donald hester march 9, 2010 for audio call toll free 1 - 888-886-3951 and use pin/code 695202 it...
TRANSCRIPT
![Page 1: Donald Hester March 9, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 695202 IT Best Practices for Community Colleges Part 2: Business](https://reader036.vdocuments.site/reader036/viewer/2022062417/5514e764550346b0478b5a70/html5/thumbnails/1.jpg)
Donald HesterMarch 9, 2010
For audio call Toll Free 1-888-886-3951
and use PIN/code 695202
IT Best Practices for Community Colleges Part 2: Business ContinuityIT Best Practices for Community Colleges Part 2: Business Continuity
![Page 2: Donald Hester March 9, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 695202 IT Best Practices for Community Colleges Part 2: Business](https://reader036.vdocuments.site/reader036/viewer/2022062417/5514e764550346b0478b5a70/html5/thumbnails/2.jpg)
• Maximize your CCC Confer window.• Phone audio will be in presenter-only mode.• Ask questions and make comments using the chat window.
HousekeepingHousekeeping
![Page 3: Donald Hester March 9, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 695202 IT Best Practices for Community Colleges Part 2: Business](https://reader036.vdocuments.site/reader036/viewer/2022062417/5514e764550346b0478b5a70/html5/thumbnails/3.jpg)
Adjusting AudioAdjusting Audio
1) If you’re listening on your computer, adjust your volume using the speaker slider.
2) If you’re listening over the phone, click on phone headset.
Do not listen on both computer and phone.
![Page 4: Donald Hester March 9, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 695202 IT Best Practices for Community Colleges Part 2: Business](https://reader036.vdocuments.site/reader036/viewer/2022062417/5514e764550346b0478b5a70/html5/thumbnails/4.jpg)
Saving Files & Open/close CaptionsSaving Files & Open/close Captions
1. Save chat window with floppy disc icon
2. Open/close captioning window with CC icon
![Page 5: Donald Hester March 9, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 695202 IT Best Practices for Community Colleges Part 2: Business](https://reader036.vdocuments.site/reader036/viewer/2022062417/5514e764550346b0478b5a70/html5/thumbnails/5.jpg)
Emoticons and PollingEmoticons and Polling
1) Raise hand and Emoticons
2) Polling options
![Page 6: Donald Hester March 9, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 695202 IT Best Practices for Community Colleges Part 2: Business](https://reader036.vdocuments.site/reader036/viewer/2022062417/5514e764550346b0478b5a70/html5/thumbnails/6.jpg)
CISOA Conference CISOA Conference
http://cisoa.net
![Page 7: Donald Hester March 9, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 695202 IT Best Practices for Community Colleges Part 2: Business](https://reader036.vdocuments.site/reader036/viewer/2022062417/5514e764550346b0478b5a70/html5/thumbnails/7.jpg)
Donald Hester
IT Best Practices for Community Colleges Part 2: Business ContinuityIT Best Practices for Community Colleges Part 2: Business Continuity
![Page 8: Donald Hester March 9, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 695202 IT Best Practices for Community Colleges Part 2: Business](https://reader036.vdocuments.site/reader036/viewer/2022062417/5514e764550346b0478b5a70/html5/thumbnails/8.jpg)
8
NIST SP 800-34NIST SP 800-34
OMB Circular A-130, Appendix III, requires the development and maintenance of continuity of support plans for general support systems and contingency plans for major applications.
