Business Continuity and Contingency Planning Practices for Electronic Banking

Otto Tawanda Chisiri Durban South Africa 2012

info@cotconsultants.com www.cotconsultants.com

Learning Objectives

Recognize the need for contingency planning Describe the major components of contingency planning Create a simple set of contingency plans, using business impact analysis Prepare and execute a test of contingency plans Explain the unified contingency plan approach Discuss the reasons for sound backup and recovery practices and know the elements that comprise backup and recovery techniques
Firewalls & Network Security, 2nd ed. - Chapter 12 Slide 2

Objectives CONT

Using a Business Impact Analysis (BIA) to determine business operations needs Discussing key concepts such as: Recovery Time Objective (RTO) and Recovery Point Objective (RPO) and their roles in determining an appropriate disaster recovery strategy

What Is Contingency Planning?

Contingency planning (CP): overall process of preparing for unexpected events Main goal: restore normal modes of operation with minimal cost and disruption to normal business activities after unexpected event Ideally, should ensure continuous information systems availability despite unexpected events

Firewalls & Network Security, 2nd ed. - Chapter 12

Slide 4

What Is Contingency Planning? (continued)

Consists of four major components:

Business impact analysis (BIA) Incident response plan (IR plan) Disaster recovery plan (DR plan) Business continuity plan (BC plan) As one unified plan or Separately in conjunction with set of interlocking procedures that assure continuity
Slide 5

Components can be created/developed:

Firewalls & Network Security, 2nd ed. - Chapter 12

Terminology

Business Continuity Plan (BCP) The larger umbrella plan that covers multiple plans; the overall goal is to ensure the business can continue to operate in the aftermath of any problem or disastrous event
A business continuity plan includes all departments
Note: Government agencies often use the term Continuity of Operations Plan (COOP) or Contingency Plan instead of business continuity plan

Terminology

Disaster Recovery Plan (DRP) Applies to major, usually catastrophic, events that deny access to the normal facility for an extended period (tend to
focus on technology in a Data Center)

Contingency Plan Focuses on sustaining a business function during a temporary disruption Data Backup Plan Outlines how backups of systems are performed, frequency of backups, rotation of backups, and storage of backups (onsite and off-site backups)
otto tawanda chisiri tchisiri@yahoo.co.uk

Terminology

Business Impact Analysis (BIA) An exercise that determines the impact of losing the support of any resource to an organization and establishes the escalation of that loss over time, and identifies the minimum resources needed to recover, the Recovery Time Objective (RTO), and prioritizes the recovery of processes and supporting systems

otto tawanda chisiri tchisiri@yahoo.co.uk

Terminology

Recovery Time Objective (RTO) The time within which business functions or application systems must be restored to acceptable levels of operational capacity

Recovery Point Objective (RPO) The maximum tolerable loss of information due to the frequency of the backups

Example: If daily backups are made, then the RPO =

otto tawanda chisiri tchisiri@yahoo.co.uk

24 hours which is maximum loss of data (unless there are periodic snapshots of memory, transactional logs, or journaling)
9

Terminology

Disaster A calamitous event that creates an inability on an organizations part to provide the critical business functions for some predetermined period of time and which results in great damage or loss
Note: The time factor which determines whether a

service interruption is an inconvenience or a disaster will vary from organization to organization

executives should move beyond What if to questions of Are we prepared?
otto tawanda chisiri tchisiri@yahoo.co.uk 10

Interruptions, Disasters, & Recovery

RTO < RTO = Problem > RTO = Disaster
Event Contingency Plan or Downtime Procedures

Recovery Time
Activation of the Disaster Recovery Plan

The Recovery Time Objective (RTO) is determined by the Business Impact Analysis
otto tawanda chisiri tchisiri@yahoo.co.uk 11

Terminology

Data Owner (a.k.a. Information Owner) The directors or senior managers who are responsible for the functional areas or business units that depend on information systems to run their operations Interdependencies Relying upon input, assistance, support, or interaction between business units in order for each to complete their mission and objectives
otto tawanda chisiri tchisiri@yahoo.co.uk 12

Terminology
Instead of
Redundancy Backup Data Center

Try using
High availability, Resiliency, or Failover systems Recovery Site or Alternate Data Center

Return on Investment
Unimportant

Loss avoidance
Less critical

otto tawanda chisiri tchisiri@yahoo.co.uk 13

Business of a business continuity plan Continuity Plan The objectives

(BCP) are to:

