...436_XSS_FM.qxd 4/20/07 1:18 PM Page ii 443_Disaster_Rec_FM.qxd 5/25/07 3:07 PM Page i Visit us at w w w. s y n g r e s s . c o m Syngress is committed to publishing high-quality books for IT Professionals and delivering those books in media and formats that fit the demands of our customers. We are also committed to extending the utility of the book you purchase via additional materials available from our Web site. SOLUTIONS WEB SITE To register your book, visit www.syngress.com/solutions. Once registered, you can access our solutions@syngress.com Web pages. There you may find an assortment of valueadded features such as free e-books related to the topic of this book, URLs of related Web sites, FAQs from the book, corrections, and any updates from the author(s). ULTIMATE CDs Our Ultimate CD product line offers our readers budget-conscious compilations of some of our best-selling backlist titles in Adobe PDF form. These CDs are the perfect way to extend your reference library on key topics pertaining to your area of expertise, including Cisco Engineering, Microsoft Windows System Administration, CyberCrime Investigation, Open Source Security, and Firewall Configuration, to name a few. DOWNLOADABLE E-BOOKS For readers who can’t wait for hard copy, we offer most of our titles in downloadable Adobe PDF form. These e-books are often available weeks before hard copies, and are priced affordably. SYNGRESS OUTLET Our outlet store at syngress...
Words: 189146 - Pages: 757
...and Contrast various Business Continuity & Disaster Recovery Planning models. Information is a vital resource to modern companies. The loss of that information can throw a company into chaos and even be the end of it. For these reasons, businesses go to great lengths to ensure that the information they store and rely on will always be safe and available. Unfortunately despite these best efforts, disaster can still strike and the few hours of days after such an event may be crucial to the long term survival of the company. This is why businesses must be able to recover quickly from natural and man-made disasters. Business Continuity & Disaster Recovery covers how companies should act in the hours and days after a disruptive event. “What is Business Continuity and Disaster Recovery” describes disaster recovery as “...specific steps taken to resume operations in the aftermath of a catastrophic natural disaster or national emergency.” They go to give examples of such steps to include restoring servers and data connections, egress, employee muster, etc. Business Continuity is described as a the steps a company takes to ensure its information systems don't go down during a disaster (What is Business Continuity and Disaster Recovery). This may include the location of hot or cold sites as well as procedures for relocating to them. Disaster Recovery plans may also focus on preventive measures such as smoke alarms and fire drills (Smith, C., n.d.). Business recovery plans may cover...
Words: 399 - Pages: 2
...The Cost of Business Continuity Planning Versus the Potential of Risk Though the cost of mitigating risk can be high, the lack of proper business continuity planning and disaster recovery planning will leave a company is at risk of a catastrophic loss of revenue due to the loss of the Information Systems. Any company that relies on its Information Systems for their operations should invest the time and revenue in developing an efficient and effective Business Continuity Plan (BCP) and a Disaster Recovery Plan (DRP). This study will compare the differences in what a Business Continuity Plan is used for and what a Disaster Recovery Plan is used for. Additionally, it will evaluate the risk having a Business Continuity Plan and Disaster Recovery Plan versus accepting the potential loss of revenue and business in the event of a disaster. It is important to any company that uses it Information Systems to generate revenue. If a company is effected by a disaster, the longer a company takes to respond to the emergency and recover its resources, the more time it will take the company to get back to normal operations (Harris, 2013, p. 887). As history has shown, our world has and will continue to experience many destructive events such as, floods, earthquakes, terrorism, hurricanes, and many other catastrophic events that could cripple a company that is not prepared. Disasters are uncontrollable and over time, every organization will have to deal with the fallout of a disaster. Three of...
