SlideShare una empresa de Scribd logo

CISSP Chapter 1 BCP

Descargar como PPTX, PDF
K
Karthikeyan Dhayalan

Chapter 1, Business continuity plan, Disaster Recovery plan, DR

Educación
1 de 15
Business Continuity Predict – Preempt – Protect Karthikeyan Dhayalan
Business Continuity • Used to maintain the continuous operations of business critical functions in the event of a disaster • Disaster Recovery • Goal is to minimize the immediate effects of a disaster. • Usually IT focused • Continuity Planning • Provides methods and procedures for long term outages and disasters • It takes a broader approach to disaster recovery • 4 Main process steps for BCP • Project scope and planning • Business Impact assessment (BIA) • Continuity planning • Approval and Implementation
Project Scope and Planning • First step in effective BCP • Involves 4 key work streams • Structured analysis of business organization from crisis point of view • Creation of BCP team with approval from senior management • Resource availability assessment • Legal and Regulatory requirement analysis
Business Organization Analysis • First step is to perform an analysis of business organization to identify all critical departments and key stakeholders • Operational departments that are responsible for core services • Critical support services, responsible for upkeep of systems that support operational departments • Senior executives and other key Individuals essential for ongoing business operations • This step provides necessary ground work to identify potential members of BCP team • It provides foundation for the business continuity process
BCP Team Selection • The team should include at the minimum the following representatives • Representatives from each of the organizational departments • Representatives from key support departments • IT representatives with technical expertise • Security representatives with knowledge of BCP • Legal representatives • Senior Management representatives
BCP Resource Requirements • Assess the resource required for 3 distinct functions • BCP Development: • Team will require resources for BCP process development. • BCP Testing, training and maintenance: • Will require hardware and software commitments, major commitment will be the people • BCP Implementation: • Implementation will require a large amount of resources both from the HW/SW as well as human capital front Human capital is the most significant resources consumed during a BCP process
Business Impact Assessment • Also considered a functional analysis • Identifies the resources that are critical to the organization, the threats posed to the resources • Assess the likelihood that each threat will actually occur and the impact of those threats • The result helps in prioritizing the commitment of Business continuity resources to various risk exposures
BIA - Steps Select individuals for data gathering Create data gathering technique Identify company critical business functions Identify the resources these functions depend on Calculate how long these functions can survive without these resources Identify vulnerabilities and threats to these functions Calculate the risk for each different business function Document and report the findings to managment
Identify Priorities • 1st step in BIA is to identify the business priorities • It involves creating a comprehensive list of business process and ranking them in order of importance • This is a qualitative process; to begin quantitative assessment, assign AV in monetary terms to each asset • Develop the Maximum Tolerable Downtime (MTD) • Maximum time the business can be inoperable without causing irrecoverable damage to the business • Develop the Recovery Time Objective (RTO) • Amount of time by which the business function can be recovered GOAL – RTO must be less than MTD
Risk Identification • Next step in BIA process • Risk comes in two forms : Man-made or Natural • The risk identification portion of the process is purely Qualitative • BCP team should not be concerned about likelihood or the amount of damage in this phase
Likelihood Assessment • Follows the Risk Identification Phase • Identifies the likelihood that each risk will occur • It is expressed in ARO • ARO should be based on company history, professional experience of team members and advice from experts
Impact Assessment • Most critical portion of BCP • Analyse the data gathered during risk identification and Likelihood assessment to determine what impact each one of the identified risks would have on the business
Continuity Planning • Focuses on developing and implementing a continuity strategy to minimize the impact realized risks might have on protected assets • Strategy Development: • Bridges the gap between BIA and continuity planning phases. • Take the risks identified and determine which risks will be addressed by BCP
BCP Policy • BCP policy benefits • Ensures BCP professionals have a written continuity document to reference in the event of an emergency • Provides historical record of the BCP that will be useful to future personnel • Forces the team members to commit their thoughts to paper
Karthikeyan Dhayalan

Recomendados

CISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsCISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsKarthikeyan Dhayalan
 