Protect human life Maintain services to Banks Lessen the overall impacts by defining strategies and predetermined responses Create a systematic approach to recover and restore systems Comply with applicable laws and regulations
otto tawanda chisiri tchisiri@yahoo.co.uk 14

Its Not Just A Plan

Business Continuity and Disaster Recovery Planning focuses on three things:

#1 People

#3 Information Systems

#2 Data

otto tawanda chisiri tchisiri@yahoo.co.uk

15

Key the scopein BCP and DRP Steps of the project Define

Conduct a risk analysis Conduct a Business Impact Analysis (BIA) Research and recommend strategies Write the plan Educate staff on the plan Exercise and test the plan Revise and maintain the plan
otto tawanda chisiri tchisiri@yahoo.co.uk 16

Conduct a Business Impact Analysis

Without a Business Impact Analysis (BIA), the organization runs the risk of either overcommitting or underestimating the resources required to respond to a disaster or business disruption The BIA is the foundation for Business Continuity and Disaster Recovery Planning

otto tawanda chisiri tchisiri@yahoo.co.uk

17

BIA Objectives
1.

2.

Identify the critical resources required to minimally maintain business operations in the wake of a disastrous event Estimate the operational and financial impacts due to the loss of an information resource as it relates to the functioning of the organization

otto tawanda chisiri tchisiri@yahoo.co.uk

18

BIA Objectives
3.

4.

5.

Determine business recovery objectives and assumptions Establish an order or priority for restoring business functions and the information resources that support those functions Facilitate planning strategies

otto tawanda chisiri tchisiri@yahoo.co.uk

19

BIA the impact to customers? Questions What is

Identify key departments

How much downtime, loss of revenue, and loss of data can each department or business unit sustain? What are the IT systems that support those mission-critical operations?

otto tawanda chisiri tchisiri@yahoo.co.uk

20

BIA Questions If this business unit generates revenue,

then on average, what is the hourly revenue generated? How is data or information received and processed by those departments? What are the dependencies?

Key employees, vendors, workflows, supply chain, etc.

otto tawanda chisiri tchisiri@yahoo.co.uk

21

Possible Impacts

Financial losses and lost revenue An organization's credibility and reputation Penalties or fines for noncompliance Litigation

Executives and officers are potentially culpable for not allocating the necessary resources to ensure the continuity of business (Duty of Care)

otto tawanda chisiri tchisiri@yahoo.co.uk

22

Analysis of BIA Data

Determine the Recovery Point Objective (RPO) for each department or business unit

Assess any gaps with current backup plan

Determine the Recovery Time Objective (RTO) for each department or business unit

Determine the order in which information systems are needed (restoration priority)

otto tawanda chisiri tchisiri@yahoo.co.uk

23

Analysis of BIA Data (2)

Identify the vital records necessary for running the business

Format and location of the records

Determine existing technologies for supporting high availability and recovery Assess the gap between current recovery capabilities and needed capabilities to sustain the business
otto tawanda chisiri tchisiri@yahoo.co.uk 24

Analysis of BIA Data (3)

List departments and business units ordered by their recovery time objective (RTO) and/or impact to patient care Identify gaps between current recovery capability and needed recovery capability Validation of BIA with key stakeholders

otto tawanda chisiri tchisiri@yahoo.co.uk

25

Research Recovery Strategies

Determine how gaps between current recovery capability and recovery needs (RTO and RPO) will be handled Research potential recovery strategies to meet the overall RTO Create cost-benefit analysis Make recommendations for business continuity and disaster recovery
otto tawanda chisiri tchisiri@yahoo.co.uk 26

Strategy Alternate Sites

Site
Hot

Advantages
Shortest recovery time
Equipment is supplied Easy to test backups and recovery plans

Disadvantages
Most expensive
Short-term use of facility Facility may not always be available

Moderately priced

Not easy to test plans

Facility may not always be available Longest recovery time No equipment is supplied; it must be ordered, delivered, and installed
27

Warm

Basic infrastructure with some equipment Most inexpensive

Cold

Basic infrastructure

Can usually rent the space for longer otto tawanda chisiri period of time
tchisiri@yahoo.co.uk

No way to test

Recovery Time versus Strategy

otto tawanda chisiri tchisiri@yahoo.co.uk

28

Costs versus Recovery Time

Source: DRI International DRP-501 Business Continuity Planning Review

otto tawanda chisiri tchisiri@yahoo.co.uk 29

Recovery Site affected by Too close It may beLocation the same regional disaster Too far away May have difficulty getting employees to leave their homes and families during a disaster to work at an alternate or recovery site

