![Page 1: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/1.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
![Page 2: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/2.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Business Impact Analysis
![Page 3: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/3.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Stages BCP/DRP
Develop contingency planning policy
Conduct business impact analysis (BIA)
Identify preventive controls
Develop recovery strategies
Develop contingency plan
Test the plan and train personnel
Maintain the plan
![Page 4: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/4.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Threats
Potential Impact on Business
Vulnerabilities
AssetsRisksControls
SecurityArrangements Asset Value
Prot
ect
Agai
nst
Met By
Exploit
Reduce
Indicate
Incr
ease Expose
Hav
e
Increase
Increase
![Page 5: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/5.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Risk Analysis
A pre-requisite to complete and meaningful DRP program
It is assessment of threats to assets
Determination of protection required to safe guard the assets
![Page 6: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/6.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Risk Assessment Process
Identification of assetsIdentifying threats to these assets and assessing their likelihoodIdentifying vulnerabilities and assessing how easily they might be exploitedCorrelate threats to assetsRanking of risksIdentifying the protection provided by the controls in place
![Page 7: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/7.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Risk Management
The process of identifying, controlling and minimizing or eliminating risks that may affect information systems for acceptable cost
![Page 8: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/8.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Risk Management - Direction
Reducing the risk
Avoiding the risk
Transferring the risk
Accepting the risk
![Page 9: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/9.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Degree of Assurance Required
It is not possible to achieve total security
There will always be a residual risk
What degree of residual risk is acceptable to the organization?
![Page 10: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/10.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Risk Management
Defining an acceptable level of residual risk
Constantly reviewing threats and vulnerabilities
Reviewing of existing controls
Applying additional controls
Introducing policy and procedures
![Page 11: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/11.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
What are Assets?
An asset is something to which an organization directly assigns value and hence for which the organization requires protection
![Page 12: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/12.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Examples of Asset
Information data filesuser manuals etc.
Softwareapplication and system software etc.
Servicescommunicationstechnical etc.
Company image and reputation
![Page 13: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/13.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Examples of Asset
Documentscontractsguidelines etc
Hardwarecomputermagnetic media etc.
Peoplepersonnelcustomers etc.
![Page 14: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/14.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Assets
PhysicalLogical
•Data• Information•Software •Documentation
•People•Hardware•Facilities •Documentation •Supplies
![Page 15: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/15.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Some Assets
physical assets
personnel assets
intellectual property
trade secrets
corporate information
financial information
market research
strategic planning
customer listsvendor listscontact listsinformation systemsR & D informationcommunicationsmeetingsfuture directions
![Page 16: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/16.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Assets Valuation
Would depend on
Business impact on loss of asset
Period of time for which asset is unavailable
Valuation of the competitor
Value of information rather than replacement of hardware
![Page 17: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/17.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
What is a Risk?
The potential that a given threat will exploit vulnerabilities of an asset or group of assets to cause loss or damage to assets
![Page 18: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/18.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Ranking of Risks
Protection of asset should be on the basis of their criticality
How long can I continue without my asset
What is the loss to business if asset is not there
Can I continue operations otherwise
![Page 19: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/19.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Outage Impact & Allowable Outage Times
R e s o u r c e O u t a g e Im p a c t A l l o w a b l eO u t a g e T im e
AuthenticationServer
User could not access Inventory System 8 hours
Database Server User could not access Inventory System 8 hours
E-mail Server User could not send e-mail 2 days5 DesktopComputers
User could not access Inventory System 8 hours
Hub User could not access Inventory System 8 hoursNetwork Cabling User could not access Inventory System 8 hoursElectric P ower User could not access Inventory System 8 hoursP rinter User could not produce Inventory Reports 4 days
![Page 20: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/20.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
System Ranking
CriticalOnly automated
Low tolerance to interruption
High cost of interruption
VitalLevel of tolerance is high
Can be operated manually for limited period
Cost of interruption is low
![Page 21: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/21.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
System Ranking
SensitiveCan performed manually for extended time period
Additional resources required
Non CriticalCan remain inoperative
Data is not restored
![Page 22: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/22.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Formulae for Comparing Risks
Asset Cost
A
Likelihood of Threat
OccurrenceB
Vulnerability C
Measure of Risk
D A+B+C
3
Risk Ranking
E
4 5 3 4 High 3 3 3 3 Moderate 5 5 5 5 Very High 4 1 1 2 Low
1 1 1 1 Very Low
![Page 23: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/23.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Threat
A declaration of the intent to inflict harm, pain or miseryPotential to cause an unwanted incident, which may result in harm to a system or organization and its assetsIntentional or accidental, man-made or an act of GodAssets are subject to many kinds of threats which exploits vulnerabilities
![Page 24: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/24.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Types of Threat
Man made ThreatsMan made ThreatsErrorsSabotageBombsStrikesTerrorist AttackCompetitors
![Page 25: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/25.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Type of Threats
Man made Man made ThreatsThreats
Disgruntled employeesEx-employeesHackersCrackerFire
![Page 26: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/26.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Type of Threats
Natural ThreatsNatural ThreatsFloodsHurricanesTornadoesEarth-quakesFireLightning
![Page 27: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/27.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Type of Threats
Technological
Deliberate threats
Accidental threats
Threat frequency
![Page 28: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/28.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Threat Likelihood
Low Less likely to occur
Mediumsome history of occurrence
High Good possibility of occurrence
![Page 29: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/29.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Impact of Threat
Loss of moneyLoss of reputation or goodwillOpportunities missedLitigationThreat on personnelBreak-ins or HacksLost confidenceBusiness interruptionReduced efficiency
![Page 30: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/30.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Vulnerability
A vulnerability is a weakness/hole in an organization’s information security
A vulnerability in itself does not cause harm
It is merely a condition or set of conditions that may allow a threat to affect an asset
A vulnerability if not managed, will allow a threat to materialize
![Page 31: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/31.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Vulnerabilities
Absence of key personnel
Unstable power grid
Unprotected cabling lines
Lack of security awareness
Wrong allocation of password rights
Insufficient security trainingNo firewall installedUnlocked doorPassword same as useridPoor choice of passwordNew technology
![Page 32: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/32.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Controls
Controls are applied to mitigate risk
bring to acceptable level
accept the risk
Controls should be cost effective
![Page 33: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/33.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Control Selection
Which Control?
