Abstract image of a woman sitting on books and studying on a laptop

Week02-Planning for Organizational Readiness_reduced.pptx

Download as PPTX, PDF
P
pshah21

The document discusses contingency planning and organizational readiness. It describes forming a contingency planning management team to oversee the process. This includes developing a contingency planning policy, conducting a business impact analysis to identify critical business functions, and creating a budget. The contingency planning process involves multiple stages including forming teams, creating policies, analyzing impacts, and developing subordinate response plans.

Education
1 of 25
Downloaded 14 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
CSF 3103 – Incident Response and Disaster Recovery Week 02-CLO1 Planning for Organizational Readiness
Whitman & Mattord, Principles of Incident Response and Disaster Recovery, 3rd Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Module Objectives By the end of this module, you should be able to: 1. Explain the contingency planning life cycle, the elements needed to begin the contingency planning process, the initiation of the process, and the composition of the CP management team 2. Discuss how CP policy is used to define the scope of the CP operations and establish managerial intent 3. Define business impact analysis and describe each of its components 4. List the steps needed to create and maintain a budget used for the contingency planning process
Whitman & Mattord, Principles of Incident Response and Disaster Recovery, 3rd Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Introduction to Planning for Organizational Readiness Planning for contingencies requires a formal methodology that systematically addresses each challenge an organization might face during an incident, disaster, or other adverse event. Developing contingency plans requires detailed and complete plans, commit to maintaining plans at a high state of readiness, rehearse the use of the plans, and maintain the processes necessary to keep a high state of preparedness.
Whitman & Mattord, Principles of Incident Response and Disaster Recovery, 3rd Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Beginning the CP Process (1 of 3) The elements required to begin the contingency planning (CP) process include: • Forming the contingency planning management team (CPMT) • Establishing a policy environment to enable the planning process • Determining a planning methodology; gaining an understanding of the causes and effects of core precursor activities, known as the business impact analysis (BIA) • Ensuring access to financial and other resources, as articulated and outlined by the planning budget The methodology presented adapts and integrates the approaches presented in NIST SP 800-34, Rev. 1, and SP 800- 61, Rev. 2, along with a number of international standards.
Whitman & Mattord, Principles of Incident Response and Disaster Recovery, 3rd Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Beginning the CP Process (2 of 3) The major stages in this methodology include the following: • Form the CPMT. • Develop the CP policy statement. • Conduct the business impact analysis (BIA). • Form subordinate planning teams. • Develop subordinate planning policies. • Integrate the BIA. • Identify preventive controls. • Organize response teams. • Create response strategies. • Develop subordinate plans. • Ensure plan testing, training, and exercises. • Ensure plan maintenance.
Whitman & Mattord, Principles of Incident Response and Disaster Recovery, 3rd Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Beginning the CP Process (3 of 3)
Whitman & Mattord, Principles of Incident Response and Disaster Recovery, 3rd Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Forming the CPMT The CPMT is responsible for: •Obtaining commitment and support from senior management •Managing and conducting the overall CP process •Writing the master CP document •Conducting the business impact analysis (BIA), which includes: •Organizing and staffing the leadership for the subordinate teams, including both planning and response teams •Providing guidance to, and integrating the work of, the subordinate teams, including subordinate plans
Whitman & Mattord, Principles of Incident Response and Disaster Recovery, 3rd Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Beginning the Contingency Planning Process A typical roster (Positions) for the CPMT may include: • Leadership • A champion • A project manager • Team members • Representatives from other business units: • Business managers • IT managers • InfoSec managers • Representatives from subordinate planning teams (IR/DR/BC/CM) • Representatives from subordinate response teams (IR/DR/BC/CM)
Whitman & Mattord, Principles of Incident Response and Disaster Recovery, 3rd Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Contingency Planning Management Team
Whitman & Mattord, Principles of Incident Response and Disaster Recovery, 3rd Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Contingency Planning Policy (1 of 3) Before the CPMT can fully develop the planning document, the team must receive guidance from executive management, then craft that guidance into formal contingency planning policy (CP policy). The purpose of the CP policy is to define the scope of CP operations and establish managerial intent for timetables for response to incidents, recovery from disasters, and reestablishment of operations for continuity.
Whitman & Mattord, Principles of Incident Response and Disaster Recovery, 3rd Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Contingency Planning Policy (2 of 2) The CP policy should, at a minimum, contain the following sections: • An introductory statement of philosophical perspective by senior management as to the importance of CP • A statement of the scope and purpose of the CP operations • A call for periodic risk assessment by the organization’s RM team and BIA by the CPMT • A specification of the CP’s major components to be designed by the CPMT • Identification of key individuals responsible for CP operations and a clear definition of their roles and responsibilities • A requirement to regularly train, rehearse, and test the various plans • Identification of key laws, regulations, and standards that impact CP planning and a brief overview of their relevance • NIST Special Publications 800-34, Rev. 1
