Discussion- 350 words.Topic- Disaster Recovery: Preparation and Implementation
chapter_9_disaster_recovery_preparation_and_implementation.pdf
Unformatted Attachment Preview
Principles of
Incident Response and
Disaster Recovery, 2nd Edition
Chapter 9
Disaster Recovery: Preparation and
Implementation
Objectives
• Describe the ways to classify disasters, by both
speed of onset and source
• Explain who should form the membership of the
disaster recovery team
• List the key functions of the disaster plan
• Explain the key concepts included in the NIST
approach to technical contingency planning
Principles of Incident Response and Disaster Recovery, 2nd Edition
2
Objectives (cont’d.)
• List the elements of a sample disaster recovery
plan
• Describe the need for providing wide access to the
planning documents while securing the sensitive
content of the disaster recovery plans
Principles of Incident Response and Disaster Recovery, 2nd Edition
3
Introduction
• Disaster recovery planning (DRP)
– The preparation for and recovery from a disaster,
whether natural or man-made
• The continuity planning management team (CPMT)
– Forms the DR team, then assists in the development
of the DR plan
• Key role of a DR plan
– Defining how to reestablish operations at the
location where the organization is usually located
Principles of Incident Response and Disaster Recovery, 2nd Edition
4
Disaster Classifications
• Man-made disasters include:
– Acts of terrorism, acts of war, and those acts of man
that begin as incidents and escalate into disasters
• Rapid-onset disasters
– Those that occur suddenly, with little warning, taking
the lives of people and destroying the means of
production
• Slow-onset disasters
– Occur over time and slowly deteriorate the
organization’s capacity to withstand their effects
Principles of Incident Response and Disaster Recovery, 2nd Edition
5
Principles of Incident Response and Disaster Recovery, 2nd Edition
6
Principles of Incident Response and Disaster Recovery, 2nd Edition
7
Forming the Disaster Recovery Team
• The CPMT assembles a DR team
• DR team
– Responsible for planning for DR
– Leads the DR process when the disaster is declared
• Key considerations when developing the DR team
– Its organization
– The planning needed to identify essential
documentation and equipment
– Training and rehearsal
Principles of Incident Response and Disaster Recovery, 2nd Edition
8
Organization of the DR Team
• The primary DR team includes representatives from:
–
–
–
–
–
–
–
–
–
Senior management
Corporate support
Facilities
Fire and safety
Maintenance staff
IT technical staff
IT managers
InfoSec technicians
InfoSec managers
Principles of Incident Response and Disaster Recovery, 2nd Edition
9
Organization of the DR Team (cont’d.)
• Disaster management team
– Responsible for all the planning and coordination
activities
• Communications team
– Serves as the voice of the management, providing
feedback to anyone desiring additional information
• Computer recovery (hardware) team
– Works closely with the hardware and applications
teams to reestablish systems functions during
recovery
Principles of Incident Response and Disaster Recovery, 2nd Edition
10
Organization of the DR Team (cont’d.)
• Network recovery team
– Works to determine the extent of damage to the
network wiring and hardware
• Storage recovery team
– Works with the other teams to recover information
and reestablish operations
• Applications recovery team
– Recovers applications and reintegrates users back
into the systems
Principles of Incident Response and Disaster Recovery, 2nd Edition
11
Organization of the DR Team (cont’d.)
• Vendor contact team
– Works with suppliers and vendors to replace
damaged or destroyed materials, equipment, or
services
• Damage assessment and salvage team
– Provides initial assessments of the extent of damage
to materials, inventory, equipment, and systems onsite
• Business interface team
– Works with the remainder of the organization to
assist in the recovery of nontechnology functions
Principles of Incident Response and Disaster Recovery, 2nd Edition
12
Organization of the DR Team (cont’d.)