Words: 2924 - Pages: 12
...Business Continuity Planning There are a few different definitions of Business Continuity Planning. Business Continuity refers to the activities required to keep your organization running during a period of displacement or interruption of normal operation. Business continuity plan is a collection of procedures and information which is developed, compiled and maintained in readiness for use in the event of an emergency or disaster. Whatever the definition, every business needs to have a continuity plan in case something happens to their data and information. A business continuity plan is different to a Disaster Recovery plan in that a disaster recovery plan is enacted after the disaster has happened. “A typical Business continuity plan includes: * Plans, measures and arrangements to ensure the continuous delivery of critical services and products, which permits the organization to recover its facility, data and assets. * Identification of necessary resources to support business continuity, including personnel, information, equipment, financial allocations, legal counsel, infrastructure protection and accommodations.”1 Business continuity planning needs to cover the company during a disruption in service from a disaster. The plan should cover all of the following such events: a. Equipment malfunction b. Disruption of power c. Application failure or corruption of the database d. Human error, sabotage or strike e. Malicious software f. Hacking ...
Words: 678 - Pages: 3
...Abstract Businesses, both large multinational and small to medium, should take the threats and risks they could face seriously. Security Risk Management (SRM), Business Continuity Management (BCM) and Emergency Planning (EP) assist in achieving this by putting in place effective risk identification and management measures. Effective management of risk can make the difference between success or failure of business operations during and after difficult events. Threats can include man made threats, such as terrorist attacks, or naturally occurring threats such as earthquakes. Effective risk identification and management is essential to any business, especially with the current uncertainty in the world’s economic climate. In order for businesses to survive, during times of increased strain on business operations, it is essential that an alignment between security and business operations can be achieved. This can be achieved by the security department not only widening the remit to cover more risks, but changing how the department works and relates to the rest of the business; including shared responsibility for things such as Corporate Governance, Information Assurance, Business Continuity, Reputation Management and Crisis Management. The problem is security departments now have more responsibilities in an increasingly complex and fast moving world. Security Risk management is no longer an activity just for companies who work in high-risk areas or with exposure to significant...
Words: 5764 - Pages: 24
...restoration of business ops if significant disruptions occur BCP and DRP BIA stands for Business Impact Analysis MTD stands for Maximum Tolerable Downtime first step in building BC program Project initiation and management activites of project initiation and mgmt 1) obtain senior mgmt support 2) define a project scope, the objectives, to be achieved and planning assumptions 3) estimate the project resources needed (human and financial) 4) Define a timeline and major deliverables Senior leadership's two major goals 1) Grow the business 2) Protect the brand What are the risk to a corporation for not having BC/DRP? 1) Financial 2) Reputational 3) Regulatory Formula for calculating financial risk P * M = C P: Probability of harm M: Magnitude of harm C: Cost of prevention Prudent man rule exercise the same care in managing the company affairs as in managing one's own affairs 1. Which of the following is considered the most important component of the enterprisewide continuity planning program? c. Executive management support 2. During the threat analysis phase of the continuity planning methodology, which of the following threats should be addressed? a. Physical security b. Environmental security c. Information security d. All of the above d. All of the above 3. The major objective of the business impact assessment process is to: a. Prioritize time-critical business processes b. Determine the most appropriate recovery time objective for business processes c...
Words: 2067 - Pages: 9
...Continuity planning, defined by the Department of Homeland Security (DHS) (2012), is the effort of organizations, primarily based in the public sector, to continue essential functions and operations before, during, and after disasters (DHS 2012). These disasters could be natural, man-made, or technological and could last a short or long period of time. The public sector manifest the continuity of operations standard based in the Homeland Security Presidential Directive 20, which directs the federal executive branch and its agencies to establish and maintain the most important functions, or mission essential functions (MEFs), within a 12-hour standard after the activation of the COOP or continuity of operations plan (DHS 2012). The plan is...
Words: 448 - Pages: 2
...University Continuity Planning Overview CIS-359: Disaster Recovery Management October 29, 2015 Introduction: This paper will briefly expound upon the lead position or manager’s role, of a healthcare company. It will provide a list of responsibilities a business continuity manager is expected to perform, how to build the framework for, and execute a business continuity plan, and also display a chart that pertains to giving a BCP presentation. Explain four high-level activities that aid in the initiation of a viable, business continuity plan. The role of an experienced business continuity manager in a healthcare business must identify and implement all of aspects of the business’, business continuity plan or BCP. To remain in accordance with the BCP, in preparation for disaster, from the start date, while it is in ongoing stages, and also afterward. Business continuity managers, work directly and strategically with the in-house BCM (Business Continuity Management) division, the business owner, and also the BCM’s, guidance and/or steering committee. They are expected to supervise, utilize paramount communication skills, monitoring the efficiency and progress of those team members and/or subordinates, who report directly to the, business continuity manager. In a healthcare environment, an efficient and thorough business continuity leader, structures accountability framework, by working close-knit with the business’ IT department, existing business managers...
