2 Prepare Disaster Recovery and Contingency Plan
2 Prepare Disaster Recovery and Contingency Plan
2 Prepare Disaster Recovery and Contingency Plan
1
Prepare Disaster Recovery
and Contingency Plan
2
Introduction
•Most businesses depend heavily on technology
and automated systems, and their disruption
for even a few days could cause severe financial
loss and threaten survival.
•The continued operations of an organization
depend on management’s awareness of
potential disasters
ability to develop a plan to minimize
disruptions of critical functions.
capability to recovery operations successfully.
3
•A disaster recovery plan is a comprehensive
statement of consistent actions to be taken
before, during and after a disaster.
4
Evaluate impact of system on business continuity
7
Risk Analysis Techniques
8
A business impact analysis: involves identifying the critical
business functions within the organization and determining the
impact of not performing the business function beyond the
maximum acceptable outage.
10
Cont..
The relative probability of a disaster occurring
should be determined.
Items to consider in determining the probability of
a specific disaster should include:-
1. geographic location
2. topography of the area
3. proximity to major sources of power
4. bodies of water and airports,
5. degree of accessibility to facilities within the organization
6. history of local utility companies in providing uninterrupted
services
7. history of the area’s susceptibility to natural threats, proximity
to major highways which transport hazardous waste and
combustible products.
11
Potential exposures may be classified as natural, technical, or human
threats. Examples include:
1. Natural Threats: flooding, fire, seismic activity, high winds, snow and
ice storms, volcanic eruption.
2. Technical Threats: power failure/fluctuation, heating, ventilation or air
conditioning failure, malfunction or failure of CPU, failure of system
software, failure of application software, telecommunications failure, gas
leaks, communications failure.
3. Human Threats: robbery, bomb threats, vandalism, terrorism, civil
disorder, chemical spill, war, biological contamination, radiation
contamination, hazardous waste, vehicle crash, computer crime.
12
Considerations in analyzing risk include:
15
10. Estimating potential losses for each business
function based on the financial and service impact,
and the length of time the organization can operate
without this business function.
The impact of a disaster related to a business
function depends on the type of outage that occurs
and the time that elapses before normal operations
can be resumed.
11. Determining the cost of contingency planning
16
Assessing business risk and threats on it
system
The objectives and events under consideration determine the
scope of the risk assessment to be undertaken. Examples of
frequently performed risk assessments include:
19
6. Fraud risk assessment. Evaluation of potential instances
20
8 Credit risk assessment. Evaluation of the potential that a
borrower or counterparty will fail to meet its obligations
in accordance with agreed terms.
21
10.Supply chain risk assessment. Evaluation of the risks
associated with identifying the inputs and logistics needed
to support the creation of products and services
22
12. Security risk assessment. Evaluation of potential violate in an
organization’s physical assets and information protection and security.
23
STEPS IN THE RISK MANAGEMENT PROCESS
• Risk assessments provide a basis for establishing appropriate
policies and selecting cost-effective Techniques to implement these
policies.
24
Risk management process typically
includes six steps. These steps are
4. Selecting alternatives,
25
Businesses have several alternatives for the management of risk, including
avoiding, assuming, reducing, or transferring the risks. Avoiding risks, or
loss prevention, involves taking steps to prevent a loss from occurring, via
such methods as employee safety training.
26
Five characteristics of a strong risk management programme
Risk management programs work best and companies reap the greatest possible
benefit from them when their goals, processes and results are shared with all the
company’s stakeholders.
The best risk management programs not only address all the risks to which modern
corporations are susceptible, they also consider how these various risks can affect
the company’s stakeholders and operations.
28
Basic Elements of the Risk Assessment Process
4. Estimating, for the most critical and sensitive assets and operations,
the potential losses or damage that could occur if a threat
materializes, including recovery costs.
30
Challenges Associated With Assessing Information Security Risks
31
3. although the cost of the hardware and software needed to strengthen
controls may be known, it is often not possible to precisely estimate the
related indirect costs, such as the possible loss of productivity that may
result when new controls are implemented; and
32
Strategies for dealing with risk
There are two main strategies for dealing with risk (apart from
ignoring it in the hope it will go away): prevent or recover.
Prevention
33
Recovery
Recovery procedures are put in place to ensure that the system can be
34
35
36
Cost of recovery and prevention options
37
The loss of critical systems can cost major organizations, such as
banks, large sums of money.
While a typical small business can still suffer a relatively large loss
in the case of critical system failure, it will probably not choose to
create a backup site because of the high cost.
38
Available options
• how critical the system is and how far the organization relies on it
• the existing procedures and controls used and how these may be
enhanced