disaster recovery planning business continuity planning

CISSP All-in-one. Shon Harris 1

Disaster Recovery Planning

Business Continuity Planning


Business Continuity

• Designed to -– Minimize the effect of a disaster– Ensure the continuation of critical business

functions• You define and identify the critical business

functions


DRP and BCP

• DRP – – “Oh my goodness, the sky is falling,”

• BCP – “Okay, the sky fell. Now, how do we stay in

business until someone can put the sky back where it belongs?”


Natural Disasters

• Businesses must plan to meet any of the events that could effect day-to day operations .– Hurricanes – Floods– Fire – Power outages


Business Continuity and CIA

• CIA very important in BCP

• But Availability moves to the forefront

• Loss of data is the most devastating interruption

• 65% of businesses would go out of business if they had to close for one week due to a disaster or disruption


BCP Phases

• Initiate project

• Perform BIA

• Create Strategy

• Create Plan

• Implement plan

• Test Plan

• Maintain Plan


BCP – Project Initiation

• Identify core business functions and why.• Obtain management support• Identify a business continuity coordinator

– leader for the BCP team– oversee the development, implementation, and

testing of the continuity and disaster recovery plans.

• Representatives from each department must be involved with not only the planning stages but also the testing and implementation stages.


Recovery Planning

• What is Recover Planning– Developing a plan– Proactive approach for preparing for disaster

before it takes place to• Minimize loss• Ensure availability of critical systems and

equipment


Key Business Functions

• Accounting

• Data processing

• Customer support

• Communications

• IT support

• Purchasing


BCP – Project Initiation

• BCP team work with the management staff to develop– the ultimate goals of the plan, – identify the critical parts of the business that must be

dealt with first during a disaster,– ascertain the priorities of departments and tasks.

• continuity planning policy statement developed– lays out the scope of the BCP project– the team member roles– goals of the project.


BCP - Team

• The BCP team’s responsibilities are as follows:– Identifying regulatory and legal requirements that

must be met– Identifying all possible vulnerabilities and threats– Estimating the possibilities of these threats and the

loss potential– Performing a BIA– Outlining which departments, systems, and processes

must be up and running before any others– Developing procedures and steps in resuming

business after a disaster


BCP Team

• Senior executives on the BCP team oversee budgets.

• BCP chair gives directions to employees immediately after the disaster


BIA

• A business impact analysis (BIA) is considered a functional analysis, in which a team– collects data through interviews and

documentary sources – documents business functions,– activities, and transactions – develops a hierarchy of business functions– applies a classification scheme to indicate

each individual function’s criticality level.


Business Impact Analysis (BIA)

• The best place an organization can start– You will need a BCP policy before BIA

• Evaluates what processes are critical to the organization's survival

• Not all processes will be needed immediately. Only key services required.

• Estimates potential loss and damage

• Enables organizations to develop viable alternatives


BIA - Risk Assessment

• Define the threat– Natural?– Man-made?– Technical?

• Assign a dollar amount or value to the threat – risk analysis

• Evaluate the risk to business operations


BIA

• Loss criteria:– Loss in reputation and public confidence– Loss of competitive advantages– Increase in operational expenses– Violations of contract agreements– Violations of legal and regulatory requirements– Delayed income costs– Loss in revenue– Loss in productivity


BIA• The BIA identifies

– the company’s critical systems that are needed for survival

– Resources critical systems rely on– estimates the outage time that can be tolerated by

the company• Maximum Tolerable Downtime (MTD)

– The outage time that can be endured by a company

• MTD estimates – Nonessential 30 days– Normal 7 days– Important 72 hours– Urgent 24 hours– Critical Minutes to hours


Interdependences

• Define essential business functions• Identify interdependencies between functions

and departments • Discover possible disruptions in one department

affect others • Identify and document threats to

interdepartmental communication • Provide alternative methods to restore

functionality• Provide a rationale statement for each threat


Policies

• Must be implemented to back up the organization's choices

• CISSP code of ethics – Always put employees first.

• Number one goal should employee– Protection– Health– Well-being


Facility Recovery

• Three main categories of disruptions – Nondisaster - disruption in service because of device

malfunction or failure.• solution could include hardware, software, or file restoration.

– Disaster - event that causes the entire facility to be unusable for a day or longer

• Facility destroyed partially.• Business impacted temporarily • Alternate processing facility until main facility is repaired and

usable• Restoration of software and data from offsite copies.

