Hello and welcome to I t. Security policy on Cyber Harry. This is Porter module to disaster recovery policy with myself. Troy Lemaire
Learning objectives for this part of the module will be contingency plans,
plan, practice and plan review.
If we look at this policy, it is another Sands based template
on disaster recovery plan policy.
The overview talks about how disasters happen rarely, but management often exhort, ignored the disaster recovery planning process. It's important to realize that having contingency plan for a disaster gives a competitive advantage.
This policy requires management to financially support and diligently attend to disaster contingency planning efforts. Disasters are not limited to adverse weather conditions.
Any event that could likely cause an extended delay of service should be considered.
So in regards to what it's talking about here most of the time, if you are in a earthquake zone or a hurricane zone or Internet Tornado alley, then at that point, those are the main things that you look at. What often gets ignored, um, is something like if you are in the flight path of an airport, there's planes that are taking off and landing right above you.
At that point, on event that happens where plane crashes into your building
is possible. So therefore, you would want to make sure you have a plan in place for something like that. Also, if you have natural gas lines that are running in front of your building, then at that point that gas line could catch fire at some point and leave your building either unoccupied or leaving your building in a state where it has some type of physical damage, which
affects the machines from operating in your organization. So you want to look at not just the main things that happened, but also the other things that are a little less likely to happen but should definitely be considered.
Purpose of this policy is the policy defines requirement of a baseline disaster plan to be developing implemented
scope is directed to the I T management staff That's accountable to ensure the plan is developed. Tested. It kept up to date.
Looking at contingency plan for disaster recovery. What is your computer emergency response plan? Who's to be contacted? When and how
was the succession plan?
How does the floor responsibility from normal staff
happen if they are unavailable to perform their duties
day to study detail the data stored on the systems, It's criticality and confidentiality, and then criticality of service list is listening. All the service is provided, and their order of importance
also explains the order of recovery in both short term and long term time frames.
Data Bake Backup and Restoration Plan detail. Which date is backed up? The media, where it saved where the media store and how often it's backed up.
And then equipment Replacement Plan described. What equipment is required to begin to provide Service is list the order in which it is necessary nowhere to purchase equipment
but both of those you're looking at making sure that you know what systems
we'll need to be recovered. And then what's the priority in if email is not the first priority, but you're building system is the first priority. We don't wanna make sure your staff focusing on the billy system before they would
concentrate on the email system.
Do you wanna put some type of category in there that list? What is the importance of each system?
And in mass media main It's who's in charge of giving information to the mass media and provide some type of guidelines on what day it is appropriate to be provided
after you create them. Plan. It's important to practice the plan to the extent possible,
and you should set aside time to test the implementation of the disaster recovery plan.
Good way to do this is table top exercises, and you can list here that you would want to conduct those on an annual basis or every two years or every six months, depending on your organization
and during the test. Issues may arise that fail in that process, and that's okay. That's why you're doing these testing plans because you'd rather them to fail inside of the test. Then, whenever it actually comes to the live environment where you would have, you know, a lot of consequences
and then the plan at a minimum should be reviewed and updated on it and the whole basis
you could change that. If it's on a every two years every six months, whatever is needed for your organization
looking at the compliance
in for a SEC, teams gonna verify compliance of the policy through different methods, and exceptions have to be approved in advance, and then an employee found to have violated policy may be subject to disciplinary action up to and including termination of employment.
Though in today summary we looked at disaster recovery policy and contingency plans and in accordance with that disaster recovery,
the plan, practice and the plan review.
So disaster recovery recap question
what should be in the succession plan
so you would want to look at described the flow of responsibility for what normal staff is unavailable to perform their duties.
What should be in the criticality of service is list,
and this is all the service is provided in their order of importance.
So, looking forward in the next lecture, we're gonna look at again. General policies were gonna actually look at the contingency policy, which is different from the disaster. Recovery policy will cover that a little more in the next piece.
Again. Questions, clarification. Reach me on Cyberia message. My user name is that Troy Lemaire
and thank you for attending this cyber ery training