• Logistics team
– Consists of the individuals responsible for providing
any needed supplies, space, materials, food,
services, or facilities at the primary site
• Other teams as needed
– Focus on the reestablishment of key business
functions as determined by the BIA
Principles of Incident Response and Disaster Recovery, 2nd Edition
13
Special Documentation and
Equipment
• Necessary equipment may include:
– Data recovery software
– Redundant hardware and components to rebuild
damaged systems
– Copies of building blueprints to direct recovery
efforts
– Key phone numbers
– Alert roster first contacts
– Fire and water damage specialists
– Emergency supplies
Principles of Incident Response and Disaster Recovery, 2nd Edition
14
Disaster Recovery Planning Functions
• The seven-step DRP process recommended by
NIST
–
–
–
–
–
–
–
Develop the DR planning policy statement
Review the business impact analysis (BIA)
Identify preventive controls
Create DR contingency strategies
Develop the DR plan
Ensure DR plan testing, training, and exercises
Ensure DR plan maintenance
Principles of Incident Response and Disaster Recovery, 2nd Edition
15
Develop the DR Planning Policy
Statement
• The DR policy contains the following key elements
–
–
–
–
–
–
–
–
Purpose
Scope
Roles and responsibilities
Resource requirements
Training requirements
Exercise and testing schedules
Plan maintenance schedule
Special considerations
Principles of Incident Response and Disaster Recovery, 2nd Edition
16
Review the Business Impact Analysis
• DR-centric review of the BIA
– Only requires a review of the BIA that was
developed by the CPMT
– Ensures compatibility with DR-specific plans and
operations
Principles of Incident Response and Disaster Recovery, 2nd Edition
17
Identify Preventive Controls
• This is performed as part of the ongoing
information security posture
• Effective preventive controls
– Implemented to safeguard online and physical
information storage
• The team should
– Ensure that sufficient and secure off-site data
storage is implemented, tested, and maintained
Principles of Incident Response and Disaster Recovery, 2nd Edition
18
Develop Recovery Strategies
• The after the action actions must be thoroughly
developed and tested
• DR strategies
– Must include the steps necessary to fully restore the
organization to its operational status
• One key aspect of the DR strategy
– The enlistment and retention of qualified general
contractors
Principles of Incident Response and Disaster Recovery, 2nd Edition
19
Develop the DR Plan Document
• Disaster scenario
– A description of the disasters that may befall an
organization, along with information on their
probability of occurrence
– A brief description of the organization’s actions to
prepare for that disaster
– The best case, worst case, and most likely case
outcomes of the disaster
Principles of Incident Response and Disaster Recovery, 2nd Edition
20
Develop the DR Plan Document
(cont’d.)
• During the disaster
– The planners develop and document the procedures
that must be performed during the disaster, if any
• After the disaster
– Once procedures for reacting to a disaster are
drafted, the planners develop and document the
procedures that must be performed immediately
• Before the disaster
– Planners draft a third set of procedures listing those
tasks that must be performed to prepare for the
disaster
Principles of Incident Response and Disaster Recovery, 2nd Edition
21
Develop the DR Plan Document
(cont’d.)
• Planning for actions taken during the disaster
– DR usually begins with a trigger
– Trigger: the point at which a management decision
to react is made
– Best way to plan for actions during a disaster is to
develop disaster end cases
– Determine what must be done to react to the
disaster scenario
– Once all signs of the disaster have ceased, the
“actions during” phase is complete
Principles of Incident Response and Disaster Recovery, 2nd Edition
22
Develop the DR Plan Document
(cont’d.)
• Planning for actions taken after the disaster
– During this phase, lost or damaged data is restored,
systems are scrubbed of infection, and everything is
restored to its previous state
– Follow-on incidents are highly probable when infected
machines are brought back online
– Forensic analysis
• The process of systematically examining information assets
for evidentiary material that can provide insight into how
an incident transpired
– The DR team must conduct an AAR
Principles of Incident Response and Disaster Recovery, 2nd Edition
23
Develop the DR Plan Document
(cont’d.)
• Planning for actions taken before the disaster
– “Before actions” include
• Preventive measures to manage the risks associated
with a particular attack
• The actions taken to enhance the preparedness of the
IR team
– For DR and IR planning
• When selecting an off-site storage location for data
backups or stored equipment, extra care should be
taken to minimize the risk at that storage location
Principles of Incident Response and Disaster Recovery, 2nd Edition
24
Plan Testing, Training, and Exercises
• Testing the DR plan is an ongoing activity
• Recent survey from Symantec
– At least “82 percent of organizations test their DR
plans either once a year or more frequently”
• Once all the individual components of the DR plan
have been drafted and tested
– The final DR plan can be created, similar in format
and appearance to the IR plan
Principles of Incident Response and Disaster Recovery, 2nd Edition
25
Plan Maintenance
• The plan
– Should be a dynamic document that is updated
regularly to remain current with system
enhancements
• If the organization changes its size, location, or
business focus
– The DR management team should begin anew with
the CP plan, and it should also reexamine the BIA
Principles of Incident Response and Disaster Recovery, 2nd Edition
26
Information Technology Contingency
Planning Considerations
• Commonly found systems in production or
development settings
– Client/server systems
– Data communications systems
– Mainframe systems
Principles of Incident Response and Disaster Recovery, 2nd Edition
27
Client/Server Systems
• The client level includes:
– Desktop, laptop, or netbook systems, tablets, as well
as specialty devices, such as smartphones
• Client/server systems contingency strategies must
include
– Backup media stored off-site or at an alternate site
– Use of standardized hardware, software, and
peripherals to enable backup and recovery
– Documentation of all supported system
configurations, with local copies of key vendor
information
Principles of Incident Response and Disaster Recovery, 2nd Edition
28
Client/Server Systems (cont’d.)
