principles of incident response and disaster recovery chapter 9 business continuity preparation and...

Principles of Incident Response and

Disaster Recovery

Chapter 9Business Continuity Preparation and

Implementation

Principles of Incident Response and Disaster Recovery 2

Objectives

• Understand the elements of business continuity

• Recognize who should be included in the business continuity team

• Know the methodology used to construct the business continuity policy and plan, and be able to participate in such a planning process when required

• Become familiar with several tips useful for creating effective business continuity plans

• Recognize and be able to reference two sample business continuity plans


Introduction

• Business continuity (BC) planning: represents the final response of the organization when faced with an interruption of its critical operations

• More than 50% of all organizations that close their doors for more than a week never reopen, due to lack of planning

• BC is designed to get the organization’s most critical services up and running as quickly as possible

• DR focuses on resuming operations at the primary site; BC concentrates on resuming critical functions at an alternate site


Introduction (continued)

• BIA should have already identified critical business functions and the resources to support them

• Two design parameters for the BC planning process:– Recovery time objective (RTO): amount of time

before an infrastructure is available– Recovery point objective (RPO): the point in the

past to which the recovered applications and data will be restored

• Remember that not everything works as planned – stay flexible


Elements of Business Continuity Revisited

• Exclusive use strategies:– Hot site: fully configured computer facility with all

services, communication links, and physical plant operations

– Warm site: similar to hot site, but software and/or client workstations may not be included

– Cold site: provides only rudimentary services and facilities, no computer hardware

• The major deciding factor for exclusive use strategies is cost


Elements of Business Continuity Revisited (continued)

• Shared use strategies:– Time-share: operates like a hot or warm site, but is

leased in conjunction with a business partner or sister organization

– Service bureau: service agency that provides physical facilities and/or off-site data storage

– Mutual agreements: contract between two organizations for each to assist the other in the event of a disaster

• Alternative strategies include rolling mobile sites or rental storage areas


Off-Site Data Recovery Revisited

• Electronic vaulting: batch transfer of data to an off-site facility

• Remote journaling: transfer of live transactions to an off-site facility

• Database shadowing: storage of duplicate online transaction data, along with databases, at a remote site with a redundant server

• Relocation strategy with an off-site data storage recovery strategy allows reestablishment of critical business functions at a remote location


Business Continuity Team

• BC team leader is under the direction of the CPMT team

• First step is to assemble the BC team• BC team should have representatives from every

business unit in the organization to provide depth and breadth


BC Team Organization

• Emphasis should be on generalized business and technology skills

• BC team should have representatives from:– Senior management– Corporate functional units, including HR, Legal, and

Accounting– IT managers and a few technical specialists with

broad technical skill sets– InfoSec managers and a few technical specialists

• BC team members cannot also be on the DR team


BC Team Organization (continued)

• BC team may be divided into subteams:– BC management team– Operations team– Computer setup (hardware) team – Systems recovery (OS) team – Network recovery team– Applications recovery team– Data management team– Logistics team



• BC Management team:– Command and control group responsible for all

planning and coordination– Facilitates the transfer to the alternate site– Handles communications, business interface, and

vendor contact functions

• Operations team:– Works to establish core business functions needed to

sustain critical business operations

• Computer setup (hardware) team: – Sets up hardware in the alternate location



• Systems recovery (OS) team: – Installs operating systems on hardware, sets up user

accounts and remote connectivity with network team

• Network recovery team:– Establishes short- and long-term networks, including

hardware, wiring, and Internet and intranet connectivity

• Applications recovery team:– Responsible to get internal and external services up

and running



• Data management team: – Responsible for data restoration and recovery

• Logistics team:– Provides any needed supplies, materials, food,

services, or facilities needed at the alternate site


Special Documentation and Equipment

• All team members should have multiple copies of the BC plans readily available at all times

• Special equipment required might include:– Software media and licenses, backup copies of data– Replacement or redundant computing and network,

power, and telecommunications hardware– Utilities infrastructure arrangements at alternate site– Contact information– Emergency supplies

• Consider purchasing cards (P-cards) for acquisition of office supplies and other equipment


Special Documentation and Equipment (continued)

• Consider issuing laptops to each manager for remote work:– Require that all essential files are stored on the laptop– Require that the laptop is synchronized and updated

daily at the office– Guarantees that each manager will have his/her

critical files available


Business Continuity Policy and Plan Functions

• BC planning process:– Develop the BC planning policy statement– Review the BIA– Identify preventive controls– Develop relocation strategies– Develop the continuity plan– Testing, training, and exercises– Plan maintenance


Develop the BC Planning Policy Statement

• BC plan should contain 8 key elements:– Purpose– Scope– Roles and responsibilities– Resource requirements– Training requirements– Exercise and testing schedules– Plan maintenance schedule– Special considerations


Develop the BC Planning Policy Statement (continued)

• Purpose:– Executive vision– Primary purpose of the BC program

• Scope:– Organizational groups and units to which the policy

applies

• Roles and responsibilities:– Identifies key players and their responsibilities

• Resource requirements:– Allocates specific resources to be dedicated to the

development of the BC


Develop the BC Planning Policy Statement (continued)