CISSP Chapter 1 Risk Management
CISSP Chapter 1 Risk ManagementCISSP Chapter 1 Risk Management
CISSP Chapter 1 Risk ManagementKarthikeyan Dhayalan
 
Chapter 1 Security Framework
Chapter 1 Security FrameworkChapter 1 Security Framework
Chapter 1 Security FrameworkKarthikeyan Dhayalan
 
CISSP - Chapter 2 - Asset Security
CISSP - Chapter 2 - Asset SecurityCISSP - Chapter 2 - Asset Security
CISSP - Chapter 2 - Asset SecurityKarthikeyan Dhayalan
 
CISSP - Chapter 4 - Network Topology
CISSP - Chapter 4 - Network TopologyCISSP - Chapter 4 - Network Topology
CISSP - Chapter 4 - Network TopologyKarthikeyan Dhayalan
 
CISSP - Software Development Security
CISSP - Software Development SecurityCISSP - Software Development Security
CISSP - Software Development SecurityKarthikeyan Dhayalan
 
CISSP - Chapter 3 - System security architecture
CISSP - Chapter 3 - System security architectureCISSP - Chapter 3 - System security architecture
CISSP - Chapter 3 - System security architectureKarthikeyan Dhayalan
 
CISSP - Security Assessment
CISSP - Security AssessmentCISSP - Security Assessment
CISSP - Security AssessmentKarthikeyan Dhayalan
 

Recomendados

CISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsCISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsKarthikeyan Dhayalan
 
CISSP Chapter 1 Risk Management
CISSP Chapter 1 Risk ManagementCISSP Chapter 1 Risk Management
CISSP Chapter 1 Risk ManagementKarthikeyan Dhayalan
 
Chapter 1 Security Framework
Chapter 1 Security FrameworkChapter 1 Security Framework
Chapter 1 Security FrameworkKarthikeyan Dhayalan
 
CISSP - Chapter 2 - Asset Security
CISSP - Chapter 2 - Asset SecurityCISSP - Chapter 2 - Asset Security
CISSP - Chapter 2 - Asset SecurityKarthikeyan Dhayalan
 
CISSP - Chapter 4 - Network Topology
CISSP - Chapter 4 - Network TopologyCISSP - Chapter 4 - Network Topology
CISSP - Chapter 4 - Network TopologyKarthikeyan Dhayalan
 
CISSP - Software Development Security
CISSP - Software Development SecurityCISSP - Software Development Security
CISSP - Software Development SecurityKarthikeyan Dhayalan
 
CISSP - Chapter 3 - System security architecture
CISSP - Chapter 3 - System security architectureCISSP - Chapter 3 - System security architecture
CISSP - Chapter 3 - System security architectureKarthikeyan Dhayalan
 
CISSP - Security Assessment
CISSP - Security AssessmentCISSP - Security Assessment
CISSP - Security AssessmentKarthikeyan Dhayalan
 
Cissp Study notes.pdf
Cissp Study notes.pdfCissp Study notes.pdf
Cissp Study notes.pdfMAHESHUMANATHGOPALAK
 
CISSP - Chapter 4 - Intranet and extranets
CISSP - Chapter 4 - Intranet and extranetsCISSP - Chapter 4 - Intranet and extranets
CISSP - Chapter 4 - Intranet and extranetsKarthikeyan Dhayalan
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 
Chapter 1 Law & Ethics
Chapter 1 Law & EthicsChapter 1 Law & Ethics
Chapter 1 Law & EthicsKarthikeyan Dhayalan
 
Cissp Training PPT
Cissp Training PPTCissp Training PPT
Cissp Training PPTADEPT TECHNOLOGY
 
Introduction: CISSP Certification
Introduction: CISSP CertificationIntroduction: CISSP Certification
Introduction: CISSP CertificationSam Bowne
 
Cyber security maturity model- IT/ITES
Cyber security maturity model- IT/ITES Cyber security maturity model- IT/ITES
Cyber security maturity model- IT/ITES Priyanka Aash
 
Security risk management
Security risk managementSecurity risk management
Security risk managementG Prachi
 
