Disaster and recover planning

profilepreethima96
MSTM5013_PPT_ch091.pptx
Home>Information Systems homework help>Disaster and recover planning

Principles of Incident Response and Disaster Recovery, 2nd Edition

Chapter 9

Disaster Recovery: Preparation and Implementation

1

Objectives

Describe the ways to classify disasters, by both speed of onset and source

Explain who should form the membership of the disaster recovery team

List the key functions of the disaster plan

Explain the key concepts included in the NIST approach to technical contingency planning

Principles of Incident Response and Disaster Recovery, 2nd Edition

2

2

Objectives (cont’d.)

List the elements of a sample disaster recovery plan

Describe the need for providing wide access to the planning documents while securing the sensitive content of the disaster recovery plans

Principles of Incident Response and Disaster Recovery, 2nd Edition

3

3

Introduction

Disaster recovery planning (DRP)

The preparation for and recovery from a disaster, whether natural or man-made

The continuity planning management team (CPMT)

Forms the DR team, then assists in the development of the DR plan

Key role of a DR plan

Defining how to reestablish operations at the location where the organization is usually located

Principles of Incident Response and Disaster Recovery, 2nd Edition

4

4

Disaster Classifications

Man-made disasters include:

Acts of terrorism, acts of war, and those acts of man that begin as incidents and escalate into disasters

Rapid-onset disasters

Those that occur suddenly, with little warning, taking the lives of people and destroying the means of production

Slow-onset disasters

Occur over time and slowly deteriorate the organization’s capacity to withstand their effects

Principles of Incident Response and Disaster Recovery, 2nd Edition

5

5

Principles of Incident Response and Disaster Recovery, 2nd Edition

6

6

Principles of Incident Response and Disaster Recovery, 2nd Edition

7

7

Forming the Disaster Recovery Team

The CPMT assembles a DR team

DR team

Responsible for planning for DR

Leads the DR process when the disaster is declared

Key considerations when developing the DR team

Its organization

The planning needed to identify essential documentation and equipment

Training and rehearsal

Principles of Incident Response and Disaster Recovery, 2nd Edition

8

8

Organization of the DR Team

The primary DR team includes representatives from:

Senior management

Corporate support

Facilities

Fire and safety

Maintenance staff

IT technical staff

IT managers

InfoSec technicians

InfoSec managers

Principles of Incident Response and Disaster Recovery, 2nd Edition

9

9

Organization of the DR Team (cont’d.)

Disaster management team

Responsible for all the planning and coordination activities

Communications team

Serves as the voice of the management, providing feedback to anyone desiring additional information

Computer recovery (hardware) team

Works closely with the hardware and applications teams to reestablish systems functions during recovery

Principles of Incident Response and Disaster Recovery, 2nd Edition

10

10

Organization of the DR Team (cont’d.)

Network recovery team

Works to determine the extent of damage to the network wiring and hardware

Storage recovery team

Works with the other teams to recover information and reestablish operations

Applications recovery team

Recovers applications and reintegrates users back into the systems

Principles of Incident Response and Disaster Recovery, 2nd Edition

11

11

Organization of the DR Team (cont’d.)

Vendor contact team

Works with suppliers and vendors to replace damaged or destroyed materials, equipment, or services

Damage assessment and salvage team

Provides initial assessments of the extent of damage to materials, inventory, equipment, and systems on-site

Business interface team

Works with the remainder of the organization to assist in the recovery of nontechnology functions

Principles of Incident Response and Disaster Recovery, 2nd Edition

12

12

Organization of the DR Team (cont’d.)

Logistics team

Consists of the individuals responsible for providing any needed supplies, space, materials, food, services, or facilities at the primary site

Other teams as needed

Focus on the reestablishment of key business functions as determined by the BIA

Principles of Incident Response and Disaster Recovery, 2nd Edition

13

13

Special Documentation and Equipment

Necessary equipment may include:

Data recovery software

Redundant hardware and components to rebuild damaged systems

Copies of building blueprints to direct recovery efforts

Key phone numbers

Alert roster first contacts

Fire and water damage specialists

Emergency supplies

Principles of Incident Response and Disaster Recovery, 2nd Edition

14

14

Disaster Recovery Planning Functions

The seven-step DRP process recommended by NIST

Develop the DR planning policy statement

Review the business impact analysis (BIA)

