SlideShare a Scribd company logo
1 of 62
Download to read offline
Guide to Network Security
1st Edition
Chapter Eleven
Contingency Planning and Networking
Incident Response
© 2013 Course Technology/Cengage Learning. All Rights Reserved
Objectives
• Explain the need for contingency planning
• List the major components of contingency planning
• Create a simple set of contingency plans, using
business impact analysis
• Prepare and execute a test of contingency plans
• Explain the network incident response process
• Explain the need for sound backup and recovery
practices and what they consist of
2
© 2013 Course Technology/Cengage Learning. All Rights Reserved
Introduction
• Threats to network systems
– Deliberate attacks from hostile parties
– Outside events
– Internal failures
– Unintended actions of friendly parties
• Network disruption may bring business operations
to a standstill
• Organizations should prepare for the unexpected
3
© 2013 Course Technology/Cengage Learning. All Rights Reserved
What Is Contingency Planning?
• Contingency planning (CP)
– Process of positioning an organization to prepare
for, detect, react to, and recover from man-made or
natural threats to information security assets
– Main goal: restore normal operations following
disruptive event
• Four components of CP
– Business impact analysis (BIA)
– Incident response plan (IR plan)
– Disaster recovery plan (DR plan)
– Business continuity plan (BC plan)
4
© 2013 Course Technology/Cengage Learning. All Rights Reserved
What Is Contingency Planning?
(cont’d.)
• Contingency planning teams
– CP Management Team (CPMT)
• Manages the overall process
• Develops master plan for CP operations
• Collects information about threats to information
systems
• Conducts the BIA
• Staffs the leadership of the subordinate teams
• Provides guidance to and integrates work of
subordinate teams
5
© 2013 Course Technology/Cengage Learning. All Rights Reserved
What Is Contingency Planning?
(cont’d.)
• Contingency planning teams (cont’d.)
– Incident response (IR) team
• Develops, tests, manages, and executes the IR plan
• Detects, evaluates, and responds to incidents
– Disaster recovery (DR) team
• Develops, tests, manages, and executes the DR plan
• Responsible for re-establishing operations at the
primary business site
– Business continuity (BC) team
• Responsible for setting up and starting off-site
operations after an incident or a disaster
6
© 2013 Course Technology/Cengage Learning. All Rights Reserved
What Is Contingency Planning?
(cont’d.)
• Incident response
– Focus is on small-scale events
– Examples: hacking attempts, malware, or misuse of
corporate assets
• Incident may escalate into a disaster
– IR plan may give way to the DR and BC plans
• Business resumption plan
– Used by some organizations as combination of DR
and BC plans
7
© 2013 Course Technology/Cengage Learning. All Rights Reserved 8
Figure 11-1 An incident turns into a disaster
© Cengage Learning 2013
© 2013 Course Technology/Cengage Learning. All Rights Reserved 9
Figure 11-2 Move from disaster recovery to business continuity
© Cengage Learning 2013
© 2013 Course Technology/Cengage Learning. All Rights Reserved
Stages and Components of
Contingency Planning
• Major steps from NIST Special Publication 800-34
Rev. 1 Contingency Planning Guide for Federal
Information Systems
1. Form the CPMT
2. Develop the CP policy statement
3. Conduct the BIA
4. Form subordinate planning teams
5. Develop subordinate planning policies
6. Integrate the BIA
7. Identify preventive controls
10
© 2013 Course Technology/Cengage Learning. All Rights Reserved
Stages and Components of
Contingency Planning (cont’d.)
• Major steps (cont’d.)
8. Organize response teams
9. Create contingency strategies
10.Develop subordinate plans
11.Ensure plan testing, training, and exercises
12.Ensure plan maintenance
11
© 2013 Course Technology/Cengage Learning. All Rights Reserved 12
Figure 11-3 Incident response, disaster recovery,
and business continuity workflow
© Cengage Learning 2013
© 2013 Course Technology/Cengage Learning. All Rights Reserved 13
Figure 11-4 Contingency planning life cycle
© Cengage Learning 2013
© 2013 Course Technology/Cengage Learning. All Rights Reserved
Stages and Components of
Contingency Planning (cont’d.)
• Business impact analysis
– First major component of the CP process
– Provides CPMT with information about systems and
threats they face
• Three major steps of the BIA
– Determine mission/business processes and recovery
criticality
– Identify resource requirements
– Identify recovery priorities for system resources
14
© 2013 Course Technology/Cengage Learning. All Rights Reserved 15
Figure 11-5 Business impact analysis process
© Cengage Learning 2013
© 2013 Course Technology/Cengage Learning. All Rights Reserved
Stages and Components of
Contingency Planning (cont’d.)
• Incident response plan
– Documents actions organization should take while
an incident is in progress
• Absence of well-defined procedures can lead to:
– Extensive damage to data, systems, and networks
– Intrusions affecting multiple systems both inside and
outside the organization
– Negative exposure in the news media
– Legal liability for attacks against others using
organization’s systems
16
© 2013 Course Technology/Cengage Learning. All Rights Reserved
Stages and Components of
Contingency Planning (cont’d.)
• Disaster recovery plan
– Entails preparation for and recovery from a disaster
• Criteria for a disaster
– Organization is unable to gain control of impact of
the incident
– Organization cannot quickly recover because level of
damage is so severe
• DR plan documents whether an event is classified
as an incident or a disaster
17
© 2013 Course Technology/Cengage Learning. All Rights Reserved
Stages and Components of
Contingency Planning (cont’d.)
• Business continuity plan
– Ensures critical business functions continue if a
disaster occurs
– Managed by the CEO of an organization
– Activated and executed concurrently with the DR
plan:
• When disaster is major or long-term
– Involves re-establishing business functions at an
alternate site
18
© 2013 Course Technology/Cengage Learning. All Rights Reserved
Stages and Components of
Contingency Planning (cont’d.)
• CP disruption phases
– Defines actions that occur when an event becomes
an incident or disaster
– Phase 1: activation/notification phase
• Activate the plan based on outage impacts
• Notify recovery personnel
– Phase 2: recovery phase
• Recovery teams restore system operations using
alternate site
– Phase 3: reconstitution phase
• Return the system to normal operating conditions
19
© 2013 Course Technology/Cengage Learning. All Rights Reserved
Data and Application Resumption
• Data backup and management methods
– Disk backup
– Tape backup
• Data files and critical system files should be
backed up daily
– Nonessential files backed up weekly
• Data retention plan
– Laws govern how long data must be stored
• Full backups of entire systems should be stored in
a secure location
20
© 2013 Course Technology/Cengage Learning. All Rights Reserved
Disk-to-Disk-to-Tape
• Cost of storage media continues to decrease
– Disk backups more convenient than tape
• Storage area networks
– Used to store information in arrays of independent,
large-capacity disk drives
• Secondary data disk series should be periodically
backed up to tape or other removable media
21
© 2013 Course Technology/Cengage Learning. All Rights Reserved
Backup Strategies
• Types of backups
– Full
• Complete backup of the entire system
– Differential
• Stores all new files and files modified since last full
backup
– Incremental
• Stores data modified since last backup of any type
• Requires less space and time than differential backup
• Multiple backups needed to restore full system
22
© 2013 Course Technology/Cengage Learning. All Rights Reserved
Backup Strategies (cont’d.)
• General guidelines
– Secure on-site and off-site storage
– Provide a controlled environment for the media
– Clearly label and write-protect each media unit
– Retire media units prior to reaching end of useful life
• Tape backup and recovery
– Common types of tape media
• Digital audio tapes (DATs)
• Quarter-inch cartridge drives (QIC)
• 8 mm tape
• Digital linear tape (DLT) and Linear Tape Open (LTO)
23
© 2013 Course Technology/Cengage Learning. All Rights Reserved
Backup Strategies (cont’d.)
• Classic methods for selecting files to back up
– Six tape rotation
– Grandfather-Father-Son method
– Towers of Hanoi
• Online backups and the cloud
– Online backup to a third-party storage vendor
• Cloud computing forms
– Software as a Service (SaaS)
– Platform as a Service (PaaS)
– Infrastructure as a Service (IaaS)
24
© 2013 Course Technology/Cengage Learning. All Rights Reserved 25
Table 11-1 Selecting the best rotation method
© Cengage Learning 2013
© 2013 Course Technology/Cengage Learning. All Rights Reserved
Backup Strategies (cont’d.)
• Cloud ownership
– Public
• Most common implementation
• Third party makes services available over the Internet
– Community
• Collaboration between a few entities for their sole use
– Private
• Parent company creates a cloud for its own use and
that of subordinate organizations
• Theoretical implementation
26
© 2013 Course Technology/Cengage Learning. All Rights Reserved
Threats to Stored Information
• Processes to prevent accidental loss of backup
media
– Careful processes
– Use of professional couriers
– Tape encryption
– Erase backup tapes before returning to “scratch
pool” for reuse
• Backup and recovery elapsed time
– Usually requires twice as much time to restore
information as to produce the backup
27
© 2013 Course Technology/Cengage Learning. All Rights Reserved
Threats to Stored Information (cont’d.)
• Redundant array of independent disks (RAID)
– Method for ensuring data is not lost
– Does not replace backup and recovery processes
• Most common RAID configurations (levels)
– RAID Level 0
• Creates one larger logical volume across several
physical hard disk drives
• Stores data in segments called stripes
28
© 2013 Course Technology/Cengage Learning. All Rights Reserved
Threats to Stored Information (cont’d.)
• Most common RAID configurations (cont’d.)
– RAID Level 1
• Data is written to two drives simultaneously
• Disk mirroring
– RAID Level 2
• Specialized form of disk striping with parity
• Not commonly used
– RAID Levels 3 and 4
• Byte and block-level striping of data
• Parity information stored on a separate drive
29
© 2013 Course Technology/Cengage Learning. All Rights Reserved
Threats to Stored Information (cont’d.)