Introduction to NIST’s Risk Management Framework (RMF)
Introduction to NIST’s Risk Management Framework (RMF)Introduction to NIST’s Risk Management Framework (RMF)
Introduction to NIST’s Risk Management Framework (RMF)Donald E. Hester
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity frameworkShriya Rai
 
CISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security OperationsCISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security OperationsKarthikeyan Dhayalan
 
How To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation SlidesHow To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation SlidesSlideTeam
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellenceErik Taavila
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewTandhy Simanjuntak
 
CISSP - Chapter 3 - CPU Architecture
CISSP - Chapter 3 - CPU ArchitectureCISSP - Chapter 3 - CPU Architecture
CISSP - Chapter 3 - CPU ArchitectureKarthikeyan Dhayalan
 
Cissp combined notes
Cissp combined notesCissp combined notes
Cissp combined notesJoshua Fonseca
 
CISSP Prep: Ch 8. Security Operations
CISSP Prep: Ch 8. Security OperationsCISSP Prep: Ch 8. Security Operations
CISSP Prep: Ch 8. Security OperationsSam Bowne
 
1. Security and Risk Management
1. Security and Risk Management1. Security and Risk Management
1. Security and Risk ManagementSam Bowne
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)Ahmed Ayman
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 Erick Kish, U.S. Commercial Service
 
Business Continuity Planning Presentation Overview
Business Continuity Planning Presentation OverviewBusiness Continuity Planning Presentation Overview
Business Continuity Planning Presentation OverviewBob Winkler
 
What is business continuity planning-bcp
What is business continuity planning-bcpWhat is business continuity planning-bcp
What is business continuity planning-bcpAdv Prashant Mali
 

Más contenido relacionado

La actualidad más candente

CISSP - Chapter 4 - Intranet and extranets
CISSP - Chapter 4 - Intranet and extranetsCISSP - Chapter 4 - Intranet and extranets
CISSP - Chapter 4 - Intranet and extranetsKarthikeyan Dhayalan
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 
Introduction: CISSP Certification
Introduction: CISSP CertificationIntroduction: CISSP Certification
Introduction: CISSP CertificationSam Bowne
 
Cyber security maturity model- IT/ITES
Cyber security maturity model- IT/ITES Cyber security maturity model- IT/ITES
Cyber security maturity model- IT/ITES Priyanka Aash
 
Security risk management
Security risk managementSecurity risk management
Security risk managementG Prachi
 
Introduction to NIST’s Risk Management Framework (RMF)
Introduction to NIST’s Risk Management Framework (RMF)Introduction to NIST’s Risk Management Framework (RMF)
Introduction to NIST’s Risk Management Framework (RMF)Donald E. Hester
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity frameworkShriya Rai
 
CISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security OperationsCISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security OperationsKarthikeyan Dhayalan
 
How To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation SlidesHow To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation SlidesSlideTeam
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellenceErik Taavila
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewTandhy Simanjuntak
 
CISSP - Chapter 3 - CPU Architecture
CISSP - Chapter 3 - CPU ArchitectureCISSP - Chapter 3 - CPU Architecture
CISSP - Chapter 3 - CPU ArchitectureKarthikeyan Dhayalan
 
CISSP Prep: Ch 8. Security Operations
CISSP Prep: Ch 8. Security OperationsCISSP Prep: Ch 8. Security Operations
CISSP Prep: Ch 8. Security OperationsSam Bowne
 
1. Security and Risk Management
1. Security and Risk Management1. Security and Risk Management
1. Security and Risk ManagementSam Bowne
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)Ahmed Ayman
 

La actualidad más candente (20)

Cissp Study notes.pdf
Cissp Study notes.pdfCissp Study notes.pdf
Cissp Study notes.pdf
 
CISSP - Chapter 4 - Intranet and extranets
CISSP - Chapter 4 - Intranet and extranetsCISSP - Chapter 4 - Intranet and extranets
CISSP - Chapter 4 - Intranet and extranets
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 
Chapter 1 Law & Ethics
Chapter 1 Law & EthicsChapter 1 Law & Ethics
Chapter 1 Law & Ethics
 