Words: 1125 - Pages: 5
...Business Continuity Planning – Proactive and Reactive Business Continuity is managing and establishing plans that will help the organization to stand up again on its feet to continue its business. As we had learned in the class Business Continuity is the process of ensuring continuance of a business if a disruption occurs. This planning is like an immunological fort and a preventive shield which means a focus on the prevention of unplanned events, rather than just the cure. This has meant that disaster recovery has now become a subset of the whole process that covers the whole lifecycle of disaster prevention and recovery. Nowadays we need business continuity planning more than before. Within few years most news headlines capture many kind of catastrophes suck as bombs, fires, floods, and tornadoes. Most of time these catastrophes are not predictable such as the events of 9/11 that had affect many organizations not just the World Trade Center. So when I have a good complete preventive plan I can make sure of the continuity of the business after a disaster recovery. In a recent research it has mentioned on average 20 % of all organizations will experience some form of unplanned event once every five years but there is still the need to think about how to cope with the more mundane events, such as power cuts or transport problems. When a crisis or a disaster occur the first thing that often will be affected is the effective communication and the internet. Therefore it...
Words: 786 - Pages: 4
...research on business continuity planning (BCP). 2. In 600 words, write a APAv6 formatted paper which discusses the following: ◦ What does this term mean? ◦ What practices or procedures does it include? ◦ Why should IT personnel be concerned with business continuity planning? Business Continuity Plan Before businesses were involved in contingency management, disaster recovery and contingency planning were predominantly IT driven responses to the increased attacks of Mother nature and terrorist events in the late 80s and early 90s (Tangen & Austin, 2012). It became apparent to business owners the link between events and profit loss which led to the establishment of business led processes. These processes were developed and planned to address the types of threats that could occur and affect business operations. The discipline became known as business continuity management (BCM). Business continuity management is about identifying and understanding the risks to the everyday running of a business and planning how business will be maintained if an incident actually happens (Business Bolton, n.d.). When a business is disrupted, it suffers financially. A business continuity plan (BCP) is a collection of procedures and information which is developed, compiled and maintained in prep for use in the event of an emergency or disaster. of any kind. Types of incidents identified addresses IT system crashes along with , natural disasters and supply...
Words: 947 - Pages: 4
...Chapter 3 Planning for Contingencies Chapter Overview The third chapter of the book will articulate the need for contingency planning and explore the major components of contingency planning. In this chapter, the reader will learn how to create a simple set of contingency plans using business impact analysis and prepare and execute a test of contingency plans. Chapter Objectives When you complete this chapter, you will be able to: • Understand the need for contingency planning • Know the major components of contingency planning • Create a simple set of contingency plans, using business impact analysis • Prepare and execute a test of contingency plans • Understand the unified contingency plan approach Introduction This chapter focuses on planning for the unexpected event, when the use of technology is disrupted and business operations come close to a standstill. “Procedures are required that will permit the organization to continue essential functions if information technology support is interrupted.” On average, over 40% of businesses that don't have a disaster plan go out of business after a major loss. What Is Contingency Planning? The overall planning for unexpected events is called contingency planning (CP). CP is the process by which organizational planners position their organizations to prepare for, detect, react to, and recover from events that threaten the security of information resources and assets, both human and...