![Page 34: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/34.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Control Selection
Risk
Degree of assurance required
Cost
Ease of Implementation
Servicing
Legal and regulatory requirements
Customer and other contractual requirements
![Page 35: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/35.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Control Selection - Cost
Budget limitations
Does the cost of applying the control outweigh the value of the asset
May have to select Best Value range of controls
![Page 36: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/36.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Control - Ease of Implementation
Does environment support control
How long will the control take to implement
Is the control readily available
![Page 37: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/37.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Control - Servicing
Are skills available to manage controls
Are upgrades readily available
Is equipment supported by local engineers or suppliers
![Page 38: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/38.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Controls
The policies, practices and organizational structures designed to provide reasonable assurance that business objectives will be achieved and that undesired events will be prevented or detected and corrected
![Page 39: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/39.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Power Outage Mitigation
Provide one hour of uninterrupted power on all servers used internallyProvide eight hour of uninterrupted power on all web server and support hardwareReplace desktop systems with laptops where possibleAlternate power supplyDG SetUPS/voltage regulators
![Page 40: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/40.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Fire Damage
Automatic and manual fire alarms at strategic locationsFire extinguishers at strategic locations
Halon or CO2 or water?
Automatic fire sprinkler systemControl panelsAutomatic fire proof doorsMaster switches both inside and outside IS facilityWiring in closets
![Page 41: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/41.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Water Damage
IS facility should not be on the ground floor
Water proof ceilings, walls and floors
Drainage systems
Water alarms
Dry pipe sprinkler system
Cover hardware with protective fabric
![Page 42: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/42.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Controls of the Last Resort (Insurance)
IS equipment and facility Media reconstruction (Software)Extra expenseBusiness interruptionValuable papers and RecordsErrors and omissionsFidelity coverageMedia transportationExtra Equipment CoverageSpecialized Equipment CoverageCivil Authority
![Page 43: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/43.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
What is a contingency?
An event with a potential to disrupt computer operations, critical missions and business functionsReasons:
Power outageHardware failureFireStorms
![Page 44: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/44.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
What is a Disaster?
A contingency event which is very destructive
Disasters results from threats
![Page 45: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/45.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Phases of Disaster
Crisis Phase
Emergency Response Phase
Recovery Phase
Restoration Phase
![Page 46: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/46.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Disasters
New York WTC collapse
Gujrat earthquake
Power Outage knocks out a data server
Sprinkler system leaks
Chemical spills from a tanker
![Page 47: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/47.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Nasdaq Story 11 Sept, 01
I Liberty Plaza Head Quarter of Nasdaq is across the street from WTCCIO Gregor Bailar provides an inside look at how Nasdaq got back up and running after the Sept. 11 tragedyWhat was happening at 1 Liberty?
They began evacuating after the first plane hit. Our security guards on their own accord evacuated our floor at least, so most of our people were on the ground when the second plane hit
![Page 48: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/48.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Nasdaq Story 11 Sept, 01
Halting the market wasn't a step you Halting the market wasn't a step you could take lightlycould take lightly
"Yes, halt the market."
![Page 49: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/49.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Nasdaq Story 11 Sept, 01
How did the command center operate?How did the command center operate?
The first thing we had to understand was our personnel situationThen we broadened the investigation to learn who was affected among our tradersThen we had to understand the situation from a physical perspective
![Page 50: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/50.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Nasdaq Story 11 Sept, 01
How did the command center operate?How did the command center operate?
Did we lose a building? Did we lose a data center? Did we lose connectivity? What have we got in the way of physical damage that's going to take a long time to restore?
![Page 51: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/51.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Nasdaq Story 11 Sept, 01
How did the command center operate?How did the command center operate?