Cissp Training PPT
Cissp Training PPTCissp Training PPT
Cissp Training PPT
 
Introduction: CISSP Certification
Introduction: CISSP CertificationIntroduction: CISSP Certification
Introduction: CISSP Certification
 
Cyber security maturity model- IT/ITES
Cyber security maturity model- IT/ITES Cyber security maturity model- IT/ITES
Cyber security maturity model- IT/ITES
 
Security risk management
Security risk managementSecurity risk management
Security risk management
 
Introduction to NIST’s Risk Management Framework (RMF)
Introduction to NIST’s Risk Management Framework (RMF)Introduction to NIST’s Risk Management Framework (RMF)
Introduction to NIST’s Risk Management Framework (RMF)
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity framework
 
CISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security OperationsCISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security Operations
 
How To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation SlidesHow To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation Slides
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellence
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
 
CISSP - Chapter 3 - CPU Architecture
CISSP - Chapter 3 - CPU ArchitectureCISSP - Chapter 3 - CPU Architecture
CISSP - Chapter 3 - CPU Architecture
 
Cissp combined notes
Cissp combined notesCissp combined notes
Cissp combined notes
 
CISSP Prep: Ch 8. Security Operations
CISSP Prep: Ch 8. Security OperationsCISSP Prep: Ch 8. Security Operations
CISSP Prep: Ch 8. Security Operations
 
1. Security and Risk Management
1. Security and Risk Management1. Security and Risk Management
1. Security and Risk Management
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101
 

Destacado

Business Continuity Planning Presentation Overview
Business Continuity Planning Presentation OverviewBusiness Continuity Planning Presentation Overview
Business Continuity Planning Presentation OverviewBob Winkler
 
What is business continuity planning-bcp
What is business continuity planning-bcpWhat is business continuity planning-bcp
What is business continuity planning-bcpAdv Prashant Mali
 
CISSP - Chapter 3 - Physical security
CISSP - Chapter 3 - Physical securityCISSP - Chapter 3 - Physical security
CISSP - Chapter 3 - Physical securityKarthikeyan Dhayalan
 
CISSP - Chapter 4 - Network Fundamental
CISSP - Chapter 4 - Network FundamentalCISSP - Chapter 4 - Network Fundamental
CISSP - Chapter 4 - Network FundamentalKarthikeyan Dhayalan
 

Destacado (7)

Business Continuity Planning Presentation Overview
Business Continuity Planning Presentation OverviewBusiness Continuity Planning Presentation Overview
Business Continuity Planning Presentation Overview
 
What is business continuity planning-bcp
What is business continuity planning-bcpWhat is business continuity planning-bcp
What is business continuity planning-bcp
 
[Japan Tech summit 2017] CLD 013
[Japan Tech summit 2017] CLD 013[Japan Tech summit 2017] CLD 013
[Japan Tech summit 2017] CLD 013
 
Chapter 1 Personal security
Chapter 1 Personal securityChapter 1 Personal security
Chapter 1 Personal security
 
CISSP - Chapter 3 - Physical security
CISSP - Chapter 3 - Physical securityCISSP - Chapter 3 - Physical security
CISSP - Chapter 3 - Physical security
 
CISSP - Chapter 4 - Network Fundamental
CISSP - Chapter 4 - Network FundamentalCISSP - Chapter 4 - Network Fundamental
CISSP - Chapter 4 - Network Fundamental
 
CISSP - Chapter 3 - Cryptography
CISSP - Chapter 3 - CryptographyCISSP - Chapter 3 - Cryptography
CISSP - Chapter 3 - Cryptography
 

Similar a CISSP Chapter 1 BCP

How to integrate BCMS with Organization's culture?
How to integrate BCMS with Organization's culture?How to integrate BCMS with Organization's culture?
How to integrate BCMS with Organization's culture?Abdul Naseer
 
3 focus areas for any organisation's IT & Security department
3 focus areas for any organisation's IT & Security department 3 focus areas for any organisation's IT & Security department
3 focus areas for any organisation's IT & Security department Sandeep S Jaryal
 
