Discuss the difference between a Continuity of Operations Plan (COOP), a Business Continuity Plan (BCP), and a Disaster Recovery Plan (DRP). You might want to start with the definitions from the NIST SP 800-34, located at http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-34r1 . Section 3.5 discusses the different types of Plan Testing, Training, and Exercises.
Managing Risk in Information Systems
Lesson 6
Business Impact Analysis
and Continuity Planning
© 20
1
5 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
1
Learning Objectives
Perform a business impact analysis.
Create a business continuity plan (BCP) based on the findings of a given risk assessment for an organization.
Page ‹#›
Managing Risk in Information Systems
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Key Concepts
Purpose of BIA
Critical success factors of BIA
Steps involved in implementing a BIA
BIA best practices
Comparing a BCP and a DRP
Major elements of BCP
Phases of a BCP
Steps for implementing a BCP
Page ‹#›
Managing Risk in Information Systems
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Chapter 13 Slides
Chapter 13: “Mitigating Risk with a
Business Continuity Plan”
Page ‹#›
Managing Risk in Information Systems
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
What Is a Business Continuity Plan?
A plan designed to help an organization continue to operate during and after a disruption
BIA is included as part of a BCP
Page ‹#›
Managing Risk in Information Systems
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
What Is a Business Continuity Plan?
BIA key objectives that directly support the BCP:
Identify critical business functions (CBFs)
Identify critical processes supporting the CBFs
Identify critical IT services supporting the CBFs, including any dependencies
Determine acceptable downtimes for CBFs, processes, and IT service
Page ‹#›
Managing Risk in Information Systems
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Elements of a BCP
Purpose and scope
Assumptions and planning principles
System description and architecture
Responsibilities
Phases
Plan training, testing, and exercises
Plan maintenance
Page ‹#›
Managing Risk in Information Systems
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
System Description and Architecture
Page ‹#›
Managing Risk in Information Systems
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
System Description and Architecture
Show system
interaction
Page ‹#›
Managing Risk in Information Systems
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
BCP Roles and Responsibilities
BCP program manager
BCP coordinator
BCP teams
Emergency Management Team (EMT)
Damage Assessment Team (DAT)
Technical Recovery Team (TRT)
Page ‹#›
Managing Risk in Information Systems
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Phases within a BCP Plan
Page ‹#›
Managing Risk in Information Systems
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Notification/activation phase
Recovery phase
Reconstitution phase
Defining Data that Needs to Be Protected
Page ‹#›
Managing Risk in Information Systems
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
The BCP should list all the critical components for the system.
There are two reasons for including this data:
First, it makes it clear which components are needed for the critical business functions (CBF).
Second, it provides a list that you can use to restore the system from scratch.
This list includes any equipment, such as servers, switches, and routers.
The servers may need to be rebuilt from scratch. Therefore, the BCP should list the operating system and any applications needed to support the system.
If an image is used to rebuild servers, it will list the version number.
Data can include a database hosted on the system.
It can also include any type of files, such as documents or spreadsheets.
Last, the list can include any needed supplies:
This can be simple office supplies, such as printer paper and toner.
For some systems, it can include technical supplies, such as special oils for machinery or tools needed for maintenance.
12
Identify all critical components for the system
Identify all equipment ~ servers, switches, routers
Include databases hosted on the system
Include files ~ documents or spreadsheets
Include necessary supplies
BCP Best Practices
Complete the BIA early
Exercise caution when returning functionality from alternate locations
Restore least critical functions first
Review and update the BCP
Test all individual pieces of the plan
Conduct test exercises of the plan
Page ‹#›
Managing Risk in Information Systems
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Complete the BIA early—Ensure the BIA is done early in the process for the BCP.
Without the BIA, you won’t know what systems are critical.
Exercise caution when returning functionality from alternate locations—When restoring functionality from an alternate location to the primary location, consider these best practices:
Restore least critical functions first to the primary location—This allows you to get the bugs out of the process without affecting critical functions.
Review and update the BCP regularly—The BCP coordinator should review and update the BCP at least annually.
If critical systems are changed or modified between annual reviews, the BCP should be reviewed when those changes or modifications occur.
Test all the individual pieces of the plan—This includes basic procedures, such as recalls.
Exercise the plan—Verify the plan works by performing test exercises.
These exercises should not affect normal operations.