Ability to leave the disaster area Costs associated with travel and temporary living expenses

otto tawanda chisiri tchisiri@yahoo.co.uk

30

Strategy A condition without boundaries Virtualization Virtualization

or constraints Virtual machine A single server running multiple operating systems (Windows, Linux, NetWare, etc.) and applications Originally developed by IBM in 1960s for the mainframe operating system Breaks the one server, one application standard by decoupling the physical hardware from the operating system
otto tawanda chisiri tchisiri@yahoo.co.uk 31

Virtualization

Virtual machine

One server per operating system and otto tawanda chisiri application
tchisiri@yahoo.co.uk

One server, multiple operating systems and applications

32

Virtualization Benefits Zero downtime

Within seconds, systems can be moved from one physical server to another Servers are treated as a uniform pool Any spare server could be the recovery target for a virtual machine

Ease of managing failover systems

Virtual machine environment is saved as a single file

Easier to back up, move and copy

33

otto tawanda chisiri tchisiri@yahoo.co.uk

Virtualization Benefits Owning and maintaining fewer servers

Making high availability more cost-effective Curbing the proliferation of servers Reduces hardware, power, cooling, and floor space requirements

Maintenance budget

Data does not leak across on virtual machines

otto tawanda chisiri tchisiri@yahoo.co.uk

34

Findings and Recommendations

Providing realistic cost estimates may be difficult given the many variables and vendors unwillingness to disclose prices

Present report of findings and recommendations at meeting with data owners and senior leadership Obtain an agreement on recovery strategies Conclude the BIA portion of the project

otto tawanda chisiri tchisiri@yahoo.co.uk

35

otto tawanda chisiri tchisiri@yahoo.co.uk

36

Lessons Learned Major challenges:

from Katrina

Communications outages made it difficult to locate missing personnel Access to and reliable transportation into restricted areas was not always available Lack of electrical power or fuel for generators rendered computer systems inoperable
otto tawanda chisiri tchisiri@yahoo.co.uk

37

Lessons Learned Major challenges:

from Katrina

Obtaining replacement supplies as initial stocks are exhausted can be difficult

Diesel fuel for generators Food and water

May need large amounts of cash to pay for critical supplies and services Mail service was interrupted for months in some areas
otto tawanda chisiri tchisiri@yahoo.co.uk 38

otto tawanda chisiri tchisiri@yahoo.co.uk

39

Summary Business continuity and disaster recovery

planning should involve the entire organization
(It is more than the recovery of the technology; it is the recovery of the business)

otto tawanda chisiri tchisiri@yahoo.co.uk

A business impact analysis is the foundation for planning Select strategies that support recovery objectives which meet the needs of the organization (RPO & RTO)
40

It Can Be An Incredibly Difficult Job!

otto tawanda chisiri tchisiri@yahoo.co.uk

41

It Can Be Vital To Our Economic Health

One fourth of all businesses that close due to a disaster NEVER reopen!

otto tawanda chisiri tchisiri@yahoo.co.uk

42

Getting Started - Face Reality

We are responsible! It wont happen here

Well, it can! And it will!

Ready?

Recovery = Business Continuity

A simple concept

Knowing what to do in order to protect and recover your citys functions and assets

Its assuring the continuation of your organization following a disaster

Without continuity planning you may have only a 50-50 chance of recovering from a disaster
otto tawanda chisiri

What to do; How to do it; When to do it Where to do it; Who will do it

Are those odds good enough for tchisiri@yahoo.co.uk 45 you???

Oklahoma City April 19, 1995

otto tawanda chisiri tchisiri@yahoo.co.uk

46

Step One Top Management Support Top management must support and be
involved in the development of the disaster recovery planning process

Adequate time and resources must be committed to the development of an effective plan

Responsible for coordinating the disaster recovery plan and ensuring its effectiveness within the organization

Planning is the foundation to a successful disaster otto tawanda chisiri or emergency incident recovery

It has to begin NOW!

Resources could include both financial considerations and the effort of all personnel involved

tchisiri@yahoo.co.uk

47

Step Two - Establish DM Planning Committee

You cant plan for everything, but you must be prepared to respond to anything!

Maximizes planning resources Oversee the development and implementation of the plan and have representatives from all functional areas of the organization Committee should define scope of the plan
48

Planning committee should

otto tawanda chisiri tchisiri@yahoo.co.uk

Prioritize Your Threats

Organize the threats in a logical manner

What is most likely to occur? Which threats will do the most damage to your city? Where are you most vunerable? What will hurt the most? What will hurt you most? What are the odds it will happen?

