Business Continuity Business Continuity PlanningPlanning

Real World Disaster RecoveryReal World Disaster Recovery

Presentation Prepared by: Upper Mohawk, Inc.Presentation Prepared by: Upper Mohawk, Inc.

Discussion TopicsDiscussion TopicsISO 17799 BCP Components ISO 17799 BCP Components Considering Business Continuity PlanningConsidering Business Continuity PlanningBusiness Continuity Clearly DefinedBusiness Continuity Clearly DefinedOptionsOptionsSecuritySecurityChallengesChallengesAnalysis PreparationAnalysis PreparationSummarySummary

ISO 17799 BCP ComponentsISO 17799 BCP ComponentsSection 2. System Section 2. System Development & MaintenanceDevelopment & Maintenance

••Prevent loss, modification or Prevent loss, modification or misuse of user data in application misuse of user data in application systems systems ••Protect the confidentiality, Protect the confidentiality, authenticity and integrity of authenticity and integrity of information information ••Ensure IT projects and support Ensure IT projects and support activities are conducted in a activities are conducted in a secure manner secure manner ••Maintain the security of Maintain the security of application system software and application system software and data. data. ••Ensure security is built into Ensure security is built into operational systems operational systems

Section 1. System Access Section 1. System Access ControlControl

••Control access to information Control access to information ••Prevent unauthorized access to Prevent unauthorized access to information systems information systems ••Ensure the protection of Ensure the protection of networked services networked services ••Prevent unauthorized Prevent unauthorized computer access computer access ••Detect unauthorized activities. Detect unauthorized activities. ••Ensure information security Ensure information security when using mobile computing when using mobile computing and teleand tele--networking facilitiesnetworking facilities

ISO 17799 BCP Components, ContISO 17799 BCP Components, ContSection 3. Physical & Section 3. Physical & Environmental SecurityEnvironmental Security

••Prevent unauthorized access, Prevent unauthorized access, damage and interference to damage and interference to business premises and business premises and information information ••Prevent loss, damage or Prevent loss, damage or compromise of assets and compromise of assets and interruption to business interruption to business activities activities ••Prevent compromise or theft Prevent compromise or theft of information and information of information and information processing facilities. processing facilities.

Section 4. ComplianceSection 4. Compliance

••Avoid breaches of any criminal Avoid breaches of any criminal or civil law, statutory, or civil law, statutory, regulatory or contractual regulatory or contractual obligations and of any security obligations and of any security requirements. requirements. ••Ensure compliance of systems Ensure compliance of systems with organizational security with organizational security policies and standards. policies and standards. ••Maximize the effectiveness of Maximize the effectiveness of and to minimize interference and to minimize interference to/from (this wording seems to/from (this wording seems awkward) the system audit awkward) the system audit process. process.

ISO 17799 BCP Components, ContISO 17799 BCP Components, ContSection 5. Personal Section 5. Personal SecuritySecurity

••Reduce risks of human Reduce risks of human error, theft, fraud or misuse error, theft, fraud or misuse of facilities of facilities ••Ensure that users are aware Ensure that users are aware of information security of information security threats and concerns, and are threats and concerns, and are equipped to support the equipped to support the corporate security policy in corporate security policy in the course of their normal the course of their normal work. work. ••Minimize the damage from Minimize the damage from security incidents and security incidents and malfunctions and learn from malfunctions and learn from such incidents. such incidents.

Section 6. Security Section 6. Security OrganizationOrganization

••Manage information security Manage information security within the Company within the Company ••Maintain the security of Maintain the security of organizational information organizational information processing facilities and processing facilities and information assets accessed by information assets accessed by third parties. third parties. ••Maintain the security of Maintain the security of information when the responsibility information when the responsibility for information processing has for information processing has been outsourced to another been outsourced to another organization. organization.

Considering Business Continuity Considering Business Continuity PlanningPlanning

The World has changed The World has changed since 9/11since 9/11•• Continuity of service is Continuity of service is

expected and should be expected and should be providedprovided

•• Protection of critical business Protection of critical business processes not an optionprocesses not an option

WhatWhat’’s really at Risk?s really at Risk?•• Revenue LossRevenue Loss•• Data LossData Loss•• Business Reputation LossBusiness Reputation Loss•• Quality of life or life itselfQuality of life or life itself

The driver for Business Continuity Planning should take into consideration natural disasters and internal security breaches as well as terrorism!

Gartner 2002

Business Continuity Clearly DefinedBusiness Continuity Clearly Defined

BCMBCM--Business Continuity Business Continuity Management isManagement is……....

““A set of plans that assists a A set of plans that assists a company or organization in company or organization in restoring operations under restoring operations under difficult or extreme difficult or extreme circumstances.circumstances.””

“Protect your business and your customers”

“Protecting government and our citizens”

OptionsOptions

8 Clustering ExampleClustering Example

Other OptionsOther Options

TimeTime

How important is your Data? Customer? Has your organization performed a BCP health check?There is no better time than NOW!

How important is your Data? Customer? How important is your Data? Customer? Has your organization performed a BCP health check?Has your organization performed a BCP health check?There is no better time than NOW!There is no better time than NOW!

Hot SiteHot Site

Instantly Instantly Operational Operational

Cold SiteCold Site

Ready to move inReady to move in

Mobile SiteMobile Site

Brought to end Brought to end usersusersKey Points

SecuritySecurity

•• There is always the next There is always the next levellevel

•• My networks are secureMy networks are secure

Security AssumptionSecurity Assumption

We need to approach Security more broadly….

•• Data is only as secure as Data is only as secure as the operators that have the operators that have control over itcontrol over it

•• My data is secureMy data is secure

•• My facility is secureMy facility is secure

•• Facilities are vulnerableFacilities are vulnerable•• My organizations resources My organizations resources are honestare honest

Security RealitySecurity Reality

ChallengesChallenges

Time Time ExpenseExpenseDefining the proper Scope for your Defining the proper Scope for your organizationorganizationMaintenance Maintenance

Analysis PreparationAnalysis Preparation

InitiationInitiationRisk AnalysisRisk AnalysisDetailed AnalysisDetailed AnalysisRemediation DevelopmentRemediation DevelopmentDocument and Process Maintenance Document and Process Maintenance

SummarySummary

Difficult ChallengeDifficult Challenge‘‘Must DoMust Do’’ attitudeattitudeGovernment Compliancy can force Government Compliancy can force the issuethe issue

Get started today!Get started today!