Quick Intro:
description
Transcript of Quick Intro:
![Page 1: Quick Intro:](https://reader034.fdocuments.us/reader034/viewer/2022051518/56816334550346895dd3be3b/html5/thumbnails/1.jpg)
1 ISACA 2007, Jeffrey Blackmon
ISACA December 13th 2007
Auditing the Disaster Recovery Plan
What should be in a plan, and what should not
By:Jeffrey Blackmon CBCP, CISSP
![Page 2: Quick Intro:](https://reader034.fdocuments.us/reader034/viewer/2022051518/56816334550346895dd3be3b/html5/thumbnails/2.jpg)
2 ISACA 2007, Jeffrey Blackmon
Quick Intro: Jeff Blackmon, CBCP, CISSP
Started BC/DR planning in mid 80s Financial Petroleum Foreign Military Pharmaceutical
L3 Communications, Titan Group Support of Federal Government Contracts
(Kansas City and DC)
![Page 3: Quick Intro:](https://reader034.fdocuments.us/reader034/viewer/2022051518/56816334550346895dd3be3b/html5/thumbnails/3.jpg)
3 ISACA 2007, Jeffrey Blackmon
Format:
A little free format style
Open Discussion
Ask Questions
![Page 4: Quick Intro:](https://reader034.fdocuments.us/reader034/viewer/2022051518/56816334550346895dd3be3b/html5/thumbnails/4.jpg)
4 ISACA 2007, Jeffrey Blackmon
This may be somewhat a little different from the regular presentations
Usually have auditors speaking to auditors
Usually have computer people speaking to computer people
But not in this case
![Page 5: Quick Intro:](https://reader034.fdocuments.us/reader034/viewer/2022051518/56816334550346895dd3be3b/html5/thumbnails/5.jpg)
5 ISACA 2007, Jeffrey Blackmon
Computer person / business person speaking to the auditors
So expect a little different perspective
![Page 6: Quick Intro:](https://reader034.fdocuments.us/reader034/viewer/2022051518/56816334550346895dd3be3b/html5/thumbnails/6.jpg)
6 ISACA 2007, Jeffrey Blackmon
Computer Staff
![Page 7: Quick Intro:](https://reader034.fdocuments.us/reader034/viewer/2022051518/56816334550346895dd3be3b/html5/thumbnails/7.jpg)
7 ISACA 2007, Jeffrey Blackmon
The Auditors
![Page 8: Quick Intro:](https://reader034.fdocuments.us/reader034/viewer/2022051518/56816334550346895dd3be3b/html5/thumbnails/8.jpg)
8 ISACA 2007, Jeffrey Blackmon
Reason for some of the past relationships between Auditors and the Computer people
![Page 9: Quick Intro:](https://reader034.fdocuments.us/reader034/viewer/2022051518/56816334550346895dd3be3b/html5/thumbnails/9.jpg)
9 ISACA 2007, Jeffrey Blackmon
Why is BC and DR so difficult?
