disaster recovery-project_TEAM1
Download as PPTX, PDF2 likes344 views
The document outlines Bullseye Corporation's Disaster Recovery Plan (DRP) to recover from a cyber attack. The DRP defines four phases - Response, Recovery, Resumption, and Restoration. The Response Phase focuses on stopping the breach and containing damage. The Recovery Phase prioritizes restoring critical databases and systems. The Resumption Phase determines if operations should move to the hot site or return to the primary site. Finally, the Restoration Phase merges data from all sources back to the primary systems. Communication with employees is important throughout the recovery.
disaster recovery-project_TEAM1
- 1. DISASTER RECOVERY PLAN FOR DATA RECOVERY FROM A CYBERATTACK BY: JAMES BOHL, NISHEETH AGRAWAL, SATISH LAKSHMANAN, AND STEVE REED Team 1 Bullseye Corporation B Corp. Bullseye
- 2. DRP- PURPOSE AND SCOPE Purpose of this DRP is to provide a detailed guide for the DR team and other teams who may be involved Scope of this DRP is cyber attacks on customer and employee data Some data is encrypted thus reducing the risk Customer general information – no encryption Customer login, credit card information – encrypted Employee general information – not encrypted Employee personal information - encrypted B Corp. Bullseye
- 3. DR PLAN OBJECTIVES Identify the risks of the systems security attack Define teams Provide recovery procedures including recovery checklists for cyber-attacks Provide company policies for disaster recovery Have the right tools for our teams to do the appropriate tasks B Corp. Bullseye
- 4. ASSUMPTIONS Various teams are already created – they are identified and addressed in this document Corporate management structure is identified in other documents Network plan and security detail as well as “how to protect” is documented in other documents that are available to DRP teams B Corp. Bullseye
- 5. INCIDENT – DISASTER ESCALATION PROCESS INICIDENT RESPONSE TEAM (IR TEAM) Incident is escalated to disaster after IR team assessment IR Team notifies DRT of the declared disaster. DRT evaluates disaster independent of IR plan. Is the disaster caused by an EXTERNAL source? INTERNAL Assign task to INTERNAL Disaster Team (IDT) EXTERNAL NO YES DISASTER RECOVERY TEAM (DRT) Report to Human Resources (HR) department Reports to Public Relations (PR) department EDT Activates DRP: Stop the attack: isolate, quarantine, shutdown the breached access. Assign task to EXTERNAL Disaster Team (EDT) B Corp. Bullseye
- 6. DISASTER RESPONSE PHASES RESPONSE PHASE Initial Assessment Manage Communications with Employees & Stakeholders Contain Damage: Protect the database and secure the network Continue planning for restoration Identify additional needed resources Finalize implementation of primary functions Initialize implementation of primary functions, i.e. recovery phase and secondary functions, i.e. hot site Recover Critical Business Functions Coordinate data recovery efforts Acquire Resources to replace damaged / destroyed equipment Evaluate need to implement BC Plan RECCOVERY PHASE RESUMPTION PHASE RESTORATION PHASE Restore data at the primary site while hot site handles critical operations Restore data from the tapes both from the backup center and hot site Restore normal operations at the primary site Stand down DR team, conduct after action review Continue recovery and restoration at primary site DISASTER RESPONSE PHASES B Corp. Bullseye
- 7. DISASTER RESPONSE Identify the disaster Contact proper response team leads Contain the disaster as much as possible Conduct damage assessment once contained Determine the resources and immediate funding needs Update the management team regarding damage Contact recovery and restoration teams B Corp. Bullseye
- 8. DISASTER RESPONSE Begin evidence collection (Forensics team only) Eradicate the vulnerabilities and backdoors that may have caused the disaster Begin system cleanup and data recovery Document the disaster and document any updates to this document B Corp. Bullseye
- 10. DISASTER RECOVERY By this point: Infected portions of the system have been sanitized Vulnerabilities have been corrected The system removed from internet access (internal intranet is made live if system is at all functional) The disaster recovery phase involves getting basic operations up and running to a functional state. – focus is DATA & SYSTEM RECOVERY. When the system has been breached and data compromised, recovery and restoration of company data along with systems operations are critical. B Corp. Bullseye
- 11. DISASTER RECOVERY Connect to the DRaaS department on secure connection The DRaaS will: Attempt to recover as much current, undamaged data from the system as possible Utilize proprietary software designed to repair as much damaged data as possible Run proprietary diagnostics software on the system to check for damage to the OS and hardware B Corp. Bullseye
- 12. DISASTER RECOVERY DRT will Install additional storage drives if required DRaaS will: Restore system operations and applications to a functional state Transfer recovered and repaired data along with remaining data from offsite backup storage to unused (and possibly newly installed) storage drives on the system B Corp. Bullseye If The System Passes Diagnostics Inspection:
- 13. DISASTER RECOVERY DRaaS will: Setup the off site recovery system’s critical operations and applications: hardware, OS, ERP software, networking, etc. - at warm site Transfer recovered and repaired data along with remaining data from offsite backup storage to recovery system at warm site B Corp. Bullseye If The System DOES NOT Pass Diagnostics Inspection:
- 14. DISASTER RESUMPTION Begin the process of resuming the operations Most critical capabilities during this phase Database rebuilding from backup Network security resumption and repair Resumption phase occurs in parallel with initial response and recovery Prioritization of activities in this phase is key B Corp. Bullseye
- 15. DISASTER RESUMPTION Critical steps: Establish data backup schedule per corporate procedures Implement hot site if needed Brief senior management on hot site activation Hot site ready for company data operations Begin repair of critical operations at primary site Keep workforce / management informed on progress of the primary site B Corp. Bullseye
- 16. Corrupt Data DISASTER RESTORATION Primary purpose Normalize business operations Return the organization to its pre-disaster state At end state, data operations and network security may have to change to prevent future disasters Critical steps: Data backup from original site and hot site must be restored to the main servers at primary site; hot site handles critical operations Transport backup tapes from the backup center, hot site, and original data farm to the disaster/primary site and restore on new servers Restored data is backed up; data backup policy in effect Run queries to ensure all databases are restored Prepare restoration report Conduct after action review B Corp. Bullseye
- 17. SUMMARY DRP guides Bulleye’s efforts recover from a cyber attack. Confidentiality, integrity, and availability are key aspects of our managed data to ensure success. This standard builds confidence in our customers, stakeholders, and employees. Response Phase: stop the breach; contain the damage. Recovery Phase: focus on our most critical business functions and assets; immediate recovery of databases and their proper security. Resumption Phase: determine move or no move to hot site; initiate move if needed; regain primary and secondary business functions. Restoration Phase: merge data from hot site and original site into single database. IMPORTANT…keep employees informed throughout the disaster recovery process. B Corp. Bullseye