Whitman & Mattord, Principles of Incident Response and Disaster Recovery, 3rd Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Business Impact Analysis The business impact analysis (BIA) is an investigation and assessment of the impact that various events or incidents can have on the organization. It also provides a detailed identification and prioritization of critical business functions that would require protection and continuity in an adverse event. The BIA, therefore, adds insight into what the organization must do to respond to adverse events, minimize the damage from such events, recover from the effects, and return to normal operations.
Whitman & Mattord, Principles of Incident Response and Disaster Recovery, 3rd Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. CPMT’s Conduct of BIA The CPMT conducts the BIA in three stages: 1. Assessing mission/business processes and recovery criticality 2. Identifying resource requirements 3. Identifying recovery priorities
Whitman & Mattord, Principles of Incident Response and Disaster Recovery, 3rd Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Determine Mission/Business Processes and Recovery Criticality The first major BIA task is to analyze and prioritize the organization’s business processes based on their relationships to the organization’s mission. Each business unit must be independently evaluated to determine how critical its functions are to the long-term sustainability of the organization as a whole. The prioritization of business units is critical in establishing a priority of effort in the event the organization needs to set up temporary operations during a major disaster. A weighted analysis table can be useful here.
Whitman & Mattord, Principles of Incident Response and Disaster Recovery, 3rd Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. BIA
Whitman & Mattord, Principles of Incident Response and Disaster Recovery, 3rd Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Weighted Ranking of Business Processes (1 of 2) ↓Business Process Impact on Profit Contribution to Strategic Objectives Impact on Internal Operations Public Image Impact Total Weights Criteria Weight → .4 .3 .2 .1 1.00 Internet Access Provisioning 5 4 4 4 4.3 Customer Account Management 4 3 3 3 3.4 New Customer Enrollment 4 4 1 3 3.3 Service Advertisement 3 4 2 4 3.2 Help Desk Support 2 3 3 4 2.7 PR Support 2 3 1 5 2.4
Whitman & Mattord, Principles of Incident Response and Disaster Recovery, 3rd Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Weighted Ranking of Business Processes (2 of 2) Instructions for using the table shown in the previous slide: 1. List all business functions in the table. 2. Identify 4 to 5 criteria you will use to evaluate the processes. 3. Assign weights to each criterion in a range of 0 to 1.0 (with 1.0 being most critical to the operations of the organization). View each weight as a portion of a 100 percent total. In other words, the weights must sum to 1.0. 4. For each criterion, assign a value to each business process on a scale of 1 to 5, answering the question “How important is this business process to this criterion?,” where 1 = not important at all and 5 = critical. Zero would be used for “Not Applicable.” 5. For each business process, multiply each cell value by its criterion weight and total. 6. Sort the business process on the Total Weights column so that the most important business process is at the top.
Whitman & Mattord, Principles of Incident Response and Disaster Recovery, 3rd Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Key Downtime Metrics When organizations consider recovery criticality, they usually think in terms of how much of a particular asset must be recovered within a specified time frame. Terms most commonly used include the following: • Recovery time objective (RTO): Time period within which systems, applications, or functions must be recovered after an outage • Recovery point objective (RPO): Point in time to which lost systems and data can be recovered after outage; determined by business unit • Total amount of time the system owner/authorizMaximum tolerable downtime (MTD): ing official willing to accept for a process outage - Includes all impact considerations • Work recovery time (WRT): Determines the maximum tolerable amount of time that is needed to verify the system and/or data integrity
Whitman & Mattord, Principles of Incident Response and Disaster Recovery, 3rd Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. RPO vs. RTO Figure 2-4 RPO vs RTO
Whitman & Mattord, Principles of Incident Response and Disaster Recovery, 3rd Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. RTO, RPO, MTD, and WRT
Key Downtime Metrics (cont’d.) NIST Special Publication 800-34 Rev. 1 • Contains additional definitions for MTD, RTO, RPO Reducing RTO requires mechanisms to shorten start-up time or provisions • To make data available online at a failover site Reducing RPO requires mechanisms to increase data replication synchronicity between production systems and backup implementations Critical need: avoid exceeding MTD • RTO must be shorter than MTD Principles of Incident Response and Disaster Recovery, 2nd Edition 21
Whitman & Mattord, Principles of Incident Response and Disaster Recovery, 3rd Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Identify Resource Requirements After the organization has created a prioritized list of its mission and business processes, it can determine what resources would be needed to recover and subsequently support those processes and their associated information assets. Other business production-oriented processes require complex or expensive components to operate.
Processes and Required Resources Arranged in a Resource/Component Table Principles of Incident Response and Disaster Recovery, 2nd Edition 23
Whitman & Mattord, Principles of Incident Response and Disaster Recovery, 3rd Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. BIA Data Collection The BIA data collection process should be used from the beginning and at every step along the way to document the efforts in earlier steps. Methods to collect data include the following: •Online questionnaires •Facilitated data-gathering sessions •Process flows and interdependency studies •Risk assessment research •IT application or system logs •Financial reports and departmental budgets •BCP/DRP audit documentation •Production schedules
Whitman & Mattord, Principles of Incident Response and Disaster Recovery, 3rd Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Budgeting for Contingency Operations As a final component of the initial planning process, the CPMT must prepare to deal with the inevitable expenses associated with contingency operations. The biggest risk is that a disastrous expense could occur, and the organization might face the prospect of complete failure and possible closure as a result.

