# Week 11
## Slide 1 - Disaster Recovery and Business Continuity
## Slide 2 - Agenda
Agenda a) Business impact analysis (BIA) b) Development and maintenance of the business continuity and disaster recovery plans c) Business continuity and disaster recovery testing approaches and methods d) Processes used to invoke the business continuity and disaster recovery plans e) Types of alternate processing sites and methods used to monitor the contractual agreements (e.g., hot sites, warm sites, cold sites) f) Incident Response and Change Management
## Slide 3 - Business Impact Analysis (BIA)
Business impact analysis (BIA) • Definition: BIA is a systematic process to determine and evaluate the potential effects of an interruption to critical business operations as a result of a disaster, accident, or emergency. • Example: A Canadian retail company conducts a BIA to identify which business functions are essential for its survival. They determine that their e - commerce platform, inventory management, and customer service are critical functions. The BIA helps them prioritize these areas for resource allocation in their disaster recovery plan. • Case Study: During the 2013 Alberta floods, many businesses were affected. A BIA conducted by a local retail chain highlighted the importance of their inventory management system. This insight led them to implement cloud - based solutions, ensuring access to their inventory data even during the flood.
## Slide 4 - D. Development and Maintenance of the Business.
D. Development and Maintenance of the Business Continuity and Disaster Recovery Plans • Definition: This involves creating and regularly updating the plans to ensure they remain effective and relevant to the organization's needs. • Example: A Canadian healthcare provider develops a disaster recovery plan that includes backup procedures for patient records and a communication plan for staff during emergencies. They review and update the plan annually to accommodate new technologies and changes in their operations. • Case Study: In response to the COVID-19 pandemic, a Toronto-based company updated its business continuity plan to include remote work policies, health and safety guidelines, and communication strategies to ensure business operations could continue despite the lockdown.
## Slide 5 - E
E . Business Continuity and Disaster Recovery Testing Approaches and Methods • Definition: Testing is essential to ensure that the plans are effective, and that the organization is prepared to respond to a disaster. • Example: A Canadian bank conducts annual disaster recovery drills, including simulations of cyberattacks and physical disasters. They test their data backup systems, communication channels, and employee readiness to respond to emergencies. • Case Study: After the 2016 Fort McMurray wildfire, a local oil company reviewed its disaster recovery testing approach. They realized the need for more frequent and realistic drills, leading to the implementation of quarterly simulations involving various disaster scenarios.
## Slide 6 - F. Processes Used to Invoke the Business.
F. Processes Used to Invoke the Business Continuity and Disaster Recovery Plans • Definition: This refers to the procedures and criteria for activating the plans when a disaster occurs. • Example: A Canadian telecommunications company has a protocol that automatically triggers their disaster recovery plan when there is a network outage lasting more than 15 minutes. The process includes notifying the response team, activating backup systems, and communicating with stakeholders. • Case Study: During the 2018 British Columbia wildfires, a utility company had clear processes in place for invoking their business continuity plan. This included immediate assessment of the impact, activation of emergency response teams, and regular updates to customers and authorities.
## Slide 7 - G. Types of Alternate Processing Sites And.
G. Types of Alternate Processing Sites and Methods Used to Monitor the Contractual Agreements (e.g., Hot Sites, Warm Sites, Cold Sites) • Definition: These are facilities where an organization can relocate its operations in the event of a disaster. Monitoring contractual agreements ensures that these sites meet the organization's requirements. • Example: A Canadian e-commerce company contracts a hot site equipped with ready-to-use IT infrastructure and data replication services. They regularly review the service level agreements (SLAs) to ensure that the site can support their operations within the required time frame in case of a disaster. • Case Study: Following a severe ice storm in Quebec, a financial institution activated its warm site, which had partial IT capabilities. Post-event analysis led to negotiations for improved SLAs, ensuring faster activation and more comprehensive services for future incidents.
## Slide 8 - Hot Sites, Warm Sites, Cold Sites
Hot Sites, Warm Sites, Cold Sites • Hot Sites: A hot site is a fully equipped and operational facility that can be used immediately or within a very short time after a disaster. It includes all the necessary hardware, software, telecommunications equipment, and data backups required to resume critical business operations. Hot sites are often used for mission-critical functions that require minimal downtime. • Warm Sites: A warm site is a partially equipped facility that requires some additional setup and configuration before it can become fully operational. It may have some hardware and network connectivity in place but might not have up-to-date data backups or all the necessary software applications. Warm sites are a middle ground between hot sites and cold sites, offering a balance between readiness and cost. • Cold Sites: A cold site is a facility that provides space and infrastructure (such as power and cooling) but does not have any equipment or technology installed. Organizations using a cold site will need to bring their own hardware, install software, and restore data from backups to make the site operational. Cold sites are the least expensive option but require the most time to set up in the event of a disaster. The choice between hot, warm, and cold sites depends on the organization's recovery time objectives, budget, and the criticality of the functions that need to be restored quickly.