CISM_WK_2.pptx
CISM_WK_2.pptxCISM_WK_2.pptx
CISM_WK_2.pptxdotco
 
man power utilization in hrp
man power utilization in hrpman power utilization in hrp
man power utilization in hrpHimabindu Mangiri
 
Presentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCMPresentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCMShantanu Rai
 
crisc_wk_6.pptx
crisc_wk_6.pptxcrisc_wk_6.pptx
crisc_wk_6.pptxdotco
 
The project manager and business analyst partnership - ensuring project success
The project manager and business analyst partnership - ensuring project successThe project manager and business analyst partnership - ensuring project success
The project manager and business analyst partnership - ensuring project successMark Troncone MBA, PMP, CBAP, ITILv3, CSM
 
IT Business Continuity Planning 2004
IT Business Continuity Planning 2004IT Business Continuity Planning 2004
IT Business Continuity Planning 2004Donald E. Hester
 
HRM Auditing – Principles, Practice and Process
HRM Auditing – Principles, Practice and Process HRM Auditing – Principles, Practice and Process
HRM Auditing – Principles, Practice and Process Charles Cotter, PhD
 
Getting Started with Business Continuity
Getting Started with Business ContinuityGetting Started with Business Continuity
Getting Started with Business ContinuityStephen Cobb
 
Internal Audit Best Practices for Safety, Environment, and Quality Audits
Internal Audit Best Practices for Safety, Environment, and Quality AuditsInternal Audit Best Practices for Safety, Environment, and Quality Audits
Internal Audit Best Practices for Safety, Environment, and Quality AuditsNimonik
 
auditing Fram . from the start to Reporting .pdf
auditing Fram . from the start to Reporting .pdfauditing Fram . from the start to Reporting .pdf
auditing Fram . from the start to Reporting .pdfnguyenanvuong2007
 
BCM Institute MTE Jeremy Wong - Business Continuty Management Benchmarking i...
BCM Institute MTE Jeremy Wong - Business Continuty Management Benchmarking i...BCM Institute MTE Jeremy Wong - Business Continuty Management Benchmarking i...
BCM Institute MTE Jeremy Wong - Business Continuty Management Benchmarking i...BCM Institute
 
[Project] FRAMEWORK FOR SUPPORTING “BUSINESS PROCESS REENGINEERING “-BASED BU...
[Project] FRAMEWORK FOR SUPPORTING “BUSINESS PROCESS REENGINEERING “-BASED BU...[Project] FRAMEWORK FOR SUPPORTING “BUSINESS PROCESS REENGINEERING “-BASED BU...
[Project] FRAMEWORK FOR SUPPORTING “BUSINESS PROCESS REENGINEERING “-BASED BU...Biswadeep Ghosh Hazra
 
Communicating with stakeholders on cybersecurity risk-a road map for success
Communicating with stakeholders on cybersecurity risk-a road map for successCommunicating with stakeholders on cybersecurity risk-a road map for success
Communicating with stakeholders on cybersecurity risk-a road map for successClaus Thaudahl Hansen
 
ThinkGRC Introduction to Business Continuity for Middle Management
ThinkGRC Introduction to Business Continuity for Middle ManagementThinkGRC Introduction to Business Continuity for Middle Management
ThinkGRC Introduction to Business Continuity for Middle ManagementThinkGRC
 
business_continuity_management_presentation.ppt
business_continuity_management_presentation.pptbusiness_continuity_management_presentation.ppt
business_continuity_management_presentation.pptLucintaLuna4
 

Similar a CISSP Chapter 1 BCP (20)

How to integrate BCMS with Organization's culture?
How to integrate BCMS with Organization's culture?How to integrate BCMS with Organization's culture?
How to integrate BCMS with Organization's culture?
 