May not be well defined Big project Expensive Very difficult to take that 1st step
![Page 10: Quick Intro:](https://reader034.fdocuments.us/reader034/viewer/2022051518/56816334550346895dd3be3b/html5/thumbnails/10.jpg)
10 ISACA 2007, Jeffrey Blackmon
Topics
1. Goals and Reasons for doing Business Continuity and Disaster Recovery
2. What are BC and DR3. RTO/RPO 4. Good DR Plans5. Not so Good DR Plans6. Closing information
![Page 11: Quick Intro:](https://reader034.fdocuments.us/reader034/viewer/2022051518/56816334550346895dd3be3b/html5/thumbnails/11.jpg)
11 ISACA 2007, Jeffrey Blackmon
Goals and Reasons for BC and DR
![Page 12: Quick Intro:](https://reader034.fdocuments.us/reader034/viewer/2022051518/56816334550346895dd3be3b/html5/thumbnails/12.jpg)
12 ISACA 2007, Jeffrey Blackmon
Principle Goals
Provide for the safety of all employees
Minimize business downtime
![Page 13: Quick Intro:](https://reader034.fdocuments.us/reader034/viewer/2022051518/56816334550346895dd3be3b/html5/thumbnails/13.jpg)
13 ISACA 2007, Jeffrey Blackmon
Reasons for Doing BC and DR
Business Best Practices
FEMA Best Practices
Audit Requirements
![Page 14: Quick Intro:](https://reader034.fdocuments.us/reader034/viewer/2022051518/56816334550346895dd3be3b/html5/thumbnails/14.jpg)
14 ISACA 2007, Jeffrey Blackmon
Reasons for Doing BC and DR
Private Sector FSLIC √ HIPAA OCC √ GLBA Sarbanes Oxley √ NASD 3510
Government Sector FPC 65 √ NIST 800-34 A-123 Audit
![Page 15: Quick Intro:](https://reader034.fdocuments.us/reader034/viewer/2022051518/56816334550346895dd3be3b/html5/thumbnails/15.jpg)
15 ISACA 2007, Jeffrey Blackmon
Financial Reasons
Company Loss of $84,000 to $90,000 per hour of downtime
90% of companies that experience 1 week of data center down time go out of business within 12 months
(CIO INSIGHT, IDC)
![Page 16: Quick Intro:](https://reader034.fdocuments.us/reader034/viewer/2022051518/56816334550346895dd3be3b/html5/thumbnails/16.jpg)
16 ISACA 2007, Jeffrey Blackmon
More Financial Reasons‘The cost of being unprepared’
By Jim EllisEnergy $2,817,846Telecom $2,066,245Manufacturing $1,610,654Finance/Brokerage $1,495,134IT $1,344,461Insurance $1,202,444Retail $1,107,274Pharmaceuticals $1,082,252Banking $996,802Food processing $804,192Consumer $785,719Chemicals $704,101Average / hour $1,010,536
![Page 17: Quick Intro:](https://reader034.fdocuments.us/reader034/viewer/2022051518/56816334550346895dd3be3b/html5/thumbnails/17.jpg)
17 ISACA 2007, Jeffrey Blackmon
Costs(R. Witty, DRJ Fall 2006)
![Page 18: Quick Intro:](https://reader034.fdocuments.us/reader034/viewer/2022051518/56816334550346895dd3be3b/html5/thumbnails/18.jpg)
18 ISACA 2007, Jeffrey Blackmon
High Startup Costs
![Page 19: Quick Intro:](https://reader034.fdocuments.us/reader034/viewer/2022051518/56816334550346895dd3be3b/html5/thumbnails/19.jpg)
19 ISACA 2007, Jeffrey Blackmon
What are BC and DR?
![Page 20: Quick Intro:](https://reader034.fdocuments.us/reader034/viewer/2022051518/56816334550346895dd3be3b/html5/thumbnails/20.jpg)
20 ISACA 2007, Jeffrey Blackmon
![Page 21: Quick Intro:](https://reader034.fdocuments.us/reader034/viewer/2022051518/56816334550346895dd3be3b/html5/thumbnails/21.jpg)
21 ISACA 2007, Jeffrey Blackmon
DR Plan, what is it? IT Related
Major disruption has occurred that is not part of day to day SOP
Hardware / Software requirements Step by step directions for full
system recovery Very detailed documents required
![Page 22: Quick Intro:](https://reader034.fdocuments.us/reader034/viewer/2022051518/56816334550346895dd3be3b/html5/thumbnails/22.jpg)