• Most common RAID configurations (cont’d.)
– RAID Level 5
• Similar to RAID 3 and 4 without a dedicated parity
drive
• Data segments interleaved with parity data
– RAID Level 6
• Similar to RAID 5 with two blocks of parity data striped
across the drives
– RAID Level 7
• Proprietary variation on RAID 5
• Array works as a single virtual drive
30
© 2013 Course Technology/Cengage Learning. All Rights Reserved
Threats to Stored Information (cont’d.)
• Most common RAID configurations (cont’d.)
– RAID Level 10
• Combines benefits of RAID 0 and RAID 1
31
© 2013 Course Technology/Cengage Learning. All Rights Reserved 32
Figure 11-6 Samples of RAID implementations
© Cengage Learning 2013
© 2013 Course Technology/Cengage Learning. All Rights Reserved
Database Backups
• Databases require special backup and recovery
procedures
– May or may not be able to back up database with
server operating system utilities
• System backup procedures may interrupt use of
the database
• Administrators need to know whether database
uses special journal file systems
– Files must be backed-up properly
33
© 2013 Course Technology/Cengage Learning. All Rights Reserved
Application Backups
• Some applications use file systems in ways that
invalidate customary backup methods
– Ensure advance planning and inclusion of
application support team members
• Real-time protection; server recovery and
application recovery
– Use of mirroring provides real-time protection
– One implementation method: using hot, warm, and
cold servers
34
© 2013 Course Technology/Cengage Learning. All Rights Reserved
Application Backups (cont’d.)
• Bare metal recovery technologies
– Designed to replace operating systems and services
when they fail
• Server clustering
– Active/passive clustering
• Two identically configured servers share access to the
application data storage
• Passive server takes control if active server fails
– Active/active clustering
• All members of a cluster simultaneously provide
application services
35
© 2013 Course Technology/Cengage Learning. All Rights Reserved
Application Backups (cont’d.)
• Electronic vaulting
– Bulk transfer of data in batches to an off-site facility
– Usually conducted over dedicated network links
– Criteria: cost of the service and required bandwidth
– More expensive than tape backup
– Slower than data mirroring
– Data must be encrypted while in transit
36
© 2013 Course Technology/Cengage Learning. All Rights Reserved 37
Figure 11-7 Electronic vaulting architecture
© Cengage Learning 2013
© 2013 Course Technology/Cengage Learning. All Rights Reserved
Application Backups (cont’d.)
• Remote journaling
– Transfer of live transactions to an off-site facility
– Only transaction data is transferred, not archived
data
– Transfer is performed online and closer to real-time
38
© 2013 Course Technology/Cengage Learning. All Rights Reserved 39
Figure 11-8 Remote journaling architecture
© Cengage Learning 2013
© 2013 Course Technology/Cengage Learning. All Rights Reserved
Application Backups (cont’d.)
• Database shadowing
– Propagation of transactions to a remote copy of the
database
– Combines electronic vaulting with remote journaling
• Applying transactions to the database simultaneously
in two separate locations
40
© 2013 Course Technology/Cengage Learning. All Rights Reserved 41
Figure 11-9 Database shadowing architecture
© Cengage Learning 2013
© 2013 Course Technology/Cengage Learning. All Rights Reserved
Network-Attached Storage and
Storage Area Networks
• Network-attached storage (NAS)
– Single device or server that attaches to the network
– Provides online storage
– Configured to allow users or groups of users to
access data storage
– Does not work well with real-time applications
• Storage area networks (SANs)
– Uses fibre-channel or iSCSI connections
42
© 2013 Course Technology/Cengage Learning. All Rights Reserved 43
Figure 11-10 SAN and NAS architectures
© Cengage Learning 2013
© 2013 Course Technology/Cengage Learning. All Rights Reserved 44
Table 11-2 NAS versus SAN
© Cengage Learning 2013
© 2013 Course Technology/Cengage Learning. All Rights Reserved
Service Level Agreements (SLAs)
• Contractual documents guaranteeing certain
minimum levels of service provided by vendors
• Service levels commonly measured as series of
nines
– Example: three nines availability − 99.9 percent
uptime or better
45
© 2013 Course Technology/Cengage Learning. All Rights Reserved
Incident Response Plan
• Incident response
– Set of procedures that commences when an incident
is detected
– Must be carefully planned and coordinated
46
Figure 11-11 NIST incident response process
© Cengage Learning 2013
© 2013 Course Technology/Cengage Learning. All Rights Reserved
Form IR Planning Team
• First step in the incident response planning process
• Example stakeholder groups represented in the IR
team
– General management
– IT management
– Information security management
– Operations
– Legal affairs
– Public relations
– Customer support
47
© 2013 Course Technology/Cengage Learning. All Rights Reserved
Develop IR Planning Policy
• Structural overview of a typical IR policy
– Statement of management commitment
– Purpose and objectives of the policy
– Scope of the policy
– Definition of information security incidents and
consequences
– Definition of roles and responsibilities
– Prioritization of incidents
– Performance measures
– Reporting and contact forms
48
© 2013 Course Technology/Cengage Learning. All Rights Reserved
Integrate the Business Impact Analysis
(BIA)
• Identify potentially successful attacks and
understand possible outcomes
• Three-stage process
– Threat attack identification and prioritization
– Attack success scenario development
– Potential damage assessment
49
© 2013 Course Technology/Cengage Learning. All Rights Reserved
Identify Preventive Controls Unique to
IR
• Identify preventative controls currently in place
– Involves asset inventory and prioritization
• Determine whether controls are effective
• Some assets protect organizations against
incidents and disaster
– Example: fire suppression equipment
50
© 2013 Course Technology/Cengage Learning. All Rights Reserved
Organize the Computer Security
Incident Response Team (CSIRT)
• Computer Security Incident Response Team
– Group of individuals who will respond to an incident
– Select personnel based on skills and access
privileges
– Different CSIRT subteams can be formed based on
scope and type of incident
• Training members can occur in various ways
– National training programs and conferences
– Mentoring-type training
51
© 2013 Course Technology/Cengage Learning. All Rights Reserved
Create IR Contingency Strategies
• Plan exactly how to respond to various incidents
• Strategies vary greatly
– Single IR strategy
– Several optional plans to handle different
circumstances
• General categories of strategies
– Protect and forget
– Apprehend and prosecute
52
© 2013 Course Technology/Cengage Learning. All Rights Reserved 53
Table 11-3 Key steps
in reaction strategies
© Cengage Learning
2013
© 2013 Course Technology/Cengage Learning. All Rights Reserved
Develop the Incident Response (IR)
Plan
• General sections of the incident response plan
– Identification
– Response
– Containment and eradication
– Recovery
• Incident classification
– Process of evaluating organizational events
• Possible indicators of an incident
– Presence of unfamiliar files
54
© 2013 Course Technology/Cengage Learning. All Rights Reserved
Develop the Incident Response (IR)
Plan (cont’d.)
• Possible indicators of an incident (cont’d.)
– Presence of unknown programs or processes
– Unusual consumption of computing resources
– Unusual system crashes
• Probable indicators of an incident
– Activities at unexpected times
– Presence of new accounts
– Reported attacks
– Notification from IDS
55
© 2013 Course Technology/Cengage Learning. All Rights Reserved
Develop the Incident Response (IR)
Plan (cont’d.)
• Definite indicators of an incident
– Use of dormant accounts
– Modified or missing logs
– Presence of hacker tools
– Notifications by a partner or peer
– Notification by hacker
• Response actions
– Notification
– Documenting the incident
• Interview individuals involved
56
© 2013 Course Technology/Cengage Learning. All Rights Reserved
Develop the Incident Response (IR)
Plan (cont’d.)
• Containment/eradication
– First step: identify the affected area
• Containment strategies
– Disable compromised user accounts
– Reconfigure firewall to block problem traffic
– Temporarily disable compromised process or service
– Take down the conduit application or server
– Stopping all computers and network devices
57
© 2013 Course Technology/Cengage Learning. All Rights Reserved
Develop the Incident Response (IR)
Plan (cont’d.)
• Recovery
– Inform appropriate human resources
– Assess full extent of the damage
– Begin recovery operations based on appropriate
section of the IR plan
– Steps
• Identify and resolve vulnerabilities
• Restore data
• Restore services and processes
• Restore confidence across the organization
• After-action review
58
© 2013 Course Technology/Cengage Learning. All Rights Reserved
Ensure Plan Testing, Training, and
Exercises
• Five strategies to test contingency plans
– Desk check
– Structured walk-through
– Simulation
– Parallel testing
– Full interruption
– War gaming
59
© 2013 Course Technology/Cengage Learning. All Rights Reserved
IR Plan Maintenance
• Plan should be periodically reviewed
– Every one year or less
– Shortcomings should be noted
• Deficiencies may come to light based on:
– AARs
– Use of plan for actual incidents
– Use of plan for simulated incidents
– Review during periodic maintenance
• Revise plan to correct deficiencies
60
© 2013 Course Technology/Cengage Learning. All Rights Reserved
Summary
• Contingency planning (CP)
– Process of positioning an organization to prepare,
detect, react to, and recover from events that
threaten information security assets
• CP has 12 stages
• BIA provides the CP team with information about
systems and the threats they face
• IR plan documents actions an organization should
take while an incident is in progress
61
© 2013 Course Technology/Cengage Learning. All Rights Reserved
Summary (cont’d.)
• Business continuity planning (BCP) ensures that
business-critical functions can continue when a
disaster occurs
• Two general IR strategies include “protect and
forget” and “apprehend and prosecute”
• Stopping the incident or containing its impact is a
critical component of incident response
• Ongoing maintenance of the IR plan includes after-
action reviews (AARs)
62

