Comprehensive Guide to Data Security, Business Continuity, Risk Management, and Disaster Recovery

Explore a detailed overview covering topics such as data security revision, business continuity planning, risk analysis, management strategies, incident prevention, response, recovery, change management, and disaster recovery. Learn about risk assessment, business impact analysis, continuity plans, disaster recovery strategies, and more essential concepts for ensuring the security and resilience of organizational operations.

• Data Security
• Business Continuity
• Risk Management
• Disaster Recovery
• Incident Response

soleil Follow

Uploaded on Jul 02, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

Presentation Transcript

1. Data Security Revision 3 ISEC2001/5006, Curtin University

2. Business Continuity (Part 1) Risk = Impact Likelihood Impact = the consequences / damage Likelihood = the chance it will happen

3. Quantitative Risk Analysis Single loss expectancy (SLE) = Asset value x Exposure factor Annualised rate of occurrence (ARO) Annualised loss expectancy (ALE) = SLE x ARO Annual Cost of Safeguard (ACS) = the cost of the control Cost Benefit Analysis (CBA) = the higher, the better!

4. Risk Management Strategies Require no further action: Accept Note it in the risk register then do nothing Avoid Remove the part of the system which contains the risk Transfer Shifts risk eg insurance, outsourcing* Require action: Mitigate Reduce impact and/or reduce likelihood Defend Implement security controls and safeguards

5. Business Continuity (Part 1) Prevention Preparedness Response Recovery How to prevent incidents Business impact analysis what s the impact? Incident response plan what do we do? How to recover after an incident / disaster

6. Business Continuity Planning Business Impact Analysis (BIA) Continuity of Operations Plan (COOP) Disaster Recovery Plan (DRP) Preparedness Recovery Response Training / Awareness Testing & Monitoring

7. Change management Requests Impact assessment Approval Build and test Notification Implementation Validation Documentation

8. Disaster recovery RPO Recovery Point Objective How much data can we afford to lose? RTO Recovery Time Objective What s the longest time we can tolerate without our critical systems being available? (WRT = MTD RTO) MTD Maximum Tolerable Downtime What s the longest outage time we can tolerate? (Speakers notes on hot, cold and warm sites Slide 26)

9. Testing the BCP Structured walkthrough representatives talking through plan. This may identify gaps or weaknesses. Simulation test Involves role-playing and focuses on particular types of disasters or disruptions. Parallel test Recovery systems built/set up to see if they can perform actual transactions to support key processes. Full-scale (or full-interruption) test. Pretend the disaster actually happened and act accordingly with the plan and personnel. Expensive! https://ussignal.com/blog/disaster-recovery-plan-testing-methods-and-must-haves