Next we needed to know the regulatory situation: Are people trading today? What's the landscape of the trading industry? It was literally in that order
![Page 52: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/52.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Nasdaq Story 11 Sept, 01
Some of your traders were in trouble, but Some of your traders were in trouble, but Nasdaq's systems were all up?Nasdaq's systems were all up?
Nasdaq is highly redundantWe have servers in different buildingsEvery single one of our traders is connected to two different Nasdaq points of presence or connection centers
![Page 53: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/53.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Nasdaq Story 11 Sept, 01
Some of your traders were in trouble, but Some of your traders were in trouble, but Nasdaq's systems were all up?Nasdaq's systems were all up?
There are four connection centers alone in downtown Manhattan20 connection centers around the United StatesEvery single server connects to two of those centers through two different paths, and often through two different vendors
![Page 54: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/54.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Nasdaq Story 11 Sept, 01
How did you prepare for Monday?How did you prepare for Monday?
We started industrywide testing on Saturday at 7 or 8 in the morning, and by 11:30 that morning, we had achieved 98 percent of the volume. And then on Sunday we did a half-day of retesting with people who wanted to add a little more volume capability.
![Page 55: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/55.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Nasdaq Story 11 Sept, 01
What did Nasdaq lose over the downtime What did Nasdaq lose over the downtime and what did it cost to get back up?and what did it cost to get back up?
We have interruption insurance, so we hope to recover most of it, but it's in the millions, and it could crest tens of millions
![Page 56: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/56.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Nasdaq Story 11 Sept, 01
What were the Disaster recovery lessons for What were the Disaster recovery lessons for Nasdaq?Nasdaq?
We learned that distributed systems are really good. You have to think about how your business has concentrated people or operational centers in certain places. You've got to consider if it's the wisest distribution. We feel we were lucky having some folks in Connecticut and some in Maryland. Even if we had lost some of our senior management at 1 Liberty Plaza, we would have still had a senior team
![Page 57: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/57.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Nasdaq Story 11 Sept, 01
After living through this, what would you After living through this, what would you advise other CIOs to consider?advise other CIOs to consider?
This was a true test of people's backup strategiesDid you ever test your backup strategy?Have you worked out of your backup center?
![Page 58: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/58.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Nasdaq Story 11 Sept, 01
After living through this, what would you After living through this, what would you advise other CIOs to consider?advise other CIOs to consider?
Do you know how to get people there?
Do you know the critical phone numbers?
A lot of people don't have phone numbers as part of their continuity of business plan
![Page 59: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/59.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Nasdaq Story 11 Sept, 01
After living through this, what would you After living through this, what would you advise other CIOs to consider?advise other CIOs to consider?
I think people will have to look very carefully at their backup strategies and see whether they can communicate with everybody easily, whether the phone numbers are not stored in that same
![Page 60: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/60.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Nasdaq Story 11 Sept, 01
After living through this, what would you After living through this, what would you advise other CIOs to consider?advise other CIOs to consider?
building that could experience the Disaster, and whether they've got hot backupsHot backups are going to be much more popular than they have been in the past
![Page 61: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/61.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Yellow line shows normal traffic
![Page 62: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/62.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
How did AT&T Control
141 video display screens show the status of all the networksNetwork managers put controls on the network to slow down the flow of inbound callsKeep circuits available for outbound callingAs a result, the AT&T long distance network carried a record 431 million call attempts on Sept. 11, 101 million more than the previous high-traffic day
![Page 63: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/63.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Business Continuity Plan
The BCP focuses on sustaining an organization’s business functions during and after a disruption
![Page 64: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/64.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Disaster Recovery Plan
The DRP applies to major, usually catastrophic, events that deny access to the normal facility for an extended period
![Page 65: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/65.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Type of Plans
Business Recovery PlanAddresses restoration of business processes but lacks procedures
Continuity Of Operations PlanAddresses restoring H.Q. level issues at an alternate site
![Page 66: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/66.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Type of Plans
Crisis Communication PlanA plan responsible for public communications
IT Contingency Plan Plan for each major application
Occupant Emergency Plan Response Procedures for Occupants
Test planIdentifies deficiency in different Plans
![Page 67: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/67.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Cyber Incident Response Plan
The IRP defines strategies to detect, respond to and limit consequences of malicious cyber incident
![Page 68: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/68.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Category of Disaster
Minor disruption
Serious disruption
Major disruption
Catastrophic disruption
![Page 69: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/69.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Category of Disaster
Minor disruptionNo damage or loss
Temporary power failure or fluctuation
Communication failure
Unavailability of non critical personnel
![Page 70: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/70.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Category of Disaster
Serious disruptionRepairable damage to equipment, office area, data, records, software
Equipment breakdown
Failure of AC
Human error
![Page 71: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/71.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Category of Disaster
Major disruptionDestruction of equipment, office area, data
Complete loss of equipment
Structural mishap
Malicious loss of data
![Page 72: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/72.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Category of Disaster
Catastrophic DisasterTotal loss of office area, data or people due to natural Disaster like fire, flood etc.
Complete destruction of personnel
Complete destruction of facilities
![Page 73: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/73.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
What is a Disaster Recovery Plan?
