Which of the following is a critical first step in disaster recovery and contingency planning?

Summary

Within this chapter, the authors have attempted to provide the reader with a framework for understanding the complexities of contingency planning and the development of contingency plans. A particular point we attempt to make lies with the importance of planning for categories of contingencies. It is a daunting task to attempt to plan for each and every possible contingency. However, contingencies can be grouped into categories and planned for accordingly. This allows for consistency in preparedness and best utilization of resources. Types of contingencies develop and change over time as societies and organizations change and progress. Prior to the 20th century, nuclear contamination was not a concern, but today countries with nuclear power generation capabilities have in place extensive contingency plans that are regularly tested. More common hazards such as severe weather and other natural events have caused enough damage to drive organizations to better preparedness. State and local governments along with private enterprises in states like California and Mississippi spend large sums of money to prepare to mitigate the effects of earthquakes and flooding.

Contingency planning may not have been a traditional security process, but in today’s global business environment the security organization is assuming a much greater role and responsibility for its implementation. Even prior to the events of September 11, 2001, many organizations were becoming more conscious of the need to have contingency plans. A complete contingency planning program has three major elements:

Emergency response

Crisis management

Business continuity: business recovery and business resumption

Emergency response activities involve responding to an incident, crisis, or disaster and managing that incident at the scene. Should an incident escalate to the crisis or disaster stage, a CMT should take over managing the crisis to its conclusion. If the crisis or disaster does cause damage to a company building, facility, or operation, the CMT should hand over to a business continuity team the responsibility of recovery and resumption. After a disaster, it is critical that the business recovers and resumes normal (preevent) operations as soon as possible. Customers, shareholders, and stakeholders expect nothing less. Executive management has the obligation to ensure contingency planning is properly considered and addressed within their company. The consequences of not planning for contingencies can be catastrophic, with numerous liability issues

Critical Thinking

Can a business be successful without having contingency plans?

Security Principles

Contingency planning forms the basis of an effective response force. This includes corporate policies and procedures, training, determination of response force tactics, use of force, and normal operating procedures.

Response to a malevolent event can be immediate, requiring a response force capable of timely response, or after-the-fact recovery, which is accomplished through a greater range of activities.

Response force strategies include containment, denial, and assault.

A vital element of response force effectiveness is communication.

The measures of response force effectiveness include response force time for interruption and probability of communication. The probability of neutralization can be used at sites where an immediate response is present and guards are expected to engage with the adversary.

Interruption describes arrival of the response force at the appropriate location. It is assumed that for most industrial facilities, arrival will cause the adversary to surrender or abandon the intrusion. For high-security sites, neutralization, or defeat of the adversary after interruption, is another aspect of response force effectiveness.

Contingency Planning Program

The purpose of contingency planning is to better enable IWC to maintain continuity of the business. Should disruptions occur, and they do all too often, IWC must be able to resume normal business activities as quickly as possible. The inability to restore normal operations will have an adverse economic impact on IWC. The extent of the impact will correspond to the extent of the disruption or damage. If the damage is severe and the mitigation of such damage has not been properly planned for, the effect could be catastrophic. Essentially, the business could fail.

Having an IWC policy on contingency planning is the basis for a sound and functional program. It is also an integral part of the IWC CAPP. Contingency planning is generally not considered part of the normal daily operation for most employees, departments, or organizations. Therefore, it is not automatically or even normally addressed. Employees and management tend to focus on the priorities of their specific jobs and departments. Seldom do they consider the potential effects of a contingency occurrence. Contingency planning for most at IWC is not perceived to be part of their job. A contingency planning program is required by IWC policy, and specific responsibilities are identified and assigned. Ultimately, to become completely effective, contingency planning must become part of IWC’s business and company culture.

Contingency planning is a continuous process. It is not something that can be done once and put away, only to be retrieved when needed. It is a continuous process requiring periodic updates and revisions as appropriate to, and consistent with, changing IWC business conditions. It also involves implementing and maintaining an awareness or training element. The process of contingency planning at IWC is focused to achieve the following:

Secure and protect people: In the event of a crisis, people must be protected.

Secure the continuity of the core elements of the business: The infrastructure and critical processes — minimize disruptions to the business.

Secure all information systems: These include or affect supplier connections and customer relationships.

Throughout the remaining sections of this chapter, elements of the contingency planning process and program (Figure 41-2) will be presented and explained. Examples of different situations, as encountered at IWC or by the IWC CSM will be used to illustrate impact and response.2

Roles and Responsibilities

The Contingency Plan should establish roles and responsibilities designed to recover operations. Depending on the outage or disaster that has occurred, the recovery operations ostensibly could be at the original facility, or at an alternate facility. Because there are so many different recovery scenarios, you'll want to have the roles and responsibilities defined in general terms so that they can be applied to as many different types of situations as possible.

