitive or nonsensitive services:) An e;tensive restoration plan
-
8/9/2019 bcp-dr
31/61
Muestion
2*en t*e RPO is very s*ort, t*e estsolution is#
@) Cold site%) Data mirroring7) A detailed and e""icient Disaster
Recovery Plan:) An accurate Business Continuity Plan
-
8/9/2019 bcp-dr
32/61
Disaster Recovery
Disaster RecoveryTesting
-
8/9/2019 bcp-dr
33/61
An Incident Occurs?
(ecurity o""icer declares disaster
Call (ecurityO""icer 5(O6or committee
mem er
(O "ollo spre esta lis*ed
protocol
mergency ResponseTeam# -uman li"e#
3irst concern
P*one tree noti"ies
relevant participants
IT "ollo s Disaster Recovery Plan
Pu lic relationsinter"aces it* media5everyone else uiet6
!gmt, legalcouncil act
-
8/9/2019 bcp-dr
34/61
Concerns "or a BCP/DR Plan
vacuation plan# People s lives al ays take firstpriority
Disaster declaration# 2*o, *o , "or *atResponsi ility# 2*o covers necessary disasterrecovery "unctionsProcedures "or Disaster Recovery
Procedures "or Alternate !ode operationResource Allocation# During recovery & continuedoperation
Copies o" t*e plan s*ould e o"" site
-
8/9/2019 bcp-dr
35/61
Disaster Recovery
Responsi ilities.eneral Business
3irst responder#vacuation, "ire, *ealt*?
Damage Assessmentmergency !gmt
1egal A""airsTransportation/Relocation/Coordination 5people,e uipment6(upplies(alvageTraining
IT (peci"ic 3unctions(o"t are
Applicationmergency operations
4et ork recovery-ard areData ase/Data ntry
In"ormation (ecurity
-
8/9/2019 bcp-dr
36/61
BCP Documents3ocus# IT Business
ventRecovery
Disaster Recovery PlanProcedures to recover atalternate site
Business Recovery PlanRecover usiness a"ter adisaster
IT Contingency Plan#Recovers ma
-
8/9/2019 bcp-dr
37/61
2ork ook
Business Continuity OvervieClassifica0
tion(Critical or
-ital)
BusinessProcess
Incident or Problematic
Event(s)
Procedure for 3andling(%ection 8)
7ital Registration
ComputerFailure
5f total failure,for ard re8uests to !9-
#ystem
t"er ise, use 3- eek-olddatabase for read purposesonly
Critical 2eac"ing ComputerFailure
Faculty &: Recovery/rocedure
-
8/9/2019 bcp-dr
38/61
!TB3 K !TT3 L !TTR
= !ean Time to Repair 5!TTR6= !ean Time Bet een 3ailure 5!TB36
!easure o" availa ility#= 9 Ns K NN)NNN o" time orking K 9
minutes o" "ailure per year)
orks repair orks repair orks
@ day ': days
-
8/9/2019 bcp-dr
39/61
Disaster Recovery
Test ;ecution Al ays tested in t*is order#
&es10Based Evaluation7Paper *est # Agroup steps t*roug* a paper procedure andmentally per"orms eac* step)Preparedness *est # Part o" t*e "ull test is
per"ormed) Di""erent parts are testedregularly)5ull 'perational *est # (imulation o" a "ulldisaster
-
8/9/2019 bcp-dr
40/61
Business Continuity Test Types
C"ec1list +evie$ # Revie s coverage o" plan E are allimportant concerns covered
%tructured #al1t"roug" # Revie s all aspects o" plan,o"ten alking t*roug* di""erent scenarios
%imulation *est # ;ecute plan ased upon a speci"icscenario, it*out alternate site
Parallel *est # Bring up alternate o"" site "acility, it*out
ringing do n regular site5ull0Interruption # !ove processing "rom regular site to
alternate site)
-
8/9/2019 bcp-dr
41/61
Testing O
-
8/9/2019 bcp-dr
42/61
Testing Procedures
Tests start simple andecome more c*allenging
it* progressInclude an independent 7 rd party 5e)g) auditor6 too serve testRetain documentation "oraudit revie s
Develop testo
-
8/9/2019 bcp-dr
43/61
Test (tagesPre*est (et t*e (tage(et up e uipmentPrepare sta""
*est Actual test
Post*est CleanupReturning resourcesCalculate metrics# Time re uired, successrate in processing, ratio o" success"ultransactions in Alternate mode vs) normalmodeDelete test data
valuate planImplement improvements
PreTest
Test
PostTest
-
8/9/2019 bcp-dr
44/61
.ap Analysis
Comparing Current 1evel it* Desired 1evel= 2*ic* processes need to e improved= 2*ere is sta"" or e uipment lacking= 2*ere does additional coordination need
to occur
-
8/9/2019 bcp-dr
45/61
InsuranceIP3 &uipment
Data & !edia mployeeDamage
Business Interruption#
1oss o" pro"it due to I(interruption
Galua le Papers &
Records# Covers cas*value o" lost/damagedpaper & records
3idelity Coverage#
1oss "rom dis*onestemployees
;tra ;pense#;tra cost o" operation
"ollo ing IP3 damage
!edia ReconstructionCost o" reproduction o"media
rrors & Omissions#1ia ility "or error resultingin loss to client
