Upload
jeff-millsap
View
216
Download
0
Tags:
Embed Size (px)
Citation preview
Dealing with Your Worst Nightmare -
A Practical Approach to Business Continuity Planning
David de FiebreTUG Meeting – Cottage Grove, Oregon
October 29, 2009
Key Points
Disaster Recovery vs. Business Continuity
Business Continuity Planning
DR/BC planning dovetails with Information Security planning (and maybe ITIL?)
Disaster Recovery vs. Business Continuity
BC is Business centric not technology centric
Business is people People communicate with other people People use information to communicate
Disaster Recovery vs. Business Continuity
Assumptions
You have systems disaster recovery handled
Most organizations stop at DR Few organizations address business
continuity
Disaster Recovery vs. Business Continuity
Disaster recovery plans are great but what if you can't get to your systems?
Building destroyed Building uninhabitable – Fire Marshall
stands between you and plan execution People can't get to work
Business Continuity Planning
Systems security professionals – information security vs. information availability
How do you keep business running?
What is needed to keep business running?
Business Continuity Planning
Who do I depend on?
Who depends on me?
What if I couldn't be there?
What if they couldn't be there?
Business Continuity Planning
Components of a BC Plan
Business impact analysis and assessment Build a plan Train to the plan Implement the plan. (I hope you never
implement the plan!)
Business Continuity Planning
Don't recreate the wheel
Business continuity plan templates
Google “business continuity plan template” SearchDisasterRecovery.com TechRepublic.com University IT web sites: Illinois and Notre Dame
have been useful to me ISSA and ISACA
Business Continuity Planning
Dovetails with information security and other IT planning processes (ITIL)
Who needs what, when, where, and how?
Business Continuity Planning
Data classification and business impact analysis
Importance of data/systems drives both planning processes
Business Continuity Planning
ITIL service delivery planning supports BC planning
Repeatable, documented, and controlled process
Business Continuity Planning
Summary
Disaster recovery is a given but you can't stop there
Planning processes are not stand alone Don't duplicate effort Don't recreate the wheel Be pragmatic