More Related Content

What's hot

2.6 backup and recovery
2.6 backup and recovery2.6 backup and recovery
2.6 backup and recoverymrmwood
 
CISSP Week 9
CISSP Week 9CISSP Week 9
CISSP Week 9jemtallon
 
The Adam - A process model for digital forensic practice
The Adam - A process model for digital forensic practiceThe Adam - A process model for digital forensic practice
The Adam - A process model for digital forensic practiceDr. Richard Adams
 
8. operations security
8. operations security8. operations security
8. operations security7wounders
 
CISSP - Chapter 2 - Asset Security
CISSP - Chapter 2 -  Asset SecurityCISSP - Chapter 2 -  Asset Security
CISSP - Chapter 2 - Asset SecurityKarthikeyan Dhayalan
 
Fusing digital forensics, electronic discovery and incident response
Fusing digital forensics, electronic discovery and incident responseFusing digital forensics, electronic discovery and incident response
Fusing digital forensics, electronic discovery and incident responseDr. Richard Adams
 
Rothke effective data destruction practices
Rothke   effective data destruction practicesRothke   effective data destruction practices
Rothke effective data destruction practicesBen Rothke
 
Cissp Week 23
Cissp Week 23Cissp Week 23
Cissp Week 23jemtallon
 
The Six Stages of Incident Response - Auscert 2016
The Six Stages of Incident Response - Auscert 2016The Six Stages of Incident Response - Auscert 2016
The Six Stages of Incident Response - Auscert 2016Ashley Deuble
 
4 Operations Security
4 Operations Security4 Operations Security
4 Operations SecurityAlfred Ouyang
 
Operations Security Presentation
Operations Security PresentationOperations Security Presentation
Operations Security PresentationWajahat Rajab
 
CISSP Week 12
CISSP Week 12CISSP Week 12
CISSP Week 12jemtallon
 
1. Security and Risk Management
1. Security and Risk Management1. Security and Risk Management
1. Security and Risk ManagementSam Bowne
 

What's hot (20)

Mis
MisMis
Mis
 
2.6 backup and recovery
2.6 backup and recovery2.6 backup and recovery
2.6 backup and recovery
 
Security Incident Handling for Schools
Security Incident Handling for Schools Security Incident Handling for Schools
Security Incident Handling for Schools
 
CISSP Week 9
CISSP Week 9CISSP Week 9
CISSP Week 9
 
The Adam - A process model for digital forensic practice
The Adam - A process model for digital forensic practiceThe Adam - A process model for digital forensic practice
The Adam - A process model for digital forensic practice
 
8. operations security
8. operations security8. operations security
8. operations security
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
 
CISSP - Chapter 2 - Asset Security
CISSP - Chapter 2 -  Asset SecurityCISSP - Chapter 2 -  Asset Security
CISSP - Chapter 2 - Asset Security
 
Lesson 1
Lesson 1Lesson 1
Lesson 1
 
Fusing digital forensics, electronic discovery and incident response
Fusing digital forensics, electronic discovery and incident responseFusing digital forensics, electronic discovery and incident response
Fusing digital forensics, electronic discovery and incident response
 
Rothke effective data destruction practices
Rothke   effective data destruction practicesRothke   effective data destruction practices
Rothke effective data destruction practices
 
Cissp Week 23
Cissp Week 23Cissp Week 23
Cissp Week 23
 
The Six Stages of Incident Response - Auscert 2016
The Six Stages of Incident Response - Auscert 2016The Six Stages of Incident Response - Auscert 2016
The Six Stages of Incident Response - Auscert 2016
 
4 Operations Security
4 Operations Security4 Operations Security
4 Operations Security
 
File000171
File000171File000171
File000171
 
CISSP-WEB
CISSP-WEBCISSP-WEB
CISSP-WEB
 
Operations Security Presentation
Operations Security PresentationOperations Security Presentation
Operations Security Presentation
 
CISSP Week 12
CISSP Week 12CISSP Week 12
CISSP Week 12
 
1. Security and Risk Management
1. Security and Risk Management1. Security and Risk Management
1. Security and Risk Management
 
Lesson 2- Information Asset Valuation
Lesson 2- Information Asset ValuationLesson 2- Information Asset Valuation
Lesson 2- Information Asset Valuation
 

Viewers also liked

9781305119215 rm, 10e ch03
9781305119215 rm, 10e ch039781305119215 rm, 10e ch03
9781305119215 rm, 10e ch03Kristin Harrison
 
Needs of a Modern Incident Response Program
Needs of a Modern Incident Response ProgramNeeds of a Modern Incident Response Program
Needs of a Modern Incident Response ProgramLancope, Inc.
 
Incident Response & Contingency PlanningCase Journal
Incident Response & Contingency PlanningCase JournalIncident Response & Contingency PlanningCase Journal
Incident Response & Contingency PlanningCase Journalbrittanyjespersen
 
Contingency Planning Guide
Contingency Planning GuideContingency Planning Guide
Contingency Planning Guiderlynes
 
Proactive incident response
Proactive incident responseProactive incident response
Proactive incident responseBrian Honan
 
Simkad BestMobile Malaysia
Simkad BestMobile MalaysiaSimkad BestMobile Malaysia
Simkad BestMobile MalaysiaHaqem BESTMobile
 
The Essential Elements of CJR
The Essential Elements of CJRThe Essential Elements of CJR
The Essential Elements of CJRBESLER
 
Rauli Patagonia ciervo ahumado
Rauli Patagonia ciervo ahumadoRauli Patagonia ciervo ahumado
Rauli Patagonia ciervo ahumadoRauliPatagonia
 
Driving Change in Banking - Engagement in the world of empowered individuals
Driving Change in Banking - Engagement in the world of empowered individualsDriving Change in Banking - Engagement in the world of empowered individuals
Driving Change in Banking - Engagement in the world of empowered individualsChris Yaldezian
 
We Turn and Face the Changes - The S-10 Emerges as a Proxy for Payment
We Turn and Face the Changes - The S-10 Emerges as a Proxy for PaymentWe Turn and Face the Changes - The S-10 Emerges as a Proxy for Payment
We Turn and Face the Changes - The S-10 Emerges as a Proxy for PaymentBESLER
 
Kaitan penggunaan laras bahasa dan medium pemasaran yang digunakan.
Kaitan penggunaan laras bahasa dan medium pemasaran yang digunakan.Kaitan penggunaan laras bahasa dan medium pemasaran yang digunakan.
Kaitan penggunaan laras bahasa dan medium pemasaran yang digunakan.Farhan Ali
 
