CISSP-06-Business_Continuity_and_Disaster_Recovery_Planning.pdfVIP免费

BusinessContinuityandDisasterRecoveryPlanningXuHui,CISSPEmail:china.xuhui@gmail.com2013/4/11CISSPExpectationsUnderstandbusinesscontinuityrequirementsDevelopanddocumentprojectscopeandplan理解业务连续性需求ConductBIAIdentifyandprioritizecriticalbusinessfunctionsDeterminemaximumtolerabledowntime(MTD)andothercriteriaAssessexposuretooutages,e.g.,local,regional,globalDefinerecoveryobjectives业务影响分析DeveloparecoverystrategyImplementabackupstoragestrategy,e.g.,offsitestorage,electronicvaulting,taperotationRecoverysitestrategies开发恢复策略3CISSPExpectation->CISSPExpectationsUnderstandDRprocessResponsePersonnelCommunicationsAssessmentRestoration理解灾难恢复流程Providetraining提供培训Test,update,assessandmaintaintheplan,e.g.,versioncontrol,distribution测试、更新、评估和维护灾难恢复计划4CISSPExpectation->Topics※1.BCPandDRPOverview※2.GeneralBCP/DRPProcess※3.ISO22301BCMS1.BCPANDDRPOVERVIEWBCP&DRP•ThegoalofaBCP(BusinessContinuityPlan)istoensurethatthebusinesswillcontinuetooperatebefore,throughout,andafteradisasterevent.ThefocusofaBCPisonthebusinessasawhole,providesalong-termstrategyforensuringthecontinuedsuccessfuloperationofanorganizationinspiteofinevitabledisruptiveeventsanddisasters.•TheDRP(DisasterRecoveryPlan)focusesonefficientlyattemptingtomitigatetheimpactofadisasterandtheimmediateresponseandrecoveryofcriticalITsystemsinthefaceofsignificantdisruption.Itisconsideredtacticalratherthanstrategicandprovidesameansforimmediateresponse.BCP&DRPOverview->WhyBCP/DRP•对于企业来讲，任何导致机构关键业务功能在一定时间内无法进行的事件都被视为灾难。其特点表现为：–计划之外的服务中断–超出预期的服务中断–无法通过平常的事件管理程序得到解决–中断造成了重大损失•Gartner分析报告–2/5公司经历大灾难后再也不能恢复运作–1/3公司经历大灾难后在2年内倒闭•根据IDC的一项关于1990-2000年10年间公司遭遇灾难情况的统计，灾难发生后，由于数据丢失或者企业没有业务连续性计划，55％的公司当时即宣告倒闭，剩下的45％中，有29％的公司在两年内倒闭。BCP&DRPOverview->Regulatio...