BusinessContinuityand�DisasterRecovery:�CriticalMeasuresforBusinessSurvivalAllanCarey�ProgramManager�InformationSecurityServicesAgendaSeptember11thEffectDefiningBCandDRTheImportanceofSecurityConclusionsPre-September11EconomyentersintorecessionSomecompanieshavebusinesscontinuityplans,ontheshelfPlanswereinsufficientInitiativesdrivenwitha“bottomsup”approachTheSeptember11thEffectTheSeptember11thEffectTerroristattackscausemorethan$50billionininfrastructuredamageDramaticallyraisedawarenessPhysicalandcybersecurityBusinessleaderscloselyexamininginternalsecurity,continuity,andrecoveryplans90%ofCEOshavereviewedDRplans*Manydiscoverinadequateinvestments*Source:BoozAllenHamiltonsurvey,Jan.23,2002*Source:APorReutersPost-September11EconomicrecessionexacerbatedBCPservicesgainingmomentuminthemarketplaceSecurityservicesfirmscontinueportfoliobuildouttoincludeBCPandincidentreadinessDevelopmentforNationalStrategytoSecureCyberspaceunderwayInformationSecuritySpendingPlans2002vs.2001N=320AgendaSeptember11thEffectDefiningBCandDRTheImportanceofSecurityConclusionsTypesofContingencyPlanshttp://csrc.nist.gov/publications/drafts/ITcontingency-planning-guideline.pdfPlanPurposeScopeBusinessContinuityPlan(BCP)ProvideproceduresforsustainingessentialbusinessoperationswhilerecoveringfromasignificantdisruptionAddressesbusinessprocesses;ITaddressedonlyinthecontextofsupportingbusinessprocessBusinessRecovery(orResumption)Plan(BRP)ProvideproceduresforrecoveringbusinessoperationsimmediatelyfollowingadisasterAddressesbusinessprocesses;notIT-focusedContinuityofOperationsPlanEstablishproceduresandcapabilitiestosustainanorganization’sessential,strategicfunctionsatanalternatesiteforupto30daysAddressessubsetofanorganization’smissionsdeemedcritical;notIT-focusedContinuityofSupportPlanEstablishproceduresandcapabilitiesforrecoveringamajorapplicationorgeneralsupportsystemSimilartoITcontingencyplan;addressesITsystemdisruption;notbusinessprocessfocusedDisasterRecoveryPlan(DRP)ProvidedetailedprocedurestofacilitaterecoveryofcapabilitiesatanalternatesiteOftenIT-focused;limitedtomajordisruptionswithlong-termeffectsIncidentResponsePlanDefinestrategiestodetect,respondto,andlimitconsequencesofmaliciouscyberincidentFocusesoninformationsecurityresponsestoincidentsaffectingsystemsand/ornetworksOccupantEmergencyPlanProvidecoordinatedproceduresforminimizinglossoflifeorinjuryandprotectingpropertydamageinresponsetoaphysicalthreatFocusesonpersonnelandpropertyparticulartothespecificfacility;notbusiness-orIT-focusedWhatisBusinessContinuity? Businesscontinuitydescribestheprocessesandproceduresanorganizationputsinplacetoensurethatessentialfunctionscancontinueduringandafteradisaster.Businesscontinuanceplanningseekstopreventinterruptionofmission-criticalservices,andtoreestablishfullfunctioningasswiftlyandsmoothlyaspossible.WhatisBusinessContinuity?Simplyput,it’sthemeansofkeepinganorganizationupandrunning24x7despiteanyexpectedorunexpecteddisruption.Mayinvolvehighlyavailable,“alwayson”infrastructuresthatmaketraditionalrecoveryobsoleteMayinvolvetraditionaldisasterrecoveryservices,I.e.hot/coldsite,databackup,mobilerecovery,contingencyplanning(reactiveapproach)ORMayinvolvesecurityservices(proactiveapproach)WhatisDisasterRecovery? Disasterrecoverydescribeshowanorganizationistodealwithpotentialdisasters.Adisasterrecoveryplan(DRP)consistsoftheprecautionstakensothattheeffectsofadisasterwillbeminimized,andtheorganizationwillbeabletoeithermaintainorquicklyresumemission-criticalfunctions.WhatisDisasterRecovery?It’sacrucialcomponentofbusinesscontinuitythataddressesmoreoftheITfunctionsnecessarytoresumebusinessoperationsduetoanexpectedorunexpecteddisruption.Mayinvolvehighlyavailable,redundantinfrastructuresi.e.,hot/coldsite,bandwidthcapacity,scalablenetworkMayinvolvetraditionaldatabackupservices,i.e.,datareplication,offsitedatabackupstorage,mobilerecovery,(reactiveapproach)Mayinvolvesecurityservices(proactiveapproach)7-StepProcessReview/refreshordevelopsecurity,disasterrecovery,andBCplansDevelopcontingencyplanningpolicyConductbusinessimpactanalysis(BIA)IdentifypreventativecontrolsDeveloprecoverystrategiesDevelopcontingencyplanPlantesting,trainingandsimulationsMaintaintheplanSource:NISTAgendaSeptember11thEffectDefiningBCandDRTheImportanceofSecurityConclusionsSilosofSecuritySecurityoftenresidesinmanydifferentdepartmentsLackofcommunicationandcoordinationDelayedresponseProlongedrecoverycyclePost-911AssessmentNotjustaGovernmentproblemUScorporationsrepresentthemostvulnerableCurrentGovernmentspendingmainlyfocusedonphysicalsecurity(i.e.,gates,guns,guards,&dogs)NosignificantGovernmentspendingonITsecurityuntillate2003/2004ConvergenceofphysicalandITsecurityin2005and2006TheNeedforSecurityandBCPlanningEnterprise-widesecurityandBCstrategyMorecommunicationandcoordinationacrossbusinessunitsImprovedresponseandbetteraccountabilityCross-functionalSecurityandBCProgramEnterpriseRiskManagementAgendaSeptember11thEffectDefiningBCandDRTheImportanceofSecurityConclusionsConclusionsPhysicalandITsecuritywillbecomemoretightlyintegratedBCPmustencompassallaspectsofanorganizationSecurityisacrucialcomponenttoBCanddisasterpreventionProperidentification,planning,andimplementationwillensurenotonlysuccess,butbusinesssurvivalPleaseemailmeatacarey@idc.comQuestions?
本文档为【河北医科大学中医院教学先进集体申】,请使用软件OFFICE或WPS软件打开。作品中的文字与图均可以修改和编辑,
图片更改请在作品中右键图片并更换,文字修改请直接点击文字进行修改,也可以新增和删除文档中的内容。
该文档来自用户分享,如有侵权行为请发邮件ishare@vip.sina.com联系网站客服,我们会及时删除。
[版权声明] 本站所有资料为用户分享产生,若发现您的权利被侵害,请联系客服邮件isharekefu@iask.cn,我们尽快处理。
本作品所展示的图片、画像、字体、音乐的版权可能需版权方额外授权,请谨慎使用。
网站提供的党政主题相关内容(国旗、国徽、党徽..)目的在于配合国家政策宣传,仅限个人学习分享使用,禁止用于任何广告和商用目的。
浙公网安备 33021202002483