Lecture2

Lecture2 - TEL2813/IS2820 Security Management Contingency...

Info iconThis preview shows pages 1–12. Sign up to view the full content.

View Full Document Right Arrow Icon
TEL2813/IS2820 Security Management Contingency Planning Jan 17, 2006
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Contingency Planning Things which you do not hope happen more frequently than things which you do hope. -- PLAUTUS. (C. 254–184 B.C.), MOSTELLARIA, ACT I, SCENE 3, 40 (197)
Background image of page 2
Introduction Planning for the unexpected event, when the use of technology is disrupted and business operations come close to a standstill Procedures are required that will permit the organization to continue essential functions if information technology support is interrupted Over 40% of businesses that don't have a disaster plan go out of business after a major loss
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
What Is Contingency Planning? The overall planning for unexpected events is called contingency planning (CP) It is how organizational planners position their organizations to prepare for, detect, react to, and recover from events that threaten the security of information resources and assets Main goal : restoration to normal modes of operation with minimum cost and disruption to normal business activities after an unexpected event
Background image of page 4
CP Components Incident response planning (IRP) focuses on immediate response Disaster recovery planning (DRP) focuses on restoring operations at the primary site after disasters occur Business continuity planning (BCP) facilitates establishment of operations at an alternate site
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
CP Components (Continued) To ensure continuity across all CP processes during planning process, contingency planners should: Identify the mission- or business-critical functions Identify resources that support critical functions Anticipate potential contingencies or disasters Select contingency planning strategies Implement selected strategy Test and revise contingency plans
Background image of page 6
CP Operations Four teams are involved in contingency planning and contingency operations: CP team Incident recovery (IR) team Disaster recovery (DR) team Business continuity plan (BC) team
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Contingency Planning NIST describes the need for this type of planning as “These procedures (contingency plans, business interruption plans, and continuity of operations plans) should be coordinated with the backup, contingency, and recovery plans of any general support systems, including networks used by the application. The contingency plans should ensure that interfacing systems are identified and contingency/disaster planning coordinated.”
Background image of page 8
Contingency Planning
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Incident Response Plan IRP: Detailed set of processes and procedures that anticipate, detect, and mitigate the impact of an unexpected event that might compromise information resources and assets Incident response (IR): Set of procedures that commence when an incident is detected
Background image of page 10
Incident Response Plan (Continued) When a threat becomes a valid attack, it is classified as an information security incident if: It is directed against information assets It has a realistic chance of success It threatens the confidentiality, integrity, or
Background image of page 11

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 12
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 08/27/2010 for the course IS 2820 taught by Professor Jameskoshi during the Spring '10 term at Webber.

Page1 / 58

Lecture2 - TEL2813/IS2820 Security Management Contingency...

This preview shows document pages 1 - 12. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online