Ch 3 Contingency Planning
-
Upload
mwaseem2011 -
Category
Documents
-
view
234 -
download
0
Transcript of Ch 3 Contingency Planning
-
7/23/2019 Ch 3 Contingency Planning
1/49
INFORMATION SECURITYMANAGEMENT
LECTURE 3:
PLANNING FOR
CONTINGENCIESYou got to be careful if you dont know where youre going,
because you might not get there. Yogi Berra
-
7/23/2019 Ch 3 Contingency Planning
2/49
Principles of Information SecurityMgmtInclude the following characteristics that will bethe focus of the current course (six Ps):
1. Planning
2. Policy
3. Programs4. Protection
5. People
6. Project Management
http://csrc.nist.gov/publications/PubsTC.html
Chapters 2 & 3
Chapter 4
http://csrc.nist.gov/publications/PubsTC.htmlhttp://csrc.nist.gov/publications/PubsTC.html -
7/23/2019 Ch 3 Contingency Planning
3/49
Introduction
One study found that oer !"# of businesses
that don$t hae a disaster plan go out of businessafter a ma%or loss
Small &usiness 'pproaches
http://www.informationweek.com/smb/security/57-of-smbs-have-no-disaster-recovery-pla/229000461http://www.informationweek.com/smb/security/57-of-smbs-have-no-disaster-recovery-pla/229000461 -
7/23/2019 Ch 3 Contingency Planning
4/49
Introduction "* +atural ,isaster Map
-
7/23/2019 Ch 3 Contingency Planning
5/49
-ontingency Planning
-ontingency planning (-P)
.he oerall planning for unexpected eents
Inoles preparing for/ detecting/ reacting to/ andrecoering from eents that threaten the security ofinformation resources and assets
-
7/23/2019 Ch 3 Contingency Planning
6/49
0undamentals of -ontingency Planning
Incient !esponse
"isaster !ecover#
Business Continuit#
-
7/23/2019 Ch 3 Contingency Planning
7/49
,eeloping a -P ,ocument
,eelop the contingency planning policystatement
-onduct the &I'
Identify preentie controls
,eelop recoery strategies ,eelop an I. contingency plan
Plan testing/ training/ and exercises
Plan maintenance
-
7/23/2019 Ch 3 Contingency Planning
8/49
&usiness Impact 'nalysis (&I')Proides detailed scenarios of each potential attac1s
impact
-
7/23/2019 Ch 3 Contingency Planning
9/49
&usiness Impact 'nalysis (contd2)
.he -P team conducts the &I' in the followingstages:
.hreat attac1 identi3cation
&usiness unit analysis
'ttac1 success scenarios
Potential damage assessment Subordinate plan classi3cation
4hat are the goals of a &I'5
$anagement o% In%ormation ecurit#' 3r e.
-
7/23/2019 Ch 3 Contingency Planning
10/49
&usiness Impact 'nalysis (contd2)
'n organi6ation that uses a ris1 managementprocess will hae identi3ed and prioriti6ed threats
.he second ma%or &I' tas1 is the analysis andprioriti6ation of business functions within theorgani6ation
7ach should be categori6ed
-
7/23/2019 Ch 3 Contingency Planning
11/49
&usiness Impact 'nalysis (contd2)
-reate a series of scenarios depicting impact of
successful attac1 on each functional area
'ttac1 pro3les should include scenarios depictingtypical attac1 including:
(*) Methodology/ () Indicators/ (8) &roadconse9uences
7stimate the cost
Should this be done in-house or outsourced
-
7/23/2019 Ch 3 Contingency Planning
12/49
+IS. &usiness Process and ecoery -riticality
;ey recoery measures: Maximum .olerable ,owntime (M.,) < total amount of
time the system owner is willing to accept for amission=business process outage or disruption
ecoery time ob%ectie (.O) < maximum amount oftime that a system resource can remain unaailablebefore there is an unacceptable impact on other systemresources and processes
ecoery point ob%ectie (PO) < point in time/ prior to adisruption or system outage/ to which mission=businessprocess data can be recoered after an outage
-
7/23/2019 Ch 3 Contingency Planning
13/49
+IS. &usiness Process and ecoery -riticality
!or" #eco$ery %ime &!#%' < amount of e>ort
that is necessary to get the business functionoperational '0.7 the technology element isrecoered -an be added to the .O to determine the realistic
amount of elapsed time before a business function isbac1 in useful serice
.otal time needed to place the business functionbac1 in serice must be shorter than the M.,
Must balance the cost of system inoperability
against the cost of recoery
-
7/23/2019 Ch 3 Contingency Planning
14/49
-
7/23/2019 Ch 3 Contingency Planning
15/49
.iming and Se9uence of -P 7lements
$anagement o% In%ormation ecurit#' 3r e.