More Related Content

DOCX
Section 1 describe the process (steps) you would use in any organiz
SHIVA101531
 
PDF
Business Continuity Detailed Plan
Wissam Abdel Baki
 
PPTX
Business continuity & Disaster recovery planing
Hanaysha
 
PPTX
Business Continuity Management
Lusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
DOCX
Business Continuity Plan TemplateCIO Maria Sosa has asked you to p.docx
felicidaddinwoodie
 
PDF
Business continuity management system
subbusai82
 
PDF
Business Continuity Management-The Case for Return on Investment-white paper
Greg Cybulski, CBCP, ARM
 
DOCX
2015Sunshine Machines[Business Continuity Plan].docx
eugeniadean34240
 
Section 1 describe the process (steps) you would use in any organiz
SHIVA101531
 
Business Continuity Detailed Plan
Wissam Abdel Baki
 
Business continuity & Disaster recovery planing
Hanaysha
 
Business Continuity Management
Lusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
Business Continuity Plan TemplateCIO Maria Sosa has asked you to p.docx
felicidaddinwoodie
 
Business continuity management system
subbusai82
 
Business Continuity Management-The Case for Return on Investment-white paper
Greg Cybulski, CBCP, ARM
 
2015Sunshine Machines[Business Continuity Plan].docx
eugeniadean34240
 

Similar to Week02-Planning for Organizational Readiness_reduced.pptx (20)

PPTX
Business Continuity Planning
Bharath Rao
 
DOCX
MIT BUSINESS CONTINUITY PLAN This is an external rele.docx
annandleola
 
PPTX
CISSP - BCP and DR document for the publication
KedarMendhurwar
 
PPTX
strategies in management of organization
SOMSUBHRADUTTA1
 
PPT
BCM Roadmap
btrmuray
 
PPT
Bcm Roadmap
btrmuray
 
PPTX
Business-Continuity-Management-Ensuring-Organizational-Resilience1.pptx
MahmoudElmahdy32
 
PDF
Business continuity management www.reconglobal.in
Satya Yadav
 
PPTX
ICTD Material PowerPoint Presentation Format.pptx
MahmoudElmahdy32
 
PDF
ICMM Critical Control Management Implementation Guide
myosh team
 
PPTX
ISO-22301-Presentation Business Continuity Management System latest.pptx
JustinNickaf3
 