Focus on those that will hurt the most This work feeds into your EOP

Greensburg, KS May 4, 2007

otto tawanda chisiri tchisiri@yahoo.co.uk

50

Step three - Establish Critical Systems Priorities

Critical system needs of each department should be carefully evaluated in such areas as:

Functional operations; Key personnel Information; Processing Systems Services; Documentation Vital records; Facilities; Infrastructure Policies and procedures

Determine the maximum amount of time that the department and operation can otto tawanda chisiri operate without each 51 critical system tchisiri@yahoo.co.uk

Southern California Mudslides December 2003

otto tawanda chisiri tchisiri@yahoo.co.uk

52

Oakland Firestorm October 19, 1999

otto tawanda chisiri tchisiri@yahoo.co.uk

53

The Threats Arent WaitingNeither Can We!

There is no good excuse for not planning on recovery

otto tawanda chisiri tchisiri@yahoo.co.uk

54

Vital Records Program

A vital records program identifies and protects those records that specify how an agency will operate in an emergency or disaster, those records necessary to the continued operations of the agency, and those records needed to protect the legal and financial rights of the government and citizens.

Sarajevo, Serb gunners attempt to destroy Bosnian identity, 1992

Vital Records
Emergency Operations Records: Needed During an Emergency

Must be immediately accessible Should be on paper For immediate retrieval in the event computer systems do down Or immediately available electronically off-site.

Emergency Operations Records

Examples:

Emergency/ Continuity of Operations (COOP) Plan. Staff contact and assignment information. Regularly update changes in name, address, phone numbers, etc. Orders of succession and delegations of authority. Policy, procedural, and systems manuals. List of credit card holders to purchase needed supplies.
otto tawanda chisiri tchisiri@yahoo.co.uk 57

Emergency Operations Records

Electronic Format
Website & E-Mail - To communicate with and provide information to your employees and your customers. Have website and e-mail access available from alternate site Database with up-to-date emergency contact information for all staff

otto tawanda chisiri tchisiri@yahoo.co.uk

58

Rights and Interests Records

Are essential to protect the legal and financial rights of the Government and of the individuals affected by its activities Payroll and accounts receivable Social Security and retirement Public safety records Titles, deeds, and contracts Licenses and long-term permits

Rights and Interests Records

Not necessary to immediately re-establish operations

Not needed in the first 24 hours

May be available from other sources

Off-site centralized computer systems Payroll Accounting

Less time sensitive
otto tawanda chisiri tchisiri@yahoo.co.uk

May be kept farther away

60

Burnt Records on Shelves

Vital Records
Your vital records will be no more than 7% of your total records (3% to 5% is likely)
Vital records can be either paper or electronic.
otto tawanda chisiri tchisiri@yahoo.co.uk 61

Vital Records Plan

Vital Records Program must be incorporated into the overall Continuity of Operations Plan (COOP) Needs clear authority

policies authorities procedures designation of a Vital Records Manager

62

otto tawanda chisiri tchisiri@yahoo.co.uk

Agency/Business Impact Analysis

Identify agency/business functions Determine impact of incident Estimate loss to agency/business Determine recovery timeframes Gather requirements for recovery

otto tawanda chisiri tchisiri@yahoo.co.uk

63

Major Tasks in Contingency Planning

Firewalls & Network Security, 2nd ed. - Chapter 12

Slide 64

Data and Application Resumption

Firewalls & Network Security, 2nd ed. - Chapter 12

There are a number of data backup and management methods that aid in preparation for incident response Backup methods must be founded in an established policy that meets organizational needs In general, data files and critical system files should be backed up daily; nonessential files backed up weekly

Slide 65

Disk-to-Disk-to-Tape

Firewalls & Network Security, 2nd ed. - Chapter 12

With decrease in costs of storage media, more and more organizations are creating massive arrays of independent but large-capacity disk drives to store information Libraries of these devices can be built to support massive data backup and recovery Problem with this technology is lack of

Slide 66

Backup Strategies

Three basic types of backups:

Full: full and complete backup of entire system Differential: storage of all files that have changed or been added since last full backup Incremental: only archives data that have been modified that day
Slide 67

Firewalls & Network Security, 2nd ed. - Chapter 12

Backup Strategies (continued) Backup strategy guidelines:

All on-site and off-site storage must be secured Common practice to use media-certified fireproof safes or filing cabinets to store backup media Off-site storage in particular must be in a safe location (bank, backup and recovery service, etc.) Use conditioned environment for media (airtight, humidity-controlled, static-free
Slide 68

