Continuity Presentation.pptxVIP专享VIP免费原创优质

Whatif…Presentedby:AlyPeavy,BartStone,AbyDattero,andTaeBergBusinessContinuityPlan(BCP)AuditingaBCPReal-worldexampleTopicsWhatwouldhappenif…•Ahurricanehit?•Afireoccurred?•Powerwasinterrupted?–Whatwouldyoudo?–Whatwouldabusinessdo?Theneedforaplan•Riskofgoingoutofbusiness•Cheaperinthelong-run•Providesorderandstructure•Required•Bettertohavetheplanandneveruseitthantoneverplanandbeunpreparedwhendisasterstrikes.BusinessContinuityPlan•BusinessContinuityPlan–Aplanthatconsistsofthesetofproceduresdesignedtokeepcriticalbusinessfunctionsupandrunningduringandafteradisaster.•Goal–TopreventdisruptionsinbusinessoperationsBCP-Elements•Analysis–Identificationofrisks/threats•Response/recoveryDesign–Planofaction•Implementation•Testing•MaintenanceAchievinganEffectivePlan•ObtainTopManagementCommitment•EstablishaPlanningCommittee•PerformaRiskAssessmentAchievinganEffectivePlan•EstablishPrioritiesforProcessingOperations•DetermineRecoveryStrategies•PerformDataCollectionAchievinganEffectivePlan•OrganizeandDocumentaWrittenPlan•DevelopTestingCriteriaandProcedures•TestthePlan•ApprovethePlanDataandSystemsRecovery•StorageandBackupofData•Hot,WarmorCold?•CloudComputingAuditingaBCPAbbyDatteroAuditingaBCP•3StepProcess1.Validatingthebusinesscontinuityplan2.Scrutinizingandverifyingpreventiveandfacilitatingmeasuresforensuringcontinuity3.ExaminingevidenceabouttheperformanceofactivitiesthatcanassurecontinuityandrecoveryValidatingtheBCP•Preventivecontrols•Recoverycontrols–RTOandRPO–BCPScrutinyandVerification•Disasterrecoverysite–Accessibility•Outsourcing–Contracts•Supportingequipment–AccessibilityExaminingEvidenceaboutPerformanceofActivities•Dailyactivities•Backuptapes/backuplogs•Lookatallcomponents–Operatingsystem,database,etc.•Verificationofmaintenance–Hasplanbeentested?Howthoroughly?–Tabletoptesting/completedrillPeople•Inquiryandverification•Trainingprograms•AwarenesscampaignsExamplesofRecoveryPlansandTheirEffectivenessBartStoneIBM•$300milliontoinvestinbackupcenters•“CloudComputing”datacenters•10differentcountriesHPYouTubeExample?•HPExample•3:10–4:10ImpressiveWhatPeopleCanRecover•SpaceShuttleColumbiaexample•KrollOn-trackIncorporated•"Whenwegotit,itwastwohunksofmetalstucktogether.Wecouldn'teventellitwasaharddrive.Itwasburnedandtheedgesweremelted,"saidEdwards,anengineeratKrollOntrackInc.WorksCited•AuditingBusinessContinuity,ByS.AnanthaSayana•ISAuditingGuideline:BusinessContinuityPlan,ISACA•http://en.wikipedia.org/wiki/Business_continuity_planning•http://www.informit.com/articles/article.aspx?p=768381•http://www.msnbc.msn.com/id/24542368/–BrianBergstein5/9/2008“DataRecoverySpecialistTellsColumbiaStory”•http://www.tsl.state.tx.us–TexasStateLibraryandArchives.StateandLocalRecordsManagementDivision.•http://www.reuters.com/article/businessNews/idUSN1936716820080820–8/19/2008“IBMinvests$300mlnindisasterrecoverycenters”JimFinkle•http://www.youtube.com/watch?v=ndpjNhd1MtE–HPDisasterRecoveryVideofromYouTubeWorksCitedContinued•http://www.microsoft.com/protect/yourself/data/storage.mspx•http://www.samag.com/documents/s=9364/sam0106sc/0106c.htm•http://ezinearticles.com/?CompTIA-Network+-Certification-Exam-Tutorial:--Hot-Sites,-Warm-Sites,-and-Disaster-Recovery&id=331743•http://ezinearticles.com/?CompTIA-Network+-Certification-Exam-Tutorial:--Hot-Sites,-Warm-Sites,-and-Disaster-Recovery&id=331743•http://www.infoworld.com/article/08/04/07/15FE-cloud-computing-reality_1.html•http://en.wikipedia.org/wiki/Cloud_computing#Companies•http://articles.techrepublic.com.com/5100-10878_11-5988931.html•http://www.sba.gov/services/disasterassistance/disasterpreparedness/index.html•http://www.drj.com/new2dr/w2_002.htm