A plan that provides vital pre planned A plan that provides vital pre planned frame-workframe-work
for initiating recovery operationsprovides guidance for damage assessmentplanned actions to resume critical IS and functional activitiesrestore full business operationsminimum delay and disruption
![Page 74: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/74.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Coping with Emergencies
Idea of DRP is to think before actual happenings:
How likely is the happening
What can be done on happening
What can be done to lessen their likelihood
What can be done to prepare for these events
![Page 75: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/75.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
DRP - Key Issues
How to develop the plan
How to test the plan
How to maintain
How to keep continuity of operations
![Page 76: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/76.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
DRP Overview
A total plan for all departments integrated togetherMust be written, tested and documentedClear assignment of responsibilities to employeesIt should address
main frame computermini computermicro computer
![Page 77: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/77.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
DRP Overview
It should address...networks
automated operations
semi automated operations
manual operation
![Page 78: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/78.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Why Disaster Recovery Plan
To respond to Disasters of any type
To curtail revenue loss
To avoid loss of critical data
To maintain competitive edge
To maintain employee productivity
![Page 79: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/79.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
DRP - Phases
Identifying threats and vulnerabilities
Developing the contingency plan
Conducting tasks and drills
Updating and maintaining the plan
![Page 80: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/80.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Ranking of Objectives of DRP
Protection of organizations employees and public
Minimizing the financial impact
Limiting extent of damage
Reducing physical damage
![Page 81: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/81.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Planning Responsibilities
Prime responsibility for developing, maintaining, executing contingency plan is with senior management
Recommended approach to planning is by teams
![Page 82: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/82.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
BCP Techniques
DRP PlanTop down approach
![Page 83: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/83.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
BCP Techniques - DRP Plan
Top down approach - it involves Senior management
Line management
IS management
System auditors
End user
![Page 84: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/84.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
BCP Techniques - DRP Plan Steps
Conduct impact analysis
Plan design
Plan development
Plan Implementation
Plan testing
Plan Maintenance
![Page 85: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/85.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
BCP Techniques
Ongoing maintenance Combination of top down and bottom up approach
![Page 86: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/86.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
BCP Techniques
Why do we require plan?Why do we require plan?Responsibility to
shareholders
customers
suppliers
employees
legal
![Page 87: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/87.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
BCP Techniques
What can go wrong in a planning What can go wrong in a planning process?process?
Technical aspects
Back-up employees
Functional user operations
Selection of DRP team
![Page 88: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/88.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
BCP Techniques
Application System Application System
PrioritizationPrioritizationCritical application systems
Prioritize item
Conduct impact analysis
Prioritization to be based on importance to the organization and not to individual
![Page 89: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/89.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
BCP Techniques
What can go wrong in system What can go wrong in system prioritization?prioritization?Majority of the system may not be critical
Most business user claim their system qualify as critical
![Page 90: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/90.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
BCP Techniques
Planning CommitteePlanning CommitteeResponsible for developing DRP
Knowledgeable members
Specific assignments
![Page 91: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/91.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
BCP Techniques
Planning Committee MembersPlanning Committee MembersKnowledgeable members
Project leaders
Well versed with IS requirements
From security, fire, operations, production control, legal, audit, users, tele-communication, network, system and application programming
![Page 92: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/92.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
BCP Techniques
Recovery Capability AssessmentRecovery Capability AssessmentCurrent security
Disaster recovery capabilities
Weaknesses
Analysis
Recommend prioritized actions
![Page 93: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/93.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
BCP Techniques
Plan Development AlternativesPlan Development AlternativesIn-house
Ready made software package
Hire consultants
Combination of the above
![Page 94: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/94.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
BCP Techniques
Plan requirement analysisHardwareSystem softwarePersonnel'sTelecommunicationsBackup data fileVendor support availabilitySecurity
![Page 95: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/95.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
BCP Techniques
Plan requirement analysis Office equipment
Logistics
Storage
Funding
Purchase orders
![Page 96: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/96.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
BCP Techniques
Planning document contentsPurpose and scopeTesting and Recovery proceduresVendors with address and tele nos.Location of contingency planProcedure for post recoveryEmergency recovery team members with responsibilityPhone list for fire, police, hardware, software, major suppliers and customers
![Page 97: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/97.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
BCP Techniques
Planning document contents Contact person with address at backup location
Description and configuration of hardware and software
Backup contractual agreements
Application system job priorities
Logistics
Insurance carrier phone nos.
![Page 98: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/98.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Contingency Planning Process - Steps
Identifying the critical functionsIdentifying the resources supporting critical functionsAnticipating potential contingencies or DisastersSelecting contingency planning strategy
Emergency responseRecoveryResumption
![Page 99: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/99.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Contingency Planning Process - Steps
Implementing the contingency strategyImplementation
Documenting
Training
Testing and revising the strategy
![Page 100: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/100.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Disaster Recovery Teams
Emergency action teamDisaster assessment teamRecovery management teamPublic Relations teamOff-site storage teamSoftware teamApplication team
Security teamCommunication teamTransportation teamFacilities teamAdministration teamOperation teamProcurement teamSalvage teamStaff Coordination team
![Page 101: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/101.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Activating the Plan
Recognize an emergency
Contact the proper authoritySpecific nature of the emergency
Time of the emergency
Location of the emergency
Extent of damage or status of the emergency
Danger or injuries to people
Cause of the emergency
![Page 102: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/102.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Activating the Plan
Activate the plan
Gather the response team
Brief the response team
Activate emergency command centerCommunications equipment
Personal protective equipment (First Aid Kits)
Records and information needed to respond
Reference manuals, including maps
![Page 103: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/103.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Activating the Plan
Activate emergency command centerEmergency communication directoryBack-up power supply, including fuelOffice supplies, including computers with internet accessAM/FM radios, cable televisionFood, water, and other personal supplies to last several daysMessage boards, overhead projectors and other presentation materials and equipment
![Page 104: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/104.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Activation of the Plan
Maintain communication Initiate recovery activitiesAssemble a damage assessment teamGather initial damage estimates
Facility structural damageDamage to products, materials, or supplies, including records and informationDamage to vehicles or equipmentDamage to property
![Page 105: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/105.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Activation of the Plan
Gather initial damage estimatesPersonal injuriesCosts to recover (materials and supplies)Costs to recover (repairs and maintenance)Costs to recover (labor)Loss of revenue
Compile information into a reportInitial Damage Assessment Report
![Page 106: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/106.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Facility Damaged:
Location:(Attach map with clearly marked location and travel route to site, If needed)
Describe Damage or Injuries:
List Work Needed to Repair Sites:
List Work that has been completed: (Attach activity report if any work has been completed)
Estimated Cost:(Develop a detailed breakdown of personnel, equipment, and materials for complete damage assessment; include estimate of any loss of revenue)
Notes/Comments:
Damage Report Completed By:
Dated:
Facility Damaged:
Location:(Attach map with clearly marked location and travel route to site, If needed)
Describe Damage or Injuries:
List Work Needed to Repair Sites:
List Work that has been completed: (Attach activity report if any work has been completed)
Estimated Cost:(Develop a detailed breakdown of personnel, equipment, and materials for complete damage assessment; include estimate of any loss of revenue)
Notes/Comments:
Damage Report Completed By:
Dated:
Initial Damage Assessment Report
![Page 107: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/107.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Activation of the Plan
Train the damage assessment teamInitiate security activities
Issuing identification badges to employees and other authorized personnelLocking doors if personnel cannot monitor the facility during an emergencyInstalling signs designating secured or restricted areaPlacing a sign-in sheet at the command center and logging time in/outCreating a list of authorized personnel and monitoring it
![Page 108: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/108.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Activation of the Plan
Initiate security activitiesEnsuring that personnel know who is authorized to make decisionsMaintaining supplies to board up windows quicklySecuring cash operations immediatelyAsking for police assistanceAsking a neighbor to help monitor securityNotify recovery siteNotify impacted staffFile insurance claimsPrimary site proceduresReturn to normal operationsPost recovery analysis
Activate Contingency Arrangements
![Page 109: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/109.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Develop Recovery Priorities
Resource Recovery Priority
Authentication Server HighDatabase Server High5 Desktop Computers High1 Hub HighE-mail Server MediumP rinter MediumRemaining Desktop Computers (45) LowRemaining Hub (5) Low
![Page 110: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/110.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Recovery AlternativeCentralized Systems
Hot SiteWarm SiteCold SiteMobile SiteMirrored SiteDuplicate Information Processing FacilityReciprocal AgreementCommercial Service Bureaux
![Page 111: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/111.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Recovery Alternatives
Hot SiteHot SiteFully configured
Ready for operations
Intended for emergency operations
Use for limited time operations
Most expensive
![Page 112: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/112.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Recovery Alternatives
Warm SiteWarm SitePartially configured
Without CPU
Less expensive then hot site
![Page 113: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/113.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Recovery Alternatives
Cold SiteCold SiteOnly basic environment
Activation takes several weeks
Least expensive
![Page 114: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/114.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Recovery Alternatives
Mobile SiteMobile SiteEmpty shell facilities
Transportable
Available on lease through vendors
![Page 115: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/115.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Recovery Alternatives
Mirrored SiteMirrored SiteFully redundant
Real time information mirroring
Identical to primary site
Most expensive to maintain
![Page 116: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/116.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Recovery Alternatives
Duplicate Information Processing Duplicate Information Processing FacilitiesFacilities
Dedicated self developed recovery sites
Backup of critical applications
Site chosen to be away from primary site
Resource availability to be assured
Regular testing
![Page 117: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/117.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Recovery Alternatives
Reciprocal agreementsagreements between organizations with similar equipments or applications
low cost
configuration compatibility
![Page 118: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/118.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Service Bureaus/ASPs
Emergency processing services
Application specific
![Page 119: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/119.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Alternate Site Selection Criteria
S it e C o s t H a r d w a r eE q u ip m e n t
T e l e C o m -m u n ic a t io n
S e t u pT im e
L o c a t io n
Cold Site Low None None Long Fixed
Warm Site Medium P artial P artial/Full Medium FixedHot Site Medium/High Full Full Short Fixed
Mobile Site High Dependent Dependent Dependent Not FixedMirrored Site High Full Full None Fixed
![Page 120: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/120.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Telecommunication Network Backup
RedundancySurplus capacity created for extra load/failure
Alternative RoutingRouting by means of alternate medium
Diverse RoutingSplit or duplicate cable sheet
![Page 121: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/121.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Telecommunication Network Backup
Last mile circuit protectionLocal communication loops
Long haul network diversityT1 circuits between network carriers for automatic re-routing in case of failures
Voice Recovery
![Page 122: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/122.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Data Recovery Plan
Critical
Vital
Sensitive
Non Critical
![Page 123: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/123.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Backup Techniques
Full Backup
Incremental Backup
Differential Backup
![Page 124: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/124.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Backup Methods
Floppy Diskettes
Compact Disk
Replication
Internet Backup
![Page 125: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/125.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Removable Cartridges
Tape Drives
Networked Disk
Remote Mirroring
Backup Methods
![Page 126: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/126.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Answer the following
Where will media be stored?