## Slide 9 - To Ensure They Can Continue Operations in The.
- Example of a Hot Site : Imagine a Canadian financial services company, "Maple Finance," has a primary data center in Toronto. To ensure they can continue operations in the event of a disaster, they subscribe to a hot site service located in Calgary. This hot site is a replica of their primary data center, with real - time data synchronization. It includes workstations set up for employees, server racks filled with the necessary hardware, and active network equipment ready to handle the company's operations at a moment's notice. Should a disaster strike Toronto, "Maple Finance" can switch to the Calgary hot site with minimal disruption to its services. • Example of a Warm Site : A medium-sized e - commerce company based in Montreal, "Quebec Shop," uses a warm site as part of its disaster recovery plan. This site, located in Ottawa, has a basic network setup and some servers in place but does not have real - time data. The company maintains a weekly backup at the warm site. In the event of a disaster, "Quebec Shop" can transport additional equipment and restore the most recent backup, getting the site operational within a few hours to a day. • Example of a Cold Site : A startup in Vancouver, "West Coast Innovations," has a limited budget for disaster recovery. They rent space in a cold site facility in Edmonton. The space is essentially an empty office with the necessary power, cooling, and internet infrastructure. There is no pre - installed hardware or software. If their main office is compromised, they would need to purchase or lease new hardware, set up their systems, and restore data from backups, which could take several days or even weeks. This option is cost - effective but assumes the company can tolerate a longer downtime.
## Slide 10 - Incident Response /Change Management
## Slide 11 - Agenda
Agenda a) Incident Response review ,template and example b) Change Management Templates review ,template and example
## Slide 12 - Incident Response
Incident Response • Definition: Incident response refers to the process an organization follows to handle a data breach or cyberattack. The goal is to effectively manage the incident to minimize damage, reduce recovery time and costs, and mitigate the breach's impact.
## Slide 13 - Key Components
Key Components • Preparation: Developing an incident response plan that includes roles and responsibilities, communication strategies, and tools and resources needed during an incident. • Identification: Detecting and determining the nature and scope of the incident. Monitoring tools and alert systems play a crucial role here. • Containment: Implementing short-term containment measures to limit the spread of the incident, followed by long-term containment to secure the environment. • Eradication: Removing the cause of the incident, such as malware, and securing vulnerabilities. • Recovery: Restoring and validating system functionality for business operations, ensuring no threats remain. • Lessons Learned: Reviewing and analyzing the incident and the response to improve future readiness. • Example: A financial institution experiences a phishing attack leading to unauthorized access to customer data. The incident response team is activated, containing the breach and working to identify the extent of the compromise. After removing the attacker's access, they restore the affected systems from backups and strengthen their email filters and employee training to prevent future incidents.
## Slide 14 - Incident Response Template
Incident Response Template • Incident Identification • Description of the incident • Date and time of detection • Method of detection • Initial assessment • Incident Classification • Type of incident (e.g., malware, unauthorized access) • Severity level (e.g., low, medium, high) • Incident Response Team • Names and roles of response team members • Contact information • Containment Strategy • Immediate actions to contain the incident • Short - term containment measures • Eradication and Recovery • Steps to remove the threat • Actions to restore systems and data • Testing and validation procedures
## Slide 15 - Incident Response Template - Con't
Incident Response Template - Con't • Communication Plan • Internal communication strategy • External communication (if applicable) • Reporting requirements (e.g., to regulatory bodies) • Post - Incident Review • Analysis of the incident response effectiveness • Lessons learned • Recommendations for future improvements
## Slide 16 - Example: Ransomware Attack
Example: Ransomware Attack • Incident Identification • A ransomware attack was detected on the company's file server. • Date and time of detection: March 21, 2024, 10:00 AM • Detected by the IT team during routine monitoring. • Initial assessment indicates encrypted files and a ransom note demanding payment. • Incident Classification • Type of incident: Ransomware • Severity level: High • Incident Response Team • John Doe, IT Security Manager (Team Lead) • Jane Smith, Network Administrator • Alice Johnson, Communications Officer • Contact information: [Team contact details] • Containment Strategy • Immediate action: Disconnect the infected server from the network. • Short - term containment: Isolate affected systems and backup data.