• Client/server systems contingency strategies must
include (cont’d.)
– Coordination with security policies and system
security controls used in the organization
– Reliance on the systems priority and key data needs
as documented in the BIA
– Processes that aggressively limit the placement of
data on client systems, with any local data kept for
the minimum possible time
Principles of Incident Response and Disaster Recovery, 2nd Edition
29
Client/Server Systems (cont’d.)
• Client/server systems contingency strategies must
include (cont’d.)
– Sound procedures established to back up and
periodically test restoration of local data
– Automation of backup processes and proactive
validation of the automated backup by repeatable
processes
– Coordination of all contingency solutions with the
cyber IR plans and team operations
Principles of Incident Response and Disaster Recovery, 2nd Edition
30
Client/Server Systems (cont’d.)
• Client/server systems contingency solutions
– Encryption tools
• Widely used to ensure the confidentiality and integrity
of communication between clients and servers
– Recovery will rely on complete planning, training,
and rehearsals
Principles of Incident Response and Disaster Recovery, 2nd Edition
31
Data Communications Systems
• Local area networks (LANs)
– Used for an office or small campus, with segment
distances measured in tens of meters
– Each connection point is considered a node
– Each system (client or server) is considered a host
• Wide area networks (WANs)
– A collection of nodes in which the segments are
geographically dispersed
Principles of Incident Response and Disaster Recovery, 2nd Edition
32
Data Communications Systems
(cont’d.)
• Data communications contingency strategies rely
on
– Complete and current documentation of the
telecommunications networks
– Coordination with service-providing vendors,
– Coordination with organizational security policies
and controls
– Implementation of redundancy in critical components
to remove single points of failure
Principles of Incident Response and Disaster Recovery, 2nd Edition
33
Data Communications Systems
(cont’d.)
• Data communications contingency strategies rely
on (cont’d)
– Identification of remaining single points of failure as
ongoing efforts to remove them progress
– Monitoring of the networks to measure uptime and
minimize downtime by providing early detection of
failures
– Integration of remote access and wireless LAN
technology
Principles of Incident Response and Disaster Recovery, 2nd Edition
34
Mainframe Systems
• Rely on centralization of key capabilities
• When client/server systems interact with
mainframes
– The client is often programmed to emulate much
simpler data terminals
– The data processing and data storage functions are
completed by the mainframe, with the client
performing only data display functions
Principles of Incident Response and Disaster Recovery, 2nd Edition
35
Mainframe Systems (cont’d.)
• Mainframe contingency strategies require:
– Storage of backup media off-site
– Documentation of all systems configurations to
include details unique to specific vendor
implementations
– Coordination with network security policy and
system security controls
– Redundant system components
– Coordination of all contingency solutions with the IR
plans and team operations
– Sequencing of replacement networking capabilities
Principles of Incident Response and Disaster Recovery, 2nd Edition
36
Principles of Incident Response and Disaster Recovery, 2nd Edition
37
Sample Disaster Recovery Plans
Principles of Incident Response and Disaster Recovery, 2nd Edition
38
Sample Disaster Recovery Plans
(cont’d.)
Principles of Incident Response and Disaster Recovery, 2nd Edition
39
The Business Resumption Plan
• DR and BC plans
– Many organizations prepare them at the same time
because they are related
– Some combine them into a single planning
document (business resumption plan) to reduce
the effort and cost
• Business resumption plan (BR plan)
– Must support the immediate reestablishment of
operations at an alternate site and eventual
reestablishment of operations at the primary site
Principles of Incident Response and Disaster Recovery, 2nd Edition
40
The DR Plan
• The planning process for the DR plan
– Should be tied to, but distinct from, that for the IR
plan
• When the plan is completed
– It needs to be stored and kept available in as many
locations and formats as possible
Principles of Incident Response and Disaster Recovery, 2nd Edition
41
Summary
• DR planning is the preparation for and recovery
from a disaster
• A DR plan can classify disasters as either natural
or man-made
• The CPMT assembles the DR team
• The DR team consists of representatives from
every major organizational unit
• All members of the DR team should have multiple
copies of the DR (and BC) plan
Principles of Incident Response and Disaster Recovery, 2nd Edition
42
Summary (cont’d.)
• The first step in the effort to craft any contingency
plan (CP) is the development of enabling policy or
policies
• The NIST planning process adapted for DR
planning
• The DR team begins with the development of the
DR policy
• Training in the use of the DR plan can be used to
test its validity and effectiveness
Principles of Incident Response and Disaster Recovery, 2nd Edition
43
…
Purchase answer to see full
attachment
