{source}<iframe vheight="3280px" height="400px" width="100%" src="BCP/index.htm" ></iframe>{/source}

View this presentation full screen.

Think you got it now?  Are you ready to try a test?  Security Concepts Quiz 1.

For people who wanted to capture language in the deck, here's an output of outline view.

Business Continuity BCP and DRP
Major Areas in BCP
  • Project scope and planning
  • Business impact assessment
  • Continuity planning
  • Approval and implementation
7 Milestones in BCP
  1. Develop continuity planning policy statement
  2. Conduct Business Impact Analysis – critical functions and systems, prioritization based on necessity. Identify vulnerabilities and threats, calculate risk
  3. Identify preventive controls – implement controls and countermeasures to reduce organization's risk level in an economical manner
  4. Develop recovery strategies – methods to ensure systems and critical functions can be brought online quickly
  5. Develop contingency plan – write procedures and guidelines for how the organization stays functional in a crippled state
  6. Test the plan and conduct training and exercises, identify deficiencies in the BCP and conduct training to properly prepare individuals on their tasks
  7. Maintain the plan
Six Elements in Quantitative Risk Analysis
Business Continuity Plan (BCP)

The BCP focuses on sustaining an organization’s mission/business processes during and after a disruption. An example of a mission/business process may be an organization’s payroll process or customer service process. A BCP may be written for mission/business processes within a single business unit or may address the entire organization’s processes. The BCP may also be scoped to address only the functions deemed to be priorities. A BCP may be used for long-term recovery in conjunction with the COOP plan, allowing for additional functions to come online as resources or time allow. Because mission/business processes use information systems (ISs), the business continuity planner must coordinate with information system owners to ensure that the BCP expectations and IS capabilities are matched.

Continuity of Operations Plan (COOP)
COOP focuses on restoring an organization’s mission essential functions (MEF) at an alternate site and performing those functions for up to 30 days before returning to normal operations. Additional functions, or those at a field office level, may be addressed by a BCP. Minor threats or disruptions that do not require relocation to an alternate site are typically not addressed in a COOP plan.
Standard elements of a COOP plan include:
Program plans and procedures
Continuity communications
Risk management
Vital records management
Budgeting and acquisition of resources  
Human capital
Essential functions  
Test, training, and exercise
Order of succession
Delegation of authority
Continuity facilities
Disaster Recovery Plan (DRP)

The DRP applies to major, usually physical disruptions to service that deny access to the primary facility infrastructure for an extended period. A DRP is an information system-focused plan designed to restore operability of the target system, application, or computer facility infrastructure at an alternate site after an emergency. The DRP may be supported by multiple information system contingency plans to address recovery of impacted individual systems once the alternate facility has been established. A DRP may support a BCP or COOP plan by recovering supporting systems for mission/business processes or mission essential functions at an alternate location. The DRP only addresses information system disruptions that require relocation.

Types of BCP Plans




Plan Relationship

Business Continuity Plan

Provides procedures for sustaining mission/business operations while recovering from a significant disruption

Addresses mission / business processes at a lower or expanded level from COOP MEFs

Mission/business process focused plan that may be activated in coordination with a COOP plan to sustain non-MEFs.

Continuity of Operations (COOP) Plan  

Provides procedures and guidance to sustain an organization’s MEFs at an alternate site for up to 30 days; mandated by federal directives.

Addresses MEFs at a facility; information systems are addressed based only on their support of the mission essential functions.

MEF focused plan that may also activate several business unit-level BCPs, ISCPs, or DRPs, as appropriate.  

Crisis Communications Plan

Provides procedures for disseminating internal and external communications; means to provide critical status information and control rumors.

Addresses communications with personnel and the public; not information system- focused.

Incident-based plan often activated with a COOP or BCP, but may be used alone during a public exposure event.

Critical Infrastructure Protection (CIP) Plan

Provides policies and procedures for protection of national critical infrastructure components, as defined in the National Infrastructure Protection Plan.

Addresses critical infrastructure components that are supported or operated by an agency or organization.

Risk management plan that supports COOP plans for organizations with critical infrastructure and key resource assets.  

Cyber Incident Response Plan

Provides procedures for mitigating and correcting a cyber attack, such as a virus, worm, or Trojan horse.

Addresses mitigation and isolation of affected systems, cleanup, and minimizing loss of information.  

Information system- focused plan that may activate an ISCP or DRP, depending on the extent of the attack.  

Disaster Recovery Plan (DRP)

Provides procedures for relocating information systems operations to an alternate location.

Activated after major system disruptions with long-term effects.

Information system- focused plan that activates one or more ISCPs for recovery of individual systems.

Information System Contingency Plan (ISCP)

Provides procedures and capabilities for recovering an information system.

Addresses single information system recovery at the current or, if appropriate alternate location.

Information system- focused plan that may be activated independent from other plans or as part of a larger recovery effort coordinated with a DRP, COOP, and/or BCP.

Occupant Emergency Plan (OEP)

Provides coordinated procedures for minimizing loss of life or injury and protecting property damage in response to a physical threat.

Focuses on personnel and property particular to the specific facility; not mission/business process or information system-based.

Incident-based plan that is initiated immediately after an event, preceding a COOP or DRP activation.

Identification of Downtime
Response v. Recovery
BIA Business Impact Analysis – Recovery Point Objective
Business impact analysis has to consider cost effectiveness
Business functional priorities
Timeframe for recovery
Resource requirements
Look at the impact to an asset based on a vulnerability to a threat
Vulnerability assessment is to build an appropriate recovery strategy for that environment
Maximum tolerable downtime MTD is the point of no return
MTD is used to define resource requirements in CIP
MTD and RTO - Time is Critical
MTD – Maximum Tolerable Downtime is how long the business will tolerate a disruption of mission critical functions
RTO – Recovery Time Objective is how long a system/process can be down before the mission is impacted
Types of testing
Checklist: (Consistency) Copies of the plan are distributed to management for review.
  •  Structured Walk-Through: (Validity Test) Business unit management meets to review the plan.
  •  Simulation Test: All support personnel meet in a practice execution session.
  •  Parallel Test: Critical systems are run at an alternate site.
  •  Full-Interruption Test: Normal production shut down, with real disaster recovery processes.
Class of fire suppression
Class A
Fueled by:  paper, trash, wood, cloth, rubber, etc.
Best to extinguish with: water
Class B
Fueled by: flammable liquids, greases, and gas
Best to extinguish with: liquid foam
Why not water:  a solid stream of water can cause the fuel to scatter which will spread the flames
Class C
Fueled by: burning wires, electrical fires, and energized electrical equipment
Best to extinguish with: carbon-dioxide based extinguishers
Why not water: water can damage equipment and conduct electricity causing electric shock
Class D
Fueled by: combustible metals (sodium, titanium, magnesium, etc.)
Best to extinguish with: copper-based dry powder or sodium chloride
Why not water: water can make Class D fires worse! Water helps fuel these fires.