Depending on the size of your organization or department, some of your staff may provide support for more than one role. Typically, the roles of the recovery team are additional roles to a staff member's regular and ordinary duties. For example, the ISSO may act as the Contingency Planning Coordinator and an IT manager may act as the Information Systems Operations Coordinator. It is also conceivable that two people could act as a team in assuming the responsibilities of a particular role. For example, the Damage Assessment Coordinator has such an extensive list of duties that it might make sense to assign two people to this role. The names of the particular staff who will be assuming each role should be documented. An example of how to document these roles is depicted in Table 16.2.

Table 16.2. Recovery Roles Noted

Roles, and the associated responsibilities of the recovery team, that seem to work well for many Contingency Plans are included in the sections that follow. However you should not limit your Contingency Plan to what is documented in these sections. Your plan may require additional or altogether different roles depending on your operations and your business mission.

Hardware Backup

Most people think contingency planning and hardware backup are the same thing. This is not the case. Hardware backup is only one element of contingency planning. In this phase, classifying possible disruptions is useful so that hardware backup strategies can be developed. There are three categories of disruptions: nondisasters, disasters, and catastrophes.

Nondisaster disruptions are normally system malfunctions or other failures. Disasters cause the entire facility to be inoperative for longer than 1 day. Catastrophes entail the destruction of the data-processing facility. In this last category, a new facility must be built or an existing alternate structure must be identified to be used as the computer center.

Once the extent of the disruption is ascertained, the company must make arrangements for alternate locations in which to conduct their computer operations. Alternative locations are categorized into hot, warm, and cold sites. Hot sites are fully configured and ready to operate within several hours. Warm sites are partially configured but are missing the central computer. Because the central computer is missing, these sites are less expensive than hot sites. However, it may take several days or weeks to locate and install the main computer and any other missing equipment necessary for operation. Once the equipment is installed, these sites can be operational within several hours. The least expensive sites are referred to as cold sites. These locations are ready to receive equipment but do not have any components installed in advance. Cold sites take at least several weeks to become operational.

The major factors in choosing the right “temperature” of the three types of sites are the company’s needs in terms of activation time and cost. All companies must also have a way of alerting personnel of a disruption and telling employees which site to report to for work. Computer personnel must also be trained to operate the hardware at the new site. Finally, the hardware must be compatible with the equipment damaged or destroyed.

I.B.3 Military Missions and Goals: A Second Conflict of Cultures

Military officers in peacetime are tasked with contingency planning to be ready to fight the next war and to anticipate other threats. To do this, they must be advocates for government funding needed to research and develop—or purchase from elsewhere—the best and most technologically advanced weapons while simultaneously recruiting and training military manpower. In addition, since the 1970s, for the United States and the other most modern armed forces, defense and national security has increasingly involved computers, satellites, and a vast array of other scientific and technological equipment as much or more than it involved ships, aircraft, or troops with rifles.

Business continuity and disaster recovery planning basics

Your role as an IT professional is unique in BC/DR because on one hand, you are not necessarily responsible for the company’s comprehensive BC/DR planning, but on the other hand, technology is so integral to most corporate operations, IT can’t be completely separated out as a stand-alone issue. As a result, we will continually address BC/DR in a holistic manner and allow you to determine the most appropriate role for your IT group within your company.

The elements that should be included in your plan will extend beyond the walls of the IT department, so you’ll need to form a project team with expertise in several areas. Figure 1.4 shows some of the areas that might be included, depending on the type of products and services your company creates.

You’re no doubt familiar with the concept of reliable system design and single point of failure when it comes to designing, implementing, managing, and repairing the IT infrastructure for your company. Briefly, these concepts relate to building in redundancies and safeguards so that if one key component fails, the entire company doesn’t come to a screeching halt. You probably also understand that having two servers or routers in the same rack leaves your network vulnerable—the single point of failure could be as simple as someone tripping and spilling a large cup of coffee on the rack itself (granted, they have no business bringing coffee into the data center, but that’s another issue that goes back to how much data loss is caused by humans…). You might conscientiously make backups, verify the backups, and store them securely but leave them on-site. The single point of failure could be as minor as something falling on the rack holding your tape backups or as major as a serious fire in the server room or building.

The reason for discussing this concept at this juncture is that as you look at your BC/DR options, you need to assess your risks with regard to reliable systems and single points of failure. For example, you may want to evaluate your availability solutions as part of an overall business strategy to reduce operational risks, minimize the occurrence and cost of downtime, and maximize data and IT service availability. These availability solutions will also likely impact your compliance with a variety of regulations by providing protection and reliability of information resources as well. Additionally, these solutions will impact your BC/DR risk assessment and planning. If these solutions are not currently in place, this BC/DR planning process may help you build the business case for implementing some of these technologies. If they are currently in place, you can look at them with a fresh perspective to determine how they contribute to an overall business continuity strategy. We’ll discuss this in more detail in Chapter 4.