– Catastrophe event that destroys the facility altogether. • Short-term solution - offsite facility• Long-term solution - rebuild the original facility.


MTBF and MTTR

• BCP team needs to identify MTBF and MTTR for all hardware and devices

• Manufactures and vendors have this data• MTBF - estimated lifetime of equipment.

– approximately when a particular device will need to be replaced.

• MTTR - estimate of how long it will take to fix a piece of equipment and get it back into production.


Hardware Backup

• Hot sites– Fully-configured– Ready to operate within FEW hours– Leased or rented

• Warm sites– Partially configured – only peripheral devices– May take several days to make operational– Get computer, software and hardware to be functional

• Cold sites– Have only the basic environmental infrastructure.

Routers, cables etc.– May take several weeks to be operational


Hardware Backup

– Redundant site• Hot site• Owned and maintained by the company• Operational immediately

– Mobile (rolling hot) sites. Equipment in a tractor trailer. E.g. Red Cross

– multiple processing centers• Multiple facilities throughout the world• Data processing moves from one center to another

if interruption is detected.


Hardware Backup

• Hot site – back-up tapes and equipment periodically tested.

• Warm site – back up tapes and equipment brought to the original site to be tested

• If company depends on the warm site– Original equipment and media taken to warm

site to be tested.


Offsite location

• Back up facility at least 5 miles away

• Low to medium environments – 15 miles

• Critical operations – 50-200 miles


Reciprocal Agreements

• Agreements with another company.– How long will the facility be available?– How much assistance will their staff supply?– How quickly can we move into the facility? – Are there interoperability issues? – Do conflicts of interests apply? – How would change control and configuration

management be handled? – How often can drills and testing take place?


Software Backup

• At least two copies of the company’s operating system software and critical applications. – One copy stored onsite– other copy stored at a offsite location.

• Copies must be– tested periodically– re-created when new versions are rolled out.


Software Escrow• Protection mechanism for the customer• Third party holds the source code, backups of

the compiled code, manuals, and other supporting materials.

• A contract between the software vendor, customer, and third party outlines who can do what and when with the source code.

• Customer can have access to the source code only if– vendor goes out of business– is unable to carry out stated responsibilities– is in breach of the original contract.


Choosing a Backup Facility

• Are they open 24 x 7?

• How secure is the facility?– Same controls at the back-up facility


Data Backup

• full backup – All data is backed up and saved

• Full backup is combined with differential or incremental backup

• differential backup– backs up the files that have been modified since the

last full backup.– When the data needs to be restored, the full backup

is laid down first and then the differential backup is put down on top of it.


Data Backup

• incremental backup– backs up all the files that have changed since

the last full or incremental backup – When the data needs to be restored

• First full backup• Then each incremental backup is laid down on top

of it in the proper order.

• Incremental backup is quicker than differential but takes longer to restore.


Data backup

• If backup and restoration processes simplistic and straightforward– full backup– But requires a lot of hard drive space and time.

• A differential backup takes more time in the backing up phase than an incremental backup– but it also takes less time to restore than an

incremental backup, • Restoration of a differential backup two step

process• Incremental backup – every incremental backup

has to be restored in the correct sequence.


Electronic Backup

• disk-shadowing– two physical disks– data is written to both at the same time for

redundancy. – If one disk fails, the other is readily available.– Expensive– Provides high degree of fault tolerance


Electronic Backup

• Electronic vaulting (backup files)– makes copies of files as they are modified and

periodically transmits them to an offsite backup site.– Takes place in batches and moves the entire file that

has been updated• Remote journaling (transaction logs)

– only includes moving the journal or transaction logs to the offsite facility, not the actual files.

– Takes place in real time and transmits only changes to files.

– If and when data is corrupted and needs to be restored, only retrieve logs and rebuild the data

– efficient for database recovery


Electronic Backup

• Hierarchical storage management (HSM)– Includes optical disks, magnetic disks and tapes– faster media holds frequently used files– Older files backed up on slower less expensive media

• storage area network (SAN)– Several storage systems connected together to form

a single backup network. – Switches are used to create a switching fabric

• switching fabric enables several devices to communicate with back-end storage devices

• provides redundancy and fault tolerance

• Off-site or on-site?


Restoration and Implementation


Plan Development Categories

• End-user environment

• Backup alternatives

• Recovery

• Restoration


End-User Environment

• How will users be notified of the disaster?

