Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2011Domain AgendaDomain ObjectivesSources of InformationISO 25999: Business Continuity ManagementOverview of BCPThe Enterprise BCPThe Enterprise BCP (cont.)The Business Continuity Life CycleBC Project PhasesReflecting Organizational ContextPolicyPolicy contentsOutsourced ActivitiesScope and ChoicesProgram ManagementDocumentationInitiating BCPIncident Readiness & ResponseKey Indicators of SuccessBCP Project PhasesUnderstanding the OrganizationBusiness Impact AnalysisMaximum Tolerable Period of DisruptionEstimating Continuity RequirementsEvaluating Threats (Risk Assessment)Key Indicators or SuccessSlide 28Determining Business Continuity StrategyDetermining StrategyActivity Continuity OptionsRecovery AlternativesProcessing AgreementsSlide 34Resource Level ConsolidationBusiness Continuity PlanBusiness Continuity Plan ContentsSlide 38Developing and Implementing ResponseSlide 40Implementing Incident Management PlanIncident Response StructureSlide 43Slide 44Disaster RecoverySlide 46Testing the ProgramTesting TypesEmbedding BCPTest BCP ArrangementsMaintaining BCP ArrangementsReviewing BCP ArrangementsFactors for SuccessAssessing the Level of Awareness and TrainingDeveloping a BCP Within the Organization’s CultureDomain SummaryDr. Bhavani ThuraisinghamThe University of Texas at Dallas (UTD)June 2011Business ContinuityandDisaster Recovery PlanningDomain Agenda•Project Scope Development and Planning•Business Impact Analysis (BIA) and Functional Requirements•Business Continuity and Recovery Strategy•Plan Design and Development•Implementation•Restoration / Disaster Recovery•Feedback and Plan ManagementDomain Objectives•Understand the planning process•Integrating BCP into the organization•Defining inputs and outputs of process•Understand the difference between BCP and DRPSources of Information•Disaster Recovery Institute International•Business Continuity Institute•ISO 25999•ISO 27001, Section 10•NIST SP 800-34ISO 25999: Business Continuity Management•Risk management•Disaster recovery•Facilities management•Supply chain management•Quality management•Health and safety•Knowledge management•Emergency management•Security•Crisis communications and PROverview of BCP•Direct benefits•Indirect benefits•Overlap with Risk Management•BCM vs. BCP vs. COOPThe Enterprise BCP•DRP–Backup strategies–Emergency procedures–Contracts and provisioning•BIA–Reciprocal agreements–Alternate sites•Incident response planning–Succession Plan–Incidence Response TeamThe Enterprise BCP (cont.)•Risk analysis–Safeguards / countermeasures–Insurance plan•Corporate communication plan–User awareness training–Media/stakeholder relations planThe Business Continuity Life Cycle•Analyze the business•Assess the risks•Develop the BC strategy•Develop the BC plan•Rehearse the planBC Project Phases•Project Scope Development and Planning•Business Impact Analysis (BIA) and Functional Requirements•Business Continuity and Recovery Strategy•Plan Design and Development•Implementation•Restoration / Disaster Recovery•Feedback and Plan ManagementReflecting Organizational Context•Policy is the driver•Aligned with requirements•Provides direction and focus•Use Business Impact Analysis•Identify inputs•Outcomes and deliverables•Reviewed annuallyPolicy•Organizational authority•Policy document•Program scope•Resources•OutsourcingPolicy contents•Framework•Tools and techniques•Policy contents•Change is infrequentOutsourced Activities•You are still responsible•Resilience in outsourcing•Supplier continuityScope and Choices•Limit scope•Ensure clarity of scope•Strategy, Return on Investment (ROI), and SWOT (Strengths, Weaknesses, Opportunities, Threats)•Review yearlyProgram Management•Assigning responsibilities•Initiating BCP in the organization•Project management•Ongoing management•Documentation•Incident readiness and responseDocumentation•Review current BCP if available•Documentation may not equal capability•Staff must be trained to use any necessary software•Types of documentation•Review as directed by policyInitiating BCP•Awareness, data, implementation•Staff and budget•Result must be a long-term, sustainable program•Review progress monthlyIncident Readiness & Response•Planners become leaders•Be prepared•Triage•Incident management•Success = Return to Operations•Immediate lessons learnedKey Indicators of Success•Senior management commitment•Policy content•BCP Resources•Project management•DocumentationBCP Project Phases•Project Scope Development and Planning•Business Impact Analysis (BIA) and Functional Requirements•Business Continuity and Recovery Strategy•Plan Design and Development•Implementation•Restoration / Disaster Recovery•Feedback and Plan ManagementUnderstanding the Organization•Business Impact Analysis (BIA)–Benefits–Objectives•Evaluating Threats (Risk Assessment)•Emergency Assessment•Indicators of Critical Business FunctionsBusiness Impact Analysis•Identifies, quantifies and qualifies loss•Scope and support required•Documents impact and dependencies•MTD, RPO•Business impact analysis process•Workshops, questionnaires, interviews•Business justifications for budgetMaximum Tolerable Period of DisruptionItem Required recovery timefollowing a disasterNon-essential 30 daysNormal 7 daysImportant 72 hoursUrgent 24 hoursCritical/Essential Minutes to hoursEstimating Continuity Requirements•Total budget for disaster recovery•Identification of necessary resources•Outcomes feed BCP strategy selection•Reviewed with BIAEvaluating Threats (Risk Assessment)•Risk equation + time element•Risk = Threat impact * probability•Prioritize key processes and assets•OutcomesKey Indicators or Success•Corporate governance•BIA practice•Risk assessment practiceBCP Project Phases•Project Scope Development and Planning•Business Impact Analysis (BIA) and Functional Requirements•Business Continuity and Recovery Strategy•Plan Design and Development•Implementation•Restoration / Disaster Recovery•Feedback and Plan ManagementDetermining Business Continuity Strategy•High-level strategies•RTO < MTPD•Separation distance•Resilience•Address specific business typesDetermining Strategy•Determining BC strategies•Strategy
View Full Document
Unlocking...