Healthcare Retrospect Part 1: All Americans Were Uninsured
Healthcare Retrospect Part 1: All Americans Were UninsuredHealthcare Retrospect Part 1: All Americans Were Uninsured
Healthcare Retrospect Part 1: All Americans Were UninsuredBESLER
 
Healthcare Retrospect Part 2: Skyrocketing Costs and the Emergence of Rate S...
Healthcare Retrospect Part 2: Skyrocketing Costs and  the Emergence of Rate S...Healthcare Retrospect Part 2: Skyrocketing Costs and  the Emergence of Rate S...
Healthcare Retrospect Part 2: Skyrocketing Costs and the Emergence of Rate S...BESLER
 
Uncertain future of medicare pass throughs and add-ons
Uncertain future of medicare pass throughs and add-onsUncertain future of medicare pass throughs and add-ons
Uncertain future of medicare pass throughs and add-onsBESLER
 
Appropriate Level of Care and the 2– Midnight Rule Where It Stands as of NOW
Appropriate Level of Care and the 2– Midnight Rule Where It Stands as of NOWAppropriate Level of Care and the 2– Midnight Rule Where It Stands as of NOW
Appropriate Level of Care and the 2– Midnight Rule Where It Stands as of NOWBESLER
 
Nonnative species and the stability of desert fish communities
Nonnative species and the stability of desert fish communitiesNonnative species and the stability of desert fish communities
Nonnative species and the stability of desert fish communitieskfritschie
 
The Essential Elements of CJR
The Essential Elements of CJRThe Essential Elements of CJR
The Essential Elements of CJRBESLER
 

Viewers also liked (20)

9781305119215 rm, 10e ch03
9781305119215 rm, 10e ch039781305119215 rm, 10e ch03
9781305119215 rm, 10e ch03
 
Needs of a Modern Incident Response Program
Needs of a Modern Incident Response ProgramNeeds of a Modern Incident Response Program
Needs of a Modern Incident Response Program
 
Incident Response & Contingency PlanningCase Journal
Incident Response & Contingency PlanningCase JournalIncident Response & Contingency PlanningCase Journal
Incident Response & Contingency PlanningCase Journal
 
Contingency Planning Guide
Contingency Planning GuideContingency Planning Guide
Contingency Planning Guide
 
Proactive incident response
Proactive incident responseProactive incident response
Proactive incident response
 
Simkad BestMobile Malaysia
Simkad BestMobile MalaysiaSimkad BestMobile Malaysia
Simkad BestMobile Malaysia
 
The Essential Elements of CJR
The Essential Elements of CJRThe Essential Elements of CJR
The Essential Elements of CJR
 
Rauli Patagonia ciervo ahumado
Rauli Patagonia ciervo ahumadoRauli Patagonia ciervo ahumado
Rauli Patagonia ciervo ahumado
 
Driving Change in Banking - Engagement in the world of empowered individuals
Driving Change in Banking - Engagement in the world of empowered individualsDriving Change in Banking - Engagement in the world of empowered individuals
Driving Change in Banking - Engagement in the world of empowered individuals
 
We Turn and Face the Changes - The S-10 Emerges as a Proxy for Payment
We Turn and Face the Changes - The S-10 Emerges as a Proxy for PaymentWe Turn and Face the Changes - The S-10 Emerges as a Proxy for Payment
We Turn and Face the Changes - The S-10 Emerges as a Proxy for Payment
 
Chapter 01
Chapter 01Chapter 01
Chapter 01
 
Kaitan penggunaan laras bahasa dan medium pemasaran yang digunakan.
Kaitan penggunaan laras bahasa dan medium pemasaran yang digunakan.Kaitan penggunaan laras bahasa dan medium pemasaran yang digunakan.
Kaitan penggunaan laras bahasa dan medium pemasaran yang digunakan.
 
Healthcare Retrospect Part 1: All Americans Were Uninsured
Healthcare Retrospect Part 1: All Americans Were UninsuredHealthcare Retrospect Part 1: All Americans Were Uninsured
Healthcare Retrospect Part 1: All Americans Were Uninsured
 
Healthcare Retrospect Part 2: Skyrocketing Costs and the Emergence of Rate S...
Healthcare Retrospect Part 2: Skyrocketing Costs and  the Emergence of Rate S...Healthcare Retrospect Part 2: Skyrocketing Costs and  the Emergence of Rate S...
Healthcare Retrospect Part 2: Skyrocketing Costs and the Emergence of Rate S...
 
Ahtosalo_sivulaudatur
Ahtosalo_sivulaudaturAhtosalo_sivulaudatur
Ahtosalo_sivulaudatur
 
Uncertain future of medicare pass throughs and add-ons
Uncertain future of medicare pass throughs and add-onsUncertain future of medicare pass throughs and add-ons
Uncertain future of medicare pass throughs and add-ons
 
Appropriate Level of Care and the 2– Midnight Rule Where It Stands as of NOW
Appropriate Level of Care and the 2– Midnight Rule Where It Stands as of NOWAppropriate Level of Care and the 2– Midnight Rule Where It Stands as of NOW
Appropriate Level of Care and the 2– Midnight Rule Where It Stands as of NOW
 
Nonnative species and the stability of desert fish communities
Nonnative species and the stability of desert fish communitiesNonnative species and the stability of desert fish communities
Nonnative species and the stability of desert fish communities
 
The Essential Elements of CJR
The Essential Elements of CJRThe Essential Elements of CJR
The Essential Elements of CJR
 
Word ch08
Word ch08Word ch08
Word ch08
 

Similar to 9780840024220 ppt ch11

IT Business Continuity Planning 2004
IT Business Continuity Planning 2004IT Business Continuity Planning 2004
IT Business Continuity Planning 2004Donald E. Hester
 
Disaster Recovery: Understanding Trend, Methodology, Solution, and Standard
Disaster Recovery:  Understanding Trend, Methodology, Solution, and StandardDisaster Recovery:  Understanding Trend, Methodology, Solution, and Standard
Disaster Recovery: Understanding Trend, Methodology, Solution, and StandardPT Datacomm Diangraha
 
Principles of Incident Response and Disaster Recovery, 2nd E.docx
Principles of Incident Response and Disaster Recovery, 2nd E.docxPrinciples of Incident Response and Disaster Recovery, 2nd E.docx
Principles of Incident Response and Disaster Recovery, 2nd E.docxstilliegeorgiana
 
Disaster Recovery & Business Continuity Overview
Disaster Recovery & Business Continuity Overview Disaster Recovery & Business Continuity Overview
Disaster Recovery & Business Continuity Overview Aventis Systems, Inc.
 
Chapter 14 Business Continuity
Chapter 14 Business ContinuityChapter 14 Business Continuity
Chapter 14 Business ContinuityDr. Ahmed Al Zaidy
 
Pertemuan 15 disaster recovery plan
Pertemuan 15 disaster recovery planPertemuan 15 disaster recovery plan
Pertemuan 15 disaster recovery plannewbie2019
 
Network Strategy and Design Final assignment disaster rec
Network Strategy and Design Final assignment disaster recNetwork Strategy and Design Final assignment disaster rec
Network Strategy and Design Final assignment disaster recrosu555
 
What every IT audit should know about backup and recovery
What every IT audit should know about backup and recoveryWhat every IT audit should know about backup and recovery
What every IT audit should know about backup and recoveryessbaih
 
Principles of Incident Response and Disaster Recovery, 2.docx
Principles of Incident Response and Disaster Recovery, 2.docxPrinciples of Incident Response and Disaster Recovery, 2.docx
Principles of Incident Response and Disaster Recovery, 2.docxstilliegeorgiana
 
Cyber Security and Business Continuity an Integrated Discipline
Cyber Security and Business Continuity an Integrated DisciplineCyber Security and Business Continuity an Integrated Discipline
Cyber Security and Business Continuity an Integrated DisciplineGraeme Parker
 
A Proposed Model for IT Disaster Recovery Plan
A Proposed Model for IT Disaster Recovery PlanA Proposed Model for IT Disaster Recovery Plan
A Proposed Model for IT Disaster Recovery PlanHossam Al-Ansary
 
A Proposed Model For IT Disaster Recovery Plan
A Proposed Model For IT Disaster Recovery PlanA Proposed Model For IT Disaster Recovery Plan
A Proposed Model For IT Disaster Recovery PlanHeather Strinden
 
Preservation Section Disaster Planning Presentation (SAA 2010)
Preservation Section Disaster Planning Presentation (SAA 2010)Preservation Section Disaster Planning Presentation (SAA 2010)
Preservation Section Disaster Planning Presentation (SAA 2010)Lance Stuchell
 

Similar to 9780840024220 ppt ch11 (20)

Chapter 13
Chapter 13Chapter 13
Chapter 13
 
Lesson 4
Lesson 4Lesson 4
Lesson 4
 
IT Business Continuity Planning 2004
IT Business Continuity Planning 2004IT Business Continuity Planning 2004
IT Business Continuity Planning 2004
 