• Who will instruct them?

• How will backups be retrieved?

• Some employees may need to report to work during the disaster.


Backup Alternatives

• Hardware

• Data

• Personnel

• Off-site facilities


Documentation

• Procedures

• May need to include -– How to reinstall images– Configuration of OS and servers– installation of-

• Other utilities• Proprietary software

• Important for knowledge management


Recovery and Restoration

• Restoration team • When a disaster happens team must know

how to -– Install OS– Configure workstations and servers– String wires and cabling– Configure networking services– Restore systems


Tests


DRP Test

• Testing DRP – Most important in DR planning– Untested plan is worthless

• Create test documents

• Test criteria

• Types


Testing DRP

• Testing must be -– Conducted in an orderly, standardized fashion– Executed on a regular basis

• No demonstrated recovery ability exists until the DRP is tested


Testing DRP

• Testing – Verifies the accuracy of the recovery

procedures– Prepares and trains personnel to execute

during emergency– Verifies the processing capability of the

alternate backup site


Creating the Test Document

• Test scenarios– Entire system?– Portion of the system?– Back-up system

• Reasons for the test– Change in hardware, software, operational

environment• Objectives of the test • Type of tests • Testing schedule


Creating the Test Document

• Duration of the test – hour, day, weekend, week

• Specific test steps

• Who will be the participants?

• The task assignments of the test

• Resources and services required


Test Criteria

• Must not disrupt normal business functions– Should not affect availability for the entire

organization

• Should start with easy areas to build skills and confidence

• Purpose is to find weaknesses, update and retest


DRP Types

• Checklist of the plan to cover all critical items.• Structured walk through with business unit

managers– Ensures accuracy of the plan

• Simulation.• Parallel

– Fail a system when back-up running

• Full-interruption– Needs approval of the management


Simulation

• Practice session– To avoid the DRP causing the disaster

• Enacts recovery procedures


Parallel

• Full test using all personnel

• Primary processing does not stop

• Ensures processing will run at alternate site

• Tests some of the systems at the offsite facility

• Most common type of recovery plan testing


Full-Interruption

• Disaster is replicated to the point of ceasing normal operations

• Plan is implemented as if it were a disaster• Original site is shut down and processing moves

to alternate site• Can cause its own disaster • Best way to test completely• Structured walk-thru must be completed before

full-interruption• Management approval necessary before test


Teams and Emergency Response

• Teams that formulate DRP procedures

• Recovery team

• Salvage team– After disaster has occurred, salvage hardware

equipment, software and data

• Other issues


DRP Procedures

• Primary elements of the disaster recovery process– Recovery team– Salvage team– Normal operations team– Other recovery issues


Recovery Team

• Implements the recovery procedures in a disaster

• Gets critical functions operating at back-up site

• Retrieves materials from -– Off-site storage– Back-ups– Workstations

• Installs critical systems and applications


Salvage Team

• Separate from recovery team

• Returns the primary site to normal operating conditions

• Safely cleans, repairs, and salvages the primary processing facility


Other Recovery Issues

• Interfacing with external groups– Municipal emergency groups – fire, police,

ambulance, health services.

• Employee relations– Inherent responsibility to employees and their

families– Salaries must continue– Insurance must be adequate


Other Recovery Issuesat the disaster site.

• Fraud and crime– Fraud perpetrators may try to capitalize on the

disaster– Vandalism and looting may occur

• Financial disbursement– Expense disbursement– Signed and authorized checks will be needed


Other Recovery Issues

• Media relations– Unified response by management

• Train the spokesperson and salvage team

– Credible, trained, informed, spokesperson– Company should be accessible– Control dissemination of information


Maintaining the plan

• Keep plan updated by– Make business continuity a part of every business decision.– Insert the maintenance responsibilities into job descriptions.– Include maintenance in personnel evaluations.– Perform internal audits that include disaster recovery and

continuity documentation and procedures.– Perform regular drills that use the plan.– Integrate the BCP into the current change management process.

• Simplest• most cost-effective• process-efficient


Post Disaster

• After a disaster, when the primary facility is operational– Move least critical functions to the primary

facility first.

disaster recovery planning business continuity planning

Documents

shon harriscissp allinone

disastercissp allinone

equipmentcissp allinone

disruptioncissp allinone

resuming business

business continuitydesigned

bcp teamoversee

bcp okay