Why plan?
• Increases Business dependency on IT
• Reduced cost and time of recovery
• Cost to customer relationship
• Survival
Many businesses fail within a year of suffering a major IT disaster.
Business Impact Analysis:
Risk Analysis:
• Value of Assets
• Threats
• Vulnerabilities
Risk Management:
• Countermeasures
• Planning for potential disasters
• Managing a disaster
Risk Analysis:
Based on the CCTA Computer Risk Analysis and Management Methodology (CRAMM)
Options:
1. Do nothing
2. Manual workarounds
3. Reciprocal arrangements
4. Gradual Recovery (cold standby)
5. Intermediate Recovery (warm standby)
6. Immediate Recovery (hot standby)
Cold start = accommodation. Environmental controls; power and communications
Hot start = cold start + computing equipment and software
7 Sections of the Plan:
7.1. Administration
7.2. The IT Infrastructure
7.3. IT Infrastructure management & Operating procedures
7.4. Personnel
7.5. Security
7.6. Contingency site
7.7. Return to normal
Test and Review:
• Initially then every 6 to 12 months and after each disaster
• Test it under realistic circumstances
• Move / protect any live services first
• Review and change the plan
• All changes made via the CAB – Change Advisory Board
Contingency Plan:
• Assists in fast, controlled recovery
• Must be given wide but controlled access
• Contents (incl. Admin, Infrastructure, People, Return to normal)
• Options (incl. Cold & Hot Start)
• Must be tested regularly – without impacting the live service
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment