securivy INFORMATION SYSTEMS MANAGEMENT ILLINOIS INSTITUTE OF TECHNOLOGY A New Model for Business Contingency Operations Ray Trygstad

Similar documents
Introduction to Business continuity Planning

UL and Business Continuity

Business Continuity - An Inside Perspective

Business Continuity Policy

Deciphering Overlapping Standards and Requirements, Using the BCP Genome

Emergency Management & Disaster Planning

Table of Contents. Sample

University Information Systems. Administrative Computing Services. Contingency Plan. Overview

COPYRIGHTED MATERIAL. Contents. xv xxi. Preface About the Web Site

Data Recovery Policy

Florida State University

Our key considerations include:

Making YOUR Organization More Efficient and Effective Through Business Continuity / Continuity of Operations Planning

Security Guideline for the Electricity Sector: Business Processes and Operations Continuity

Global Security Advisor

Policy Title; Business Continuity Management Policy. Date Published/Reviewed; February 2018

Continuity of Operations During Disasters: Electronic Systems and Medical Records

Appendix 3 Disaster Recovery Plan

Addressing Vulnerabilities By Integrating Your Incident Response Plans. Brian Coates Enaxis Consulting

Security Director - VisionFund International

2 ESF 2 Communications

Business Continuity Management Standards A Side-by-Side Comparison

Prepare your Emergency respons, continuity plan, recovery plan

Lifeguard Station. Emergency Management

Member of the County or municipal emergency management organization

Using International Standards to Implement a Business Continuity Management System (BCMS)

The Metropolitan Police Service Approach to Corporate Resiliency

STRATEGIC PLAN. USF Emergency Management

BCP At Bangkok Bank, Thailand

REGIONAL UTILITY COORDINATION PLAN. Portland, Oregon / Vancouver, Washington Metropolitan Area

HENRY EE, FBCI, CBCP

Bundling Arrows: Making a Business Case for Adopting an Incident Command System (ICS) 2012 The Flynt Group, Inc.; All Rights Reserved. FlyntGroup.

Civil Air Patrol. National Incident Management System (NIMS) 2016 Refresh Lt Col Bob Ditch HQ CAP/DOSI CITIZENS SERVING COMMUNITIES

BUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW

Rejuvenating BCM - Infrastructure. Business Continuity Awareness Week March 2009

Emergencies: Protecting Staff & Assets. Presented By: Tom Heebner, CSP, ARM, ABCP AVP / Risk Consultant HUB International Limited

Business Continuity Management Program Overview

INFORMATION SECURITY- DISASTER RECOVERY

Walmart Resiliency NCEM ECU Hurricane Conference May 2016

3.4 DISASTER RECOVERY (L , M.3.9, comp_req_id 806)

Real-world Practices for Incident Response Feb 2017 Keyaan Williams Sr. Consultant

Business Continuity Planning. PDI January 14 th, 2018

Railroad Infrastructure Security

January 31, Department of Homeland Security

Security and Privacy Governance Program Guidelines

HUMANITARIAN COORDINATION TRAINING. Safety & Security in Humanitarian Coordination

Are Traditional Disaster Recovery Plans Still Relevant? Bobby Williams, MBCP, MBCI Director, IT Resiliency Planning Fidelity Investments

Building resilience. Delivering assurance.

Emergency Operations Center Management Exercise Evaluation Guide

BCM s Role in Effective Risk Management: A Risk Manager s Point of View

CRITICAL INCIDENT STRESS MANAGEMENT

Cyber Risk in the Marine Transportation System

What Does the Future Look Like for Business Continuity Professionals?

RFP Questions Guideline For Data Center Buyers

Disaster Recovery Planning: Is Your Plan in Place? Presented by: Steve Shofner, CISA, CGEIT

ACTIVE SHOOTER RESPONSE CAPABILITY STATEMENT. Dynamiq - Active Shooter Response

NHS Gloucestershire Clinical Commissioning Group. Business Continuity Strategy

DISASTER RECOVERY PRIMER

AADMER Work Programme

Introduction to Business Continuity Management

BCM Program Development

Template. IT Disaster Recovery Planning: A Template

Business Continuity: How to Keep City Departments in Business after a Disaster

Emergency Operations Plan 2018 Annex IV - Business Continuity Plan

Risk Management. Continuity Management

EQUINIX BUSINESS CONTINUITY ADVANCED SERVICES KEEP YOUR BUSINESS UP AND RUNNING

GRAMPIAN SCG PUBLIC COMMUNICATIONS PLAN

Business Continuity Planning Keeping Pace with New Technology

Promoting the Art and Science of Business Continuity Management Worldwide. Partner of the DRJ

Business Continuity Management: How to get started. Presented by: Tony Drewitt, Managing Director IT Governance Ltd 19 April 2018