Disaster Recovery: Understanding Trend, Methodology, Solution, and Standard
Disaster Recovery:  Understanding Trend, Methodology, Solution, and StandardDisaster Recovery:  Understanding Trend, Methodology, Solution, and Standard
Disaster Recovery: Understanding Trend, Methodology, Solution, and Standard
 
Disaster Recovery
Disaster RecoveryDisaster Recovery
Disaster Recovery
 
Principles of Incident Response and Disaster Recovery, 2nd E.docx
Principles of Incident Response and Disaster Recovery, 2nd E.docxPrinciples of Incident Response and Disaster Recovery, 2nd E.docx
Principles of Incident Response and Disaster Recovery, 2nd E.docx
 
Disaster Recovery & Business Continuity Overview
Disaster Recovery & Business Continuity Overview Disaster Recovery & Business Continuity Overview
Disaster Recovery & Business Continuity Overview
 
Chapter 14 Business Continuity
Chapter 14 Business ContinuityChapter 14 Business Continuity
Chapter 14 Business Continuity
 
9780840024220 ppt ch01
9780840024220 ppt ch019780840024220 ppt ch01
9780840024220 ppt ch01
 
Pertemuan 15 disaster recovery plan
Pertemuan 15 disaster recovery planPertemuan 15 disaster recovery plan
Pertemuan 15 disaster recovery plan
 
DR hosting & cloud
DR hosting & cloudDR hosting & cloud
DR hosting & cloud
 
Network Strategy and Design Final assignment disaster rec
Network Strategy and Design Final assignment disaster recNetwork Strategy and Design Final assignment disaster rec
Network Strategy and Design Final assignment disaster rec
 
What every IT audit should know about backup and recovery
What every IT audit should know about backup and recoveryWhat every IT audit should know about backup and recovery
What every IT audit should know about backup and recovery
 
Principles of Incident Response and Disaster Recovery, 2.docx
Principles of Incident Response and Disaster Recovery, 2.docxPrinciples of Incident Response and Disaster Recovery, 2.docx
Principles of Incident Response and Disaster Recovery, 2.docx
 
Cyber Security and Business Continuity an Integrated Discipline
Cyber Security and Business Continuity an Integrated DisciplineCyber Security and Business Continuity an Integrated Discipline
Cyber Security and Business Continuity an Integrated Discipline
 
PACE-IT, Security+2.8: Disaster Recovery Concepts
PACE-IT, Security+2.8: Disaster Recovery ConceptsPACE-IT, Security+2.8: Disaster Recovery Concepts
PACE-IT, Security+2.8: Disaster Recovery Concepts
 
9780840024220 ppt ch06
9780840024220 ppt ch069780840024220 ppt ch06
9780840024220 ppt ch06
 
A Proposed Model for IT Disaster Recovery Plan
A Proposed Model for IT Disaster Recovery PlanA Proposed Model for IT Disaster Recovery Plan
A Proposed Model for IT Disaster Recovery Plan
 
A Proposed Model For IT Disaster Recovery Plan
A Proposed Model For IT Disaster Recovery PlanA Proposed Model For IT Disaster Recovery Plan
A Proposed Model For IT Disaster Recovery Plan
 
Preservation Section Disaster Planning Presentation (SAA 2010)
Preservation Section Disaster Planning Presentation (SAA 2010)Preservation Section Disaster Planning Presentation (SAA 2010)
Preservation Section Disaster Planning Presentation (SAA 2010)
 

More from Kristin Harrison (20)

rm, 10e ch02 copy
rm, 10e ch02 copyrm, 10e ch02 copy
rm, 10e ch02 copy
 
9780840024220 ppt ch09
9780840024220 ppt ch099780840024220 ppt ch09
9780840024220 ppt ch09
 
9780840024220 ppt ch08
9780840024220 ppt ch089780840024220 ppt ch08
9780840024220 ppt ch08
 
9780840024220 ppt ch03
9780840024220 ppt ch039780840024220 ppt ch03
9780840024220 ppt ch03
 
9780840024220 ppt ch05
9780840024220 ppt ch059780840024220 ppt ch05
9780840024220 ppt ch05
 
9780840024220 ppt ch04
9780840024220 ppt ch049780840024220 ppt ch04
9780840024220 ppt ch04
 
9780840024220 ppt ch02
9780840024220 ppt ch029780840024220 ppt ch02
9780840024220 ppt ch02
 
9780840024220 ppt ch07
9780840024220 ppt ch079780840024220 ppt ch07
9780840024220 ppt ch07
 
Chapter 14
Chapter 14Chapter 14
Chapter 14
 
Chapter 13
Chapter 13Chapter 13
Chapter 13
 
Chapter 12
Chapter 12Chapter 12
Chapter 12
 
Chapter 11
Chapter 11Chapter 11
Chapter 11
 
Chapter 10
Chapter 10Chapter 10
Chapter 10
 
Chapter 09
Chapter 09Chapter 09
Chapter 09
 
Chapter 08
Chapter 08Chapter 08
Chapter 08
 
Chapter 07
Chapter 07Chapter 07
Chapter 07
 
Chapter 05
Chapter 05Chapter 05
Chapter 05
 
Chapter 06
Chapter 06Chapter 06
Chapter 06
 
Chapter 04
Chapter 04Chapter 04
Chapter 04
 
Ppt2013 ch10
Ppt2013 ch10Ppt2013 ch10
Ppt2013 ch10
 

Recently uploaded

Easter in the USA presentation by Chloe.
Easter in the USA presentation by Chloe.Easter in the USA presentation by Chloe.
Easter in the USA presentation by Chloe.EnglishCEIPdeSigeiro
 
P4C x ELT = P4ELT: Its Theoretical Background (Kanazawa, 2024 March).pdf
P4C x ELT = P4ELT: Its Theoretical Background (Kanazawa, 2024 March).pdfP4C x ELT = P4ELT: Its Theoretical Background (Kanazawa, 2024 March).pdf
P4C x ELT = P4ELT: Its Theoretical Background (Kanazawa, 2024 March).pdfYu Kanazawa / Osaka University
 
Practical Research 1: Lesson 8 Writing the Thesis Statement.pptx
Practical Research 1: Lesson 8 Writing the Thesis Statement.pptxPractical Research 1: Lesson 8 Writing the Thesis Statement.pptx
Practical Research 1: Lesson 8 Writing the Thesis Statement.pptxKatherine Villaluna
 
What is the Future of QuickBooks DeskTop?
What is the Future of QuickBooks DeskTop?What is the Future of QuickBooks DeskTop?
What is the Future of QuickBooks DeskTop?TechSoup
 
Maximizing Impact_ Nonprofit Website Planning, Budgeting, and Design.pdf
Maximizing Impact_ Nonprofit Website Planning, Budgeting, and Design.pdfMaximizing Impact_ Nonprofit Website Planning, Budgeting, and Design.pdf
Maximizing Impact_ Nonprofit Website Planning, Budgeting, and Design.pdfTechSoup
 
In - Vivo and In - Vitro Correlation.pptx
In - Vivo and In - Vitro Correlation.pptxIn - Vivo and In - Vitro Correlation.pptx
In - Vivo and In - Vitro Correlation.pptxAditiChauhan701637
 
Practical Research 1 Lesson 9 Scope and delimitation.pptx
Practical Research 1 Lesson 9 Scope and delimitation.pptxPractical Research 1 Lesson 9 Scope and delimitation.pptx
Practical Research 1 Lesson 9 Scope and delimitation.pptxKatherine Villaluna
 
How to Show Error_Warning Messages in Odoo 17
How to Show Error_Warning Messages in Odoo 17How to Show Error_Warning Messages in Odoo 17
How to Show Error_Warning Messages in Odoo 17Celine George
 
CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...
CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...
CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...Nguyen Thanh Tu Collection
 
Philosophy of Education and Educational Philosophy
Philosophy of Education  and Educational PhilosophyPhilosophy of Education  and Educational Philosophy
Philosophy of Education and Educational PhilosophyShuvankar Madhu
 
HED Office Sohayok Exam Question Solution 2023.pdf
HED Office Sohayok Exam Question Solution 2023.pdfHED Office Sohayok Exam Question Solution 2023.pdf
HED Office Sohayok Exam Question Solution 2023.pdfMohonDas
 
CapTechU Doctoral Presentation -March 2024 slides.pptx
CapTechU Doctoral Presentation -March 2024 slides.pptxCapTechU Doctoral Presentation -March 2024 slides.pptx
CapTechU Doctoral Presentation -March 2024 slides.pptxCapitolTechU
 