Words: 3573 - Pages: 15
...– aSSESSmENt WORKSHEEt Perform Business Continuity Implementation Planning Course Name and Number: Student Name: Instructor Name: lab due date: 6 Perform Business Continuity Implementation Planning Overview In this lab, you were asked to begin the business continuity planning process for an e-commerce company, Online Goodies. You reviewed the key business functions and a prioritized list of impacted IT systems, applications, and data provided by your supervisor. You also compared the components of the major documentation required by the business continuity planning process: risk analysis, business impact analysis, business continuity plan, disaster recovery plan, and the business continuity implementation plan. Lab Assessment Questions & Answers 1. What is the difference between a risk analysis (RA) and a business impact analysis (BIA)? Risk analysis is often identifying the potential threats and the associated vulnerabilities to the organizations .Risk analysis doesn’t view the organization from the mission critical Business Process point of view. BIA the organization from the impact that is going to occur for an organization if the critical business processes are interrupted or tampered 2. What is the difference between a disaster recovery plan (DRP) and a business continuity plan (BCP)? Disaster recovery plan is have a full access to recover any lost data or essentials after a disaster while the business continuity is having what ever bare bones essentials...
Words: 681 - Pages: 3
...Effects of a Business Continuity Plan on Information Systems Ronald E. Stamm Jr. ISYS 204 Professor Choi October 6th, 2011 Abstract Since the dawn of the new millennium, as more and more companies are becoming more technologically savvy, they have been coming to the realization that there is a need to protect that data somehow. These companies seek out IT professionals who help them create Business Continuity Plans. These Business Continuity Plans help companies better safeguard and effectively retain their essential data in the case of a catastrophic failure of their network infrastructure. In this essay, I will be discussing the different intricacies of a Business Continuity Plan and how to effectively build one to suit the needs of the individual company. The Effects of a Business Continuity Plan on Information System A frog if put in cold water will not bestir itself if that water is heated up slowly and gradually and will in the end let itself be boiled alive, too comfortable with continuity to realize that continuous change at some point may become intolerable and demand a change in behavior. (Handy, 1990) There have been so many companies over the years that have failed due to lack of a proper Business Continuity Plan. Taking the time and utilizing the correct resources to create a Business Continuity Plan can easily counteract this. In this essay, I will provide an example of a few companies who did not have proper Business Continuity Plans and how...
Words: 3859 - Pages: 16
...Pranay Bhardwaj Disaster Recovery Planning Introduction Hurricane Sandy is regarded as one of the most devastating natural disasters to strike the city of New York. People have different recollections of that time period, with some who recall the catastrophic damage done to their home, while others remember the 4 hours of wait just to fill up their cars with gas. For financial institutions, such as Citi bank, it was a time for the management team to pat themselves on the back and breathe a sigh of relief for being able to secure important data centers and keep bank operations running. All this was a result of successful implementation of Citi’s “Disaster Recovery Plan”. What is a Disaster Recovery Plan? Just like the disaster discussed above, every week, month, and year, companies are exposed to risks of potential disasters that can affect the continuation of vital business processes. When critical processes and applications are lost, the company can incur damages ranging anywhere from $5,000- $5,000,000 per minute, depending on the size and function of the company. Some companies never recover from the excessive damage they incur during the time of the disaster, and may be forced out of business. To avoid such a situation, companies, particularly banking institutions, are heavily encouraged to have a disaster recovery plan in place. A disaster recovery plan is a powerful tool that allows companies to shield itself from any calamity that occurs, be it natural...
Words: 2454 - Pages: 10
...LAB 6 What is the difference between a risk analysis (RA) and a business impact analysis (BIA)? Risk analysis is a technique to identify and assess factors that may jeopardize the success of a project or achieving a goal. Business continuity planning "identifies an organization's exposure to internal and external threats and synthesizes hard and soft assets to provide effective prevention and recovery for the organization, while maintaining competitive advantage and value system integrity”. In addition to some disagreement among business continuity professionals regarding the BIA and risk assessment definitions and outcomes, disagreement also exists regarding the order of execution: whether it is best to perform the risk assessment before, during, or after the BIA. While many professionals argue that it is best to perform the risk assessment before the BIA to establish the risk landscape in which the organization operates, Evaluation argues the opposite. What is the difference between a Disaster Recovery Plan and a Business Continuity plan? A disaster recovery plan is a documented process or set of procedures to recover and protect a business IT infrastructure in the event of a disaster. Such plan, ordinarily documented in written form, specifies procedures an organization is to follow in the event of a disaster. Business continuity planning "identifies an organization's exposure to internal and external threats and synthesizes hard and soft assets to provide effective prevention...
Words: 1291 - Pages: 6