PDF
Business continuity & disaster recovery
George Coutsoumbidis
 
PPTX
Masterclass in implementing the TCFD recommendations
CDSB
 
PDF
Cyber Security and Business Continuity an Integrated Discipline
Graeme Parker
 
DOCX
Unit 2 [IT504 Critical Concepts and Competencies for the IT P.docx
dickonsondorris
 
PPT
business_continuity_management_presentation.ppt
LucintaLuna4
 
PDF
“RISK MANAGEMENT IN CONSTRUCTION INDUSTRY”
IRJET Journal
 
PPTX
Buisness contingency plan
RMC
 
PPSX
Chris Gould - BCM case
Alexey Chekanov
 
PPTX
MA-15e_IE-PPT_Ch01-1.pptxPPPPPPPPPPPPPPP
MaryCrishRanises
 
Business Continuity Planning
Bharath Rao
 
MIT BUSINESS CONTINUITY PLAN This is an external rele.docx
annandleola
 
CISSP - BCP and DR document for the publication
KedarMendhurwar
 
strategies in management of organization
SOMSUBHRADUTTA1
 
BCM Roadmap
btrmuray
 
Bcm Roadmap
btrmuray
 
Business-Continuity-Management-Ensuring-Organizational-Resilience1.pptx
MahmoudElmahdy32
 
Business continuity management www.reconglobal.in
Satya Yadav
 
ICTD Material PowerPoint Presentation Format.pptx
MahmoudElmahdy32
 
ICMM Critical Control Management Implementation Guide
myosh team
 
ISO-22301-Presentation Business Continuity Management System latest.pptx
JustinNickaf3
 
Business continuity & disaster recovery
George Coutsoumbidis
 
Masterclass in implementing the TCFD recommendations
CDSB
 
Cyber Security and Business Continuity an Integrated Discipline
Graeme Parker
 
Unit 2 [IT504 Critical Concepts and Competencies for the IT P.docx
dickonsondorris
 
business_continuity_management_presentation.ppt
LucintaLuna4
 
“RISK MANAGEMENT IN CONSTRUCTION INDUSTRY”
IRJET Journal
 
Buisness contingency plan
RMC
 
Chris Gould - BCM case
Alexey Chekanov
 
MA-15e_IE-PPT_Ch01-1.pptxPPPPPPPPPPPPPPP
MaryCrishRanises
 
Ad

Recently uploaded (20)

PDF
Laparoscopic Dissection Techniques at WLH
mohitsuren827
 
PPTX
pharmaceutics-1unit-1-221214121936-550b56aa.pptx
zonuntluangimph
 
PPTX
BSCE 2 NIGHT (CHAPTER 2) just cases.pptx
TristanLimotan
 
PDF
Solved Past paper of Pediatric Health Nursing PHN BS Nursing 5th Semester
shaukatkhan0798
 
PPTX
4. Diagnosis and treatment planning in RPD.pptx
rakshasb
 
PPTX
Climate Change and Its Global Impact.pptx
vaishalidobhal148
 
PPTX
Theoretical for class.pptxgshdhddhdhdhgd
MoybonKalif
 
PDF
FYJC - Chemistry textbook - standard 11.
nhunhuq968
 
PDF
0520_Scheme_of_Work_(for_examination_from_2021).pdf
SankariNandakumar
 
PPTX
Designing Adaptive Learning Paths in Virtual Learning Environments
Dr. Bushra Sumaiya
 
PPT
hsl powerpoint resource goyloveh feb 07.ppt
bhadevandana246
 
PDF
Diabetes Mellitus , types , clinical picture, investigation and managment
AreenAManasrah
 
PDF
Nurlina - Urban Planner Portfolio (english ver)
Nurlina Y.
 