Maintaining Resiliency Within the Defense Industrial Base Through Preparedness Response and Recovery

Resilience in London

Hessisches Ministerium des Innern und für Sport, Translated into English by E.Polster, Wiesbaden, September 2009

Implementing NFPA 3000 (PS)

Public and Private Interdependencies Filling a Gap in Most Continuity Plans

Number: USF System Emergency Management Responsible Office: Administrative Services

TEL2813/IS2820 Security Management

Welcome to the AEMA Regional Outreach

SOLUTION BRIEF Virtual CISO

TEL2813/IS2820 Security Management

Security and Fleet Manager

Global Crisis Management at Target

Policy. Business Resilience MB2010.P.119

Homeland Security and Geographic Information Systems

NERCPI Regional Cyber Disruption Planning.

Introduction. Overview. Every Crisis Management Team Needs a Critical Decision Checklist. Presented by Roseanne Rostron, CBCP President Raido Response

L18: Integrate Control Disciplines to Increase Control and Save Money

Special Action Plan on Countermeasures to Cyber-terrorism of Critical Infrastructure (Provisional Translation)

TIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE

National Level Exercise 2018 After-Action Findings

Disaster Recovery and Business Continuity Planning (Mile2)

SM04: Transforming Your Security Command Post into a Strategic Information Nerve Center

EXHIBIT A. - HIPAA Security Assessment Template -

Altius IT Policy Collection Compliance and Standards Matrix

Emergence of Business Continuity to Ensure Business and IT Operations. Solutions to successfully meet the requirements of business continuity.

MHA Consulting BCM Metrics Resiliency Through Measurement

St. Joseph s General Hospital LOCKDOWN EMERGENCY RESPONSE PLAN

A Practical Guide to Avoiding Disasters in Mission-Critical Facilities. What is a Disaster? Associated Business Issues.

Global Crisis Management at Target

Driving Global Resilience

Transcription:

information technology & management INFORMATION SYSTEMS securivy t MANAGEMENT ILLINOIS INSTITUTE OF TECHNOLOGY A New Model for Business Contingency Operations Ray Trygstad 2008 Ray Trygstad Director of Information Technology, Associate Director, Information Technology and Management Degree Programs ILLINOIS INSTITUTE OF TECHNOLOGY

Introduction New model for business contingency response team structure Background Terms Team Structures in common use The Contingency Response Team structure Contingency Response Officer Team structure 2 2008 Ray Trygstad

What is a contingency? An event that has a potential or proven ability to disrupt normal operations of the organization Organization could be a business, a government agency, a university, a non-profit that carries out what can broadly be termed as business activities of some kind Response to business contingencies often falls on IT Particularly the IT Security function Incident often are specifically IT-security related 3

Contingencies are a Business Issue! BUT and this is a really big but: Business contingency response is first and foremost a MANAGEMENT responsibility Addressing ability of the organization to continue to operate in situations which put the ability of the organization's operations in serious jeopardy Although the largest area of complexity in continuity of operations is in the IT area, management cannot dump responsibility for continued operations solely on IT 4

When do We Need Contingency Response? Natural events Hurricane, tornado, flood, earthquake, fire Human initiated events Operator error, sabotage, malicious code and other computer-based attacks, accidents, military actions, terrorist attacks Operating Environment events Equipment failure, software errors, telecommunications/network outage, electric power failure 5

Event Sequence to Contingency Contingency Planning RISK RISK MANAGEMENT Security Control Implementation NIST Special Publication 800-34 Emergency Event CONTINGENCY PLAN EXECUTION 6

Terminology Many terms in use Inconsistant and imprecise BS 25999 and HB292-2006 (Australia) use Business Continuity Management (BCM) NIST SP 800-34 uses both Business Continuity and Continuity of Operations NFPA 1600 uses Disaster/Emergency Management and Business Continuity but refers to an instance as an incident 7

Terminology HB291-2004 (Australia) provides a good definition: Business Continuity Management provides the availability of processes and resources in order to ensure the continued achievement of critical objectives I am going to use the term Business Contingency Operations because Although BCM is a de facto standard, there is really no standard It s the most descriptive term for the area I am addressing 8

Contingency Response Teams Although it is prescribed only in a rudimentary fashion in most standards documents, contingency response in most organizations is done through the use of teams BS 25999-1:2006 discusses the Incident Management Team or Crisis Management Team HB292-2006 & NFPA 1600 not at all 9

Contingency Response Teams NIST 800-34 goes a little team happy : Management Team Damage Assessment Team Operating System Administration Team Systems Software Team Server Recovery Team (e.g., client server, Web server) LAN/WAN Recovery Team Database Recovery Team Network Operations Recovery Team Application Recovery Team(s) Telecommunications Team Hardware Salvage Team Alternate Site Recovery Coordination Team Original Site Restoration/Salvage Coordination Team Test Team Administrative Support Team Transportation and Relocation Team Media Relations Team Legal Affairs Team Physical/Personnel Security Team Procurement Team (equipment and supplies) 10