How to Make a Field read-only in Odoo 17
How to Make a Field read-only in Odoo 17How to Make a Field read-only in Odoo 17
How to Make a Field read-only in Odoo 17Celine George
 
The basics of sentences session 10pptx.pptx
The basics of sentences session 10pptx.pptxThe basics of sentences session 10pptx.pptx
The basics of sentences session 10pptx.pptxheathfieldcps1
 
PISA-VET launch_El Iza Mohamedou_19 March 2024.pptx
PISA-VET launch_El Iza Mohamedou_19 March 2024.pptxPISA-VET launch_El Iza Mohamedou_19 March 2024.pptx
PISA-VET launch_El Iza Mohamedou_19 March 2024.pptxEduSkills OECD
 
Clinical Pharmacy Introduction to Clinical Pharmacy, Concept of clinical pptx
Clinical Pharmacy  Introduction to Clinical Pharmacy, Concept of clinical pptxClinical Pharmacy  Introduction to Clinical Pharmacy, Concept of clinical pptx
Clinical Pharmacy Introduction to Clinical Pharmacy, Concept of clinical pptxraviapr7
 
How to Use api.constrains ( ) in Odoo 17
How to Use api.constrains ( ) in Odoo 17How to Use api.constrains ( ) in Odoo 17
How to Use api.constrains ( ) in Odoo 17Celine George
 
CAULIFLOWER BREEDING 1 Parmar pptx
CAULIFLOWER BREEDING 1 Parmar pptxCAULIFLOWER BREEDING 1 Parmar pptx
CAULIFLOWER BREEDING 1 Parmar pptxSaurabhParmar42
 
Human-AI Co-Creation of Worked Examples for Programming Classes
Human-AI Co-Creation of Worked Examples for Programming ClassesHuman-AI Co-Creation of Worked Examples for Programming Classes
Human-AI Co-Creation of Worked Examples for Programming ClassesMohammad Hassany
 
How to Add Existing Field in One2Many Tree View in Odoo 17
How to Add Existing Field in One2Many Tree View in Odoo 17How to Add Existing Field in One2Many Tree View in Odoo 17
How to Add Existing Field in One2Many Tree View in Odoo 17Celine George
 

Recently uploaded (20)

Easter in the USA presentation by Chloe.
Easter in the USA presentation by Chloe.Easter in the USA presentation by Chloe.
Easter in the USA presentation by Chloe.
 
P4C x ELT = P4ELT: Its Theoretical Background (Kanazawa, 2024 March).pdf
P4C x ELT = P4ELT: Its Theoretical Background (Kanazawa, 2024 March).pdfP4C x ELT = P4ELT: Its Theoretical Background (Kanazawa, 2024 March).pdf
P4C x ELT = P4ELT: Its Theoretical Background (Kanazawa, 2024 March).pdf
 
Practical Research 1: Lesson 8 Writing the Thesis Statement.pptx
Practical Research 1: Lesson 8 Writing the Thesis Statement.pptxPractical Research 1: Lesson 8 Writing the Thesis Statement.pptx
Practical Research 1: Lesson 8 Writing the Thesis Statement.pptx
 
What is the Future of QuickBooks DeskTop?
What is the Future of QuickBooks DeskTop?What is the Future of QuickBooks DeskTop?
What is the Future of QuickBooks DeskTop?
 
Maximizing Impact_ Nonprofit Website Planning, Budgeting, and Design.pdf
Maximizing Impact_ Nonprofit Website Planning, Budgeting, and Design.pdfMaximizing Impact_ Nonprofit Website Planning, Budgeting, and Design.pdf
Maximizing Impact_ Nonprofit Website Planning, Budgeting, and Design.pdf
 
In - Vivo and In - Vitro Correlation.pptx
In - Vivo and In - Vitro Correlation.pptxIn - Vivo and In - Vitro Correlation.pptx
In - Vivo and In - Vitro Correlation.pptx
 
Practical Research 1 Lesson 9 Scope and delimitation.pptx
Practical Research 1 Lesson 9 Scope and delimitation.pptxPractical Research 1 Lesson 9 Scope and delimitation.pptx
Practical Research 1 Lesson 9 Scope and delimitation.pptx
 
How to Show Error_Warning Messages in Odoo 17
How to Show Error_Warning Messages in Odoo 17How to Show Error_Warning Messages in Odoo 17
How to Show Error_Warning Messages in Odoo 17
 
CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...
CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...
CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...
 
Philosophy of Education and Educational Philosophy
Philosophy of Education  and Educational PhilosophyPhilosophy of Education  and Educational Philosophy
Philosophy of Education and Educational Philosophy
 
HED Office Sohayok Exam Question Solution 2023.pdf
HED Office Sohayok Exam Question Solution 2023.pdfHED Office Sohayok Exam Question Solution 2023.pdf
HED Office Sohayok Exam Question Solution 2023.pdf
 
CapTechU Doctoral Presentation -March 2024 slides.pptx
CapTechU Doctoral Presentation -March 2024 slides.pptxCapTechU Doctoral Presentation -March 2024 slides.pptx
CapTechU Doctoral Presentation -March 2024 slides.pptx
 
How to Make a Field read-only in Odoo 17
How to Make a Field read-only in Odoo 17How to Make a Field read-only in Odoo 17
How to Make a Field read-only in Odoo 17
 
The basics of sentences session 10pptx.pptx
The basics of sentences session 10pptx.pptxThe basics of sentences session 10pptx.pptx
The basics of sentences session 10pptx.pptx
 
PISA-VET launch_El Iza Mohamedou_19 March 2024.pptx
PISA-VET launch_El Iza Mohamedou_19 March 2024.pptxPISA-VET launch_El Iza Mohamedou_19 March 2024.pptx
PISA-VET launch_El Iza Mohamedou_19 March 2024.pptx
 
Clinical Pharmacy Introduction to Clinical Pharmacy, Concept of clinical pptx
Clinical Pharmacy  Introduction to Clinical Pharmacy, Concept of clinical pptxClinical Pharmacy  Introduction to Clinical Pharmacy, Concept of clinical pptx
Clinical Pharmacy Introduction to Clinical Pharmacy, Concept of clinical pptx
 
How to Use api.constrains ( ) in Odoo 17
How to Use api.constrains ( ) in Odoo 17How to Use api.constrains ( ) in Odoo 17
How to Use api.constrains ( ) in Odoo 17
 
CAULIFLOWER BREEDING 1 Parmar pptx
CAULIFLOWER BREEDING 1 Parmar pptxCAULIFLOWER BREEDING 1 Parmar pptx
CAULIFLOWER BREEDING 1 Parmar pptx
 
Human-AI Co-Creation of Worked Examples for Programming Classes
Human-AI Co-Creation of Worked Examples for Programming ClassesHuman-AI Co-Creation of Worked Examples for Programming Classes
Human-AI Co-Creation of Worked Examples for Programming Classes
 
How to Add Existing Field in One2Many Tree View in Odoo 17
How to Add Existing Field in One2Many Tree View in Odoo 17How to Add Existing Field in One2Many Tree View in Odoo 17
How to Add Existing Field in One2Many Tree View in Odoo 17
 