PDF
fundamentals-of-heat-and-mass-transfer-6th-edition_incropera.pdf
gloryjsingh
 
PDF
Farming Based Livelihood Systems English Notes
Akhil Agriculture
 
PPTX
Diploma pharmaceutics notes..helps diploma students
zonuntluangimph
 
PDF
CAT 2024 VARC One - Shot Revision Marathon by Shabana.pptx.pdf
VaibhavBhardwaj394603
 
PDF
Everyday Spelling and Grammar by Kathi Wyldeck
JohanaWulandari2
 
PPTX
ACFE CERTIFICATION TRAINING ON LAW.pptx
Godwin Emmanuel Oyedokun MBA MSc PhD FCA FCTI FCNA CFE FFAR
 
PDF
Physical education and sports and CWSN notes
0rajeev14
 
Laparoscopic Dissection Techniques at WLH
mohitsuren827
 
pharmaceutics-1unit-1-221214121936-550b56aa.pptx
zonuntluangimph
 
BSCE 2 NIGHT (CHAPTER 2) just cases.pptx
TristanLimotan
 
Solved Past paper of Pediatric Health Nursing PHN BS Nursing 5th Semester
shaukatkhan0798
 
4. Diagnosis and treatment planning in RPD.pptx
rakshasb
 
Climate Change and Its Global Impact.pptx
vaishalidobhal148
 
Theoretical for class.pptxgshdhddhdhdhgd
MoybonKalif
 
FYJC - Chemistry textbook - standard 11.
nhunhuq968
 
0520_Scheme_of_Work_(for_examination_from_2021).pdf
SankariNandakumar
 
Designing Adaptive Learning Paths in Virtual Learning Environments
Dr. Bushra Sumaiya
 
hsl powerpoint resource goyloveh feb 07.ppt
bhadevandana246
 
Diabetes Mellitus , types , clinical picture, investigation and managment
AreenAManasrah
 
Nurlina - Urban Planner Portfolio (english ver)
Nurlina Y.
 
fundamentals-of-heat-and-mass-transfer-6th-edition_incropera.pdf
gloryjsingh
 
Farming Based Livelihood Systems English Notes
Akhil Agriculture
 
Diploma pharmaceutics notes..helps diploma students
zonuntluangimph
 
CAT 2024 VARC One - Shot Revision Marathon by Shabana.pptx.pdf
VaibhavBhardwaj394603
 
Everyday Spelling and Grammar by Kathi Wyldeck
JohanaWulandari2
 
ACFE CERTIFICATION TRAINING ON LAW.pptx
Godwin Emmanuel Oyedokun MBA MSc PhD FCA FCTI FCNA CFE FFAR
 
