Microsoft PowerPoint - Auditoria Plan de Continuidad BCP DRP
Chapter 8 Bcp&Drp
Transcript of Chapter 8 Bcp&Drp
-
8/2/2019 Chapter 8 Bcp&Drp
1/22
Chapter 8: Business Continuity Planning & Disaster Recovery Planning
-
8/2/2019 Chapter 8 Bcp&Drp
2/22
Chapter 8: Business Continuity Planning & Disaster Recovery Planning
-
8/2/2019 Chapter 8 Bcp&Drp
3/22
Chapter 8: Business Continuity Planning & Disaster Recovery Planning
-
8/2/2019 Chapter 8 Bcp&Drp
4/22
Chapter 8: Business Continuity Planning & Disaster Recovery Planning
-
8/2/2019 Chapter 8 Bcp&Drp
5/22
Chapter 8: Business Continuity Planning & Disaster Recovery Planning
-
8/2/2019 Chapter 8 Bcp&Drp
6/22
Chapter 8: Business Continuity Planning & Disaster Recovery Planning
-
8/2/2019 Chapter 8 Bcp&Drp
7/22
Chapter 8: Business Continuity Planning & Disaster Recovery Planning
Business Impact Analysis:
-
8/2/2019 Chapter 8 Bcp&Drp
8/22
Chapter 8: Business Continuity Planning & Disaster Recovery Planning
Three steps are typically involved in accomplishing the BIA:
1. Determine mission/business processes and recovery criticality. Mission/Business processessupported by the system are identified and the impact of a system disruption to those processes isdetermined along with outage impacts and estimated downtime. The downtime should reflect the
maximum time that an organization can tolerate while still maintaining the mission.
2.Identify resource requirements. Realistic recovery efforts require a thorough evaluation of the
resources required to resume mission/business processes and related interdependencies as quickly aspossible. Examples of resources that should be identified include facilities, personnel, equipment,software, data files, system components, and vital records.
3.Identify recovery priorities for system resources. Based upon the results from the previous activities,
system resources can be linked more clearly to critical mission/business processes and functions. Prioritylevels can be established for sequencing recovery activities and resources.
BIA Critical Resource Example
Time and attendance reporting may require use of a local area network (LAN) server, wide area network (WAN)
access, e-mail, and an e-mail server
-
8/2/2019 Chapter 8 Bcp&Drp
9/22
Chapter 8: Business Continuity Planning & Disaster Recovery PlanningBIA Resource Impact Example
LAN disruption to the time and attendance reporting system for 8 hours may create a delay in time sheet processing.
BIA Recovery Time Objective Example
The LAN server must be recovered within 8 hours to avoid a delay in time sheet processing.
-
8/2/2019 Chapter 8 Bcp&Drp
10/22
Chapter 8: Business Continuity Planning & Disaster Recovery Planning
Cold Sites. Cold sites are locations that have the basic infrastructure and environmental controls available
(such as electrical and HVAC), but no equipment or telecommunications established or in place. There is
sufficient room to house needed equipment to sustain a systems critical functions. Examples of cold sites
include unused areas of a data center and unused office space (if specialized data center environments arenot required). Cold sites are normally the least expensive alternate processing site solution, as the primary
costs are only the lease or maintenance of the required square footage for recovery purposes. However,
the recovery time is the longest, as all system equipment (including telecommunications) will need to be
acquired or purchased, installed, tested, and have backup software and data loaded and tested before the
system can be operational. Depending on the size and complexity of a system, recovery could take several
days to weeks to complete.
-
8/2/2019 Chapter 8 Bcp&Drp
11/22
Chapter 8: Business Continuity Planning & Disaster Recovery Planning
Warm Sites. Warm sites are locations that have the basic infrastructure of cold sites, but also havesufficient computer and telecommunications equipment installed and available to operate the system at
the site. However, the equipment is not loaded with the software or data required to operate the system.
Warm sites should have backup media readers that are compatible with the systems backup strategy.Warm sites may not have equipment to run all systems or all components of a system, but rather only
enough to operate critical mission/business processes. An example of a warm site is a test or developmentsite that is geographically separate from the production system. Equipment may be in place to operate the
system, but would require reverting to the current production level of the software, loading the data from
backup media, and establishing communications to users. Another example is available equipment at an
alternate facility that is running noncritical systems and that could be transitioned to run a critical system
during a contingency event. A warm site is more expensive than a cold site, as equipment is purchased
and maintained at the warm site, with telecommunications in place. Some costs may be offset by using
equipment for noncritical functions or for testing. Recovery to a warm site can take several hours
Hot Sites. Hot sites are locations with fully operational equipment and capacity to quickly take oversystem operations after loss of the primary system facility. A hot site has sufficient equipment and themost current version of production software installed, and adequate storage for the production system
data. Hot sites should have the most recent version of backed-up data loaded, requiring only updating
with data since the last backup. In many cases, hot site data and databases are updated concurrently with
or soon after the primary data and databases are updated. Hot sites also need a way to quickly move
system users connectivity from the primary site. One example of a hot site is two identical systems atalternate locations that are in production, serving different geographical locations or load balancing
production workload. Each location is built to handle the full workload, and data is continuously
synchronized between the systems. This is the most expensive option, requiring full operation of a system
at an alternate location and all telecommunications capacity, with the ability to maintain or quickly update
the operational data and databases. Hot sites also require having operational support nearly equal to the
production The ISCP Coordinator should look at information provided in the BIA to determine whatcritical mission/business processes a system supports, the MTD, and the impact loss of the system
would have on the business to establish what type of recovery site is needed. An information system
recovery strategy may incorporate one or more of these types of alternate processing facilities. For
example, some functionality of a system may be highly critical and require a hot site to minimize the
downtime and impact on mission/business processes. However, other functionality of the same system,
such as a reporting or batch printing process, may be able to be down for several days with little impact
-
8/2/2019 Chapter 8 Bcp&Drp
12/22
Chapter 8: Business Continuity Planning & Disaster Recovery Planningand would just need extra space in the alternate facility to place additional equipment after it is
purchased.
-
8/2/2019 Chapter 8 Bcp&Drp
13/22
Chapter 8: Business Continuity Planning & Disaster Recovery Planning
-
8/2/2019 Chapter 8 Bcp&Drp
14/22
Chapter 8: Business Continuity Planning & Disaster Recovery Planning
-
8/2/2019 Chapter 8 Bcp&Drp
15/22
Chapter 8: Business Continuity Planning & Disaster Recovery Planning
-
8/2/2019 Chapter 8 Bcp&Drp
16/22
Chapter 8: Business Continuity Planning & Disaster Recovery Planning
-
8/2/2019 Chapter 8 Bcp&Drp
17/22
Chapter 8: Business Continuity Planning & Disaster Recovery Planning
-
8/2/2019 Chapter 8 Bcp&Drp
18/22
Chapter 8: Business Continuity Planning & Disaster Recovery Planning
-
8/2/2019 Chapter 8 Bcp&Drp
19/22
Chapter 8: Business Continuity Planning & Disaster Recovery Planning
-
8/2/2019 Chapter 8 Bcp&Drp
20/22
Chapter 8: Business Continuity Planning & Disaster Recovery Planning
-
8/2/2019 Chapter 8 Bcp&Drp
21/22
Chapter 8: Business Continuity Planning & Disaster Recovery Planning
-
8/2/2019 Chapter 8 Bcp&Drp
22/22
Chapter 8: Business Continuity Planning & Disaster Recovery Planning