9780840024220 ppt ch11

  • 1. Guide to Network Security 1st Edition Chapter Eleven Contingency Planning and Networking Incident Response
  • 2. © 2013 Course Technology/Cengage Learning. All Rights Reserved Objectives • Explain the need for contingency planning • List the major components of contingency planning • Create a simple set of contingency plans, using business impact analysis • Prepare and execute a test of contingency plans • Explain the network incident response process • Explain the need for sound backup and recovery practices and what they consist of 2
  • 3. © 2013 Course Technology/Cengage Learning. All Rights Reserved Introduction • Threats to network systems – Deliberate attacks from hostile parties – Outside events – Internal failures – Unintended actions of friendly parties • Network disruption may bring business operations to a standstill • Organizations should prepare for the unexpected 3
  • 4. © 2013 Course Technology/Cengage Learning. All Rights Reserved What Is Contingency Planning? • Contingency planning (CP) – Process of positioning an organization to prepare for, detect, react to, and recover from man-made or natural threats to information security assets – Main goal: restore normal operations following disruptive event • Four components of CP – Business impact analysis (BIA) – Incident response plan (IR plan) – Disaster recovery plan (DR plan) – Business continuity plan (BC plan) 4
  • 5. © 2013 Course Technology/Cengage Learning. All Rights Reserved What Is Contingency Planning? (cont’d.) • Contingency planning teams – CP Management Team (CPMT) • Manages the overall process • Develops master plan for CP operations • Collects information about threats to information systems • Conducts the BIA • Staffs the leadership of the subordinate teams • Provides guidance to and integrates work of subordinate teams 5
  • 6. © 2013 Course Technology/Cengage Learning. All Rights Reserved What Is Contingency Planning? (cont’d.) • Contingency planning teams (cont’d.) – Incident response (IR) team • Develops, tests, manages, and executes the IR plan • Detects, evaluates, and responds to incidents – Disaster recovery (DR) team • Develops, tests, manages, and executes the DR plan • Responsible for re-establishing operations at the primary business site – Business continuity (BC) team • Responsible for setting up and starting off-site operations after an incident or a disaster 6
  • 7. © 2013 Course Technology/Cengage Learning. All Rights Reserved What Is Contingency Planning? (cont’d.) • Incident response – Focus is on small-scale events – Examples: hacking attempts, malware, or misuse of corporate assets • Incident may escalate into a disaster – IR plan may give way to the DR and BC plans • Business resumption plan – Used by some organizations as combination of DR and BC plans 7
  • 8. © 2013 Course Technology/Cengage Learning. All Rights Reserved 8 Figure 11-1 An incident turns into a disaster © Cengage Learning 2013
  • 9. © 2013 Course Technology/Cengage Learning. All Rights Reserved 9 Figure 11-2 Move from disaster recovery to business continuity © Cengage Learning 2013
  • 10. © 2013 Course Technology/Cengage Learning. All Rights Reserved Stages and Components of Contingency Planning • Major steps from NIST Special Publication 800-34 Rev. 1 Contingency Planning Guide for Federal Information Systems 1. Form the CPMT 2. Develop the CP policy statement 3. Conduct the BIA 4. Form subordinate planning teams 5. Develop subordinate planning policies 6. Integrate the BIA 7. Identify preventive controls 10
  • 11. © 2013 Course Technology/Cengage Learning. All Rights Reserved Stages and Components of Contingency Planning (cont’d.) • Major steps (cont’d.) 8. Organize response teams 9. Create contingency strategies 10.Develop subordinate plans 11.Ensure plan testing, training, and exercises 12.Ensure plan maintenance 11
  • 12. © 2013 Course Technology/Cengage Learning. All Rights Reserved 12 Figure 11-3 Incident response, disaster recovery, and business continuity workflow © Cengage Learning 2013
  • 13. © 2013 Course Technology/Cengage Learning. All Rights Reserved 13 Figure 11-4 Contingency planning life cycle © Cengage Learning 2013
  • 14. © 2013 Course Technology/Cengage Learning. All Rights Reserved Stages and Components of Contingency Planning (cont’d.) • Business impact analysis – First major component of the CP process – Provides CPMT with information about systems and threats they face • Three major steps of the BIA – Determine mission/business processes and recovery criticality – Identify resource requirements – Identify recovery priorities for system resources 14
  • 15. © 2013 Course Technology/Cengage Learning. All Rights Reserved 15 Figure 11-5 Business impact analysis process © Cengage Learning 2013
  • 16. © 2013 Course Technology/Cengage Learning. All Rights Reserved Stages and Components of Contingency Planning (cont’d.) • Incident response plan – Documents actions organization should take while an incident is in progress • Absence of well-defined procedures can lead to: – Extensive damage to data, systems, and networks – Intrusions affecting multiple systems both inside and outside the organization – Negative exposure in the news media – Legal liability for attacks against others using organization’s systems 16
  • 17. © 2013 Course Technology/Cengage Learning. All Rights Reserved Stages and Components of Contingency Planning (cont’d.) • Disaster recovery plan – Entails preparation for and recovery from a disaster • Criteria for a disaster – Organization is unable to gain control of impact of the incident – Organization cannot quickly recover because level of damage is so severe • DR plan documents whether an event is classified as an incident or a disaster 17
  • 18. © 2013 Course Technology/Cengage Learning. All Rights Reserved Stages and Components of Contingency Planning (cont’d.) • Business continuity plan – Ensures critical business functions continue if a disaster occurs – Managed by the CEO of an organization – Activated and executed concurrently with the DR plan: • When disaster is major or long-term – Involves re-establishing business functions at an alternate site 18
  • 19. © 2013 Course Technology/Cengage Learning. All Rights Reserved Stages and Components of Contingency Planning (cont’d.) • CP disruption phases – Defines actions that occur when an event becomes an incident or disaster – Phase 1: activation/notification phase • Activate the plan based on outage impacts • Notify recovery personnel – Phase 2: recovery phase • Recovery teams restore system operations using alternate site – Phase 3: reconstitution phase • Return the system to normal operating conditions 19
  • 20. © 2013 Course Technology/Cengage Learning. All Rights Reserved Data and Application Resumption • Data backup and management methods – Disk backup – Tape backup • Data files and critical system files should be backed up daily – Nonessential files backed up weekly • Data retention plan – Laws govern how long data must be stored • Full backups of entire systems should be stored in a secure location 20
  • 21. © 2013 Course Technology/Cengage Learning. All Rights Reserved Disk-to-Disk-to-Tape • Cost of storage media continues to decrease – Disk backups more convenient than tape • Storage area networks – Used to store information in arrays of independent, large-capacity disk drives • Secondary data disk series should be periodically backed up to tape or other removable media 21
  • 22. © 2013 Course Technology/Cengage Learning. All Rights Reserved Backup Strategies • Types of backups – Full • Complete backup of the entire system – Differential • Stores all new files and files modified since last full backup – Incremental • Stores data modified since last backup of any type • Requires less space and time than differential backup • Multiple backups needed to restore full system 22
  • 23. © 2013 Course Technology/Cengage Learning. All Rights Reserved Backup Strategies (cont’d.) • General guidelines – Secure on-site and off-site storage – Provide a controlled environment for the media – Clearly label and write-protect each media unit – Retire media units prior to reaching end of useful life • Tape backup and recovery – Common types of tape media • Digital audio tapes (DATs) • Quarter-inch cartridge drives (QIC) • 8 mm tape • Digital linear tape (DLT) and Linear Tape Open (LTO) 23
  • 24. © 2013 Course Technology/Cengage Learning. All Rights Reserved Backup Strategies (cont’d.) • Classic methods for selecting files to back up – Six tape rotation – Grandfather-Father-Son method – Towers of Hanoi • Online backups and the cloud – Online backup to a third-party storage vendor • Cloud computing forms – Software as a Service (SaaS) – Platform as a Service (PaaS) – Infrastructure as a Service (IaaS) 24
  • 25. © 2013 Course Technology/Cengage Learning. All Rights Reserved 25 Table 11-1 Selecting the best rotation method © Cengage Learning 2013
  • 26. © 2013 Course Technology/Cengage Learning. All Rights Reserved Backup Strategies (cont’d.) • Cloud ownership – Public • Most common implementation • Third party makes services available over the Internet – Community • Collaboration between a few entities for their sole use – Private • Parent company creates a cloud for its own use and that of subordinate organizations • Theoretical implementation 26
  • 27. © 2013 Course Technology/Cengage Learning. All Rights Reserved Threats to Stored Information • Processes to prevent accidental loss of backup media – Careful processes – Use of professional couriers – Tape encryption – Erase backup tapes before returning to “scratch pool” for reuse • Backup and recovery elapsed time – Usually requires twice as much time to restore information as to produce the backup 27
  • 28. © 2013 Course Technology/Cengage Learning. All Rights Reserved Threats to Stored Information (cont’d.) • Redundant array of independent disks (RAID) – Method for ensuring data is not lost – Does not replace backup and recovery processes • Most common RAID configurations (levels) – RAID Level 0 • Creates one larger logical volume across several physical hard disk drives • Stores data in segments called stripes 28
  • 29. © 2013 Course Technology/Cengage Learning. All Rights Reserved Threats to Stored Information (cont’d.) • Most common RAID configurations (cont’d.) – RAID Level 1 • Data is written to two drives simultaneously • Disk mirroring – RAID Level 2 • Specialized form of disk striping with parity • Not commonly used – RAID Levels 3 and 4 • Byte and block-level striping of data • Parity information stored on a separate drive 29