I( uipment &3acilities# 1oss o" IP3 &e uipment due todamage
!edia Transportation1oss o" data during ;port
IP3 K In"ormation Processing 3acility
-
8/9/2019 bcp-dr
46/61
Auditing BCP
Includes#Is BIA complete it* RPO/RTO de"ined "or all servicesIs t*e BCP in line it* usiness goals, e""ective, and currentIs it clear *o does *at in t*e BCP and DRPIs everyone trained, competent, and *appy it* t*eir
-
8/9/2019 bcp-dr
47/61
(ummary o" BC (ecurity
Controls= RAID= Backups# Incremental ackup, di""erential ackup
= 4et orks# Diverse routing, alternative routing= Alternative (ite# -ot site, arm site, cold site,reciprocal agreement, mo ile site
= Testing# c*ecklist, structured alkt*roug*,simulation, parallel, "ull interruption
= Insurance
-
8/9/2019 bcp-dr
48/61
Muestion
T*e 3IR(T t*ing t*at s*ould e done *en you discoveran intruder *as *acked into your computer system is to#
@) Disconnect t*e computer "acilities "rom t*e computernet ork to *ope"ully disconnect t*e attacker %) Po er do n t*e server to prevent "urt*er loss o"
con"identiality and data integrity)
7) Call t*e manager):) 3ollo t*e directions o" t*e Incident Response Plan)
-
8/9/2019 bcp-dr
49/61
Muestion
During an audit o" t*e usiness continuityplan, t*e "inding o" !O(T concern is#
@) T*e p*one tree *as not een dou lec*ecked in Q mont*s%) T*e Business Impact Analysis *as not
een updated t*is year 7) A test o" t*e ackup recovery system isnot per"ormed regularly
:) T*e ackup li rary site lacks a +P(
-
8/9/2019 bcp-dr
50/61
Muestion
T*e "irst and most important BCP test is t*e#@) 3ully operational test%) Preparedness test7) (ecurity test:) Desk ased paper test
-
8/9/2019 bcp-dr
51/61
Muestion
2*en a disaster occurs, t*e *ig*estpriority is#
@) nsuring everyone is sa"e%)!inimi>ing data loss y saving important
data7)Recovery o" ackup tapes:)Calling a manager
-
8/9/2019 bcp-dr
52/61
Muestion
A documented process *ere onedetermines t*e most crucial IT operations
"rom t*e usiness perspective@)Business Continuity Plan%)Disaster Recovery Plan
7)Restoration Plan:)Business Impact Analysis
-
8/9/2019 bcp-dr
53/61
Muestion
T*e PRI!ARJ goal o" t*e Post Test is#@) 2rite a report "or audit purposes%) Return to normal processing7) valuate test e""ectiveness and update
t*e response plan:) Report on test to management
-
8/9/2019 bcp-dr
54/61
Muestion
A test t*at veri"ies t*at t*e alternate sitesuccess"ully can process transactions is
kno n as#@) (tructured alkt*roug*%) Parallel test
7) (imulation test:) Preparedness test
-
8/9/2019 bcp-dr
55/61
Interactive Cross ord Pu>>le
To get more practice t*e voca ulary "romt*is section click on t*e picture elo ) 3or
a ord ank look at t*e previous slide)
De"initions adapted "rom# All In One CI(A ;am .uide
-
8/9/2019 bcp-dr
56/61
3EA/*3 5I+%* CA%E %*9&6Business Impact Analysis & Business Continuity
0amie Ramon !DDoctor
C*ris Ramon RDDietician
Terry1icensed
Practicing 4urse
Pat(o"t are Consultant
-
8/9/2019 bcp-dr
57/61
(tep @# De"ine T*reats
Resulting in Business Disruptioney uestions#=2*ic* usiness processesare o" strategic importance=2*at disasters couldoccur=2*at impact ould t*ey*ave on t*e organi>ation"inancially 1egally On*uman li"e On reputation
Impact ClassificationNegligible # 4o signi"icant cost ordamage
Minor # A non negligi le event it*no material or "inancial impact ont*e usinessMajor # Impacts one or moredepartments and may impactoutside clientsCrisis # -as a ma
-
8/9/2019 bcp-dr
58/61
(tep @# De"ine T*reats
Resulting in Business DisruptionProblematic
Event orIncident
AffectedBusiness
Process(es)
Impact Classification Effect on finances!
legal liability! "umanlife! reputation
3ire-acking incident4et ork +navaila le5 )g), I(P pro lem6(ocial engineering,"raud(erver 3ailure 5 )g),Disk6
Po er 3ailure
-
8/9/2019 bcp-dr
59/61
@ @ @-our Day 2eek
(tep %# De"ine Recovery O
-
8/9/2019 bcp-dr
60/61
Business Continuity
(tep 7# Attaining Recovery Point O
-
8/9/2019 bcp-dr
61/61
Criticality Classi"ication
Critical # Cannot e per"ormed manually) Toleranceto interruption is very lo
-ital # Can e per"ormed manually "or very s*ort time%ensitive # Can e per"ormed manually "or a periodo" time, ut may cost more in sta""
Non0sensitive # Can e per"ormed manually "or ane;tended period o" time it* little additional costand minimal recovery e""ort