Contingency Response Teams WHEW! A bit much, eh? 11

BS 25999/BCI Approach GOLD SILVER BRONZE Escalation Strategic Tactical Operational Control Senior (Incident) Management Business Continuity Team Incident Response & Business Unit Resumption Teams The Business Continuity Institute Business Continuity Management GOOD PRACTICE GUIDELINES 2008 12

Contingency Response Teams Regardless of how you approach it, experience has shown team approach is the best method Most literature discusses 3 or 4 primary teams: Incident Response Team Disaster Recovery Team Business Continuity Team and sometimes Crisis Management Team 13

Response Team Employment Common wisdom prescribes employment of the teams in sequential order on a handover basis First the Incident Response Team...responds If the incident cannot be brought under control or escalates, it becomes a disaster Disaster Recovery Team takes over 14

Response Team Employment If operations cannot be continued at the organization s primary site Business Continuity Team facilitates operations at an alternative site Crisis Management Team invoked as necessary Normally deals with issues surrounding loss of life or serious injuries as well as media relations They just sort of drift in and out of the picture 15

My Experience Aviation Safety Officer curriculum at the Naval Postgraduate School, created by USC s Institute for Safety and Systems Management M.S. in Systems Management; curriculum also created by USC Institute for Safety and Systems Management I learned that contingency response is contingency response is contingency response 16

My Experience From a process perspective, responding to an aircraft crash is no different than responding to a mainframe crash The military has developed a finely-tuned response to incidents; & provides lessons we can all learn from Drawn heavily upon this background & experience in creating this concept 17

Contingency Response Team One of the issues that I view as a serious weakness in contemporary models for contingency response teams is who manages the overall response 3-team model presupposes handovers between teams but presents serious continuity problems My model adds an additional team : the Contingency Response Team Could also call it the Contingency Management Team 18

Contingency Response Team Contingency Response Team folds in all responsibilities normally exercised by the Crisis Management Team but extend this to provide 1. Initial response including activation of the appropriate Plan: Incident Response, Disaster Recovery, Business Continuity 2. Ongoing administrative and facilities support of other teams as they execute their function 3. Wrap up functions as contingency operations draw to close and normal operations resume Exactly what the name implies: the core on which all contingency response rests 19

Contingency Response Team 2008 Ray Trygstad 20

Contingency Response Officer Key position on this team Not the Contingency Response Team Leader but is the person on call Contingency Response Officer (CRO) or Contingency Response Manager On duty for a 24 hour period Key point of contact for ANY contingency in the organization Organization members need to have drilled into them if something out of the ordinary happens CALL OR PAGE THE CRO 21

Contingency Response Officer CRO must be sufficiently senior to make snap decisions affecting the health and future of the organization Must have the trust of C-level management Does not have to be an IT person but must have sufficient knowledge of IT to initiate response to an IT or IT security incident Small organization at least 3 Large organization as many as 10 During on-call period CRO must be immediately available by cell phone or page Should be near enough to the primary physical facility to be there quickly 22

Contingency Response Staffing Supporting the CRO: 2 on-call administrative personnel Execute a calling tree Keep a running record of events Perform any duties as directed by the CRO Not decision makers but need to be on a 24 hour duty cycle Must be immediately available by cell phone or page Near enough to the primary physical facility to be there very quickly 23

Contingency Response Staffing The armed services responds very quickly to incidents because they have had a duty section structure in place since...well...forever This implements the same concept at a civilian level 24

Contingency Response Notification Immediate response personnel (CRO and admin support) have cell phones/ pagers supplied by the organization Handed off at relief each day ONLY one number to call/page CRO Detached from who is actually on duty 25

Contingency Response Team Composition of remainder of the team is much like you would find on a Crisis Management Team PR to handle media relations Legal to handle legal & compliance Management-level facilities member to expedite facilities issues Team core ought to consist of executive assistants and senior administrators Not necessarily managers but the people who actually get things done You all know who these people are 26

Contingency Response Team Contingency Response Team Leader should be as senior a person in the organization as you can convince management the position ought to be! NOT a micromanager! Should relieve the CRO as soon as the situation is relatively under control and the Team Leader has been fully briefed 27

Expansion of Concept/Model I am working to expand this concept in two directions An academic paper documenting the literature and clearly delineating the concept and design (I am an academic and I do have to get published) A whitepaper with a practical guide for implementation 28

Contact Ray Trygstad 630.682.6032 trygstad@iit.edu 29

The End Questions? 30

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback