Business Continuity Questions and Answers Fully solved

Business Continuity Questions and Answers Fully solved Business Continuity Plans (BCP) An organizations ability to maintain critical business functions (CBFs) after a disruptive event BCP provides a plan to ensure the CBFs continue to operate even if disruptions happens Major Risk Mitigation Plans Business continuity readiness involves: Business continuity planning (BCP) -Business impact analysis (BIA) -Disaster recovery planning (DRP) -Incident response planning (IRP) Elements of BCP 1. Purposes: -Ensuring that CBFs continue to operate even after a disruption occurs. 2. Scope: -Global view of organization with concentration on CBFs Elements of BCP 3. Assumptions and planning principles: -Length of time expected to continue operations under BCP until returning to normal conditions -Incidents to be included or excluded (e.g. hurricane, earthquakes, power human-caused) -Location(s) to consider (e.g. centralized, geographically distributed) -Transportation (e.g. required vehicles, shuttles, helicopters) -Communications (e.g. alternative methods like walkie-talkie functions -Required support (e.g. financial, technical, human resources) Elements of BCP 4. Identifying description and architecture: -Identifying the IT domains (e.g. applications, servers, networks) that support each CBF. -Gathering information on the sensitivity of systems' data (proprietary, private, public) Elements of BCP 5. Responsibilities: -BCP program manager: the key and leading individual -BCP coordinator: connecting the separate teams -BCP teams: -Emergency Management Team (EMT): composed of senior managers who make ultimate decisions -Damage Assessment Team (DAT): collect and analyze data with regards to incidents; do NOT take action. -Technical Recovery Team (TRT): restores CBFs by recovering IT resources (based on the BIA report). Elements of BCP 6. Phases -Notification/activation phrase: disruption has occurred or is forthcoming) (DAT is responsible for assessing the magnitude of impact) -Recovery phase: (TRT will work on CBF restoration) -Reconstruction Phase: the goal is to return CBFs to normal conditions 7. Plan training, testing, and exercises 8. Plan maintenance Business Impact Analysis (BIA) -An important tool for business continuity planning -Helps identify CBFs and systems(s) that support each one. -Helps identify the single point of failure -Quantifies the impact a loss of these functions These range from: -Impact on property (tangible assets) -Impact on safety (physical protection) -Impact on reputation (status) -Impact on life (well-being) -Impact on finances (monetary funding) Business Impact Analysis (BIA) Single-loss expectancy (SLE) is the monetary value expected from the occurrence of a risk or an asset. -Single-loss expectancy (SLE)= Asset Value (AV) X Exposure factor (EF) -Annual rate of occurrence (ARO) is the probability that a risk will occur in a particular year. -For example, if insurance data suggests that a serious fire is likely to occur once in 25 years, then the annualized rate of occurrence is 1/25=0.04 -Annualized loss expectancy (ALE) is the expected monetary loss that can be expected for an asset due to a risk over one year period -ALE= ARO X SLE Maximum Acceptable outage (MAO) The maximum amount of time a system or service can be down BEFORE affecting the business mission. Example: If MAO= 30 minutes, recovery plans must be able to restore the failed system within 30 minutes. -Also known as: Maximum Tolerable Downtime (MTD) Recover time objective (RTO) -Applies to systems -Determines the time during which the system must be recovered -RTO must be equal or less than MAO Recovery Point Objective (RPO) -Applies to data -Identifies the maximum amount of acceptable data loss -Identifies data that is mission critical -RPO must be equal or les that MAO Disaster Recovery Plan (DRP) -While BIA focuses on the entire organization, DRP addresses restoring of information technology functions. -Includes a written document detailing process for restoring IT resources The importance of DRP -93% of companies without Disaster Recovery who suffer a major data disaster are out of business within one year. -40-60% of small businesses who lose access to operational systems and data without a DR plan close their doors foereve -Unplanned downtime can cost up to $17,244 per minute -Only 27% believe they are fully prepares to ensure continuous availability Disaster Recovery Plan (DRP) Sequence in restoring systems -Which systems should have priority? -What should be done if a disaster makes the current location for processing data no longer available ----An alternative processing site must be identified -Failback: the process of resynchronizing data back to the primary location Typical outlines of a DRP: Unit 1: Purpose and Scope -objectives and constraints -Assumptions -Physical and non-physical safeguards -Insurance considerations Unit 2: Recovery Team -A clear definition of teams and their responsibilities (e.g. incident-basis) Unit 3: Preparing for a Disaster -Physical, environmental, internal, and external risks. Unit 4: Emergency Procedures -E.g. using alternative sites, off-site storage, contracting vendors Unit 5: Restoration Procedures -How to return to normal business operations Fault Tolerance Refers to a systems ability to deal with malfunctions -The solution to fault tolerance>>> redundancy -Which is the use of duplicated equipment to improve the availability of a system Servers Server cluster -Multiple servers that appear as a single server -Connected through public and private cluster connections Types of server clusters -Symmetric -Asymmetric: a standby server that performs no function except to be ready if needed Storage a trend in data storage is to use solid-state drives (SSDs) -SSDs are more resistant to failure and are considered more reliable than traditional HDDs -Redundant Array of Independent Devices (RAID) ----Uses multiple hard disk drives to increase reliability and performance ----Can be implemented through software or hardware RAID Level 0 (stripped disk array without fault tolerance -Stripping partitions hard drive into smaller sections -If one drive fails, all data on that drive is lost RAIRD Level 1 (mirroring) -Disk mirroring used to connect multiple drives to be the same disk controller card -Action on primary drive is duplicated on other drive -Primary drive can fail and data will not be lost Networks Redudant Networks: -Wait in the background -Use a replication scheme -Launch automictically in the event of a disaster Power -Maintaining power is essential when planning for redundancy -Uninterruptible power supply (UPS) -----Maintains power to equipment in the event of an interruption in primary electrical power source -Backup generator -----Powered by diesel, natural gas, or propane Recovery Sites Backup sites may be necessary if flood, hurricane, or other major disaster damages buildings Hot Site -Duplicate of the production site -Has all needed equipment -Data backup can be moved quickly to the hot site Cold Site -Provides office space -Customer must provide and install all equipment needed to continue operations -No backups immediately available -Less expensive than a hot site -Takes longer to resume full operation Cloud Computing A growing trend is to use cloud computing in conjunction with sites -Backups in multiple diverse locations -Saves costs -Data can be restored more quickly -Alternative resources are easily available Environmental Controls -Methods to prevent disruption through environmental controls ------Fire suppression ------Electromagnetic disruption protection ------Proper configuration of HVAC systems (temperature management) Incident Response Plan (IRP) -A set of written instruction for reacting to a security incident -Incident response process: recommended by NIST IRP: Prepartion -Creating a CIRT plan -Defining incidents -Forming teams -Training teams IRP- Detection and analysis -Identifying countermeasures/security controls (e.g. IDS, firewalls) -Distinguishing real incidents from false alarams IRP- Containment, eradication, and recovery -Containing incidents as soon as they are detected (e.g. unplugging a network interface card) -Sandboxing is a common security strategy ---isolating applications from critical system resources and other programs. ---Provides an extra layer of security that prevents malware or harmful applications from negatively affecting your system. IRP- Post-incident recovery -Documenting the lessons to be learned -Performance evaluation -Modifying the CIRT plan, if needed IRP vs. DRP -Not mutually exclusive -IRP focuses on individual events that impact computer systems such as malware or network intrusion -IRP is more short-term than DRP -DRP focuses on larger, enterprise-wide events, such as earthquakes, hurricanes, and terrorism Calculating the Impact and Priority -Start with defnitions (mostly subjective) -Calculate the current and projected effect ratings -Calculate critically ratings -The sum of current, projected and critically weights should equal to 1 -Calculate the impact score -Prioritize the incidents based on the Priority Chart Current effect rating Minimal because the incident is currently affecting one web server in the web farm -The overall impact score= 10 x .25= 2.5 Projected effect rating Medium because it has the potential to spread to other web servers in the farm -The overall impact score= 50 x .25= 12.5 Critically rating Medium because the web server affect one CBF in a single location -The overall impact score= 50 x .50= 25 The incident impact score 2.5 + 12.5 + 25= 40 o to 25 Minimal, low priority 26 to 50 Medium, average priority 51 to 100 Critical, high priority