Lecture 8 - DRP
Lecture 8 - DRP
and
Risk Management
Overview
2
Definition
Disaster Recovery Planning
Business Continuity Planning
DRP/BCP activities
Risk Assessment
Formulating Your DRP
DRP Outline- ISO 17799 Standard
Executing your DRP
Definitions
3
1. Project Initiation
2. Risk Assessment
3. Business Impact Analysis
4. Definition of Resource Requirements
5. Developing The Plan
6. Testing The Plan
Other activities
Develop testing/maintenance schedule
Step 1- Project Initiation
19
Information overload
DRP planners need to constantly deal with change in all
aspects of the business
This is usually a task activity assigned to someone
who already has other responsibilities
Lack of senior management focus
Increasing complexity of technology
DRP STANDARDS
Standards
28
ISO 9002
National Institute of Standards and Technology
(NIST) Special Publications (SP) 800 Series
ISO 17799
31
6. Personnel Security
Reduce risks of human error, theft, fraud or misuse of facilities
Ensure that users are aware of information security threats and
concerns, and are equipped to support the corporate security policy in
the course of their normal work
Minimise the damage from security incidents and malfunctions and
learn from such incidents
7. Security Organisation
Manage information security within the Company
Maintain the security of organisational information processing facilities
and information assets accessed by third parties
Maintain the security of information when the responsibility for
information processing has been outsourced to another organisation.
ISO 17799
36
40