  • 30. © 2013 Course Technology/Cengage Learning. All Rights Reserved Threats to Stored Information (cont’d.) • Most common RAID configurations (cont’d.) – RAID Level 5 • Similar to RAID 3 and 4 without a dedicated parity drive • Data segments interleaved with parity data – RAID Level 6 • Similar to RAID 5 with two blocks of parity data striped across the drives – RAID Level 7 • Proprietary variation on RAID 5 • Array works as a single virtual drive 30
  • 31. © 2013 Course Technology/Cengage Learning. All Rights Reserved Threats to Stored Information (cont’d.) • Most common RAID configurations (cont’d.) – RAID Level 10 • Combines benefits of RAID 0 and RAID 1 31
  • 32. © 2013 Course Technology/Cengage Learning. All Rights Reserved 32 Figure 11-6 Samples of RAID implementations © Cengage Learning 2013
  • 33. © 2013 Course Technology/Cengage Learning. All Rights Reserved Database Backups • Databases require special backup and recovery procedures – May or may not be able to back up database with server operating system utilities • System backup procedures may interrupt use of the database • Administrators need to know whether database uses special journal file systems – Files must be backed-up properly 33
  • 34. © 2013 Course Technology/Cengage Learning. All Rights Reserved Application Backups • Some applications use file systems in ways that invalidate customary backup methods – Ensure advance planning and inclusion of application support team members • Real-time protection; server recovery and application recovery – Use of mirroring provides real-time protection – One implementation method: using hot, warm, and cold servers 34
  • 35. © 2013 Course Technology/Cengage Learning. All Rights Reserved Application Backups (cont’d.) • Bare metal recovery technologies – Designed to replace operating systems and services when they fail • Server clustering – Active/passive clustering • Two identically configured servers share access to the application data storage • Passive server takes control if active server fails – Active/active clustering • All members of a cluster simultaneously provide application services 35
  • 36. © 2013 Course Technology/Cengage Learning. All Rights Reserved Application Backups (cont’d.) • Electronic vaulting – Bulk transfer of data in batches to an off-site facility – Usually conducted over dedicated network links – Criteria: cost of the service and required bandwidth – More expensive than tape backup – Slower than data mirroring – Data must be encrypted while in transit 36
  • 37. © 2013 Course Technology/Cengage Learning. All Rights Reserved 37 Figure 11-7 Electronic vaulting architecture © Cengage Learning 2013
  • 38. © 2013 Course Technology/Cengage Learning. All Rights Reserved Application Backups (cont’d.) • Remote journaling – Transfer of live transactions to an off-site facility – Only transaction data is transferred, not archived data – Transfer is performed online and closer to real-time 38
  • 39. © 2013 Course Technology/Cengage Learning. All Rights Reserved 39 Figure 11-8 Remote journaling architecture © Cengage Learning 2013
  • 40. © 2013 Course Technology/Cengage Learning. All Rights Reserved Application Backups (cont’d.) • Database shadowing – Propagation of transactions to a remote copy of the database – Combines electronic vaulting with remote journaling • Applying transactions to the database simultaneously in two separate locations 40
  • 41. © 2013 Course Technology/Cengage Learning. All Rights Reserved 41 Figure 11-9 Database shadowing architecture © Cengage Learning 2013
  • 42. © 2013 Course Technology/Cengage Learning. All Rights Reserved Network-Attached Storage and Storage Area Networks • Network-attached storage (NAS) – Single device or server that attaches to the network – Provides online storage – Configured to allow users or groups of users to access data storage – Does not work well with real-time applications • Storage area networks (SANs) – Uses fibre-channel or iSCSI connections 42
  • 43. © 2013 Course Technology/Cengage Learning. All Rights Reserved 43 Figure 11-10 SAN and NAS architectures © Cengage Learning 2013
  • 44. © 2013 Course Technology/Cengage Learning. All Rights Reserved 44 Table 11-2 NAS versus SAN © Cengage Learning 2013
  • 45. © 2013 Course Technology/Cengage Learning. All Rights Reserved Service Level Agreements (SLAs) • Contractual documents guaranteeing certain minimum levels of service provided by vendors • Service levels commonly measured as series of nines – Example: three nines availability − 99.9 percent uptime or better 45
  • 46. © 2013 Course Technology/Cengage Learning. All Rights Reserved Incident Response Plan • Incident response – Set of procedures that commences when an incident is detected – Must be carefully planned and coordinated 46 Figure 11-11 NIST incident response process © Cengage Learning 2013
  • 47. © 2013 Course Technology/Cengage Learning. All Rights Reserved Form IR Planning Team • First step in the incident response planning process • Example stakeholder groups represented in the IR team – General management – IT management – Information security management – Operations – Legal affairs – Public relations – Customer support 47
  • 48. © 2013 Course Technology/Cengage Learning. All Rights Reserved Develop IR Planning Policy • Structural overview of a typical IR policy – Statement of management commitment – Purpose and objectives of the policy – Scope of the policy – Definition of information security incidents and consequences – Definition of roles and responsibilities – Prioritization of incidents – Performance measures – Reporting and contact forms 48
  • 49. © 2013 Course Technology/Cengage Learning. All Rights Reserved Integrate the Business Impact Analysis (BIA) • Identify potentially successful attacks and understand possible outcomes • Three-stage process – Threat attack identification and prioritization – Attack success scenario development – Potential damage assessment 49
  • 50. © 2013 Course Technology/Cengage Learning. All Rights Reserved Identify Preventive Controls Unique to IR • Identify preventative controls currently in place – Involves asset inventory and prioritization • Determine whether controls are effective • Some assets protect organizations against incidents and disaster – Example: fire suppression equipment 50
  • 51. © 2013 Course Technology/Cengage Learning. All Rights Reserved Organize the Computer Security Incident Response Team (CSIRT) • Computer Security Incident Response Team – Group of individuals who will respond to an incident – Select personnel based on skills and access privileges – Different CSIRT subteams can be formed based on scope and type of incident • Training members can occur in various ways – National training programs and conferences – Mentoring-type training 51
  • 52. © 2013 Course Technology/Cengage Learning. All Rights Reserved Create IR Contingency Strategies • Plan exactly how to respond to various incidents • Strategies vary greatly – Single IR strategy – Several optional plans to handle different circumstances • General categories of strategies – Protect and forget – Apprehend and prosecute 52
  • 53. © 2013 Course Technology/Cengage Learning. All Rights Reserved 53 Table 11-3 Key steps in reaction strategies © Cengage Learning 2013
  • 54. © 2013 Course Technology/Cengage Learning. All Rights Reserved Develop the Incident Response (IR) Plan • General sections of the incident response plan – Identification – Response – Containment and eradication – Recovery • Incident classification – Process of evaluating organizational events • Possible indicators of an incident – Presence of unfamiliar files 54
  • 55. © 2013 Course Technology/Cengage Learning. All Rights Reserved Develop the Incident Response (IR) Plan (cont’d.) • Possible indicators of an incident (cont’d.) – Presence of unknown programs or processes – Unusual consumption of computing resources – Unusual system crashes • Probable indicators of an incident – Activities at unexpected times – Presence of new accounts – Reported attacks – Notification from IDS 55
  • 56. © 2013 Course Technology/Cengage Learning. All Rights Reserved Develop the Incident Response (IR) Plan (cont’d.) • Definite indicators of an incident – Use of dormant accounts – Modified or missing logs – Presence of hacker tools – Notifications by a partner or peer – Notification by hacker • Response actions – Notification – Documenting the incident • Interview individuals involved 56
  • 57. © 2013 Course Technology/Cengage Learning. All Rights Reserved Develop the Incident Response (IR) Plan (cont’d.) • Containment/eradication – First step: identify the affected area • Containment strategies – Disable compromised user accounts – Reconfigure firewall to block problem traffic – Temporarily disable compromised process or service – Take down the conduit application or server – Stopping all computers and network devices 57
  • 58. © 2013 Course Technology/Cengage Learning. All Rights Reserved Develop the Incident Response (IR) Plan (cont’d.) • Recovery – Inform appropriate human resources – Assess full extent of the damage – Begin recovery operations based on appropriate section of the IR plan – Steps • Identify and resolve vulnerabilities • Restore data • Restore services and processes • Restore confidence across the organization • After-action review 58
  • 59. © 2013 Course Technology/Cengage Learning. All Rights Reserved Ensure Plan Testing, Training, and Exercises • Five strategies to test contingency plans – Desk check – Structured walk-through – Simulation – Parallel testing – Full interruption – War gaming 59
  • 60. © 2013 Course Technology/Cengage Learning. All Rights Reserved IR Plan Maintenance • Plan should be periodically reviewed – Every one year or less – Shortcomings should be noted • Deficiencies may come to light based on: – AARs – Use of plan for actual incidents – Use of plan for simulated incidents – Review during periodic maintenance • Revise plan to correct deficiencies 60
  • 61. © 2013 Course Technology/Cengage Learning. All Rights Reserved Summary • Contingency planning (CP) – Process of positioning an organization to prepare, detect, react to, and recover from events that threaten information security assets • CP has 12 stages • BIA provides the CP team with information about systems and the threats they face • IR plan documents actions an organization should take while an incident is in progress 61
  • 62. © 2013 Course Technology/Cengage Learning. All Rights Reserved Summary (cont’d.) • Business continuity planning (BCP) ensures that business-critical functions can continue when a disaster occurs • Two general IR strategies include “protect and forget” and “apprehend and prosecute” • Stopping the incident or containing its impact is a critical component of incident response • Ongoing maintenance of the IR plan includes after- action reviews (AARs) 62