Chapter 16 Presented By: Stephen Lambert Disaster Recovery and Business Continuity

Chapter 16Chapter 16

Presented By:Presented By:Stephen LambertStephen Lambert

Disaster Recovery and Business Disaster Recovery and Business ContinuityContinuity

Business Continuity

Purpose: To develop a solid disaster recovery plan that will allow the business to continue through what ever catastrophic event that may occur.

Redundancy

Disaster Recovery Plan

A disaster recovery plan defines the resources, actions, and data required to reinstate critical business processes that have been damaged or disabled because of a disaster.

5 Potential Threats or Disasters

• Human induced accidents

• Natural

• Internal

• Armed conflict

• External

An effective Disaster Recovery Plan should include:

1. A list of the covered disasters.

Disaster Recovery Plan cont…

2. A list of the disaster recovery team members for each type of situation and their contact information.

Team Members

• Senior Management

• Information Technology Department

• Facilities Management

• User Community3. Business Impact Assessment

4. Business Resumption and Continuity Plan

5. Backup Documentation

6. Restore Documentation

Data Backups

All mission-critical data is critical to allow personnel to restore files and application software and continue business.

Key Issues of Backup Strategy:

• How often should the backups be run?

• What is the backup medium?

• What time of day should the backups be run?

• Are the backups manual or automated?

• How are backups verified?

• How long are backups stored?

• Where are backups stored?

• Who is responsible for backups?

• Who is the fallback person responsible for backups?

Security Policy

Acceptable Use Policy – policies that are concerned with the use of computer equipment and network resources for personal use or use that is not benefiting the company.

Privacy – protect customer and supplier data

Separation of Duties – effectively distribute tasks throughout the IT organization and document processes thoroughly.

Password Management – attributes: minimum length, allowed character set, disallowed strings (all numbers, dictionary words, variations of the username or ID), and the duration of use of the password.

Service Level Agreements – is a contractual understanding between and ASP and the end user which binds the ASP to a specified and documented level of service.

Disposal and Destruction

Human Resources Policy

Employee Hiring – Hiring of personnel for computer network or security functions require verifying the candidate’s background, including reference checks, previous employers, criminal background checks, and relevant educational background.

Employee Termination -- protect against disgruntled employees

Code of Ethics – the code should demand that employees act honestly, responsibly, and legally to protect the organization.

Incident Response Policy -- covers how to deal with a security incident after it has already transpired.

Six Distinct Steps:

• Preparation• Detection• Containment• Eradication• Recovery• Follow Up

Human Resources Policy cont…

http://www.webseminarslive.com/article2/0,2290,1553527,00.asp