Differences and purposes of business continuity and disaster recovery planing.

1. By Tareq Hanaysha , MISSM Candidate
ISSM 511 -Introduction to Information Systems Security
Concordia University College Of Alberta
2/18/2015DR & BCP 1

2. 2/18/2015DR & BCP 2
1. Introduction & Definition of DR and BCP
2.Diefferences and purposes
3.DR & BCP Objectives
4. Major Component of DR & BCP
5. Best Practices
6.Refrences
6.Conclusion

3. 2/18/2015DR & BCP 3
Planning for the worst while hoping that it won’t happen is
something that all security professionals do, disaster recovery
for business continuity has always been a key part for the job .
disaster: is any event that has a
significant impact on an
enterprise's ability to conduct
normal business like
earthquakes, extreme weather,
other natural disasters,
pandemics and terrorism.
Disaster Recovery Plan: Includes
the information and procedures
needed to resume an organization's
operation after some sort of disaster.
Sometimes the plan is split into
several plans, one to address
recoverable disasters (e.g., loss of a
server) and a more comprehensive
business continuity plan for use in
total loss situations.
SIMILAR TERMS: Contingency Plan,
Business Resumption Plan, Continuity
Plan

4. 2/18/2015DR & BCP 4
Business Continuity :is the
enterprise-wide proactive
business process by which we
manage the risks we operate
within.
It addresses all aspects of the
business: People, Processes,
Resources and Technology
(PPRT)
The goal is: preventing or
mitigating the risks we can and
preparing for recovery from
those we cannot, or choose not
to prevent.
Business continuity plans: are
designed to help organisations
protect themselves from the
losses to infrastructure and
resources caused by natural
disasters, pandemics and
terrorism.
Preparation is the key: You fight
like you train!
SIMILAR TERMS: Contingency
Planning, Business Resumption
Planning, Corporate
Contingency Planning, Business
Interruption Planning, Disaster
Preparedness.

5. 2/18/2015DR & BCP 5
Plan Purpose Scope
Business Continuity Plan
(BCP)
Provide procedures for
sustaining essential
business operations
while recovering from a
significant disruption
Addresses business
processes; IT addressed
based only on its support
for business process
Disaster Recovery Plan
(DRP)
Provide detailed
procedures to facilitate
recovery of capabilities
at an alternate site
Often IT-focused; limited
to major disruptions with
long-term effects

6. 2/18/2015DR & BCP 6
1. Limit severity of the event and the magnitude of loss
2. Minimize extent of the interruption
3. Identify critical resources
4. Identify critical functions
5. Define a process to protect critical resources
6. Define alternatives for continuing critical functions
7. Minimize decision making during a crisis
8. Train personnel
9. Continual review and maintenance
10. Integration of Business Continuity with Enterprise Strategic Planning

7. 2/18/2015DR & BCP 7
Disaster recovery
planning
components :
1. Establishment of the
Recovery Team(s)
2. Development of
Recovery Procedures
3. Training of the
Recovery Team(s)
4. Change Management
to keep plan current
5. Provision of
Necessary Resources
(Beans, Bombs and
Bubbas…)
6. Arrangement for
alternate technology
platform, and retrieval
of backup data

8. 2/18/2015DR & BCP 8
Business
Continuity Plan
Component
1. Establishment of
Cross-Functional
Team(s)
2. Inventory of
People, Processes,
Resources and
Technology (PPRT)
3. Risk/Threat
Identification and
Categorization
4. Impact Analysis
and Loss Estimation
5. Prevention,
Mitigation and
Recovery
Strategizing
6. Gap Analysis
and Resolution
Planning

9. 2/18/2015DR & BCP 9
Plan Scope and Support
Senior Management Support (tone at the top)
Defined objectives, policies, scope and success factors and requirements
Standard terms and assumptions
Project plan and budget
Risk Analysis
Risks – Quantitative and Qualitative
Threats – Natural and Man Made
Vulnerabilities – Possibilities of threats occurring have been taken into account
Figure 2-1 Contingency Planning as an Element of Risk Management Implementation

10. 2/18/2015DR & BCP 10
Business Impact Analysis
Time criticality
RTO & RPO
Critical Business Units/Functions
Results based on established quantitative and qualitative metrics
Recovery Strategies
Reasonable strategies identified
Advantages and Disadvantages
Cost vs. Benefit
Business unit buy-in
The BCP Plan
Scope and Objective
Business Recovery Organization
Escalation, Notification, Activation
Resumption, Recovery, Restoration
Maintenance, Testing

11. 2/18/2015DR & BCP 11
Plan Maintenance
Defined timetables
Version control
Changes
Plan Testing
Periodic and methodical
Address major components
Goals objectives for each test
Monitor, analyze, report
Training and Awareness
Plan existence
Responsibilities
Various training methods

12. 2/18/2015DR & BCP 12
Thinking systematically about risk, mitigating risks, and proactively
planning an optimized BCM program is something every company, large
or small, can and should do.

13. 2/18/2015DR & BCP 13
NIST: National Institute of Standards and Technology.
Many Sample DRPs can be seen at www.drj.com.
Planning, a chapter of the book Disaster Recovery Planning: Preparing For The
Unthinkable by Jon Toigo.
www.disasterrecoveryworld.com is a commercial site that also provides excellent
resources, and explains the COBRA method of analysis.
www.crisis-management-and-disaster-recovery.com
Business continuity planning / management (BCM) from wikipedia.org

14. 2/18/2015DR & BCP 14