## Slide 17 - Example: Ransomware Attack - Con't
Example: Ransomware Attack - Con't • Eradication and Recovery • Remove the ransomware using anti-malware tools. • Restore files from backup. • Test and validate the integrity of the restored data. • Communication Plan • Internal communication: Notify all employees about the incident and precautions to take. • External communication: Prepare a statement for customers if data breach is confirmed. • Report the incident to law enforcement and relevant regulatory bodies. • Post-Incident Review • Evaluate the effectiveness of the response. • Lessons learned: Implement more frequent backups and employee training on phishing. • Recommendations: Upgrade endpoint protection and conduct regular security audits. This template and example can be customized to fit the specific needs and procedures of your organization.
## Slide 18 - Change Management
Change Management • Definition: Change Management in IT and auditing refers to a systematic approach to managing all changes made to a system or IT environment, ensuring that changes do not negatively affect system integrity, security, and availability.
## Slide 19 - Key Components
Key Components • Request for Change: Initiating changes requires a formal process, including a detailed description, rationale, impact analysis, and approval. • Impact Assessment: Evaluating the potential impact of the change on business operations, security, and compliance requirements. • Change Approval: Changes must be approved by relevant stakeholders, including IT management, security, and compliance officers. • Implementation: Implementing the change according to a predefined plan, ensuring minimal disruption to services. • Review and Closure: After implementation, the change is reviewed to ensure it has achieved its objectives without introducing new issues. ------------------------------- • Example: A company plans to upgrade its customer relationship management (CRM) system. The change management process ensures the upgrade is planned, tested, and implemented without disrupting sales operations or compromising customer data security.
## Slide 20 - Change Management Template
Change Management Template • Change Request Information • Change Request ID: • Requester Name: • Date Submitted: • Priority (Low/Medium/High): • Change Description • Summary of Change: • Reason for Change: • Detailed Change Plan: • Rollback Plan (if applicable): • Impact Analysis • Affected Systems/Services: • Potential Risks: • Impact on Users/Business: • Approval Process • Change Advisory Board (CAB) Review: • CAB Members: • Approval Status: • Comments/Recommendations: • Final Approval (Name & Date)
## Slide 21 - Change Management Template - Con't
Change Management Template - Con't • Implementation Plan • Scheduled Implementation Date/Time: • Responsible Parties: • Communication Plan: • Testing Plan: • Post-Implementation Review (PIR) • Implementation Outcome: • Issues Encountered: • Lessons Learned: • Recommendations for Future Changes:
## Slide 22 - Example: Security Patch Implementation
Example: Security Patch Implementation • Change Request Information • Change Request ID: CM - 2024 - 031 • Requester Name: John Doe, IT Security Manager • Date Submitted: March 22, 2024 • Priority: High • Change Description • Summary of Change: Implementation of security patch for critical vulnerability in the company's email server software. • Reason for Change: A critical vulnerability has been identified that could allow unauthorized access to company emails. • Detailed Change Plan: The IT team will apply the security patch provided by the email server software vendor. • Rollback Plan: If the patch causes issues, the email server will be reverted to the previous version using a backup. • Impact Analysis • Affected Systems/Services: Company email server • Potential Risks: Temporary downtime during patch implementation, potential compatibility issues with existing systems • Impact on Users/Business: Short - term email service disruption, long - term improvement in security and data protection • Approval Process • Change Advisory Board (CAB) Review: • CAB Members: Jane Smith (CIO), Alice Johnson (HR Director), Bob Lee (Operations Manager) • Approval Status: Approved • Comments/Recommendations: Schedule implementation after business hours to minimize disruption. • Final Approval: Jane Smith, CIO (March 23, 2024)
## Slide 23 - Example: Security Patch Implementation – Con't
Example: Security Patch Implementation – Con't • Implementation Plan • Scheduled Implementation Date/Time: March 25, 2024, 8:00 PM • Responsible Parties: IT Security Team led by John Doe • Communication Plan: Notify all employees of the scheduled downtime via email and company intranet. • Testing Plan: Test email functionality and security post - implementation to ensure no adverse effects. • Post - Implementation Review (PIR) • Implementation Outcome: Successful implementation with no major issues. Email services resumed within the planned downtime window. • Issues Encountered: Minor delay in implementation due to unexpected server reboot. • Lessons Learned: Ensure all prerequisites are checked before starting the implementation to avoid delays. • Recommendations for Future Changes: Develop a more detailed pre - implementation checklist to streamline future patch implementations. • This template and example can be adapted to suit the specific needs and processes of your organization.
---
Made With Glean | [Open Event](https://app.glean.co/event/5b1663fa-7b62-4339-a6a3-23c8d0e9aae6)