3 focus areas for any organisation's IT & Security department
3 focus areas for any organisation's IT & Security department 3 focus areas for any organisation's IT & Security department
3 focus areas for any organisation's IT & Security department
 
CISM_WK_2.pptx
CISM_WK_2.pptxCISM_WK_2.pptx
CISM_WK_2.pptx
 
man power utilization in hrp
man power utilization in hrpman power utilization in hrp
man power utilization in hrp
 
BiznetGio Presentation Business Continuity
BiznetGio Presentation Business ContinuityBiznetGio Presentation Business Continuity
BiznetGio Presentation Business Continuity
 
Presentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCMPresentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCM
 
crisc_wk_6.pptx
crisc_wk_6.pptxcrisc_wk_6.pptx
crisc_wk_6.pptx
 
The project manager and business analyst partnership - ensuring project success
The project manager and business analyst partnership - ensuring project successThe project manager and business analyst partnership - ensuring project success
The project manager and business analyst partnership - ensuring project success
 
IT Business Continuity Planning 2004
IT Business Continuity Planning 2004IT Business Continuity Planning 2004
IT Business Continuity Planning 2004
 
HRM Auditing – Principles, Practice and Process
HRM Auditing – Principles, Practice and Process HRM Auditing – Principles, Practice and Process
HRM Auditing – Principles, Practice and Process
 
Getting Started with Business Continuity
Getting Started with Business ContinuityGetting Started with Business Continuity
Getting Started with Business Continuity
 
Risk crisis nad management
Risk crisis nad managementRisk crisis nad management
Risk crisis nad management
 
Internal Audit Best Practices for Safety, Environment, and Quality Audits
Internal Audit Best Practices for Safety, Environment, and Quality AuditsInternal Audit Best Practices for Safety, Environment, and Quality Audits
Internal Audit Best Practices for Safety, Environment, and Quality Audits
 
auditing Fram . from the start to Reporting .pdf
auditing Fram . from the start to Reporting .pdfauditing Fram . from the start to Reporting .pdf
auditing Fram . from the start to Reporting .pdf
 
Intro to ISO
Intro to ISOIntro to ISO
Intro to ISO
 
BCM Institute MTE Jeremy Wong - Business Continuty Management Benchmarking i...
BCM Institute MTE Jeremy Wong - Business Continuty Management Benchmarking i...BCM Institute MTE Jeremy Wong - Business Continuty Management Benchmarking i...
BCM Institute MTE Jeremy Wong - Business Continuty Management Benchmarking i...
 
[Project] FRAMEWORK FOR SUPPORTING “BUSINESS PROCESS REENGINEERING “-BASED BU...
[Project] FRAMEWORK FOR SUPPORTING “BUSINESS PROCESS REENGINEERING “-BASED BU...[Project] FRAMEWORK FOR SUPPORTING “BUSINESS PROCESS REENGINEERING “-BASED BU...
[Project] FRAMEWORK FOR SUPPORTING “BUSINESS PROCESS REENGINEERING “-BASED BU...
 
Communicating with stakeholders on cybersecurity risk-a road map for success
Communicating with stakeholders on cybersecurity risk-a road map for successCommunicating with stakeholders on cybersecurity risk-a road map for success
Communicating with stakeholders on cybersecurity risk-a road map for success
 
ThinkGRC Introduction to Business Continuity for Middle Management
ThinkGRC Introduction to Business Continuity for Middle ManagementThinkGRC Introduction to Business Continuity for Middle Management
ThinkGRC Introduction to Business Continuity for Middle Management
 
business_continuity_management_presentation.ppt
business_continuity_management_presentation.pptbusiness_continuity_management_presentation.ppt
business_continuity_management_presentation.ppt
 

Último

microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...christianmathematics
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesCeline George
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphThiyagu K
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsTechSoup
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Celine George
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsMebane Rash
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfagholdier
 
Role Of Transgenic Animal In Target Validation-1.pptx
Role Of Transgenic Animal In Target Validation-1.pptxRole Of Transgenic Animal In Target Validation-1.pptx
Role Of Transgenic Animal In Target Validation-1.pptxNikitaBankoti2
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdfQucHHunhnh
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfPoh-Sun Goh
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhikauryashika82
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.christianmathematics
 
ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701bronxfugly43
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.MaryamAhmad92
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDThiyagu K
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdfQucHHunhnh
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
psychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxpsychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxPoojaSen20
 