With that, let’s look at contingency planning basics: the steps to be taken to create a solid BC/DR plan for your company. The basic steps in any BC/DR plan, shown in Figure 1.5, include:

Project initiation

Risk assessment

Business impact analysis

Mitigation strategy development

Plan development

Training, testing, and auditing

Plan maintenance

Those of you familiar with project management (PM) methodologies will notice the similarity in the BC/DR planning process to PM processes and with good reason. Creating a BC/DR plan can (and should) be approached as a discrete project that has a defined start, middle, and end. As with many other IT projects, once the BC/DR plan is completed, it must be maintained so that it stays current with changes in the company, its technology, and the broader business landscape. We’ll discuss each of the sections here briefly to provide an overview, and we’ll delve more deeply into each of these areas in subsequent chapters.

8.7 Challenges Faced

The 2018 and 2019 Kerala floods highlighted challenges in key institutional coordination, policy guidelines, contingency planning, disaster risk management programs, public infrastructure services, financing programs, and data collection.

The floods highlighted a number of structural constraints that left Kerala unprepared for major natural disasters. This included inadequate policies and institutional frameworks to manage and monitor critical natural resources such as water and land. There is also the absence of risk-informed spatial and sectoral planning policies and frameworks that led to extensive urban sprawl, unmanaged construction in hazard-prone areas. Another challenge faced at the time of the disaster was the lack of disaster risk preparedness in key socioeconomic sectors and weak capacity of institutions and individuals to anticipate and respond to extreme events. More importantly, there is a lack of availability and sharing of reliable data for disaster risk planning and management due to inadequate hydromet system, and limited fiscal resources and financing modalities for risk pooling and sharing (RKDP, 2019).

Links to Sites

▪

http://csrc.nist.gov/publications/nistpubs/800-34/sp800-34.pdf - NIST guide to CP

http://bestpractical.com/rtir/ - RT for IR database product

www.snort.org - Snort IDS

http://secureideas.sf.net/ - BASE Snort database engine and tracking software

http://sguil.sf.net, SGUIL Snort front-end

www.opensims.org - OpenSIMS Snort front-end

www.bleedingsnort.com, Cutting-edge Snort rulesets

https://engineering.purdue.edu/ECN/Resources/Documents/UNIX/evtsys - Event Log to Syslog generator

www.amanda.org - AMANDA backup solution

www.tripwire.com - Tripwire file integrity checker

http://aide.sf.net - AIDE file integrity checker

http://la-samhna.de/samhain/ - Samhain file integrity checker

www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/tools.html - Checking for security flaws in software overview

www.dwheeler.com/flawfinder - Flawfinder is designed to check C/C++ code for common issues.

www.securesw.com/rats - RATS provides some of the same functionality as Flawfinder

http://bfbtester.sourceforge.net/ - BFBTester will do input validation checking against compiled binaries.

www.immunitysec.com/spike.html - SPIKE is designed for testing network capable applications

www.nessus.org - Nessus open-source vulnerability scanner

https://vsc-dev.itsp.purdue.edu/about.php - Purdue University Nessus Vulnerability Scanning Cluster software for tracking remediation

www.sleuthkit.org - Sleuth Kit forensics toolkit

www.porcupine.org/forensics/tct.html TCT for forensic analysis

www.cacti.net - Cacti network trending software

http://people.ee.ethz.ch/∼oetiker/webtools/mrtg/ - MRTG for network trending and graphing

http://ntop.ethereal.com/ntop.html - Ntop; network trending and protocol graphing

www.tcpdump.org - Tcpdump; everyone's favorite network analysis tooln www.packetfactory.net/projects/ngrep/ - ngrep allows you grep through network traffic

www.netstumbler.com - NetStumbler; Windows-based wireless network detection software

www.kismetwireless.net. Kismet; wireless detection and tracking software.

www.sonar-security.com/sv.html - StumbVerter; generates maps from GPS tracks and NetStumbler

www.channelregister.co.uk/2005/04/07/hard_drive_with_police_info_sold_on_ebay/ - Story on data remaining on sold police hard drive

www.thc.org/download.php?t=r&f=secure_delete-3.1.tar.gz - THC's Secure Delete program for erasing datan http://dban.sf.net - DBAN bootable forensic wipe CD.

http://money.cnn.com/2005/03/17/pf/jumpstart1_0504/index.htm - CNN story on jumpstarting your career.

www.worldwidewardrive.org/ - WorldWide WarDrive site

www.acm.org/ - ACM main Website

http://dc.securitygeeks.com/about.html - DC Security Geeks Web site, local security group

Publisher Summary

Internal control is one of the main elements in the management of risk, along with the transfer of risk to third parties, the sharing of risk, and contingency planning. The risks that any entity faces will inevitably change as the business develops and the environment in which it operates evolves. Companies must therefore regularly review and evaluate the risks to which they are exposed. The aim will usually be to manage and control business risk rather than to attempt to eliminate it completely. The Turnbull guidance is based on the principle that companies will adopt a risk-based approach to establishing of a system of internal control and to the regular review of its effectiveness. The review of the effectiveness of the internal control system should therefore be part of the normal process of managing the business rather than a specific exercise carried out only in order to comply with the recommendations of the Combined Code. A system of internal control can never provide absolute protection against business failure, material error, fraud or breaches of regulations, but it should be able to provide reasonable assurance against these problems.