Information Technology Reference
In-Depth Information
n
Preventive measures will stop 90 percent of accidental and intentional cyber-
attacks in the form of viruses, worms, network attacks (e.g., DoS), Trojan
horses, and spyware.
High-availability safeguards ensure business operation interruption not to
exceed 60 minutes per calendar quarter.
A single downtime occurrence greater than ten minutes results in escalation
to CSIRT to initiate response and restoration activity.
n
n
A quantifiable policy provides business direction to the development of stan-
dards, procedures, controls, and guidelines; it directs the selection of appropriate
vendors/products to meet quantified SLAs.
8.14.3
Practice
Following the BIA, the BC planning process (Figure 8.13) begins with preventive
measures that attempt to preempt the occurrence of incidents. If those preven-
tive measures fail, the first focus is on the high availability (immediate continuity
or very low interruption) of key functions. Subsequent focus is on resumption,
recovery, and restoration, depending on the severity and longevity of the adverse
circumstances.
Business continuity encompasses disaster recovery—hence the flow from high-
availability solutions to more long-term solutions involving resumption, recov-
ery, and restoration. The difference between a continuity incident involving a key
Introduce security services and mechanisms to reduce
Incident occurrence that may adversely affect business
operations.
Implement high availability
options for key business functions
identified by the BIA.
Restore normal business
operations.
Business
Continuity
Planning
Actions immediately following
incident occurrence that assess
organizational impact, isolate the
cause, and initiate treatment.
Actions subsequent to
Resumption
that initiate
reactivating lower priority
1
business operations.
Actions subsequent to
Response
that initiate reactivating highest
priority
1
business operations.
1
Priorities are predetermined via BIA and may be in terms of
new business revenue generation, existing customer
preservation, time sensitivity, accounting, etc.
Figure 8.13
BC planning process.
