Scribd
Upload
95 views

CC7178 Cyber Security Management: Presenter: Kiran Kumar Shah

Contingency planning is the process of planning for unexpected events to maintain business continuity. It has three primary components: incident response plans, disaster recovery plans, and business continuity plans. The six main steps to contingency planning are: developing a policy statement, conducting a business impact analysis, identifying resource requirements, identifying preventive controls, creating and implementing contingency strategies, and planning testing, training, and exercises.

Uploaded by

Manish Sharma
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
95 views

CC7178 Cyber Security Management: Presenter: Kiran Kumar Shah

Contingency planning is the process of planning for unexpected events to maintain business continuity. It has three primary components: incident response plans, disaster recovery plans, and business continuity plans. The six main steps to contingency planning are: developing a policy statement, conducting a business impact analysis, identifying resource requirements, identifying preventive controls, creating and implementing contingency strategies, and planning testing, training, and exercises.

Uploaded by

Manish Sharma
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 21

CC7178

Cyber Security Management

Lecture 5

Presenter : Kiran Kumar Shah


Learning Objectives

– Understand the need for contingency planning


– Understand the major components of contingency planning
– Create a simple set of contingency plans, using Business Impact Analysis
– Prepare and execute a test of contingency plans
– Understand the combined contingency plan approach
Contingency Planning
• Different from Risk Management Framework(Risk Management :Proactive,
Contingency Planning: Reactive)
• Goal is to restore normal business within reasonable period of time at minimum cost.
• Main aim is to make organization resilient.
• The Hartford insurance company estimates that, on average, over 40 percent of
businesses that don’t have a disaster plan go out of business after a major loss like a fire,
a break-in, or a storm

What are the information security objectives?

Contingency Planning focuses on Availability


information security objective.
…………….
Steps of Contingency Planning
1. Develop the CP policy statement.
A formal policy provides the authority and guidance necessary to develop an effective contingency plan.
Contingency Planning Management Team headed by Information Security Contingency Plan
Coordinator. Include members from business community, IT manager, Info security, legal, CIO.
Related with other policies(HR,Account, etc)

2. Conduct the BIA.


The BIA helps identify and prioritize information systems and components critical to supporting the
organization’s mission/business processes and what will be the major consequences in case of disruption

3.Identify Resource Requirement:


evaluation of the resources required to resume mission/business processes as quickly as possible. identify
internal and external POCs
Steps of Contingency Planning
4.Identify Preventive Controls:

identification of effective contingency planning preventive controls and maintaining these controls on an
ongoing basis(Like fire suppression system ,fire extinguisher, backup)

5. Creating and implementing Contingency Strategy:


deals with selecting and implementing the right set of security controls. For e.g.; incident ,disaster and
business continuity).

6. Plan Testing, Training, and Exercises:


Testing: determines operability of the plan by identifying any deficiencies. Should be as close to
operation environment.(like network down , calling POC)

Training: deals with informing personnel of their roles and responsibilities within a particular
information system contingency plan and teaching them skills related to those roles and responsibilities
for preparing them for participation in exercise, test and emergency.
Done Annually.

Exercises: (Testing and Training) simulation of an emergency designed to validate successful operation
of components of contingency planning.(drill test)
Components of Contingency Planning

Business Impact analysis:


Identifies the information systems that are critical for business operations and assess
consequences in case of disruption of that system.

High Impact System(with high requirement of information security objective) will have
huge impact to business
Low Impact System(with low requirement of information security objective) will have low
impact to the business

Its result will help in the development of the following plans:

• Incident Response Plan (IRP)


• Disaster Recovery Plan (DRP)
• Business Continuity Plan (BCP)
Stages of Business Impact Analysis
1. Business Unit Analysis
Identify critical business and its supporting information system

2.Threat attack identification and prioritization:


Create Attack profile of various attack which includes, symptoms of attack, what
information systems it will impact.

3. Attack Success Scenario


Create series of scenario, determining outcome of a successful attack from each threat on
critical information system

4. Potential Damage Assessment


Outcome of scenario is ranked:(low, medium, high)
Attack scenario end case

5. Subordinate Plan Classification:


Decide which plan to execute like IR plan(low), DR plan(medium) and BCP plan(high)
Business Process and Recovery Criticality
• It is the process of determining recovering high-impact system that is based on the following
criteria:

1. Maximum Tolerable Downtime (MTD):


• Total amount of outage or disruption time that system owner is willing to accept considering
all impact.