![Page 9: Donald Hester March 9, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 695202 IT Best Practices for Community Colleges Part 2: Business](https://reader036.vdocuments.site/reader036/viewer/2022062417/5514e764550346b0478b5a70/html5/thumbnails/9.jpg)
Business continuity planning• reestablishment of critical business
operations
• so that operations can continue
If a disaster has rendered the business unusable for continued operations, there must be a plan to allow the business to continue to function
![Page 10: Donald Hester March 9, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 695202 IT Best Practices for Community Colleges Part 2: Business](https://reader036.vdocuments.site/reader036/viewer/2022062417/5514e764550346b0478b5a70/html5/thumbnails/10.jpg)
Management must drive strategic planning to assure continuous information systems availability
Plans are referred to in a number of ways• Business Continuity Plans (BCPs)• Disaster Recovery Plans (DRPs)• Incident Response Plans (IRPs)• Contingency Plans (CP)• Continuity of Operations Plan (COOP)• Business Recovery Plan (BRP)
Some organizations may have many types of plans, some may have one simple plan
Most organizations have inadequate planning
![Page 11: Donald Hester March 9, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 695202 IT Best Practices for Community Colleges Part 2: Business](https://reader036.vdocuments.site/reader036/viewer/2022062417/5514e764550346b0478b5a70/html5/thumbnails/11.jpg)
11
NIST SP 800-34NIST SP 800-34
![Page 12: Donald Hester March 9, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 695202 IT Best Practices for Community Colleges Part 2: Business](https://reader036.vdocuments.site/reader036/viewer/2022062417/5514e764550346b0478b5a70/html5/thumbnails/12.jpg)
12
NIST SP 800-34NIST SP 800-34
![Page 13: Donald Hester March 9, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 695202 IT Best Practices for Community Colleges Part 2: Business](https://reader036.vdocuments.site/reader036/viewer/2022062417/5514e764550346b0478b5a70/html5/thumbnails/13.jpg)
13
![Page 14: Donald Hester March 9, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 695202 IT Best Practices for Community Colleges Part 2: Business](https://reader036.vdocuments.site/reader036/viewer/2022062417/5514e764550346b0478b5a70/html5/thumbnails/14.jpg)
“A formal department or agency policy provides the authority and guidance necessary to develop an effective contingency plan.” • Identify statutory requirements
• Identify organizational requirements
• Management support
• Create policy
• Publish policy (communicate policy)
14
![Page 15: Donald Hester March 9, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 695202 IT Best Practices for Community Colleges Part 2: Business](https://reader036.vdocuments.site/reader036/viewer/2022062417/5514e764550346b0478b5a70/html5/thumbnails/15.jpg)
Begin with Business Impact Analysis (BIA)if the attack succeeds, what do we do then?
The CP team conducts the BIA in the following stages:1.Threat attack identification
2.Business unit analysis
3.Attack success scenarios
4.Potential damage assessment
5.Subordinate plan classification
“The BIA helps to identify and prioritize critical IT systems and components.”
![Page 16: Donald Hester March 9, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 695202 IT Best Practices for Community Colleges Part 2: Business](https://reader036.vdocuments.site/reader036/viewer/2022062417/5514e764550346b0478b5a70/html5/thumbnails/16.jpg)
16
Identify critical IT resources and dependencies
Identify critical IT resources and dependencies
Identify maximum allowable downtime
Identify maximum allowable downtime
Develop recovery strategies & priorities
Develop recovery strategies & priorities
![Page 17: Donald Hester March 9, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 695202 IT Best Practices for Community Colleges Part 2: Business](https://reader036.vdocuments.site/reader036/viewer/2022062417/5514e764550346b0478b5a70/html5/thumbnails/17.jpg)
3 types of threats• Natural - e.g., earthquake,
hurricane, tornado, flood, and fire
• Human - e.g., operator error, sabotage, implant of malicious code, and terrorist attacks
• Environmental - e.g., equipment failure, software error, telecommunications network outage, and electric power failure.