Physical education and sports and CWSN notes
0rajeev14
 
Ad

Week02-Planning for Organizational Readiness_reduced.pptx

  • 1. CSF 3103 – Incident Response and Disaster Recovery Week 02-CLO1 Planning for Organizational Readiness
  • 2. Whitman & Mattord, Principles of Incident Response and Disaster Recovery, 3rd Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Module Objectives By the end of this module, you should be able to: 1. Explain the contingency planning life cycle, the elements needed to begin the contingency planning process, the initiation of the process, and the composition of the CP management team 2. Discuss how CP policy is used to define the scope of the CP operations and establish managerial intent 3. Define business impact analysis and describe each of its components 4. List the steps needed to create and maintain a budget used for the contingency planning process
  • 3. Whitman & Mattord, Principles of Incident Response and Disaster Recovery, 3rd Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Introduction to Planning for Organizational Readiness Planning for contingencies requires a formal methodology that systematically addresses each challenge an organization might face during an incident, disaster, or other adverse event. Developing contingency plans requires detailed and complete plans, commit to maintaining plans at a high state of readiness, rehearse the use of the plans, and maintain the processes necessary to keep a high state of preparedness.
  • 4. Whitman & Mattord, Principles of Incident Response and Disaster Recovery, 3rd Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Beginning the CP Process (1 of 3) The elements required to begin the contingency planning (CP) process include: • Forming the contingency planning management team (CPMT) • Establishing a policy environment to enable the planning process • Determining a planning methodology; gaining an understanding of the causes and effects of core precursor activities, known as the business impact analysis (BIA) • Ensuring access to financial and other resources, as articulated and outlined by the planning budget The methodology presented adapts and integrates the approaches presented in NIST SP 800-34, Rev. 1, and SP 800- 61, Rev. 2, along with a number of international standards.
  • 5. Whitman & Mattord, Principles of Incident Response and Disaster Recovery, 3rd Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Beginning the CP Process (2 of 3) The major stages in this methodology include the following: • Form the CPMT. • Develop the CP policy statement. • Conduct the business impact analysis (BIA). • Form subordinate planning teams. • Develop subordinate planning policies. • Integrate the BIA. • Identify preventive controls. • Organize response teams. • Create response strategies. • Develop subordinate plans. • Ensure plan testing, training, and exercises. • Ensure plan maintenance.
  • 6. Whitman & Mattord, Principles of Incident Response and Disaster Recovery, 3rd Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Beginning the CP Process (3 of 3)
  • 7. Whitman & Mattord, Principles of Incident Response and Disaster Recovery, 3rd Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Forming the CPMT The CPMT is responsible for: •Obtaining commitment and support from senior management •Managing and conducting the overall CP process •Writing the master CP document •Conducting the business impact analysis (BIA), which includes: •Organizing and staffing the leadership for the subordinate teams, including both planning and response teams •Providing guidance to, and integrating the work of, the subordinate teams, including subordinate plans
  • 8. Whitman & Mattord, Principles of Incident Response and Disaster Recovery, 3rd Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Beginning the Contingency Planning Process A typical roster (Positions) for the CPMT may include: • Leadership • A champion • A project manager • Team members • Representatives from other business units: • Business managers • IT managers • InfoSec managers • Representatives from subordinate planning teams (IR/DR/BC/CM) • Representatives from subordinate response teams (IR/DR/BC/CM)
  • 9. Whitman & Mattord, Principles of Incident Response and Disaster Recovery, 3rd Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Contingency Planning Management Team
  • 10. Whitman & Mattord, Principles of Incident Response and Disaster Recovery, 3rd Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Contingency Planning Policy (1 of 3) Before the CPMT can fully develop the planning document, the team must receive guidance from executive management, then craft that guidance into formal contingency planning policy (CP policy). The purpose of the CP policy is to define the scope of CP operations and establish managerial intent for timetables for response to incidents, recovery from disasters, and reestablishment of operations for continuity.
  • 11. Whitman & Mattord, Principles of Incident Response and Disaster Recovery, 3rd Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Contingency Planning Policy (2 of 2) The CP policy should, at a minimum, contain the following sections: • An introductory statement of philosophical perspective by senior management as to the importance of CP • A statement of the scope and purpose of the CP operations • A call for periodic risk assessment by the organization’s RM team and BIA by the CPMT • A specification of the CP’s major components to be designed by the CPMT • Identification of key individuals responsible for CP operations and a clear definition of their roles and responsibilities • A requirement to regularly train, rehearse, and test the various plans • Identification of key laws, regulations, and standards that impact CP planning and a brief overview of their relevance • NIST Special Publications 800-34, Rev. 1
  • 12. Whitman & Mattord, Principles of Incident Response and Disaster Recovery, 3rd Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Business Impact Analysis The business impact analysis (BIA) is an investigation and assessment of the impact that various events or incidents can have on the organization. It also provides a detailed identification and prioritization of critical business functions that would require protection and continuity in an adverse event. The BIA, therefore, adds insight into what the organization must do to respond to adverse events, minimize the damage from such events, recover from the effects, and return to normal operations.