13
Summary
Purpose of BIA
Critical success factors of BIA
Steps involved in implementing a BIA
BIA best practices
Comparing a BCP and a DRP
Major elements of BCP
Phases of a BCP
Steps for implementing a BCP
Page ‹#›
Managing Risk in Information Systems
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
OPTIONAL SLIDES
Page ‹#›
Managing Risk in Information Systems
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
7/15/2018
15
Chapter 13 Optional Slides
Chapter 13: “Mitigating Risk with a
Business Continuity Plan”
Page ‹#›
Managing Risk in Information Systems
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Business Continuity vs. Disaster Recovery
Page ‹#›
Managing Risk in Information Systems
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
BCP
Covers all functional areas of a business, it ensures the entire business can continue to operate in the event of a disruption.
Includes a BIA, and also address other non-technical elements of the event.
Focused on getting the overall business functions back to normal.
DRP
Is a function of the IT department,
Includes the elements necessary to recover from a disaster, once one is declared.
Involves copying the critical data to media or online and then, if required, moving the IT operations off site to recover, if required.
Focused on restoring and recovering IT functions.
17
BCP
Covers all functional areas of business
Includes a business impact analysis (BIA)
Focused on business function recovery
DRP
Function of the IT department
Focused on IT function recovery
Recovery from a declared disaster
Steps for Implementing a BCP
Create BCP scope statements
Conduct business impact analysis (BIA)
Identify countermeasures and controls
Develop individual disaster recovery plans (DRPs)
Implement training
Test and exercise plans
Maintain and update plans
Page ‹#›
Managing Risk in Information Systems
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Why Use a Business Continuity Plan?
What happens if electrical power is lost?
What happens if servers go down?
What are the critical business functions to maintain?
What must remain intact to conduct business?
What is the risk of being without a BCP?
Page ‹#›
Managing Risk in Information Systems
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
We provide professional writing services to help you score straight A’s by submitting custom written assignments that mirror your guidelines.
Get result-oriented writing and never worry about grades anymore. We follow the highest quality standards to make sure that you get perfect assignments.
Our writers have experience in dealing with papers of every educational level. You can surely rely on the expertise of our qualified professionals.
Your deadline is our threshold for success and we take it very seriously. We make sure you receive your papers before your predefined time.
Someone from our customer support team is always here to respond to your questions. So, hit us up if you have got any ambiguity or concern.
Sit back and relax while we help you out with writing your papers. We have an ultimate policy for keeping your personal and order-related details a secret.
We assure you that your document will be thoroughly checked for plagiarism and grammatical errors as we use highly authentic and licit sources.
Still reluctant about placing an order? Our 100% Moneyback Guarantee backs you up on rare occasions where you aren’t satisfied with the writing.
You don’t have to wait for an update for hours; you can track the progress of your order any time you want. We share the status after each step.
Although you can leverage our expertise for any writing task, we have a knack for creating flawless papers for the following document types.
Although you can leverage our expertise for any writing task, we have a knack for creating flawless papers for the following document types.
From brainstorming your paper's outline to perfecting its grammar, we perform every step carefully to make your paper worthy of A grade.
Hire your preferred writer anytime. Simply specify if you want your preferred expert to write your paper and we’ll make that happen.
Get an elaborate and authentic grammar check report with your work to have the grammar goodness sealed in your document.
You can purchase this feature if you want our writers to sum up your paper in the form of a concise and well-articulated summary.
You don’t have to worry about plagiarism anymore. Get a plagiarism report to certify the uniqueness of your work.
Join us for the best experience while seeking writing assistance in your college life. A good grade is all you need to boost up your academic excellence and we are all about it.
We create perfect papers according to the guidelines.
We seamlessly edit out errors from your papers.
We thoroughly read your final draft to identify errors.
Work with ultimate peace of mind because we ensure that your academic work is our responsibility and your grades are a top concern for us!
Dedication. Quality. Commitment. Punctuality
Here is what we have achieved so far. These numbers are evidence that we go the extra mile to make your college journey successful.
We have the most intuitive and minimalistic process so that you can easily place an order. Just follow a few steps to unlock success.
We understand your guidelines first before delivering any writing service. You can discuss your writing needs and we will have them evaluated by our dedicated team.
We write your papers in a standardized way. We complete your work in such a way that it turns out to be a perfect description of your guidelines.
We promise you excellent grades and academic excellence that you always longed for. Our writers stay in touch with you via email.