Identify preventive controls

Create DR contingency strategies

Develop the DR plan

Ensure DR plan testing, training, and exercises

Ensure DR plan maintenance

Principles of Incident Response and Disaster Recovery, 2nd Edition

15

15

Develop the DR Planning Policy Statement

The DR policy contains the following key elements

Purpose

Scope

Roles and responsibilities

Resource requirements

Training requirements

Exercise and testing schedules

Plan maintenance schedule

Special considerations

Principles of Incident Response and Disaster Recovery, 2nd Edition

16

16

Review the Business Impact Analysis

DR-centric review of the BIA

Only requires a review of the BIA that was developed by the CPMT

Ensures compatibility with DR-specific plans and operations

Principles of Incident Response and Disaster Recovery, 2nd Edition

17

17

Identify Preventive Controls

This is performed as part of the ongoing information security posture

Effective preventive controls

Implemented to safeguard online and physical information storage

The team should

Ensure that sufficient and secure off-site data storage is implemented, tested, and maintained

Principles of Incident Response and Disaster Recovery, 2nd Edition

18

18

Develop Recovery Strategies

The after the action actions must be thoroughly developed and tested

DR strategies

Must include the steps necessary to fully restore the organization to its operational status

One key aspect of the DR strategy

The enlistment and retention of qualified general contractors

Principles of Incident Response and Disaster Recovery, 2nd Edition

19

19

Develop the DR Plan Document

Disaster scenario

A description of the disasters that may befall an organization, along with information on their probability of occurrence

A brief description of the organization’s actions to prepare for that disaster

The best case, worst case, and most likely case outcomes of the disaster

Principles of Incident Response and Disaster Recovery, 2nd Edition

20

20

Develop the DR Plan Document (cont’d.)

During the disaster

The planners develop and document the procedures that must be performed during the disaster, if any

After the disaster

Once procedures for reacting to a disaster are drafted, the planners develop and document the procedures that must be performed immediately

Before the disaster

Planners draft a third set of procedures listing those tasks that must be performed to prepare for the disaster

Principles of Incident Response and Disaster Recovery, 2nd Edition

21

21

Develop the DR Plan Document (cont’d.)

Planning for actions taken during the disaster

DR usually begins with a trigger

Trigger: the point at which a management decision to react is made

Best way to plan for actions during a disaster is to develop disaster end cases

Determine what must be done to react to the disaster scenario

Once all signs of the disaster have ceased, the “actions during” phase is complete

Principles of Incident Response and Disaster Recovery, 2nd Edition

22

22

Develop the DR Plan Document (cont’d.)

Planning for actions taken after the disaster

During this phase, lost or damaged data is restored, systems are scrubbed of infection, and everything is restored to its previous state

Follow-on incidents are highly probable when infected machines are brought back online

Forensic analysis

The process of systematically examining information assets for evidentiary material that can provide insight into how an incident transpired

The DR team must conduct an AAR

Principles of Incident Response and Disaster Recovery, 2nd Edition

23

23

Develop the DR Plan Document (cont’d.)

Planning for actions taken before the disaster

“Before actions” include

Preventive measures to manage the risks associated with a particular attack

The actions taken to enhance the preparedness of the IR team

For DR and IR planning

When selecting an off-site storage location for data backups or stored equipment, extra care should be taken to minimize the risk at that storage location

Principles of Incident Response and Disaster Recovery, 2nd Edition

24

24

Plan Testing, Training, and Exercises

Testing the DR plan is an ongoing activity

Recent survey from Symantec

At least “82 percent of organizations test their DR plans either once a year or more frequently”

Once all the individual components of the DR plan have been drafted and tested

The final DR plan can be created, similar in format and appearance to the IR plan

Principles of Incident Response and Disaster Recovery, 2nd Edition

25

25

Plan Maintenance

The plan

Should be a dynamic document that is updated regularly to remain current with system enhancements

If the organization changes its size, location, or business focus

The DR management team should begin anew with the CP plan, and it should also reexamine the BIA

Principles of Incident Response and Disaster Recovery, 2nd Edition

26

26

Information Technology Contingency Planning Considerations

Commonly found systems in production or development settings

Client/server systems

Data communications systems

Mainframe systems

Principles of Incident Response and Disaster Recovery, 2nd Edition

27

27

Client/Server Systems

The client level includes:

Desktop, laptop, or netbook systems, tablets, as well as specialty devices, such as smartphones

Client/server systems contingency strategies must include

Backup media stored off-site or at an alternate site

Use of standardized hardware, software, and peripherals to enable backup and recovery

Documentation of all supported system configurations, with local copies of key vendor information

Principles of Incident Response and Disaster Recovery, 2nd Edition

28

28

Client/Server Systems (cont’d.)

