TINFO462Week7Notes.pdf T INFO 462 - Building An Information Risk Management Toolkit
Popular in T INFO 462 - Building An Information Risk Management Toolkit
verified elite notetaker
Popular in Information technology
This 5 page Class Notes was uploaded by James Cha on Friday February 20, 2015. The Class Notes belongs to T INFO 462 - Building An Information Risk Management Toolkit at University of Washington taught by Marc Dupuis in Winter2015. Since its upload, it has received 102 views. For similar materials see T INFO 462 - Building An Information Risk Management Toolkit in Information technology at University of Washington.
Reviews for TINFO462Week7Notes.pdf
Same time next week teach? Can't wait for next weeks notes!
Report this Material
What is Karma?
Karma is the currency of StudySoup.
You can buy or earn more Karma at anytime and redeem it for class notes, study guides, flashcards, and more!
Date Created: 02/20/15
T INFO 462 Building an Information Risk Management Toolkit Week 7 Chapter 13 Understanding a Business Continuity Plan Business Continuity Plan BCP Overview A plan designed to help an organization continue to operate during and after a disruption o The disruption can be an intentional attack or a natural disaster 0 Disruptions can also be from failures hardware software The goal is a continuation of operations Can address any type of disruption or disaster The scope of the BCP includes a global view of the organization 0 Includes information such as I Information technology systems I Facilities I Personnel The BCP examines all elements and then identifies the elements that are missioncritical and need to continue to operate Missioncritical systems Any system identified as critical to the mission of the organization Also applied to functions or processes Are necessary to keep the organization functioning Business Impact Analysis BIA Is included as part of a BCP Has several key objectives that directly support the BCP which include 0 Identify critical business functions CBFs A CBF is any function considered vital to an organization If the CBF fails the organization will lose the ability to perform missioncritical operations 0 Identify critical processes supporting the CBFs The critical processes are the steps or actions taken to support CBFs 0 Identify critical IT services supporting the CBFs including any dependencies This includes the servers and other hardware necessary to support critical processes Many services have dependencies For example an application server may need a database server to remain operational 0 Determine acceptable downtimes for CBFs processes and IT service The BIA defines this as maximum acceptable outage MAO When considering the BCP you should also determine if there are different MAOs for different times of the year For example a database server may be critical for endofyear processing but not critical at other times 0 These objectives come together in the BCP to align the organization s priorities The BIA identifies the missioncritical systems applications and operations The BCP provides the plan to ensure that they continue to operate even if a disaster strikes 0 Similarly the BCP includes disaster recovery plans which help the organization restore IT services after the disaster Overall Steps of a BCP 0 Charter the BCP and create BCP scope statements 0 Complete the business impact analysis BIA 0 Identify countermeasures and controls 0 Develop individual disaster recovery plans DRPs 0 Provide training 0 Test and exercise plans 0 Maintain and update plans Elements of a BCP BCPs are large comprehensive documents Includes many elements and often cover many contingencies The following sections are included in a BCP Purpose Scope Assumptions and planning principles System description and architecture Responsibilities Notificationactivation phase Recovery phase Reconstitution phase Plan training testing and exercises OOOOOOOO 0 Plan maintenance Purpose To ensure that missioncritical elements of an organization continue to operate after a disruption o Disruptions can be any event that has the potential to stop operations 0 You implement the BCP when a disruption occurs or is imminent I The BCP then stays in place until the restoration of normal operations I You maintain only critical business functions during the disruption Scope You must define the scope of the BCP as the success of a project is dependent on personnel understanding the tasks If there is no scope statement two problems can occur 0 The desired tasks aren t finished the BCP will be incomplete 0 Scope creep can occur when the project keeps taking on additional tasks 0 The scope statement can include several key items I Location I Systems I Employees I Vendors I Only the critical systems identified in the BIA should be included Assumptions and Planning Principles Every BCP needs to include some basic assumptions and planning principles which are very helpful in the initial development of the BCP 0 Also very helpful in the implementation phases You can review and assess assumptions and principles in several different categories 0 Includes elements such as I Strategy I Priorities I Required support Incidents to Be Included and Excluded Many BCPs identify specific incidents that are included and excluded so the BCP may be designed to address specific disruptions due to hurricanes or earthquakes 0 May also be designed to address generic incidents such as power loss from any cause Strategy Identifies some of the key elements of the plan 0 Includes elements such as I Location I Notification I Transportation I More If your organization is in a single location the strategy is to address this single location o If it is in multiple locations you need to identify a strategy for each location Priorities The BIA identifies critical business functions critical resources and their priorities The BCP will ensure that efforts focus on returning the toppriority systems first 0 These systems will have the most resources dedicated to restoring them Required Support The BCP requires support during every phase To begin with the BCP requires management support o If it is not supported you will not be able to get the required support and input from personnel or required funding 0 Without support from toplevel management the BCP is doomed to fail System Description and Architecture The BCP identifies critical business functions that need to remain operational during the disruption and each of them have individual systems that support it o It is important to ensure that you have current descriptions and documentation on these systems 0 Documentation needs to be detailed enough to identify the critical system and the supporting architecture I If the documentation isn t available or is out of date maintaining and recovering the CBFs becomes much more difficult Functional Description Provides more details of the systems and builds on the overview Many systems interact with other critical systems so it s valuable to include figures whenever possible The description would provide more details 0 For example it would include the store names and the store locations o It would include details on the WAN links I If there were redundant WAN links it would describe them If the server includes any faulttolerance capabilities you d mention them here Sensitivity of Data and Criticality of Operations The BCP includes information on the sensitivity of the system s data 0 Also includes details on the criticality of the system s operations Any organization will have some secret or proprietary data so it is important for an organization to define classifications for this data Some data may be classified as private and used only within the organization 0 Other data may be public or freely available 0 The classification determines the level of protection required for the data o If the system houses data you need to ensure that the data is protected according to its level of classification The BCP must document the sensitivity of the data o If the sensitivity is documented people will know what precautions to take Identifying Critical Equipment Software Data Documents and Supplies The BCP should list all the critical components for the system 0 There are 2 reasons for including this data I 1 Makes it clear which components are needed for the CBF I 2 Provides a list that you can use to restore systems from scratch o This list includes any equipment such as servers switches and routers I Because the servers may need to be rebuilt from scratch the BCP should also list the operating system and any applications needed to support the system I Items on the list can include o A database hosted on the system 0 Any types of files such as documents or spreadsheets 0 Any needed supplies o If possible the location of these items should also be included
Are you sure you want to buy this material for
You're already Subscribed!
Looks like you've already subscribed to StudySoup, you won't need to purchase another subscription to get this material. To access this material simply click 'View Full Document'