版权说明:本文档由用户提供并上传,收益归属内容提供方,若内容存在侵权,请进行举报或认领
文档简介
BusinessContinuityand
DisasterRecovery:
CriticalMeasuresforBusinessSurvivalAllanCarey
ProgramManager
InformationSecurityServicesAgendaSeptember11thEffectDefiningBCandDRTheImportanceofSecurityConclusionsPre-September11EconomyentersintorecessionSomecompanieshavebusinesscontinuityplans,ontheshelfPlanswereinsufficientInitiativesdrivenwitha“bottomsup”approachTheSeptember11thEffectTheSeptember11thEffectTerroristattackscausemorethan$50billionininfrastructuredamageDramaticallyraisedawarenessPhysicalandcybersecurityBusinessleaderscloselyexamininginternalsecurity,continuity,andrecoveryplans90%ofCEOshavereviewedDRplans*Manydiscoverinadequateinvestments*Source:BoozAllenHamiltonsurvey,Jan.23,2002*Source:APorReutersPost-September11EconomicrecessionexacerbatedBCPservicesgainingmomentuminthemarketplaceSecurityservicesfirmscontinueportfoliobuildouttoincludeBCPandincidentreadinessDevelopmentforNationalStrategytoSecureCyberspaceunderwayInformationSecuritySpendingPlans2002vs.2001N=320AgendaSeptember11thEffectDefiningBCandDRTheImportanceofSecurityConclusionsTypesofContingencyPlans/publications/drafts/ITcontingency-planning-guideline.pdfPlanPurposeScopeBusinessContinuityPlan(BCP)ProvideproceduresforsustainingessentialbusinessoperationswhilerecoveringfromasignificantdisruptionAddressesbusinessprocesses;ITaddressedonlyinthecontextofsupportingbusinessprocessBusinessRecovery(orResumption)Plan(BRP)ProvideproceduresforrecoveringbusinessoperationsimmediatelyfollowingadisasterAddressesbusinessprocesses;notIT-focusedContinuityofOperationsPlanEstablishproceduresandcapabilitiestosustainanorganization’sessential,strategicfunctionsatanalternatesiteforupto30daysAddressessubsetofanorganization’smissionsdeemedcritical;notIT-focusedContinuityofSupportPlanEstablishproceduresandcapabilitiesforrecoveringamajorapplicationorgeneralsupportsystemSimilartoITcontingencyplan;addressesITsystemdisruption;notbusinessprocessfocusedDisasterRecoveryPlan(DRP)ProvidedetailedprocedurestofacilitaterecoveryofcapabilitiesatanalternatesiteOftenIT-focused;limitedtomajordisruptionswithlong-termeffectsIncidentResponsePlanDefinestrategiestodetect,respondto,andlimitconsequencesofmaliciouscyberincidentFocusesoninformationsecurityresponsestoincidentsaffectingsystemsand/ornetworksOccupantEmergencyPlanProvidecoordinatedproceduresforminimizinglossoflifeorinjuryandprotectingpropertydamageinresponsetoaphysicalthreatFocusesonpersonnelandpropertyparticulartothespecificfacility;notbusiness-orIT-focusedWhatisBusinessContinuity? Businesscontinuitydescribestheprocessesandproceduresanorganizationputsinplacetoensurethatessentialfunctionscancontinueduringandafteradisaster.Businesscontinuanceplanningseekstopreventinterruptionofmission-criticalservices,andtoreestablishfullfunctioningasswiftlyandsmoothlyaspossible.WhatisBusinessContinuity?Simplyput,it’sthemeansofkeepinganorganizationupandrunning24x7despiteanyexpectedorunexpecteddisruption.Mayinvolvehighlyavailable,“alwayson”infrastructuresthatmaketraditionalrecoveryobsoleteMayinvolvetraditionaldisasterrecoveryservices,I.e.hot/coldsite,databackup,mobilerecovery,contingencyplanning(reactiveapproach)ORMayinvolvesecurityservices(proactiveapproach)SECURITYRECOVERYHighAvailabilityContinuityServicesWhatisDisasterRecovery? Disasterrecoverydescribeshowanorganizationistodealwithpotentialdisasters.Adisasterrecoveryplan(DRP)consistsoftheprecautionstakensothattheeffectsofadisasterwillbeminimized,andtheorganizationwillbeabletoeithermaintainorquicklyresumemission-criticalfunctions.WhatisDisasterRecovery?It’sacrucialcomponentofbusinesscontinuitythataddressesmoreoftheITfunctionsnecessarytoresumebusinessoperationsduetoanexpectedorunexpecteddisruption.Mayinvolvehighlyavailable,redundantinfrastructuresi.e.,hot/coldsite,bandwidthcapacity,scalablenetworkMayinvolvetraditionaldatabackupservices,i.e.,datareplication,offsitedatabackupstorage,mobilerecovery,(reactiveapproach)Mayinvolvesecurityservices(proactiveapproach)SECURITYDATABACKUPHighAvailabilityRecoveryServices7-StepProcessReview/refreshordevelopsecurity,disasterrecovery,andBCplansDevelopcontingencyplanningpolicyConductbusinessimpactanalysis(BIA)IdentifypreventativecontrolsDeveloprecoverystrategiesDevelopcontingencyplanPlantesting,trainingandsimulationsMaintaintheplanSource:NISTAgendaSeptember11thEffectDefiningBCandDRTheImportanceofSecurityConclusionsSilosofSecuritySecurityoftenresidesinmanydifferentdepartmentsLackofcommunicationandcoordinationDelayedresponseProlongedrecoverycycleManagementFacilitiesITDepartmentEnterprisePublicRelationsHumanResourcesFinancePost-911AssessmentNotjustaGovernmentproblemUScorporationsrepresentthemostvulnerableCurrentGovernmentspendingmainlyfocusedonphysicalsecurity(i.e.,gates,guns,guards,&dogs)NosignificantGovernmentspendingonITsecurityuntillate2003/2004ConvergenceofphysicalandITsecurityin2005and2006TheNeedforSecurityandBCPlanningEnterprise-widesecurityandBCstrategyMorecommunicationandcoordinationacrossbusinessunitsImprovedresponseandbetteraccountabilityManagementFacilitiesITDepartmentEnterpriseSecurityPublicRelationsHumanResourcesFinanceCross-functionalSecurityandBCProgramEnterpriseRiskManagementPhysicalSecuritySurveillanceBiometricsTokensGuardsAuthorizationAdministrationInfrastructureSecurityFWandVPN3AsIDnASecureContentAssessDesignDeployManageMonitorRespondDRandBCPStorageServersLoadbalancingHighAvailabilityRedundancyRecoverySupplyChainEve
温馨提示
- 1. 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。图纸软件为CAD,CAXA,PROE,UG,SolidWorks等.压缩文件请下载最新的WinRAR软件解压。
- 2. 本站的文档不包含任何第三方提供的附件图纸等,如果需要附件,请联系上传者。文件的所有权益归上传用户所有。
- 3. 本站RAR压缩包中若带图纸,网页内容里面会有图纸预览,若没有图纸预览就没有图纸。
- 4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
- 5. 人人文库网仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对用户上传分享的文档内容本身不做任何修改或编辑,并不能对任何下载内容负责。
- 6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
- 7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。
最新文档
- 2024-2029年电玩行业市场现状供需分析及重点企业投资评估规划分析研究报告
- 2024-2029年电影翻译行业市场现状供需分析及市场深度研究发展前景及规划投资研究报告
- 2024-2029年电商物流行业深度调研及竞争格局与投资价值研究报告
- 2024-2029年电动机保护断路器行业市场现状供需分析及重点企业投资评估规划分析研究报告
- 2024-2029年电力电缆和母线槽行业市场现状供需分析及重点企业投资评估规划分析研究报告
- 2024-2029年甲基溴后马托品行业市场现状供需分析及市场深度研究发展前景及规划投资研究报告
- 2024-2029年甚小孔径终端行业市场现状供需分析及重点企业投资评估规划分析研究报告
- 2024-2029年特种油墨行业市场现状供需分析及重点企业投资评估规划分析研究报告
- 2024-2029年物流拣选机器人行业市场现状供需分析及市场深度研究发展前景及规划投资研究报告
- 2024-2029年牙科灯泡行业市场现状供需分析及重点企业投资评估规划分析研究报告
- 企业安全防汛知识培训
- 【中药学】化痰止咳平喘药
- 医院消防安全培训ppt完整版
- 《树立自信心》课件
- 供电局消防培训课件
- 电厂防暑降温知识讲座
- 国开2023秋《政-府-经-济-学》形考任务二参考答案
- 精细化抹灰操作方案
- 品牌标识系统化方案
- 全军性财务管理制度
- 2022年江苏苏州中考数学试题【含答案】
评论
0/150
提交评论