That is what Business Continuity Planning BCP is: a methodology used to create a plan for how an organization will recover after a disaster of various types. It takes into account both security and corporate risk management tatics. There is a lot of movement around this initiative in the industry: the British Standards Institute is releasing a new standard for BCP this year.
Trade shows are popping up covering the topic. Powerful Earthquake Triggers Tsunami in Pacific. These headlines are all too common these days and it seems storms are getting larger and more destructive. These tragic events impact people's lives forever and the loss of life and the toll on the families and communities is enormous. In the midst of these tragedies, though, is a resilience of human spirit. We pick ourselves up, assess the situation, and carry on. As an Information Technology professional, your job is to provide the technology to enable business to run or, after a tragedy, to resume.
Information technology is in every corner of just about every organization today. In some small businesses, it is as simple as a few servers and a handful of desktops or laptops. In larger organizations, it is as complex as hundreds of applications running on hundreds of servers across multiple load-balanced locations.
Regardless of how simple or complex your IT environment is, you need to plan for business disruptions, which can range from a local power outage to a massive, regional event such as a tornado, hurricane or earthquake" Score: 4. This comprehensive book addresses the operational and day-to-day security management requirements of business stability and disaster recovery planning specifically tailored for the needs and requirements of an Information Security Officer.
This book has been written by battle tested security consultants who have based all the material, processes and problem- solving on real-world planning and recovery events in enterprise environments world wide. John has over 25 years experience in the IT and security sector. He is an often sought management consultant for large enterprise and is currently a member of the Federal Communication Commission's Homeland Security Network Reliability and Interoperability Council Focus Group on Cybersecurity, working in the Voice over Internet Protocol workgroup.
James has over 30 years experience in security operations and technology assessment as a corporate security executive and positions within the intelligence, DoD, and federal law enforcement communities. He has a Ph. He is currently an Independent Consultant. Successful planning not only can limit the damage of an unforeseen disaster but also can minimize daily mishaps—such as the mistaken deletion of files—and increase a business's overall efficiency.
Faster Disaster Recovery provides a step approach for business owners on creating a disaster recovery plan from both natural and man-made events. Each chapter ends with thought-provoking questions that allow business owners to explore their particular situation.
If you've been tasked with developing a basic business continuity plan and aren't sure where to start, this workbook with sample forms, checklists, templates, and plans will walk you step-by-step through the process.
It offers a fast, practical approach for small companies with limited staff and time to customize a workable plan and expand it as they grow. Glossary with terms and Appendices with sample risk assessment and risk analysis checklists. Extensive, easy to-use downloadable resources include reproducible worksheets, forms, templates, questionnaires, and checklists for various natural disasters and special hazards such as power outages, boiler failures, bomb threats, hazardous material spills, and civil unrest, along with a checklist for vital records storage.
For professional development or college classes the book is accompanied by a set of Instructor Materials. Many companies are required to have one by law. Others have implemented them to protect themselves from liability, and some have adopted them after a disaster or after a near miss. Whatever your reason, the right continuity plan is essential to your organization.
This book written by Susan Snedaker and published by Newnes which was released on 10 September with total pages We cannot guarantee that Business Continuity and Disaster Recovery Planning for IT Professionals book is available in the library, click Get Book button to download or read online books. Join over Powerful Earthquake Triggers Tsunami in Pacific. Tornado Touches Down in Missouri. These headlines not only have caught the attention of people around the world, they have had a significant effect on IT professionals as well.
With distributed networks, increasing demands for confidentiality, integrity and availability of data, and the widespread risks to the security of personal, confidential and sensitive data, no organization can afford to ignore the need for disaster planning. Author Susan Snedaker shares her expertise with you, including the most current options for disaster recovery and communication, BCDR for mobile devices, and the latest infrastructure considerations including cloud, virtualization, clustering, and more.
Snedaker also provides you with new case studies in several business areas, along with a review of high availability and information security in healthcare IT. These headlines not only have caught the attention of people around the world, they have had a significant effect on IT professionals. Avalanche Buries Highway in Denver.
Tornado Touches Down in Georgia. As technology. These headlines are all too common these days and it seems. Every year, nearly one in five businesses suffers a major disruption to its data or voice networks or communications systems. The rule of the reverse reciprocation applies: the more seamless disaster recovery, the higher the cost.
Therefore, if all possible disasters are anticipated, the cost of implementation will rise immensely, rendering the solutions non applicable. So, a wise imple- mentation of the disaster recovery within the PCS ICT systems will call for: Detailed identification of possible risks with disastrous consequences with- in business continuity scenario Cooperation between those that are governing the PCS ICT system and the customers, identification of the possible forms of cooperation and decision on disaster recovery plan execution and maintenance cost sharing.
