CHAPTER 11

Contingency
Planning

Copyright © 2023 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com.
Learning Objective(s) and Key Concepts

Learning Objective(s) Key Concepts

Copyright © 2023 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
 Explain the role of contingency  Business impact analysis (BIA)
planning, the basics of incident
 Business continuity plan (BCP)
handling, and the tools and
techniques that digital forensic  Backing up data and applications
specialists use to carry out a
 Incident handling
forensic investigation.
 Disaster recovery plan (DRP) and
recovery techniques
Business Continuity Management

 Business continuity plan (BCP)

 Contains the actions needed to keep critical business processes running after a

Copyright © 2023 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
disruption
 Disaster recovery plan (DRP)
 Details the steps to recover from a disruption and restore the infrastructure
necessary for normal business operations
 Disruption
 A sudden unplanned event
 Upsets an organization’s ability to provide critical business functions and causes
great damage or loss
 Major disruptions include extreme weather, criminal activity, civil unrest/terrorist
acts, operational and application failure disruptions, and pandemics
Emerging Threats

 New technology  Reliability of cloud or virtualization

services

Copyright © 2023 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
 Changes in the culture of the
organization or environment  Cloud service provider (CSP) lock-
in
 Unauthorized use of technology
 Insecure application program
 Changes in regulations and laws
interfaces (APIs)
 Changes in business practices
 Malicious insiders
(e.g., outsourcing and globalization)
 Account hijacking
 Violation of virtualization barriers
 Lack of access controls for
outsourced resources
Static Environments

 Supervisory Control and Data Acquisition (SCADA)

Copyright © 2023 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
 Embedded systems
 Mobile devices (Android and iOS)
 Mainframes
 Gaming consoles
 Internet of Things (IoT) devices
 Vehicle systems
Terminology (1 of 2)

 Critical business function (CBF)

 A business function that, if it fails, causes normal operations to cease

Copyright © 2023 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
 Business impact analysis (BIA)
 An analysis of CBFs to determine what kinds of events could interrupt normal
operation
 Maximum tolerable downtime (MTD)
 The most time a business can survive without a specific CBF
Terminology (2 of 2)

 Recovery time objective (RTO)

 The timeframe for restoring a CBF; must be shorter than or equal to the MTD

Copyright © 2023 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
 Recovery point objective (RPO)
 The point to which data must be recovered

 Emergency operations center (EOC)

 The place where the recovery team will meet and work during a disruption
Assessing MTD

 Determine MTD by business requirements

Copyright © 2023 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
 MTD is closely associated with the RTOs of several integrated CBFs
 Example:
 Online retailer depends on its website to generate revenue
 Web servers depend on network services, Internet service provider (ISP)
availability, and electricity, each of which has an RTO associated with the MTD
 If the website has an MTD of four hours, the RTO of the failed network services,
ISP availability, and electricity must be less than four hours
 RPO
 Defines the amount of tolerable data loss
 Can come from the BIA or from a government mandate, for example, banking laws
or regulations pertaining to pharmaceutical research data retention
Business Impact Analysis

 Security pro should ask:

 What must we be able to carry out to stay in business?

Copyright © 2023 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
 What can interrupt the critical business functions?
 How will CBF interruptions affect the business and its ability to protect the
confidentiality, integrity, and availability of its data?
 Conduct a BIA for these reasons:
 Set value of each business unit or resource as it relates to how the entire
organization operates
 Identify critical needs to develop a business recovery plan
 Set order or priority for restoring the organization’s functions after a disruption
Speed of Impact

 Some incidents might become more significant over time

Copyright © 2023 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
 Some systems are more important during certain times of the year
 Critical dependencies:
 Information processing
 Personnel
 Communications
 Equipment
 Facilities
 Other organizational functions
 Vendors
 Suppliers
 Copyright © 2023 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
Assessing the Impact of Downtime

 Systems

 Property
 People

 Data
Plan Review and Testing

 Important to review and update BCP, DRP, and inventory and configuration lists
regularly

Copyright © 2023 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
 Planning and testing revisions is an excellent way to train new employees
 Tests for a BCP and DRP:
 Checklist
 Structured walk-through
 Simulation
 Parallel
 Full-interruption
Backing Up Data and Applications

 Plans must include dealing with:

 Backup storage media

Copyright © 2023 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
 Location
 Access

 Backups provide extra copies of needed resources, such as:

 Data
 Documentation
 Equipment
 Copyright © 2023 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
Types of Backups

 Incremental
 Differential
 Full
Incident Handling

 Preparation

Copyright © 2023 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
 Identification
 Notification
 Response
 Recovery and follow-up
 Documentation and reporting
Recovery from a Disaster

 A DRP:
 Establishes an EOC as an alternate location from which the BCP/DRP will be

Copyright © 2023 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
coordinated and implemented
 Names an EOC manager
 Determines when that manager should declare an incident a disaster
Activating the DRP

 Restore business operations

Copyright © 2023 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
 Return operations to their original state before the disaster
Operating in a Reduced/Modified Environment

 Suspend normal processes

Copyright © 2023 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
 Identify minimum recovery resources as part of the recovery needs
 Combine services that were on different hardware platforms onto common
servers
 Continue to make backups of data and systems
Primary Steps to Disaster Recovery

 Ensure the safety of individuals

Copyright © 2023 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
 Contain the damage
 Assess the damage and begin recovery operations according to the DRP and
BCP
Restoring Damaged Systems

 Know where to get configuration charts, inventory lists, and backup applications
and data

Copyright © 2023 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
 Have access control lists to make sure that the system allows only legitimate
users on it
 Update the operating systems and applications with the most current patches
 Make sure the operating systems and applications are current and secure
 Activate the access control rules, directories, and remote access systems to
permit users to get on the new systems
Disaster Recovery Alternatives

 Generators

Copyright © 2023 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
 Safety of damaged site
 Reentry
 Transportation of equipment and backups
 Communications and networks
Recovery Alternatives

 A dedicated site operated by the business, such as a secondary processing

center

Copyright © 2023 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
 A commercially leased facility, such as a hot site or mobile facility
 An agreement with an internal or external facility
Interim or Alternate Processing Strategies

 Common recovery location options:  Processing agreements

 Alternate processing center or

Copyright © 2023 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
 Reciprocal or mutual aid
mirrored site
 Hot site  Reciprocal centers
 Warm site  Contingency
 Cold site
 Mobile site  Service bureau
 Using the cloud
Comparing Common Recovery Site Options

Multiple
Feature Hot Site Warm Site Cold Site Mobile Site
Sites

Copyright © 2023 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
No direct
Cost High Medium Low Varies
costs
Computer
Yes Yes No Yes (if warm) Yes
equipped
Connectivity
Yes Yes No Yes (if warm) Yes
equipped
Data
Yes No No No Yes
equipped
Staffed Yes No No No Yes
Typical lead
Minutes to Hours to Days to Hours to Moments to
time to
hours days weeks days minutes
readiness
Summary

 Business impact analysis (BIA)

Copyright © 2023 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
 Business continuity plan (BCP)
 Backing up data and applications
 Incident handling
 Disaster recovery plan (DRP) and recovery techniques