HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 64 guests and 4 members online
EH-Net News Feeds
Latest Additions
 
Advertisement

You are here: Home arrow Forum arrow Columnsarrow RichMarrow [Article]-BCP and DRP from Scratch
EH-Net
February 09, 2012, 02:32:33 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Advertise on EH-Net!! - Reasonable Rates, Highly Targeted Audience.
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: [Article]-BCP and DRP from Scratch  (Read 14308 times)
0 Members and 1 Guest are viewing this topic.
don
Editor-In-Chief
Administrator
Hero Member
*****
Online Online

Posts: 3845


Editor-In-Chief


View Profile WWW
« on: April 02, 2007, 12:48:49 AM »
This month RichM tackles disaster recovery and business continuity. One would think that since he was hired to secure the joint, that he would have support from management on such plans. Not so fast. Seems like everyone has mountains to climb.

Permanent Link: [Article]-BCP and DRP from Scratch

Quote

This month's column has been quite a learning experience. Well not the column as much as what I discovered in the process of getting management buy-in for a Business Continuity Planning/Disaster Recovery Planning (BCP/DRP).  In all of the information I have read, three main objectives need to be met in order to develop a BCP/DRP good plan. The major emphasis (and motivation behind this column) is point one:

1.         Management buy-in
2.         Develop the plan (Leave 4 - 6 months for this step)
3.         Ability to test and verify plan

Once I approached management they were extremely excited and asked me to come up with a disaster recovery plan in a week.  I explained that BCP/DRP takes a long time to create and requires feedback and input from key management members, and that rushing it would create an inaccurate plan.  As I watched the decision maker's eyes glaze over, he mumbled something about off site storage of backup tapes and walked away.

And thus my learning experience kicks into high gear.

Be sure to add your comments,
Don
Logged
CISSP, MCSE, CSTA, Security+ SME
jimbob
Sr. Member
****
Offline Offline

Posts: 414



View Profile WWW
« Reply #1 on: April 02, 2007, 03:40:57 AM »
BCP/DRP are among the unglamorous and often forgotten aspects of security. Security practice aims to keep the business rolling, so that includes backup (and more importantly restore), disaster planning, incident response policy and all of the other work that ensures if something goes titsup the damage is minimised. Good to see an article focused on this aspect since it can potentially save a company from ruin.

Jimbob
Logged
slimjim100
EH-Net Columnist
Sr. Member
*****
Offline Offline

Posts: 385



View Profile WWW
« Reply #2 on: April 02, 2007, 06:49:52 AM »
This is where your Project management skills meet your sales skills to get a upper management buy off. I have been in smiler places where you would think common sense would pervale. The reason we have SOX (Sarbanes-Oxley) and HIPPA (Health Insurance Portability and Accountability Act) is because business dose not always want to focus on anything that dose not drive profits to the bottom line. As security professionals we are obligated to know what is the correct course of action is to protect or networks and the company. Understand BCP & DRP is very important and will only add another layer of protection to your company/client. RichM Thanks for pointing out some of the real day to day projects & tasks that are not always brought up in security forums.

Thanks RichM for the article!

Brian Wilson
Logged
CISSP, CCSE, CCNA, CCAI, Network+, Security+, JNCIA, & MCP
don
Editor-In-Chief
Administrator
Hero Member
*****
Online Online

Posts: 3845


Editor-In-Chief


View Profile WWW
« Reply #3 on: April 02, 2007, 11:06:11 AM »
Submitted to digg:

http://digg.com/security/BCP_and_DRP_from_Scratch_Saving_Your_Company_s_A_ets

Don
Logged
CISSP, MCSE, CSTA, Security+ SME
ChrisG
EH-Net Columnist
Hero Member
*****
Offline Offline

Posts: 1166


View Profile WWW
« Reply #4 on: April 02, 2007, 03:07:13 PM »
ohhh good article.

out of curiosity, what type of fire supression do you have in the server room?  I am guessing water, which  means you may want to have a plan in place for replacing every single server in that room and restoring the data once the water hits them.
Logged
...tests i took go here...

http://carnal0wnage.attackresearch.com/
Cutaway
Jr. Member
**
Offline Offline

Posts: 96


Cutaway


View Profile WWW
« Reply #5 on: April 02, 2007, 03:51:05 PM »
ChrisG's comment actually happened the other day to a friend of a friend.  The fire suppression system malfunctioned and destroyed $200,000+ worth of furniture plus the water damage to the building and other assets bumping the price tag up significantly.  The insurance company will not pay up because anything over a couple hundred thousand dollars they fight over so that you have to settle a lesser claim or lose everything.  Everyday they wait for the settlement they are losing money.  They are in the process of triple mortgaging everything just to get enough stock to keep people coming in and supply the people who have already purchased.

Sometimes owning your own business is tough.  But, then again, a good BC/DRP "might" have helped.

Moral of this comment: Do not depend on the insurance company to have your best interest in mind.

Cutaway
Logged
Go forth and do good things,
Cutaway
RichM
EH-Net Columnist
Newbie
*****
Offline Offline

Posts: 49


View Profile
« Reply #6 on: April 03, 2007, 07:46:57 PM »
Thanks to everyone for the kind words.

slimjim100,

It is disturbing how little business thinks about contigency planning till it is too late.  It is our job (whether we like it or not) to sell the concept.  It has been 5+ years since those horrific events on September 11th and many companies still do not get it.

ChrisG, to answer your question, our fires suppression stops and starts with handheld charged fire extinguishers.  As is more par for the course (than most will admit), our server room was at one time office space.  There are no sprinklers of any kind throughout the space, and the door to the "server room" is left unlocked b/c the space is large enough to accomodate old but possibly still usuable (in management's eyes) it equipment printers, switches, etc.

I agree though that if you do have water suppression in your server room that you absolutely need a contigency plan for replacing the hardware.  Even if you have a dry system (water is not charged in the line) once it goes off, it seems as if the cure can be much more harmful than the disease.

cutaway,

Thank you for that sobering example, I will definately carry that with me the next time someone thinks they are mitigating a considerable risk through the purchase of insurance.
Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.16 | SMF © 2011, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.145 seconds with 23 queries.
 

gk_static-ad_feb2012.jpg
Global Knowledge Training: Build Security Skills to Protect and Defend

offsec_130x200-2_jan-feb2012.png
Offensive Security
AWE Live in the Caribbean!
March 5 - 9, 2012

SANS Deals 4 EH-Netters
$150 OFF Any SANS Course in Any Format!
Coupon Code: Refer_EHN
Including SANS Phoenix 2012, SANS 2012
Recent Forum Topics

cbtnuggets_logo_125.jpg
Try CBT Nuggets Free!

Vote For EH-Net

Add to Technorati Favorites
technorati fave

 
         
Advertisement

© 2012 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.