• Training requirements:– Training for various employee groups

• Exercise and testing schedule:– Stipulation for the frequency and type of testing for

the BC plan

• Plan maintenance schedule:– Frequency of review and who is involved

• Special considerations:– Overview of information storage and retrieval plans

and who is responsible


Review the BIA

• BIA contains the prioritized list of critical business functions

• Should be reviewed for compatibility with the BC plan

• BIA is usually accepted as is


Identify Preventive Controls

• Preventive controls should already have been identified and implemented as part of the ongoing information security activities

• BC team should review and verify that data storage and recovery techniques are implemented, tested, and maintained


Develop Relocation Strategies

• Develop the “after actions” strategies for relocation based on the BIA

• The most likely types of disasters should have contingency strategies in place


Develop the Continuity Plan

• BC plan includes detailed guidance and procedures for moving into the alternate site

• Trigger for a move is usually the damage assessment conducted by the DR team

• Extent of the BC move depends on the extent of damage; subordinate BC plans should exist for the various functions of the organization

• BC plan has 3 phases of operation:– Preparation for BC actions– Relocation to the alternate site– Return to the primary site


Develop the Continuity Plan (continued)

• Preparation for BC actions:– Specifies what must be done before relocation

occurs– Based on the extent of damage– Specifies the type of relocation services desired and

type of data management strategies to deploy– Specifies resources that are needed to support

ongoing operations

• Advance party: the group responsible for initiating the occupation of the alternate facility



• Relocation to the alternate site:– Identification of advance party and departure point– Notification of service providers– Notification of BC team to move to BC site– Acquisition of supplies, materials, and equipment– Notification of employees to relocate to BC site– Organization of incoming employees

• Relocated employees should receive a briefing to answer questions about safety issues, location of facilities, food services, etc.



• Return to the primary site:– Scheduling of employee move– Vanguard clearing responsibilities (shutdown of

temporary services, packing and moving, etc.)– Transfer of alternate site building to the service

provider

• BC After-Action Review (AAR):– All team members review notes and recommend

improvements to the BC plan– AAR is stored for training purposes


BC Plan Testing, Training, and Exercises

• Training can be used to test the validity and effectiveness of the BC plan

• Final assembly of the plan occurs after completion of training

• BC plan testing is an ongoing activity; testing should be done at least semiannually at the walk-through level


BC Plan Maintenance

• BC plan should be a dynamic document that is updated regularly

• Should be reviewed at least annually to update plans, contracts, and agreements, and to update personnel and equipment modifications

• Any changes to the business size, location, or business focus should also trigger a review


Tips for Creating Effective BCPs

• Progress Software offers these tips:– Keep one phone line separate from other phone

systems– Try to locate communications equipment in more than

one location– Utilize “remote call forwarding”– Use UPS to provide emergency power to phone

system and network components– Designate an emergency meeting place for all staff to

convene– Obtain employee cell phones from at least 2 different

service providers


Tips for Creating Effective BCPs (continued)

• Progress Software tips (continued):– Ensure employees with home PCs have email and

Internet access to perform some duties from home– Print wallet-sized cards for employees with

emergency phone numbers, emergency procedures, and other instructions for crisis situations

• To determine which plans should be written and in what order, Continuity Central offers these tips:– Determine critical processes for each business unit

(from BIA)– Input these processes with RTOs and priorities to

BCP software



• Continuity Central tips (continued):– Associate each process with the appropriate business

unit crisis management plan– Align critical processes within each RTO tier– Within each tier, assign a criticality rating (1-10);

reserve one tier for processes or systems needed to support at least 25% of the revenue or critical services

– Identify known dependencies between processes and add these to the BCP software



• Continuity Central tips (continued):– Identify owners of processes or systems in the

shortest timeframe (zero days) and owners of processes and systems upon which these processes depend

– Identify what plan developer resources are available to support plan development for the zero day and dependent processes

– Coordinate and support the development of plans while using available resources



• Continuity Central tips (continued):– If insufficient resources are available to support

creation of multiple plans at once, prioritize plan development by its criticality rating

– If some departments or business units do not have any plans that need to be developed supporting the zero-day timeframe, identify shortest RTO processes for those units

– Support the development of plans for those processes, provided resources are available

– Continue to develop plans with shortest RTOs until all units have procedures for recovery


Sample Business Continuity Plans


Sample Business Continuity Plans (continued)


Summary

• Business continuity planning represents the final response when faced with the interruption of critical operations

• BC process focuses on getting critical functions up and running as quickly as possible

• CP team must select either exclusive use or shared use alternative site option

• Organization must be able to move data to the recovery site’s systems

• BC team should include representatives from all major business functions


Summary (continued)

• BC team may be divided into subteams

• All team members should have multiple copies of the BC plans readily available

• BC team develops the BC policy which includes:– Scope– Purpose – Roles and responsibilities– Required resources– Training requirements– Testing and review schedules


Summary (continued)

• BC planning process includes:– BIA review– Relocation strategies – Guidance and procedures for relocation to alternate

site– Relocation to alternate site and return to primary site– Preparation for CP testing, training, and exercises– Development of maintenance plan

principles of incident response and disaster recovery chapter 9 business continuity preparation and...

Documents

business continuity

business continuity

business partner

hot site

final response

remote site

includedcold site

disaster recovery chapter