This option might prove to be money-saving as existing resources processing power, phys- ical space, storage space of internal customers may be used for remote recov- ery in case of a local system disaster. In this case, clear contractual relationship between the PCS governing body and such internal clients should be set up. Implementation of feasible and reasonable measures to remedy disasters and disastrous event risk transference, if possible. It is quite clear that no PCS can be entirely protected from disasters, but it is possible to lower the risk and impact significantly, depending on the scope, size of the system, variety of pos- sible disasters and dedicated investments.
The main reasons usually quoted are lack of funds, complexity of activity and underlying need for cooperation between diverse stakeholders. The goal of the BCP process is the creation of a coherent and robust plan that is available to the nominated crisis management, along with the disaster recovery plan. The busi- ness continuity plan should be a part of the overall PCS risk assessment. The creation of the BCP calls for several interlaced steps see Figure 6. Tijan, B. Analysis The business continuity planning analysis consists of the business impact analysis, threat analysis and impact scenario analysis [10].
The result of this phase is a clear differentiation between critical and non-critical functions with- in the PCS. The business function is considered to be critical if the implica- tions of a certain event to the functioning of the PCS are not acceptable. This acceptability perception can be changed if the cost to establish a certain recov- ery function is clearly presented. Also, a business function can be considered critical if it is defined as such by the governing law. The business impact analy- sis results with requests to recover critical functions, which are made of the time line of recovery, business requirements and technical demands that need to be fulfilled in order to recover the function.
The threat analysis is the following step, during which the potential threats to the PCS are identified in order to detail specific ways to perform the recov- ery.
This step is essential in order to create a successful and functional disaster recovery plan. After the threat defi- nition, business impact analysis needs to be documented. The basic rule is that planning is performed for disasters of large impact and scale, and not for every imaginable small scale event, as they are usually a part of a larger disaster.
After this phase is completed, the outputs are documented business and technical plans of demands which enable the commencement of implementa- tion. A good PCS asset management may come in handy as it enables an easy identification of available resources and also of those resources that can easily be reallocated.
This documentation usually details the required number of working places at a secondary backup location, people involved in disaster management including contact and technical details, applications and data needed to recover the main PCS processes, temporary workarounds, allowed service interruption times and needs for stationary items.
However, if the en- vironment of the PCS is not purely an office environment, those organization units dealing with distribution or warehousing will have to cover this aspect, specific to their business function.
The results of this phase are usually documented as a separate business continuity strategy. Design and application The goal of the design phase is the identification of the most viable disas- ter recovery and business continuity solution in respect to the cost that meets two most important criteria from the business impact analysis - threat analysis and business impact analysis. The requested recovery goals are in this phase translated into operative measures.
A successful design of the PCS BCP leads to effective procedures used to escalate, inform and activate the business recovery plan, focusing to the criti- cal organization of the business function. The disaster recovery plan can also encompass components outside the PCS infrastructure and applications, for example, it can define ways to retain infor- mation stored on paper media or define methods to reestablish technologies used within a port for the physical movement of goods.
Therefore, the BCP is usually overlapped with disaster recovery planning. It can be viewed as a separate phase, but due to its operative mean- ing, it represents a significant portion of the PCS BCP, in regard to cost and time. These steps cannot be executed successfully if the PCS BCP Board is not established, and if the procedures for the disaster recovery and activity con- tinuation are not clearly defined.
Furthermore, the important parts of the BCP are also maintenance and evaluation of vendor contracts in order to maintain contingency reserves of all critical resources. It is very important to roll out this activity to all PCS stakeholders and to start with internal campaigns underlying the importance of the following pro- cedures in regard to the PCS creation and training.
The PCS clients are also the external parties like local communities, police, customs or firefighters, so it is also important to include them in the BCP process if necessary. The first one is the confirmation of outlined activities, distribution to all par- ties and stakeholders who are involved, and a specific training of those in- volved in the PCS recovery. The second one is testing and confirmation of the technical solutions used to perform the recovery.
The third one is testing and confirmation of the documented procedures, usually conducted in regular in- tervals once or twice per year or when the PCS operations have been signifi- cantly changed. The BCP manual needs to be checked in order to maintain its relevance for the organization. Usually, information that needs to be identified and re- freshed include changes in the employee schedule, changes in regard to the key clients and their contact data and changes within the PCS that include the opening of new departments or organization units, closing certain sections and other fundamental changes [12].
As part of the ongoing maintenance, every technical solution used within the PCS should be checked. The testing can also be unsuccessful due to an inad- equate or wrong recovery time, design errors or application errors [13]. The best practice shows that the BCP should be tested at least once every two years.
Apart from the clear technical acceptance of recovery measures, it is important that those recovery measures are compliant to goals, policies and ethical viewpoints of the governing authority.
0コメント