Best Practices in Disaster Recovery Planning

1
Best Practices in Disaster Recovery Planning
Joe Popinski III, Ph D joe.popinski_at_IE-Dynetics.co
m (256) 713-5322
2

• Could this happen to you?

3

• Or this ?

4

• Or this?

5

• Or this?

6
Agenda

• The Disaster Recovery PROCESS
• Business Impact Analysis (BIA)
• Incident Response Plan (IRP)
• Disaster Recovery Plan (DRP)
• Business Continuity Plan (BCP)
• How Virtualization and DR Compliment Each Other
• Your Step-by-Step Road Map
• Questions

7
Definitions

• Risk Assessment
• Identification of information assets and the
  assignment of a risk rating to those assets
  impacted by the threats to vulnerabilities of
  those assets

Risk is the likelihood of the occurrence of a
vulnerability multiplied by the value of the
information asset minus the percentage of risk
mitigated by current controls plus the
uncertainty of the current knowledge of the
vulnerability
8
Definitions

• Business Impact Analysis ( BIA)
• Assessment of impacts of various attacks.
• Starts after the Risk Assessment.
• Begins with prioritized list of threats and
  vulnerabilities (RA) and adds additional critical
  information
• Provides detailed scenarios of the potential
  impact each attach could have.
• Answers the question.

What could happen ?
9
Definitions

• Incident Response Plan (IRP)
• Actions an organization should take in response
  to an in progress incident
• An incident is any clearly identified attack on
  the organizations information assets that
  threatens the assets confidentiality, integrity,
  or availability.
• Answers the question

What do we do now ?
10
Definitions

• Disaster Recovery Plan (DRP)
• A program dealing with the preparation for and
  recovery from a disaster whether man-made or
  natural.
• Include the entire spectrum of activities used to
  recover from an incident.
• Deployed after the incident has stopped.
• Answers the question

Its over, now whats next ?
11
Definitions

• Business Continuity Plan (BCP)
• How to keep an organizations business operating
  (going) after the disaster is handled.
• Very strategic to ensure business and operational
  viability
• Implemented after the recovery is well on it way
  back to normalcy.
• Answers the question

How do we stay in business ?
12
The Big Picture
Before During Day 1
Future
Business Incident Disaster
Business Impact Response
Recovery Continuity Analysis
Plan Plan Plan

What could happen ?

• ID Threats Attacks
• ID Critical IT Resources Inventory Assets
• Threat Scenarios
• ID Outages Impacts Acceptable Outage Durations
• Threat Classifications
• Assessment of Potential Damage
• Recovery Priorities

• Incident Response Strategies Plans
• Incident Detection Criteria
• Incident Reaction, Containment, Eradication
  Steps
• Incident Recovery Actions

• Crisis Management Team
• Operations Recovery Process
• Options Definition Analysis
• Execution of Recovery Option
• Vendor Assistance

• Critical Resources to be Relocated
• Recovery Time Objectives
• Off Site Options
• Execution of Selected Option
• Logistics Planning

What do we do now ?
Its over, now whats next ?
How do we stay in business ?
13
Business Impact Analysis

• Form a Contingency Management Planning Team
  (CPMT)
• - Include ALL Departments (HR, Legal, etc.)
• - Must Have C-Level Sponsorship
• - Make Part of Job Descriptions
• Identify Expected Threats Classify Them
• Identify Your Assets (All of them, people too!)
• Brainstorm Impact Scenarios for Each
  Classification
• For Each Asset Class, Determine the Acceptable
  Outage Times
• Determine Dollar Impact for Each Threat
  Classification
• Prioritize Which Assets Get Restored First
• DOCUMENT, DOCUMENT, DOCUMENT

14
Incident Response Plan

• One Plan for Each Threat Classification from BIA
• Extremely Detailed
• What team is to do?
• Who to call?
• Emergency Operations Center Activation
• Contain?
• Eradicate?
• Allow it?

15
Types of Incidents/Threats

• Human Errors (Accidental or Unintentional)
• Compromise of Intellectual Property (Unauthorized
  Release, etc.)
• Deliberate Acts of Trespass (Unauthorized Access,
  etc.)
• Deliberate Acts of Extortion, Theft, Sabotage, or
  Vandalism
• Quality of Service from Suppliers (Brownouts, ISP
  Outages, Water, Phone, etc.)
• Forces of Nature (Fire, Flood, Earthquake,
  Lightning, Tornado, etc.)
• Software Attacks (DOS, Malware, Viruses, etc.)
• Technical Failure (Hardware, Equipment, etc.)
• Technical Software Failures (Bugs, Faults, etc.)
• Technological Obsolescence (Outdated, antiquated,
  etc.)

16
Disaster Recovery Plan

• Day 1 Activities
• How to begin the process of staying in business
• Focuses on returning to Normalcy as you define
  it
• Starts with a strong POLICY statement from
  executive management that you WILL plan for and
  recover from any form of disaster
• Has multiple parts
• Planning Function
• Technical Contingency
• Operations and Maintenance
• Testing, Testing and more Testing
• Recovery Activities
• Restoration Activities

17
Business Continuity Plan

• Now that you have survived the first couple of
  days, how do you make sure your business is
  viable for the future?
• Multiple steps
• BC Planning in Detail
• BIA Reviews for Adequacy and Completeness
• Relocation Strategies where to go
• Continuation Strategies how to keep the doors
  open
• Testing, Testing, and more Testing!!!
• Exercising the Plan Real Life Scenarios!
• Frequent Maintenance and Reviews
• Lessons Learned

18
The IT Perspective

• Data is the life blood of business, without it
  you dont have a business, so
• Implementing appropriate technologies can reduce
  the risk and impact of a disaster.
• But, it costs
• Money
• People Time
• Infrastructure Upgrades

19
Technologies To Consider

• Robust WANs Between Sites
• Physically diverse
• Ring Design
• Auto Fail Over
• Network Monitoring Processes
• Intrusion Detection Systems (NIDS HIDS)
• Robust System Log (Turn it on and analyze it)
• Intrusion Prevention Systems (Automatic)

20
Preservation of Data

• Virtualization of Server Environments
• Ease of Restoration of Server and DB
• Significant Reduction in Cots (capital and
  expense)
• Allows Significant Physical Separation of
  Functions
• Standardization of hardware/software leads to
  much reduced time intervals to restoration
• Permits stronger governance and control

21
High Level Virtual Evolution
Network A
Notebook LAN Attached
Servers
Network B
Desktop LAN Attached
Servers
Traditional Server/Client World
22
More Advanced Virtualization
Traditional Server/OS/Storage
23
DR Benefits
Mirror Images
Corp HQ
Fiber Route 1
Distributed Fully Redundant Virtualized
Environment
Remote Site
Fiber Route 2
24
Your Road Map

• Study VM and Your Environment
• Map OS/Apps to Images
• Determine Processing Requirements
• Educate Yourself on VM, Fiber WANS, Shared
  Storage (iSCSI vs. Fiber Channel)
• Develop Business Case for Management
• Purchase H/W S/W
• Develop Migration Plan and Execute
• Enjoy Almost Automatic DR Backups and Improved
  Service to Users

Questions