Último (20)

microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
Role Of Transgenic Animal In Target Validation-1.pptx
Role Of Transgenic Animal In Target Validation-1.pptxRole Of Transgenic Animal In Target Validation-1.pptx
Role Of Transgenic Animal In Target Validation-1.pptx
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdf
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 
ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
psychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxpsychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docx
 

CISSP Chapter 1 BCP

  • 1. Business Continuity Predict – Preempt – Protect Karthikeyan Dhayalan
  • 2. Business Continuity • Used to maintain the continuous operations of business critical functions in the event of a disaster • Disaster Recovery • Goal is to minimize the immediate effects of a disaster. • Usually IT focused • Continuity Planning • Provides methods and procedures for long term outages and disasters • It takes a broader approach to disaster recovery • 4 Main process steps for BCP • Project scope and planning • Business Impact assessment (BIA) • Continuity planning • Approval and Implementation
  • 3. Project Scope and Planning • First step in effective BCP • Involves 4 key work streams • Structured analysis of business organization from crisis point of view • Creation of BCP team with approval from senior management • Resource availability assessment • Legal and Regulatory requirement analysis
  • 4. Business Organization Analysis • First step is to perform an analysis of business organization to identify all critical departments and key stakeholders • Operational departments that are responsible for core services • Critical support services, responsible for upkeep of systems that support operational departments • Senior executives and other key Individuals essential for ongoing business operations • This step provides necessary ground work to identify potential members of BCP team • It provides foundation for the business continuity process
  • 5. BCP Team Selection • The team should include at the minimum the following representatives • Representatives from each of the organizational departments • Representatives from key support departments • IT representatives with technical expertise • Security representatives with knowledge of BCP • Legal representatives • Senior Management representatives
  • 6. BCP Resource Requirements • Assess the resource required for 3 distinct functions • BCP Development: • Team will require resources for BCP process development. • BCP Testing, training and maintenance: • Will require hardware and software commitments, major commitment will be the people • BCP Implementation: • Implementation will require a large amount of resources both from the HW/SW as well as human capital front Human capital is the most significant resources consumed during a BCP process
  • 7. Business Impact Assessment • Also considered a functional analysis • Identifies the resources that are critical to the organization, the threats posed to the resources • Assess the likelihood that each threat will actually occur and the impact of those threats • The result helps in prioritizing the commitment of Business continuity resources to various risk exposures
  • 8. BIA - Steps Select individuals for data gathering Create data gathering technique Identify company critical business functions Identify the resources these functions depend on Calculate how long these functions can survive without these resources Identify vulnerabilities and threats to these functions Calculate the risk for each different business function Document and report the findings to managment
  • 9. Identify Priorities • 1st step in BIA is to identify the business priorities • It involves creating a comprehensive list of business process and ranking them in order of importance • This is a qualitative process; to begin quantitative assessment, assign AV in monetary terms to each asset • Develop the Maximum Tolerable Downtime (MTD) • Maximum time the business can be inoperable without causing irrecoverable damage to the business • Develop the Recovery Time Objective (RTO) • Amount of time by which the business function can be recovered GOAL – RTO must be less than MTD
  • 10. Risk Identification • Next step in BIA process • Risk comes in two forms : Man-made or Natural • The risk identification portion of the process is purely Qualitative • BCP team should not be concerned about likelihood or the amount of damage in this phase
  • 11. Likelihood Assessment • Follows the Risk Identification Phase • Identifies the likelihood that each risk will occur • It is expressed in ARO • ARO should be based on company history, professional experience of team members and advice from experts
  • 12. Impact Assessment • Most critical portion of BCP • Analyse the data gathered during risk identification and Likelihood assessment to determine what impact each one of the identified risks would have on the business
  • 13. Continuity Planning • Focuses on developing and implementing a continuity strategy to minimize the impact realized risks might have on protected assets • Strategy Development: • Bridges the gap between BIA and continuity planning phases. • Take the risks identified and determine which risks will be addressed by BCP
  • 14. BCP Policy • BCP policy benefits • Ensures BCP professionals have a written continuity document to reference in the event of an emergency • Provides historical record of the BCP that will be useful to future personnel • Forces the team members to commit their thoughts to paper