CIS 502 BUSINESS CONTINUITY AND DISASTER RECOVERY PLANNING

Business Continuity and
Disaster Recovery Planning

Definition
Disaster: is a natural or man-caused event that

damages property and assets, injures or kills people, and impairs the ability for organizations to continue operating.
Business Continuity Planning: is the set of activities required to ensure the continuation of critical business processes when a disaster occurs. Disaster Recovery Planning: is the set of activities concerned with the assessment, salvage, repair, and restoration of damaged facilities and assets that support critical business processes. Two Main Kind of Categories of
Disaster
Natural Disaster
Geological
Meteorological
Other
Health

Man-Made Disasters
Labor
Social-Political
Material
Utilities

How Disaster affect
Business?
Direct Damage
Transportation
 Supply Disruption
 Customer Disruption
 Employee Disruption

Communication
Utilities

Contingency Planning
Process

High Level Contingency and Disaster
Recovery Planning Strategy
• Develop the Business Contingency Planning
•
•
•
•
•
•
•

Policy and Business Process Priorities
Conduct a Risk Assessment
Conduct the Business Impact Analysis (BIA)
Develop Business Continuity and Recovery
Strategies
Develop Business Continuity Plans
Conduct awareness, testing, and training of the
DRP
Conduct Disaster Recovery Plan maintenance and exercise
Identify business processes

Industry Standards
ISO 27001 : Requirements for Information

Security Management Systems. Section 14 addresses business continuity management.
ISO 27002: Code of Practice for Business

Continuity Management.

Industry Standards
NIST 800-34
 Contingency planning



NFPA 1600

 Standard on

guide for information

Disaster/Emergency

Technology systems.

management and

 Seven steps process for

BCP and DRP projects.
 From U.S. national

Institute for Standards and Technology.

business community program.  From U.S. National Fire

protection association.

Industry Standards
NFPA 1620: The

References: Gregory, P. (2010). CISSP Guide to Security Essentials DHS (2012). Business Continuity Plan. Last updated on 12/19/2012 Retrieved on 07/20/2014 from FEMA (2012). Continuity of Operations. Retrieved on 07/20/2014 from July 22, 2014, from http://www.sans.org/readingroom/whitepapers/recovery/disaster-recovery-plantesting-cycle-plan-plan-cycle-563