Chapter 16 Presented By: Stephen Lambert Disaster Recovery and Business Continuity.
23
Chapter 16 Chapter 16 Presented By: Presented By: Stephen Lambert Stephen Lambert Disaster Recovery and Disaster Recovery and Business Continuity Business Continuity
-
Upload
godwin-johns -
Category
Documents
-
view
216 -
download
0
Transcript of Chapter 16 Presented By: Stephen Lambert Disaster Recovery and Business Continuity.
Chapter 16Chapter 16
Presented By:Presented By:Stephen LambertStephen Lambert
Disaster Recovery and Business Disaster Recovery and Business ContinuityContinuity
Business Continuity
Purpose: To develop a solid disaster recovery plan that will allow the business to continue through what ever catastrophic event that may occur.
Redundancy
Disaster Recovery Plan
A disaster recovery plan defines the resources, actions, and data required to reinstate critical business processes that have been damaged or disabled because of a disaster.
5 Potential Threats or Disasters
• Human induced accidents
• Natural
• Internal
• Armed conflict
• External
An effective Disaster Recovery Plan should include:
1. A list of the covered disasters.
Disaster Recovery Plan cont…
2. A list of the disaster recovery team members for each type of situation and their contact information.
Team Members
• Senior Management
• Information Technology Department
• Facilities Management
• User Community3. Business Impact Assessment
4. Business Resumption and Continuity Plan
5. Backup Documentation
6. Restore Documentation
Data Backups
All mission-critical data is critical to allow personnel to restore files and application software and continue business.
Key Issues of Backup Strategy:
• How often should the backups be run?
• What is the backup medium?
• What time of day should the backups be run?
• Are the backups manual or automated?
• How are backups verified?
• How long are backups stored?
• Where are backups stored?
• Who is responsible for backups?
• Who is the fallback person responsible for backups?
Security Policy
Acceptable Use Policy – policies that are concerned with the use of computer equipment and network resources for personal use or use that is not benefiting the company.
Privacy – protect customer and supplier data
Separation of Duties – effectively distribute tasks throughout the IT organization and document processes thoroughly.
Password Management – attributes: minimum length, allowed character set, disallowed strings (all numbers, dictionary words, variations of the username or ID), and the duration of use of the password.
Service Level Agreements – is a contractual understanding between and ASP and the end user which binds the ASP to a specified and documented level of service.
Disposal and Destruction
Human Resources Policy
Employee Hiring – Hiring of personnel for computer network or security functions require verifying the candidate’s background, including reference checks, previous employers, criminal background checks, and relevant educational background.
Employee Termination -- protect against disgruntled employees
Code of Ethics – the code should demand that employees act honestly, responsibly, and legally to protect the organization.
Incident Response Policy -- covers how to deal with a security incident after it has already transpired.
Six Distinct Steps:
• Preparation• Detection• Containment• Eradication• Recovery• Follow Up
Human Resources Policy cont…
http://www.webseminarslive.com/article2/0,2290,1553527,00.asp