Firewalls & Network Security, 2nd ed. - Chapter 12

Tape Backup and Recovery

Firewalls & Network Security, 2nd ed. - Chapter 12

Most common backup schedule is daily on-site, incremental, or differential backup, with weekly off-site full backup Most backups are conducted during twilight hours, when systems activity is lowest and probability of user interruption limited Classic methods for selecting files to back up:

Slide 69

Redundancy-Based Backup and Recovery Using RAID

Redundant array of independent disks (RAID) Uses number of hard drives to store information across multiple drive units For operational redundancy, can spread out data and, when coupled with checksums, can eliminate or reduce impact of hard drive failure Many RAID configurations (called Firewalls & Network Security, 2nd ed. - Chapter 12 Slide 70

Database and Application Backups

Systems that use databases, regardless of type, require special backup and recovery procedures Database backup considerations include:

May not be able to back up database with utilities provided with server operating systems Can system backup procedures be used Firewalls & Network Security, 2nd ed. - Chapter 12 without interrupting use of the database Slide 71

Real-Time Protection, Server Recovery, and Application Recovery

Firewalls & Network Security, 2nd ed. - Chapter 12

Some strategies seek to improve robustness of servers or systems in addition to or instead of performing data backups Mirroring provides real-time protection and data backup via duplication of server data storage using multiple hard drive volumes (RAID 1) One method of server recovery and

Slide 72

Electronic Vaulting

Firewalls & Network Security, 2nd ed. - Chapter 12

Bulk transfer of data in batches to offsite facility Transfer usually conducted via dedicated network links or data communications services provided for a fee Can be more expensive than tape backup and slower than data mirroring, so should be used only for data that

Slide 73

Remote Journaling

Transfer of live transactions to an offsite facility Differs from electronic vaulting:

Only transaction data is transferred, not archived data Transfer is performed online and much closer to real time

Firewalls & Network Security, 2nd ed. - Chapter 12

Slide 74

Database Shadowing

Firewalls & Network Security, 2nd ed. - Chapter 12

The propagation of transactions to a remote copy of the database Combines electronic vaulting with remote journaling, applying transactions to database simultaneously in two separate locations Shadowing techniques generally used by organizations needing immediate data recovery

Slide 75

Network-Attached Storage and Storage Area Networks

Firewalls & Network Security, 2nd ed. - Chapter 12

NAS usually implemented via a device attached to a network; uses common communications methods to provide online storage NAS/SANs similar but implemented differently NAS uses TCP/IP-based protocols; SANs use fibre-channel or iSCSI connections between systems and storage devices

Slide 76

Service Agreements

Contractual documents guaranteeing certain minimum levels of service provided by vendors Effective service agreement should contain the following sections:

Firewalls & Network Security, 2nd ed. - Chapter 12

Definition of applicable parties Services to be provided by the vendor Fees and payments for these services Statements of indemnification

Slide 77

Lesson Summary

Firewalls & Network Security, 2nd ed. - Chapter 12

Contingency planning: process of positioning an organization to prepare for, detect, react to, and recover from events that threaten the security of information resources and assets Goal of CP is to restore normal operations after an unexpected event Business impact analysis (BIA), first phase in the CP process, provides CP

Slide 78

Lesson Summary (continued)

Firewalls & Network Security, 2nd ed. - Chapter 12

Actions an organization should take while incident is in progress should be defined in incident response plan (IR plan) Disaster recovery planning (DRP) entails preparations for and recovery from disaster, whether natural or humanmade Business continuity planning (BCP)

Slide 79

Lesson Summary (continued)

Firewalls & Network Security, 2nd ed. - Chapter 12

Incident classification: process of determining which events are possible incidents Three broad categories of incident indicators established: possible, probable, definite Routine collection and analysis of data required to properly detect and declare incidents

Slide 80

Lesson Summary (continued)

Firewalls & Network Security, 2nd ed. - Chapter 12

One of the most critical components of IR is stopping incident or containing its scope/impact Incident containment strategies vary depending on incident and amount of damage caused Once incident has been contained and system control has been regained, incident recovery can begin

Slide 81

Ongoing maintenance of IR plan includes:

lesson Summary (continued)

Effective after-action reviews Planned review and maintenance Training staff involved in incident response Rehearsing process that maintains IR readiness

Number of data backup/management methods that aid in preparation for incident response Most commonly used varieties are disk

Firewalls & Network Security, 2nd ed. - Chapter 12

Slide 82

The end

Contact info@cotconsultants.com
OTTO TAWANDA CHISIRI

83

THANK YOU

84