2. Recovery Time Objective(RTO):


• Maximum time period within which business process has to be restored to avoid unacceptable
impact .(MTD vs RTO)

3. Recovery Point Objective(RPO):


• It is measure in time that shows acceptable amount of loss of data that business/process
can tolerate.

4. Work Recovery Time(WRT):


• It deals with restoring data , testing process and then making everything live for production
purpose
(if any assets, which has low MTD, RTO, WRT, critical or non-critical?
https://defaultreasoning.com/2013/12/10/r
po-rto-wrt-mtdwth/
Optimal point balances the cost of organization due to disruption and cost of control.
Incident Response Plan(IRP)
What is incident?(low impact)
 Directed against information assets.(CIA of assets)
 Have realistic chance of success
 Threatens CIA of information resources

IRP deals with how to identify, mitigate and recover from those computer incident
Stages of Incident Response Planning
1. IR planning:
For each attack scenario developed in BIA, we develop series of predefined action scenario in a
checklist(panic situation).

2. Incident Detection
Incident indicators provided by human or automation system

3. Incident Reaction
Stop the incident, mitigate the impact, inform key personnel(alert rooster, alert message),
documentation(learning(root cause analysis), legal standpoint(evidence), run simulation)
what will you do if your junior staff reports you about cyber incident?
4. Incident Recovery
Damage assessment and recovery method. Includes following activities:
2. Identifying Vulnerabilities
3. Addressing Safeguards
4. Restoring data from backups
5. Monitoring the system.
6. Inform communities of interest
Disaster Recovery Plan(DRP)
What is disaster?
 Unable to mitigate impact of incident
 Impact is severe that organization cannot recover quickly.

It deals with restoring information system operation at primary site during the
emergency
Stages of Disaster Recovery Plan

1. Disaster Recover Plan:


Includes type of disaster and specific recovery procedures during and after each type of disaster.
Roles and responsibilities

2. Crisis Management:
Creating Crisis Management team and creating command center. Two Functions:

2. Accounting for everyone/supporting personnel.


3. Activating alert rooster.
4. Keeping public/management inform

3. Recovery Operation:
Restore the system to full operation like replacing damaged assets, restoring backup, developing
infrastructure, assigning people. If primary site destroyed BCP is initiated.
Business Continuity Plan(BCP)
 Occurs when those operations cannot be quickly restored at primary site and
disruption will have long term impact.
 Enables to continue business at alternative sites like hot, warm, cold.
Stages of Business Continuity Plan
BCP used in multinational companies that small companies

1. Plan for continuity of operation


Deals with finding temporary facilities equipped with necessary resources to run critical function to continue business.

2. Continuity Strategies
Different Options based on cost:
a. Hot Sites:
Is facility that is maintained in constant working order, with a full complement of servers, workstations, and communications links ready to
assume primary operations responsibilities. The servers and workstations
are all preconfigured and loaded with appropriate operating system and application software. Instantly run Most Expensive.

b. Warm Sites:
usually preconfigured and ready to run appropriate applications to support an organization’s operations but do not contain data/backup. Takes
less time(min 12 hrs) to be fully operational.

c. Cold Sites:
Large warehouse with basic infrastructure like electricity, communication but not any computing facilities like hardware software. Least
expensive. Weeks before fully operation.

3. Continuity management: (how to arrange for these sites)


Provision of above sites via mutual agreement, paying for vendor.
Week 5 Exercises Questions (Write in you own words not more than 4-5 sentences)

What is the name for the broad process of planning for the unexpected? What are its three primary components?
 
List the six main steps to CP.
 
List and describe the four teams that perform the planning and execution of the CP plans and processes. What is
the primary role of each?
 
List and describe the three criteria used to determine whether an actual incident is occurring.
 
List and describe the three sets of procedures used to detect, contain, and resolve an incident.
 
List and describe the four IR planning steps.
 
List and describe the actions that should be taken during an incident response.
 
What is an alert roster? What is an alert message? Describe the two ways they can be used when activated.
 
What is an alert roster? What is an alert message? Describe the two ways they can be used when activated.
 
 
What criteria should be used when considering whether or not to involve law enforcement agencies during an
incident?
 
What is a disaster recovery plan, and why is it important to the organization?
 
List and describe two rapid-onset disasters. List and describe one slow-onset disaster. How would you respond
differently to the two types of disasters?
 
What is a business continuity plan, and why is it important?
 
What is a business impact analysis and what is it used for?
 
 
Which types of organizations might use a unified continuity plan? Which types of organizations might use the
various contingency planning components as separate plans? Why?
CASE STUDY

You might also like