What data should be backed up?
How frequent are backups conducted?
How quickly the backups are retrieved in the event of an emergency?
Who is authorized to retrieve the media?
How long will it take to retrieve the media?
Where will the media be delivered?
![Page 127: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/127.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Answer the following
Who will restore the data from the media?
What is the tape-labeling scheme?
How long will the backup media be retained?
When the media are stored onsite, what environmental controls are provided to preserve the media?
What types of tape readers are used at the alternate site?
![Page 128: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/128.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Backup Media Library
It should containBackup of tapes, disks, master and transaction files
Backup copies of current application software
Upto date copy of contingency plan
Upto date operation manuals, system and program documentation
Each facility must have backup media library
![Page 129: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/129.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Backup Media Library
Should be at some distance from main facility
Subject to physical and environmental control
![Page 130: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/130.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Backup Procedures
What can go wrongWhat can go wrongMay contain only magnetic or electronic record not paper record
Access not available at all time
Critical data may not be stored
![Page 131: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/131.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Backup Procedures
Determining Backup PrioritiesDetermining Backup PrioritiesPostpone less urgent task
Identify in advance critical function
Eliminate or postpone non-urgent portion of record keeping
![Page 132: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/132.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Plan Testing
Scope
Time-frame
Teams
Objectives
Methodology
Conduct
Evaluation
Weaknesses
Improvement
Revision
![Page 133: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/133.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Phases of Testing
Pre test
Test
Post Test
![Page 134: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/134.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Type of Tests
Checklist test
Structured walk through test
Simulation test
Parallel test
Full interruption test
![Page 135: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/135.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Result Analysis
Time
Amount
Count
Accuracy
![Page 136: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/136.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Test Examples
Contact every level of call tree successfully within 1 hourRestore critical system off-site within 48 hoursEvacuate building in 15 minutesContact key vendors within 1 hourFire drills carried selectivelyCheck jockey pump pressure
Notify participants in advance
![Page 137: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/137.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Awareness and Training
Walkthrough SessionScenario WorkshopSimulation of a Live Test
![Page 138: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/138.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
BCP Maintenance
Strategy as per changing need of the business
New applications documented
Change in critical applications
Change in hardware or software environment
Plan maintenance methods
![Page 139: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/139.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
BCP Maintenance
Schedule for periodic review and maintenance
Review of revisions
Conducting scheduled and unscheduled tasks
Training recovery personnel
Maintaining rounds
Updating personnel changes
![Page 140: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/140.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Record of Change
P a g e N o . C h a n g eC o m m e n t
D a t e o fC h a n g e
S ig n a t u r e
![Page 141: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/141.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Law And Standards
![Page 142: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/142.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
HIPAA
Documented Practices for data protection and continuity of operations for health care industry
![Page 143: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/143.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
GBL And The Expedited Funds Availability Act
Standards for safeguarding security, confidentiality of customer records
![Page 144: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/144.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Sarbanes-Oxley Act
An Act for protecting investors by improving reliability of corporate disclosures and internal control
![Page 145: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/145.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
GASSP
Principles supporting the Generally Accepted Accounting Principles and similar models
![Page 146: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/146.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Information TechnologyInfrastructure Library
A collection of best practices in IT service management
![Page 147: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/147.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Basel Committee On e-Banking
Principles for effective capacity, business continuity and contingency planning of e-banking systems and services
![Page 148: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/148.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Basel II Capital Accord
Encourage financial firms to be more proactive and forward looking in financial activities
![Page 149: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/149.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
SAS 70
Internationally recognized auditing standard for service organization
![Page 150: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/150.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
COBIT
A framework resulting in control objectives considered to be good or best practices
![Page 151: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/151.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Strategies For Networked Systems
![Page 152: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/152.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Strategies
Eliminating single points of failure Redundant Cabling and DevicesRemote AccessWireless LANs
![Page 153: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/153.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Strategies For Fault Tolerant Implementation
![Page 154: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/154.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
RAID
A system which uses multiple hard drives to share or replicate data among the drivesA system that combines multiple hard drives into a single logical unit
![Page 155: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/155.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
BENEFITS
Higher data security
Fault tolerance
Improved availability
Increased, Integrated capacity
Improved performance
RAID
![Page 156: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/156.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Data redundancy techniquesMirroringParityStripping
RAID
![Page 157: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/157.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
MIRRORING
Data in the system is written simultaneously to two hard disks instead of one
RAID
![Page 158: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/158.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
RAID
MIRRORING
![Page 159: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/159.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
RAID
MIRRORING
AdvantagesData redundancy
Fast recovery
DisadvantagesExpensive
![Page 160: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/160.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
RAID
Duplexing
Data in the system is written simultaneously to two hard disks with separate controllers
![Page 161: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/161.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
RAID
Disk Duplexing
![Page 162: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/162.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
STRIPINGA data element is broken into multiple pieces at bytes level or in blocks
RAID
![Page 163: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/163.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
RAID
STRIPING
![Page 164: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/164.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
It involves the use of parity information, which is redundancy information calculated from the actual data values
RAID
PARITY
![Page 165: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/165.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
RAID-0Technique : stripping without parity
Files broken into stripes
No redundancy
Storage efficiency: 100% if drives identical
Minimum of 2 hard disk required
Fault tolerance none
Cost lowest of all RAID levels
Recommended uses non critical data
RAID LEVELS
![Page 166: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/166.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
RAID-0
This illustration shows how files of different sizes are distributed between the drives on a four-disk, 16 kiB stripe size RAID 0 array. The red file is 4 kiB in size; the blue is 20 kiB; the green is 100 kiB; and the magenta is 500 kiB.
![Page 167: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/167.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Functions of EDI
RAID-1Technique: mirroring
Exactly 2 hard disks
Fault tolerance very good
Storage efficiency: 50% if drives identical
Cost Relatively high
Recommended uses for applications requiring high fault tolerance eg.Accounting and other financial data.
RAID LEVELS
![Page 168: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/168.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
RAID-1
Illustration of a pair of mirrored hard disks, showing how thefiles are duplicated on both drives.
![Page 169: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/169.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Functions of EDI
RAID-2Technique used Bit level striping with ECC
Hard disk requirements-10 data disks & 4 ECC disks
Random read performance: Fair
Random write performance: Poor
Fault tolerance only fair
Cost very expensive
Recommended use- not used in modern systems
RAID LEVELS
![Page 170: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/170.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
RAID-3Technique: Byte level striping with dedicated parityMinimum 3 hard disks Random read performance: GoodRandom write performance: PoorArray Capacity: Size of smallest drive*(no. of drives-1)Fault tolerance goodCost: ModerateRecommended uses: Applications working with large files that require high transfer performance
RAID LEVELS
![Page 171: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/171.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
RAID-3
This illustration shows how files of different sizes are distributed between the drives on a four-disk, byte-striped RAID 3 array. The red file is 4 kiB in size; the blue is 20 kiB;the green is 100 kiB; and the magenta is 500 kiB,. Notice that the files are evenly spread between three drives, with the fourth containing parity information (shown in dark gray)
![Page 172: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/172.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
RAID-4Technique used: Block level striping with dedicated parityRandom read performance: GoodRandom write performance: FairArray Capacity: Size of smallest drive*(no. of drives-1)Minimum 3 hard disksFault tolerance goodCost: ModerateRecommended uses: Not commonly used
RAID LEVELS
![Page 173: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/173.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
RAID-4
This illustration shows how files of different sizes are distributed betweenthe drives on a four-disk RAID 4 array using a 16 kiB stripe size. The red file is 4 kiB in size; the blue is 20 kiB; the greenis 100 kiB; and the magenta is 500 kiB, Notice that as with RAID 3, the files are evenly spread betweenthree drives, with the fourth containing parity information (shown in gray).
![Page 174: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/174.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
RAID-5Technique used: Block level striping with distributed parityOne of the most popular RAID levelRandom read performance: Very GoodRandom write performance: Only Fair Array Capacity: Size of smallest drive*(no. of drives-1)Minimum 3 hard disksFault tolerance goodCost: ModerateRecommended uses: ERP, Relational database applications & other business systems
RAID LEVELS
![Page 175: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/175.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
RAID-5
This illustration shows how files of different sizes are distributedbetween the drives on a four-disk RAID 5 array using a 16 kiB stripesize.The red file is 4 kiB in size; the blueis 20 kiB; the green is 100 kiB; and the magenta is 500 kiB,
![Page 176: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/176.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
RAID LEVELS
RAID-6Technique used: Block level striping with dual distributed parityMinimum 4 hard disksRandom read performance: Very GoodRandom write performance: PoorArray Capacity: Size of smallest drive*(no. of drives-2)Fault tolerance very goodCost: HighSpecialized controllerRecommended uses: Same as RAID5 But not popular as cost high
![Page 177: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/177.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
RAID-6
This illustration shows how files of different sizes are distributedbetween the drives on a four-disk RAID 6 array using a 16 kiB stripesize.The red file is 4 kiB in size; the blueis 20 kiB; the green is 100 kiB; and the magenta is 500 kiB,
![Page 178: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/178.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
RAID LEVELS
RAID-7Proprietary product of Storage Computer CorporationHard disk dependsRandom read performance: Very GoodRandom write performance: Very GoodArray Capacity: DependsFault tolerance very goodCost: Very HighSpecialized controllerRecommended uses: Not popular as cost high
![Page 179: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/179.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
MULTIPLE(NESTED) RAID LEVELS
RAID-0+1 & RAID-10Technique used: Mirroring & Striping without parityMost popular of the multiple RAID LevelsMinimum 4 Hard disks Availability very good for RAID-01,excellent for RAID-10Random read performance: very goodRandom write performance: goodFault tolerance very goodCost: HighRecommended uses: Often used in place of RAID-1 or RAID-5 for higher performance
![Page 180: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/180.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
RAID 0+1
![Page 181: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/181.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
RAID 10
![Page 182: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/182.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Strategies for Data communications
Dial upCircuit ExtensionOn demand service from the carriersDiversification of servicesMicrowave communicationsVSAT
![Page 183: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/183.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Strategies for Voice communications
Cellular phone backup
Carrier call rerouting systems
Backup PBX systems
![Page 184: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/184.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Electronic vaulting
Electronic vaulting is the ability to store and retrieve backup electronically in a site remote from the primary computer centre
![Page 185: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/185.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Remote Journaling
Parallel processing of transactions to an alternate site
![Page 186: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/186.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Database shadowing
Duplicating the database sites to multiple servers
![Page 187: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/187.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Back up strategies
Dual Recording
Dumping
Logging Input Transactions
Logging Beforeimages
Logging Afterimages
![Page 188: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/188.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
NETWORK ATTACHED STORAGE
A class of systems that provide file services to host computers
Dedicated storage solution that is attached to a network topology
![Page 189: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/189.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
STORAGE AREA NETWORK
A network of storage disks
It connects multiple computers to a centralized pool of disk storage
Fibre Channel Technology
![Page 190: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/190.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
AdvantagesCentralization of storage
Storage & server resources grow independently
Data transfer directly from device to device
STORAGE AREA NETWORK
![Page 191: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/191.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Server Load Balancing
It consists of distributing user activity across a network so that no single server
is overloaded Enables application to operate even if one of the server is down
![Page 192: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/192.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Server Load Balancing
Load Balancing done by load balancers
Routers & switches with application specific integrated circuits
![Page 193: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/193.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
IS Audit Technique
Role of AuditorObserver
Reviewer
Reporter
![Page 194: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/194.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Review of BCP
Current copy of BCP
Evaluation of documented procedures
Critical application identified
All application reviewed
Support of critical applications
Review of BCP personnel, vendors, hot site contents, back-up contents
![Page 195: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/195.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Review of BCP
Interview key members
Evaluation of emergency procedures
Written procedures of recovery teams
![Page 196: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/196.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Audit Procedure
Interview personnel and reading documentsRisk analysis documents
Disaster recovery requirement documents
Disaster recovery training documents
Disaster recovery plan testing documents
Disaster recovery plan maintenance procedures
Alternative processing contracts with back-up facilities
Third party audit reports
![Page 197: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/197.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Audit Procedure
Risk analysisCritical application identifications
Classification of critical data
Minimum hardware configuration
Existing file backup procedures
Record retention and rotation schedules
![Page 198: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/198.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Audit Procedure
Off-site storage facilitiesCommercialPrivateVerify financial background and reputationVisit the facilityAssess the storage standardsMethod of separation of mediaMode of transportation of media
![Page 199: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/199.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Audit Procedure
Off-site storage facilities ...Review flow of media in and out
Visitors access
Terms and conditions of vendors
Confidentiality of data
Periodic inventory of media
Other physical and environmental controls
![Page 200: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/200.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Audit Procedure
Plan DocumentsNo of subscriber and capacity of computer in backup facility
Fee structure of vendor
Off-site media storage facility
Liability of vendors for loss or damage at off-site
Name, addresses Tele Nos. of recovery team members
Transportation arrangements
![Page 201: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/201.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Audit Procedure
Plan Documents …Equipments and supports
Emergency team instructions for evacuations and recovery
Tele Nos. of hardware, software supply vendors
Procedures to handle bombs or arson threats
Plan testing procedures
Network configuration diagram and documentation
![Page 202: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/202.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Audit Objectives
Adequacy of risk analysisAdequacy of off-site storage facilitiesDRP documents is complete, clear and under- standable Adequacy of management preparednessAdequacy of plan maintenance procedures
![Page 203: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/203.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Audit Objectives
Identify problems, concerns
Make cost effective recommendations
Identify over secured and under secured activities
![Page 204: Naresh Gandhi FCA, D.I.S.A. (ICAI). Business Impact Analysis](https://reader036.vdocuments.us/reader036/viewer/2022062404/5517ac7b55034645368b5e15/html5/thumbnails/204.jpg)
Naresh Gandhi FCA, D.I.S.A. (ICAI)
Thanks...