Welcome and About CIS

• This slide gives students a quick overview of what the CIS is, what the RTI is, and what our long term training plans are (instructors will receive a briefing beforehand).

About this workshop

• This seminar covers the overall business continuity plan (BCP) including incident response planning (IRP), disaster recovery planning (DRP) and how they relate to the continuity of operations plan (COOP). Special emphasis will be given to the unique opportunities local governments have.

Meet Your Instructor

Donald E HesterCISSP, MCT, MCSE, MCSA, MCDST, Security+, CTT+, HDM

Los Medanos CollegeAdjunct Instructor, Computer Networking Technologies DepartmentDHester@LosMedanos.edu

Maze & AssociatesManager & Consultant, Information Systems & Security DepartmentDonaldH@MazeAssociates.com

Committee Member: Think Security FirstMember: American Society of Industrial Security (ASIS)Member: Information Systems Audit and Control Association (ISACA)Member: Computer Security Institute (CSI) Member: American Management Association (AMA)Member: The Marine Corp League

Contact Info:

Instant Messenger: sobca@hotmail.com

Website: http://www.learnsecurity.org

Thank you to our sponsors

• The page devoted to sponsor logos and mention

Continuity Strategy

• Management must drive strategic planning to assure continuous information systems availability

• Plans are referred to in a number of ways– Business Continuity Plans (BCPs)– Disaster Recovery Plans (DRPs)– Incident Response Plans (IRPs)– Contingency Plans (CP)– Continuity of Operations Plan (COOP)– Business Recovery Plan (BRP)

• Some organizations may have many types of plans, some may have one simple plan

• Most organizations have inadequate planning

Structure

Contingency Planning

• Contingency Planning (CP):– Incident Response Planning (IRP) – Disaster Recovery Planning (DRP) – Business Continuity Planning (BCP)– Business Recovery (Resumption) Plan (BRP)

Contingency Planning Team

• CP Steering committee or forum• Champion • Project Manager • Team Members

– from business units – user departments– IT– Finance

Major Steps in Contingency Planning

Business Impact Analysis

• Begin with Business Impact Analysis (BIA)if the attack succeeds, what do we do then?

• The CP team conducts the BIA in the following stages:1.Threat attack identification

2.Business unit analysis

3.Attack success scenarios

4.Potential damage assessment

5.Subordinate plan classification

Incident Response Planning

• Incident Response Plan• Incident Detection

– Incident Indicators– Incident or Disaster?

• Incident Reaction– Notification of Key Personnel– Documenting an Incident– Incident Containment Strategies

• Incident Recovery– Damage Assessment

Disaster Recovery Planning

• Preparation for and recovery from a disaster

• Decide which actions constitute disasters and which constitute incidents

• Take action to secure the most valuable assets to preserve value for the longer term even at the risk of more disruption

• Goal reestablish operations at the ‘primary’ site

Disaster Recovery Planning

• DRP Steps– Priorities– Responsibilities– Notification & Communication– Document Disaster

• Crisis Management– Support personnel & families– Declare disaster– Inform the public, customers, vendors etc.

• Planning– Command Center – team– Setup up or load systems

• DRP Structure– Testing is key – real offsite testing– What steps to execute before during and after– Update plan as need – as your network changes

Business Continuity Planning

• Business continuity planning– reestablishment of critical business operations – so that operations can continue

• If a disaster has rendered the business unusable for continued operations, there must be a plan to allow the business to continue to function

Continuity Strategies

• The determining factor in selection between these options is usually cost– Far enough removed

• In general there are three exclusive options: – hot sites– warm sites– cold sites

• And three shared functions: (Documented)– timeshare– service bureaus– mutual agreements – JPA

• Off-Site Disaster Data Storage

Model for IR/DR/BC Plan

• The single document set approach supports concise planning and encourages smaller organizations to develop, test, and use IR/DR plans

• The model presented is based on analyses of disaster recovery and incident response plans of dozens of organizations

The Planning Document

1. Establish responsibility for managing the document, typically the security administrator

2. Appoint a secretary to document the activities and results of the planning session(s)

3. Independent incident response and disaster recovery teams are formed, with a common planning committee

4. Outline the roles and responsibilities for each team member

5. Develop the alert roster and lists of critical agencies6. Identify and prioritize threats to the organization’s

information and information systems

The Planning Process

There are five steps in the CP process:1. Identifying the mission- or business-critical

functions & identifying dependencies

2. Anticipating potential contingencies or disasters

3. Selecting strategies

4. Implementing strategies

5. Testing and revising the strategy

Unique Position for Cities

• Offer citizens BCP services– Keep local businesses local– Service the citizens– Reduce the cost

• Integration of EO and BCP– Help with funding issues– Already in place

• JPA or such agreements– Split the cost with other local governments

• Other ideas?

Resources

• http://www.learnsecurity.org/Security/Lists/New%20Test/Business%20Continuance.htm

• NIST SP 800-34 “Contingency Guide for Information Technology Systems”

• ISO 17799 § 11• COBIT § DS4.0• Guide to Disaster Recovery by Michael Erbschloe

ISBN 0-619-13122-5• DRI International• Disaster-Resource.com