Client/server systems contingency strategies must include (cont’d.)

Coordination with security policies and system security controls used in the organization

Reliance on the systems priority and key data needs as documented in the BIA

Processes that aggressively limit the placement of data on client systems, with any local data kept for the minimum possible time

Principles of Incident Response and Disaster Recovery, 2nd Edition

29

29

Client/Server Systems (cont’d.)

Client/server systems contingency strategies must include (cont’d.)

Sound procedures established to back up and periodically test restoration of local data

Automation of backup processes and proactive validation of the automated backup by repeatable processes

Coordination of all contingency solutions with the cyber IR plans and team operations

Principles of Incident Response and Disaster Recovery, 2nd Edition

30

30

Client/Server Systems (cont’d.)

Client/server systems contingency solutions

Encryption tools

Widely used to ensure the confidentiality and integrity of communication between clients and servers

Recovery will rely on complete planning, training, and rehearsals

Principles of Incident Response and Disaster Recovery, 2nd Edition

31

31

Data Communications Systems

Local area networks (LANs)

Used for an office or small campus, with segment distances measured in tens of meters

Each connection point is considered a node

Each system (client or server) is considered a host

Wide area networks (WANs)

A collection of nodes in which the segments are geographically dispersed

Principles of Incident Response and Disaster Recovery, 2nd Edition

32

32

Data Communications Systems (cont’d.)

Data communications contingency strategies rely on

Complete and current documentation of the telecommunications networks

Coordination with service-providing vendors,

Coordination with organizational security policies and controls

Implementation of redundancy in critical components to remove single points of failure

Principles of Incident Response and Disaster Recovery, 2nd Edition

33

33

Data Communications Systems (cont’d.)

Data communications contingency strategies rely on (cont’d)

Identification of remaining single points of failure as ongoing efforts to remove them progress

Monitoring of the networks to measure uptime and minimize downtime by providing early detection of failures

Integration of remote access and wireless LAN technology

Principles of Incident Response and Disaster Recovery, 2nd Edition

34

34

Mainframe Systems

Rely on centralization of key capabilities

When client/server systems interact with mainframes

The client is often programmed to emulate much simpler data terminals

The data processing and data storage functions are completed by the mainframe, with the client performing only data display functions

Principles of Incident Response and Disaster Recovery, 2nd Edition

35

35

Mainframe Systems (cont’d.)

Mainframe contingency strategies require:

Storage of backup media off-site

Documentation of all systems configurations to include details unique to specific vendor implementations

Coordination with network security policy and system security controls

Redundant system components

Coordination of all contingency solutions with the IR plans and team operations

Sequencing of replacement networking capabilities

Principles of Incident Response and Disaster Recovery, 2nd Edition

36

36

Principles of Incident Response and Disaster Recovery, 2nd Edition

37

37

Sample Disaster Recovery Plans

Principles of Incident Response and Disaster Recovery, 2nd Edition

38

38

Sample Disaster Recovery Plans (cont’d.)

Principles of Incident Response and Disaster Recovery, 2nd Edition

39

39

The Business Resumption Plan

DR and BC plans

Many organizations prepare them at the same time because they are related

Some combine them into a single planning document (business resumption plan) to reduce the effort and cost

Business resumption plan (BR plan)

Must support the immediate reestablishment of operations at an alternate site and eventual reestablishment of operations at the primary site

Principles of Incident Response and Disaster Recovery, 2nd Edition

40

40

The DR Plan

The planning process for the DR plan

Should be tied to, but distinct from, that for the IR plan

When the plan is completed

It needs to be stored and kept available in as many locations and formats as possible

Principles of Incident Response and Disaster Recovery, 2nd Edition

41

41

Summary

DR planning is the preparation for and recovery from a disaster

A DR plan can classify disasters as either natural or man-made

The CPMT assembles the DR team

The DR team consists of representatives from every major organizational unit

All members of the DR team should have multiple copies of the DR (and BC) plan

Principles of Incident Response and Disaster Recovery, 2nd Edition

42

42

Summary (cont’d.)

The first step in the effort to craft any contingency plan (CP) is the development of enabling policy or policies

The NIST planning process adapted for DR planning

The DR team begins with the development of the DR policy

Training in the use of the DR plan can be used to test its validity and effectiveness

Principles of Incident Response and Disaster Recovery, 2nd Edition

43

43