business continuity planning · business continuity planning information security prof hans georg...
TRANSCRIPT
Business Continuity PlanningInformation Security
Prof Hans Georg Schaathun
Ålesund University College
Autumn 2011 – Week 13
Prof Hans Georg Schaathun Business Continuity Planning Autumn 2011 – Week 13 1 / 20
The session
Outline
1 The session
2 Response Planning
3 Continuity Strategies
4 Insurance and Responsibility
5 Closure
Prof Hans Georg Schaathun Business Continuity Planning Autumn 2011 – Week 13 2 / 20
The session
Session objectives
understand the relationship between incident response, disasterrecovery, and business continuitybe able to identify risks and possible solutions to businesscontinuity
Prof Hans Georg Schaathun Business Continuity Planning Autumn 2011 – Week 13 3 / 20
Response Planning
Outline
1 The session
2 Response Planning
3 Continuity Strategies
4 Insurance and Responsibility
5 Closure
Prof Hans Georg Schaathun Business Continuity Planning Autumn 2011 – Week 13 4 / 20
Response Planning
Incident response and disaster recovery
Incident responseDisaster recovery
Introduced before; what do we mean?
Prof Hans Georg Schaathun Business Continuity Planning Autumn 2011 – Week 13 5 / 20
Response Planning
Incident response and disaster recovery
Incident response (IR)immediate actioneffective IR should mean negligible effect on operationserious disasters may be out of scope for IR
Disaster recoveryrestoring status quorestoration may take timeproduction loss may incur while we wait
Prof Hans Georg Schaathun Business Continuity Planning Autumn 2011 – Week 13 6 / 20
Response Planning
Business Continuity Plans
keep the business goingwhen incident response falls shortwhile we wait for disaster recovery
BCP supplements IR and DRThe scope is the most serious incidents
when IR/DR is insufficient
Prof Hans Georg Schaathun Business Continuity Planning Autumn 2011 – Week 13 7 / 20
Response Planning
Why is BCP important?
What happens if you loose email connection for. . . 10 minutes?. . . 1 hour?. . . 4 hours?. . . 2 days?. . . a week?. . . a month?
Prof Hans Georg Schaathun Business Continuity Planning Autumn 2011 – Week 13 8 / 20
Response Planning
Why is BCP important?
What happens if you loose email connection for. . . 10 minutes?. . . 1 hour?. . . 4 hours?. . . 2 days?. . . a week?. . . a month?
Prof Hans Georg Schaathun Business Continuity Planning Autumn 2011 – Week 13 8 / 20
Response Planning
Incidents and Productivity
0 2 4 6 8 10 12 14 16Days
0
20
40
60
80
100Productivity
Prof Hans Georg Schaathun Business Continuity Planning Autumn 2011 – Week 13 9 / 20
Response Planning
Contingency Planning
IRPIncidentDetection
IncidentReaction
IncidentRecovery
DRPDisasterReaction
IncidentRecovery
DCP ContinuityReaction
AlternateSite Op’s
Prof Hans Georg Schaathun Business Continuity Planning Autumn 2011 – Week 13 10 / 20
Continuity Strategies
Outline
1 The session
2 Response Planning
3 Continuity Strategies
4 Insurance and Responsibility
5 Closure
Prof Hans Georg Schaathun Business Continuity Planning Autumn 2011 – Week 13 11 / 20
Continuity Strategies
What are the challenges in a disaster?
HardwareSoftware and configurationData (restored from backup)Location — Buildings
Prof Hans Georg Schaathun Business Continuity Planning Autumn 2011 – Week 13 12 / 20
Continuity Strategies
What are the challenges in a disaster?
HardwareSoftware and configurationData (restored from backup)Location — Buildings
Prof Hans Georg Schaathun Business Continuity Planning Autumn 2011 – Week 13 12 / 20
Continuity Strategies
Dedicated sites
Hot Sites a fully functional computing facility installed andconfigured for the organisation
Warm Site a partially installed computing facility. It typically includesserver hardware, but not applications and workstations.
Cold Site is just a spare building where a computing facility may beinstalled
Prof Hans Georg Schaathun Business Continuity Planning Autumn 2011 – Week 13 13 / 20
Continuity Strategies
Shared facilities
Time-Share several organisations share a hot/warm/cold site. Thisgives more value for money, assuming that twoorganisations will not hit simultaneous disasters...
Service Bureaus provide a service for a few, such as an agreement toprovide physical facilities in the event of a disaster
Mutual Agreements is some agreement between organisations toassist eachother in the event of a disaster.
Prof Hans Georg Schaathun Business Continuity Planning Autumn 2011 – Week 13 14 / 20
Continuity Strategies
Different facilities
Server and Data Centres High-security facilities. Security-awaremanagement. Good planning is common.
PC-s and Workstations Are often forgotten. Left to the attention ofindividual users.
Prof Hans Georg Schaathun Business Continuity Planning Autumn 2011 – Week 13 15 / 20
Continuity Strategies
Remote Storage
Backup is an obvious controlMost common threats to control are
media decay and disk failureuser errors (deleting the wrong file)
Rarer events include fire and theftRemote storage is essential to avoid losing both in the same eventBCP: roll out the backup on an alternate site
can you do it quickly enough?
Do you make remote backups as frequently as local backups?
Prof Hans Georg Schaathun Business Continuity Planning Autumn 2011 – Week 13 16 / 20
Insurance and Responsibility
Outline
1 The session
2 Response Planning
3 Continuity Strategies
4 Insurance and Responsibility
5 Closure
Prof Hans Georg Schaathun Business Continuity Planning Autumn 2011 – Week 13 17 / 20
Insurance and Responsibility
Continuity Planning versus Insurance
Is insurance an alternative to continuity planning?
Insurance will normally cover recovery.It will rarely cover consequential loss
such as lost productivity
Extended down-time may cause irrepairable loss
Prof Hans Georg Schaathun Business Continuity Planning Autumn 2011 – Week 13 18 / 20
Insurance and Responsibility
Continuity Planning versus Insurance
Is insurance an alternative to continuity planning?
Insurance will normally cover recovery.It will rarely cover consequential loss
such as lost productivity
Extended down-time may cause irrepairable loss
Prof Hans Georg Schaathun Business Continuity Planning Autumn 2011 – Week 13 18 / 20
Closure
Outline
1 The session
2 Response Planning
3 Continuity Strategies
4 Insurance and Responsibility
5 Closure
Prof Hans Georg Schaathun Business Continuity Planning Autumn 2011 – Week 13 19 / 20
Closure
Conclusions
Business Continuity Planning supplements other plans for securityWhere other plans focus on resolving a situation
BCP only provides a temporary solutionto keep going while the other plans are executed
BCP often includes a backup facilityto run operations temporarily
Prof Hans Georg Schaathun Business Continuity Planning Autumn 2011 – Week 13 20 / 20