Figure 3-6 Contingency planning implementation timeline
ource: Course Technolog#/Cengage (earning
-
7/23/2019 Ch 3 Contingency Planning
16/49
Incident esponse Plan
The question is not will an incident occur,
but rather when an incident will occur
' detailed set of processes and procedures thatcommence when an incident is detected
4hen a threat becomes a alid attac1/ it is classi3edas an information security incident if it:
directed against information assets
a realistic chance of success
threatens the con3dentiality/ integrity/ or aailability ofinformation assets
-
7/23/2019 Ch 3 Contingency Planning
17/49
Incident esponse Plan (contd2)
Who creates the incident response plan?
Planners deelop and document the proceduresthat must be performed duringthe incident andimmediately a(terthe incident has ceased
Separate functional areas may deelop di>erentprocedures
-
7/23/2019 Ch 3 Contingency Planning
18/49
Incident esponse Plan (contd2)
,eelop procedures for tas1s that must be
performed in adance of the incident ,etails of data bac1up schedules
,isaster recoery preparation
.raining schedules
.esting plans -opies of serice agreements
&usiness continuity plans
-
7/23/2019 Ch 3 Contingency Planning
19/49
Incident esponse Plan (contd2)
$anagement o% In%ormation ecurit#' 3r e.Figure 3-3 Incident response planning
ource: Course Technolog#/Cengage (earning
-
7/23/2019 Ch 3 Contingency Planning
20/49
Incident esponse Plan (contd2)
Planning re9uires a detailed understanding of theinformation systems and the threats they face
.he I planning team see1s to deelop pre
-
7/23/2019 Ch 3 Contingency Planning
21/49
Incident esponse Plan (contd2)
Incident classi3cation ,etermine whether an eent is an actual incident
?ses initial reports from end users/ intrusion detectionsystems/ host< and networ1
-
7/23/2019 Ch 3 Contingency Planning
22/49
Incident esponse Software
-
7/23/2019 Ch 3 Contingency Planning
23/49
Incident esponse Plan .ools
-
7/23/2019 Ch 3 Contingency Planning
24/49
Incident esponse Plan .ools
-
7/23/2019 Ch 3 Contingency Planning
25/49
Incident esponse Plan: Indicators
Possible indicators
Probable indicators )e*nite indicators
4hen the following occur/ the corresponding I mustbe immediately actiated
@oss of aailability
@oss of integrity
@oss of con3dentiality
Aiolation of policy
Aiolation of law
http://))).npr.org/blogs/thet)o*)a#/2+,3/+,/,-/,-201/outsource*emplo#ee*sens*o)n*ob*to *
china*sur%s*)eb
http://www.npr.org/blogs/thetwo-way/2013/01/16/169528579/outsourced-employee-sends-own-job-to-china-surfs-webhttp://www.npr.org/blogs/thetwo-way/2013/01/16/169528579/outsourced-employee-sends-own-job-to-china-surfs-webhttp://www.npr.org/blogs/thetwo-way/2013/01/16/169528579/outsourced-employee-sends-own-job-to-china-surfs-webhttp://www.npr.org/blogs/thetwo-way/2013/01/16/169528579/outsourced-employee-sends-own-job-to-china-surfs-web -
7/23/2019 Ch 3 Contingency Planning
26/49
Incident esponse Plan (contd2)
Once an actual incident has been con3rmed and
properly classi3ed
I team moes from the detection phase to the reactionphase
' number of action steps must occur 9uic1ly and mayoccur concurrently
-
7/23/2019 Ch 3 Contingency Planning
27/49
Incident esponse Plan: 'ction Steps
*2 +oti3cation of 1ey personnel (alert roster)
2 'ssignment of tas1s
82 ,ocumentation of the incident
-
7/23/2019 Ch 3 Contingency Planning
28/49
Incident esponse Plan (contd2)
.he essential tas1 of I is to stop the incident or
contain its impact
Incident containment strategies focus on twotas1s:
-
7/23/2019 Ch 3 Contingency Planning
29/49
IP: Stopping the Incident
+ontainment strategies
Once contained and system control regained/ incident
recoery can begin
Incident damage assessment
'n incident may increase in scope or seerity to thepoint that the IP cannot ade9uately contain the incident
-
7/23/2019 Ch 3 Contingency Planning