22 ISACA 2007, Jeffrey Blackmon
DR Plan #1 Easy to use
Recovery of all major Computer systems based on Pre- determined priority (RTO)
Details, details, details
(Hardware, software, configurations, communications, disk storage, SAN connections……. )
![Page 23: Quick Intro:](https://reader034.fdocuments.us/reader034/viewer/2022051518/56816334550346895dd3be3b/html5/thumbnails/23.jpg)
23 ISACA 2007, Jeffrey Blackmon
BC Plan
#1 Easy to use
Recovery of all major business processes
People related Probably many manual processes
to be used for the short term
![Page 24: Quick Intro:](https://reader034.fdocuments.us/reader034/viewer/2022051518/56816334550346895dd3be3b/html5/thumbnails/24.jpg)
24 ISACA 2007, Jeffrey Blackmon
![Page 25: Quick Intro:](https://reader034.fdocuments.us/reader034/viewer/2022051518/56816334550346895dd3be3b/html5/thumbnails/25.jpg)
25 ISACA 2007, Jeffrey Blackmon
Plain and Simple
BC/DR are Risk Mitigation
No way to eliminate all risks
Proper planning will reduce the risks to an acceptable level
![Page 26: Quick Intro:](https://reader034.fdocuments.us/reader034/viewer/2022051518/56816334550346895dd3be3b/html5/thumbnails/26.jpg)
26 ISACA 2007, Jeffrey Blackmon
RTO and RPO
![Page 27: Quick Intro:](https://reader034.fdocuments.us/reader034/viewer/2022051518/56816334550346895dd3be3b/html5/thumbnails/27.jpg)
27 ISACA 2007, Jeffrey Blackmon
Recovery Time Objective (RTO)
The max allowable time that a business system, application or resource is allowed to be down or offline
RTO is determined by business owners, not IT department
![Page 28: Quick Intro:](https://reader034.fdocuments.us/reader034/viewer/2022051518/56816334550346895dd3be3b/html5/thumbnails/28.jpg)
28 ISACA 2007, Jeffrey Blackmon
Recovery Point Objective (RPO)
The amount of data that is acceptable to lose since the last successful backup was completed
RPO is determined by business owners, not IT department
![Page 29: Quick Intro:](https://reader034.fdocuments.us/reader034/viewer/2022051518/56816334550346895dd3be3b/html5/thumbnails/29.jpg)
29 ISACA 2007, Jeffrey Blackmon
Recovery Point Objective Recovery Time Objective
BackupTape Made
BackupTape Made
MidnightMondayNoon
MidnightTuesday
MidnightWednesday
NoonNoon
BackupTape Made
DISASTER
RPO (12 hours)
RTO (24 hours)Standard TapeBackup Recovery
![Page 30: Quick Intro:](https://reader034.fdocuments.us/reader034/viewer/2022051518/56816334550346895dd3be3b/html5/thumbnails/30.jpg)
30 ISACA 2007, Jeffrey Blackmon
Recovery Point Objective Recovery Time Objective
BackupTape Made
BackupTape Made
MidnightMondayNoon
MidnightTuesday
MidnightWednesday
NoonNoon
BackupTape Made
DISASTER
RPO (2 minutes)
RTO (12 hours, rebuild system)Replicated DataBackup Recovery
$$$ $
Real time replication
![Page 31: Quick Intro:](https://reader034.fdocuments.us/reader034/viewer/2022051518/56816334550346895dd3be3b/html5/thumbnails/31.jpg)
31 ISACA 2007, Jeffrey Blackmon
Find the Cost Effective Solution
Cost Effective Solution
Time
Costs
Business Interuption Cost Recovery Costs
![Page 32: Quick Intro:](https://reader034.fdocuments.us/reader034/viewer/2022051518/56816334550346895dd3be3b/html5/thumbnails/32.jpg)
32 ISACA 2007, Jeffrey Blackmon
RPO / RTO Example Major financial institutions on mission
critical systems RPO = 0 hours, on some applications RTO = 2 hours, on some applications
After 96 Hours, major financial institutions will probably not recover
By Jay Ranade, CISSP, CISA, CBCP, CISMPresident, Jay Ranade Consultants, Inc.