  • 13. Whitman & Mattord, Principles of Incident Response and Disaster Recovery, 3rd Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. CPMT’s Conduct of BIA The CPMT conducts the BIA in three stages: 1. Assessing mission/business processes and recovery criticality 2. Identifying resource requirements 3. Identifying recovery priorities
  • 14. Whitman & Mattord, Principles of Incident Response and Disaster Recovery, 3rd Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Determine Mission/Business Processes and Recovery Criticality The first major BIA task is to analyze and prioritize the organization’s business processes based on their relationships to the organization’s mission. Each business unit must be independently evaluated to determine how critical its functions are to the long-term sustainability of the organization as a whole. The prioritization of business units is critical in establishing a priority of effort in the event the organization needs to set up temporary operations during a major disaster. A weighted analysis table can be useful here.
  • 15. Whitman & Mattord, Principles of Incident Response and Disaster Recovery, 3rd Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. BIA
  • 16. Whitman & Mattord, Principles of Incident Response and Disaster Recovery, 3rd Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Weighted Ranking of Business Processes (1 of 2) ↓Business Process Impact on Profit Contribution to Strategic Objectives Impact on Internal Operations Public Image Impact Total Weights Criteria Weight → .4 .3 .2 .1 1.00 Internet Access Provisioning 5 4 4 4 4.3 Customer Account Management 4 3 3 3 3.4 New Customer Enrollment 4 4 1 3 3.3 Service Advertisement 3 4 2 4 3.2 Help Desk Support 2 3 3 4 2.7 PR Support 2 3 1 5 2.4
  • 17. Whitman & Mattord, Principles of Incident Response and Disaster Recovery, 3rd Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Weighted Ranking of Business Processes (2 of 2) Instructions for using the table shown in the previous slide: 1. List all business functions in the table. 2. Identify 4 to 5 criteria you will use to evaluate the processes. 3. Assign weights to each criterion in a range of 0 to 1.0 (with 1.0 being most critical to the operations of the organization). View each weight as a portion of a 100 percent total. In other words, the weights must sum to 1.0. 4. For each criterion, assign a value to each business process on a scale of 1 to 5, answering the question “How important is this business process to this criterion?,” where 1 = not important at all and 5 = critical. Zero would be used for “Not Applicable.” 5. For each business process, multiply each cell value by its criterion weight and total. 6. Sort the business process on the Total Weights column so that the most important business process is at the top.
  • 18. Whitman & Mattord, Principles of Incident Response and Disaster Recovery, 3rd Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Key Downtime Metrics When organizations consider recovery criticality, they usually think in terms of how much of a particular asset must be recovered within a specified time frame. Terms most commonly used include the following: • Recovery time objective (RTO): Time period within which systems, applications, or functions must be recovered after an outage • Recovery point objective (RPO): Point in time to which lost systems and data can be recovered after outage; determined by business unit • Total amount of time the system owner/authorizMaximum tolerable downtime (MTD): ing official willing to accept for a process outage - Includes all impact considerations • Work recovery time (WRT): Determines the maximum tolerable amount of time that is needed to verify the system and/or data integrity
  • 19. Whitman & Mattord, Principles of Incident Response and Disaster Recovery, 3rd Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. RPO vs. RTO Figure 2-4 RPO vs RTO
  • 20. Whitman & Mattord, Principles of Incident Response and Disaster Recovery, 3rd Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. RTO, RPO, MTD, and WRT
  • 21. Key Downtime Metrics (cont’d.) NIST Special Publication 800-34 Rev. 1 • Contains additional definitions for MTD, RTO, RPO Reducing RTO requires mechanisms to shorten start-up time or provisions • To make data available online at a failover site Reducing RPO requires mechanisms to increase data replication synchronicity between production systems and backup implementations Critical need: avoid exceeding MTD • RTO must be shorter than MTD Principles of Incident Response and Disaster Recovery, 2nd Edition 21
  • 22. Whitman & Mattord, Principles of Incident Response and Disaster Recovery, 3rd Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Identify Resource Requirements After the organization has created a prioritized list of its mission and business processes, it can determine what resources would be needed to recover and subsequently support those processes and their associated information assets. Other business production-oriented processes require complex or expensive components to operate.
  • 23. Processes and Required Resources Arranged in a Resource/Component Table Principles of Incident Response and Disaster Recovery, 2nd Edition 23
  • 24. Whitman & Mattord, Principles of Incident Response and Disaster Recovery, 3rd Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. BIA Data Collection The BIA data collection process should be used from the beginning and at every step along the way to document the efforts in earlier steps. Methods to collect data include the following: •Online questionnaires •Facilitated data-gathering sessions •Process flows and interdependency studies •Risk assessment research •IT application or system logs •Financial reports and departmental budgets •BCP/DRP audit documentation •Production schedules
  • 25. Whitman & Mattord, Principles of Incident Response and Disaster Recovery, 3rd Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Budgeting for Contingency Operations As a final component of the initial planning process, the CPMT must prepare to deal with the inevitable expenses associated with contingency operations. The biggest risk is that a disastrous expense could occur, and the organization might face the prospect of complete failure and possible closure as a result.