17
![Page 18: Donald Hester March 9, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 695202 IT Best Practices for Community Colleges Part 2: Business](https://reader036.vdocuments.site/reader036/viewer/2022062417/5514e764550346b0478b5a70/html5/thumbnails/18.jpg)
“Measures taken to reduce the effects of system disruptions can increase system availability and reduce contingency life cycle costs.” • Redundancy
• Backups
• Environmental: A/C, Fire Suppression
• Offsite Storage
• UPS/Generator
• Earthquake racks
18
![Page 19: Donald Hester March 9, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 695202 IT Best Practices for Community Colleges Part 2: Business](https://reader036.vdocuments.site/reader036/viewer/2022062417/5514e764550346b0478b5a70/html5/thumbnails/19.jpg)
“Thorough recovery strategies ensure that the system may be recovered quickly and effectively following a disruption.” • Onsite Recovery, recover from backup
• Hardware replacement, Vendor agreements (SLA)
• Alternate site, reciprocal agreements Cold site, warm site, hot site, mobile site,
mirrored sites
19
![Page 20: Donald Hester March 9, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 695202 IT Best Practices for Community Colleges Part 2: Business](https://reader036.vdocuments.site/reader036/viewer/2022062417/5514e764550346b0478b5a70/html5/thumbnails/20.jpg)
Develop an IT Contingency PlanDevelop an IT Contingency Plan
“The contingency plan should contain detailed guidance and procedures for restoring a damaged system.” • Document roles and responsibilities
• Document recovery information
• Notification and Activation
• Damage Assessment
• Recovery Procedures
• Call Tree
![Page 21: Donald Hester March 9, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 695202 IT Best Practices for Community Colleges Part 2: Business](https://reader036.vdocuments.site/reader036/viewer/2022062417/5514e764550346b0478b5a70/html5/thumbnails/21.jpg)
“Testing the plan identifies planning gaps, whereas training prepares recovery personnel for plan activation; both activities improve plan effectiveness and overall agency preparedness.” • Annual testing
Classroom exercises Functional exercise
• Find weakness
• Train users so that when it happens you are ready and know what to do
21
![Page 22: Donald Hester March 9, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 695202 IT Best Practices for Community Colleges Part 2: Business](https://reader036.vdocuments.site/reader036/viewer/2022062417/5514e764550346b0478b5a70/html5/thumbnails/22.jpg)
“The plan should be a living document that is updated regularly to remain current with system enhancements.”• The plan must be maintained in a ready
state that accurately reflects system requirements, procedures, organizational structure, and policies.
• Keep a record of changes
• Updated as needed
22
![Page 23: Donald Hester March 9, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 695202 IT Best Practices for Community Colleges Part 2: Business](https://reader036.vdocuments.site/reader036/viewer/2022062417/5514e764550346b0478b5a70/html5/thumbnails/23.jpg)
23
“State, local, and tribal governments, as well as private sector organizations, are encouraged to use the guidelines, as appropriate." NIST SP 800-100
California Information Security Strategic Plan (OCT 2009)
"...by adopting the National Institute of Standards and Technology (NIST) 800-37 guidelines for certification and accreditation of information systems. Applying NIST guidelines to state government systems will demonstrate California’s leadership in building a resilient, secure, and trustworthy digital infrastructure."
"Establish a California modified version of the NIST 800-30 risk management standard as the risk management standard for all state agencies."
"Establish a California-modified version of the NIST 800-53 recommended security controls within all state agencies."
![Page 24: Donald Hester March 9, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 695202 IT Best Practices for Community Colleges Part 2: Business](https://reader036.vdocuments.site/reader036/viewer/2022062417/5514e764550346b0478b5a70/html5/thumbnails/24.jpg)
NIST SP 800-34 “Contingency Guide for Information Technology Systems”• Has sample documents
ISO 17799 § 11 COBIT § DS4.0 Guide to Disaster Recovery by Michael
Erbschloe ISBN 0-619-13122-5 DRI International Disaster-Resource.com
![Page 25: Donald Hester March 9, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 695202 IT Best Practices for Community Colleges Part 2: Business](https://reader036.vdocuments.site/reader036/viewer/2022062417/5514e764550346b0478b5a70/html5/thumbnails/25.jpg)
Donald E. HesterCISSP, CISA, CAP, MCT, MCITP, MCTS, MCSE Security, Security+
Maze & Associates
@One / San Diego City College
www.LearnSecurity.org
http://www.linkedin.com/in/donaldehester
http://www.facebook.com/group.php?gid=245570977486
Q&AQ&A
![Page 26: Donald Hester March 9, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 695202 IT Best Practices for Community Colleges Part 2: Business](https://reader036.vdocuments.site/reader036/viewer/2022062417/5514e764550346b0478b5a70/html5/thumbnails/26.jpg)
Evaluation Survey LinkEvaluation Survey Link
Help us improve our seminars by filing out a short online evaluation survey at:
http://www.surveymonkey.com/s/10SpIT2
![Page 27: Donald Hester March 9, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 695202 IT Best Practices for Community Colleges Part 2: Business](https://reader036.vdocuments.site/reader036/viewer/2022062417/5514e764550346b0478b5a70/html5/thumbnails/27.jpg)
Thanks for attendingFor upcoming events and links to recently archived
seminars, check the @ONE Web site at:
http://onefortraining.org/
IT Best Practices for Community Colleges Part 2: Business ContinuityIT Best Practices for Community Colleges Part 2: Business Continuity