30/49
IP: ecoery Process
Identify the ulnerabilities
'ddress the safeguards that failed
7aluate monitoring capabilities (if present)
estore the data from bac1ups as needed
estore the serices and processes in use
-ontinuously monitor the system
estore the con3dence of the members
-
7/23/2019 Ch 3 Contingency Planning
31/49
Incident esponse Plan (contd2)
4hen an incident iolates ciil or criminal law/ it is
the organi6ations responsibility to notify theproper authorities Inoling law enforcement has both adantages and
disadantages
-
7/23/2019 Ch 3 Contingency Planning
32/49
'rticle: Incident esponse S'+S Surey
-
7/23/2019 Ch 3 Contingency Planning
33/49
,isaster ecoery Plan
.he preparation for and recoery from a disaster/
whether natural or man made
In general/ an incident is a disaster when:
-
7/23/2019 Ch 3 Contingency Planning
34/49
,isaster ecoery Plan (contd2)
.he 1ey role of a ,P is de3ning how to reestablish
operations at the location where the organi6ation isusually located
-ommon ,P classi3cations:
+atural ,isasters Buman
-
7/23/2019 Ch 3 Contingency Planning
35/49
,isaster ecoery Plan (contd2)
-
7/23/2019 Ch 3 Contingency Planning
36/49
,isaster ecoery Plan (contd2)
,iscussion on ,isaster ecoery Myths
-
7/23/2019 Ch 3 Contingency Planning
37/49
,isaster ecoery Plan (contd2)
,iscussion on ,isaster ecoery -hec1list
-
7/23/2019 Ch 3 Contingency Planning
38/49
&usiness -ontinuity Plan
7nsures critical business functions can
continue in a disaster
'ctiated and executed concurrently with the,P when needed
elies on identi3cation of critical businessfunctions and the resources to support them
-
7/23/2019 Ch 3 Contingency Planning
39/49
&-P: Strategies
-ontinuity strategies
-
7/23/2019 Ch 3 Contingency Planning
40/49
&usiness -ontinuity Plan:Site Options
Bot Sites
4arm Sites
-old Sites
Other 'lternaties: .imeshares/ Serice &ureaus/Mutual 'greements
7x2 S' data centers lease < *"gig 7thernet lines
between M' and +-
-
7/23/2019 Ch 3 Contingency Planning
41/49
&usiness -ontinuity Plan (contd2)
.o get any &-P site running 9uic1ly organi6ation
must be able to recoer data
Options include:
-
7/23/2019 Ch 3 Contingency Planning
42/49
.iming and Se9uence of -P 7lements
Figure 3-4 Incident response and disaster recovery
ource: Course Technolog#/Cengage (earning
-
7/23/2019 Ch 3 Contingency Planning
43/49
.iming and Se9uence of &-P
ource: Course Technolog#/Cengage (earning
-
7/23/2019 Ch 3 Contingency Planning
44/49
.iming and Se9uence of -P 7lements
$anagement o% In%ormation ecurit#' 3r e.Figure 3-6 Contingency planning implementation timeline
ource: Course Technolog#/Cengage (earning
-
7/23/2019 Ch 3 Contingency Planning
45/49
&usiness esumption Planning
&ecause the ,P and &-P are closely related/
most organi6ations prepare them concurrently
-
7/23/2019 Ch 3 Contingency Planning
46/49
&usiness esumption Planning (contd2)
-omponents of a simple disaster recoery plan
+ame of agency ,ate of completion or update of the plan and test date
'gency sta> to be called in the eent of a disaster
7mergency serices to be called (if needed) in eent of adisaster
-
7/23/2019 Ch 3 Contingency Planning
47/49
&usiness esumption Planning (contd2)
-omponents of a simple disaster recoery plan
(contd2) @ocations of in
-
7/23/2019 Ch 3 Contingency Planning
48/49
.esting -ontingency Plans
Problems are identi3ed during testing
Improements can be made/ resulting in a reliable plan
-ontingency plan testing strategies
,es1 chec1
Structured wal1through
Simulation
Parallel testing
0ull interruption testing
-
7/23/2019 Ch 3 Contingency Planning
49/49
-ontingency Planning: 0inal .houghts
Iteration results in improement
' formal implementation of this methodology is aprocess 1nown as continuous processimproement (-PI)
7ach time the plan is rehearsed it should beimproed
-onstant ealuation and improement lead to animproed outcome