![Page 33: Quick Intro:](https://reader034.fdocuments.us/reader034/viewer/2022051518/56816334550346895dd3be3b/html5/thumbnails/33.jpg)
33 ISACA 2007, Jeffrey Blackmon
RPO / RTO Example Major breakfast cereal producer
RPO = 7 days RTO = 7 days
Put it all into perspective Very regular shipments to distributors by
boxcar Only breakfast cereal, if problems occur, then
re-ship
By DRII Classmate, 1999
![Page 34: Quick Intro:](https://reader034.fdocuments.us/reader034/viewer/2022051518/56816334550346895dd3be3b/html5/thumbnails/34.jpg)
34 ISACA 2007, Jeffrey Blackmon
RPO / RTO Expectations
‘Usually’ a large gap in management expectations as compared to actual recovery abilities
Talk with technical staff
![Page 35: Quick Intro:](https://reader034.fdocuments.us/reader034/viewer/2022051518/56816334550346895dd3be3b/html5/thumbnails/35.jpg)
35 ISACA 2007, Jeffrey Blackmon
What a plan should look like
![Page 36: Quick Intro:](https://reader034.fdocuments.us/reader034/viewer/2022051518/56816334550346895dd3be3b/html5/thumbnails/36.jpg)
36 ISACA 2007, Jeffrey Blackmon
Good DR plans
Be sure you keep in mind that DR plans are to recover computer and network systems
![Page 37: Quick Intro:](https://reader034.fdocuments.us/reader034/viewer/2022051518/56816334550346895dd3be3b/html5/thumbnails/37.jpg)
37 ISACA 2007, Jeffrey Blackmon
NIST 800-53, Recommended Security Controls for Federal Information System
FAMILY: CONTINGENCY PLANNING CP-1 CONTINGENCY PLANNING
POLICY AND PROCEDURES CP-2 CONTINGENCY PLAN CP-3 CONTINGENCY TRAINING CP-4 CONTINGENCY PLAN
TESTING CP-5 CONTINGENCY PLAN
UPDATE
![Page 38: Quick Intro:](https://reader034.fdocuments.us/reader034/viewer/2022051518/56816334550346895dd3be3b/html5/thumbnails/38.jpg)
38 ISACA 2007, Jeffrey Blackmon
NIST 800-53, Recommended Security Controls for Federal Information System
FAMILY: CONTINGENCY PLANNING CP-6 ALTERNATE STORAGE SITES CP-7 ALTERNATE PROCESSING SITES CP-8 TELECOMMUNICATIONS
SERVICES CP-9 INFORMATION SYSTEM
BACKUP CP-10 INFORMATION SYSTEM
RECOVERY AND RECONSTITUTION
![Page 39: Quick Intro:](https://reader034.fdocuments.us/reader034/viewer/2022051518/56816334550346895dd3be3b/html5/thumbnails/39.jpg)
39 ISACA 2007, Jeffrey Blackmon
Good DR plans
Disaster definition Who can activate the DR plan? Critical computer applications Escalation Plans / Decision Plans
![Page 40: Quick Intro:](https://reader034.fdocuments.us/reader034/viewer/2022051518/56816334550346895dd3be3b/html5/thumbnails/40.jpg)
40 ISACA 2007, Jeffrey Blackmon
Good DR plans
List of Recovery Team Members and contact info
Vendor Contact Information Communications Vendor Contact
Information Hotsite contact information Offsite storage contact information
![Page 41: Quick Intro:](https://reader034.fdocuments.us/reader034/viewer/2022051518/56816334550346895dd3be3b/html5/thumbnails/41.jpg)
41 ISACA 2007, Jeffrey Blackmon
Good DR plans Hardware / Software recovery for
each and every critical system based on RPO/RTO
Network recovery information
Detailed configuration information
![Page 42: Quick Intro:](https://reader034.fdocuments.us/reader034/viewer/2022051518/56816334550346895dd3be3b/html5/thumbnails/42.jpg)
42 ISACA 2007, Jeffrey Blackmon
Good DR plans
Up to date Information on last time this DR
plan was tested (Minimum is annually)
Change Log to the plan Returning to normal operations
![Page 43: Quick Intro:](https://reader034.fdocuments.us/reader034/viewer/2022051518/56816334550346895dd3be3b/html5/thumbnails/43.jpg)
43 ISACA 2007, Jeffrey Blackmon
Not so Good DR Plans
![Page 44: Quick Intro:](https://reader034.fdocuments.us/reader034/viewer/2022051518/56816334550346895dd3be3b/html5/thumbnails/44.jpg)
44 ISACA 2007, Jeffrey Blackmon
Not so Good DR plans No Executive Sponsor Unrealistic Budget
(< 2% of Data Center total budget) Unrealistic recovery strategy Not Exercised / Tested
Testing only partial of a system No training
No Priority on recovery of systems
![Page 45: Quick Intro:](https://reader034.fdocuments.us/reader034/viewer/2022051518/56816334550346895dd3be3b/html5/thumbnails/45.jpg)
45 ISACA 2007, Jeffrey Blackmon
Not so Good DR plans Copied from another site with no
updates General in nature 3 inch binder Overabundance of color charts and
slides High on fluff Short on useful information
![Page 46: Quick Intro:](https://reader034.fdocuments.us/reader034/viewer/2022051518/56816334550346895dd3be3b/html5/thumbnails/46.jpg)
46 ISACA 2007, Jeffrey Blackmon
Not so Good DR plans PURPOSE OBJECTIVES SCOPE AUTHORITIES REFERENCES MANAGEMENT RESPONSIBILITIES ORGANIZATION OF THE PLAN DEFINITIONS CANCELLATION DISTRIBUTION OVERVIEW POLICY ASSUMPTIONS CONCEPT OF ACTIVATION DEPLOYMENT CONDITIONS
![Page 47: Quick Intro:](https://reader034.fdocuments.us/reader034/viewer/2022051518/56816334550346895dd3be3b/html5/thumbnails/47.jpg)
47 ISACA 2007, Jeffrey Blackmon
With Logic like this
![Page 48: Quick Intro:](https://reader034.fdocuments.us/reader034/viewer/2022051518/56816334550346895dd3be3b/html5/thumbnails/48.jpg)
48 ISACA 2007, Jeffrey Blackmon
They may be trying to Bamboozal you!
![Page 49: Quick Intro:](https://reader034.fdocuments.us/reader034/viewer/2022051518/56816334550346895dd3be3b/html5/thumbnails/49.jpg)
49 ISACA 2007, Jeffrey Blackmon
Remember Review the plan at a high level Recovery of Systems and
Communications, that is key Who needs to be contacted? Where do we go? Acquire equipment Restore Operating Systems, applications
and data Restore Communication
![Page 50: Quick Intro:](https://reader034.fdocuments.us/reader034/viewer/2022051518/56816334550346895dd3be3b/html5/thumbnails/50.jpg)
50 ISACA 2007, Jeffrey Blackmon
Remember
Stick to the key points and don’t get distracted by all of the rest
Do not get bogged down in the fine detail
![Page 51: Quick Intro:](https://reader034.fdocuments.us/reader034/viewer/2022051518/56816334550346895dd3be3b/html5/thumbnails/51.jpg)
51 ISACA 2007, Jeffrey Blackmon
Closing
![Page 52: Quick Intro:](https://reader034.fdocuments.us/reader034/viewer/2022051518/56816334550346895dd3be3b/html5/thumbnails/52.jpg)
52 ISACA 2007, Jeffrey Blackmon
Front end security vs back end BC/DR
BC / DR activation are last resort efforts
Risk levels go high
Spend the time, effort & money to develop a very strong front end security program to avoid a disastrous event
![Page 53: Quick Intro:](https://reader034.fdocuments.us/reader034/viewer/2022051518/56816334550346895dd3be3b/html5/thumbnails/53.jpg)
53 ISACA 2007, Jeffrey Blackmon
Thank You for Attending!