Muutke küpsiste eelistusi

Business Continuity and Disaster Recovery Planning for IT Professionals 2nd edition [Pehme köide]

3.50/5 (12 hinnangut Goodreads-ist)
(MCSE, MCT Founder, Virtual Team Consulting, Tucson, AZ, USA)
  • Formaat: Paperback / softback, 620 pages, kõrgus x laius: 235x191 mm, kaal: 1250 g
  • Ilmumisaeg: 31-Oct-2013
  • Kirjastus: Syngress Media,U.S.
  • ISBN-10: 0124105262
  • ISBN-13: 9780124105263
Teised raamatud teemal:
Business Continuity and Disaster Recovery Planning for IT Professionals 2nd editionSuurem pilt
  • Formaat: Paperback / softback, 620 pages, kõrgus x laius: 235x191 mm, kaal: 1250 g
  • Ilmumisaeg: 31-Oct-2013
  • Kirjastus: Syngress Media,U.S.
  • ISBN-10: 0124105262
  • ISBN-13: 9780124105263
Teised raamatud teemal:
Püsilink: https://www.kriso.ee/db/9780124105263.html
Märksõnad:
Powerful Earthquake Triggers Tsunami in Pacific. Hurricane Isaac Makes Landfall in the Gulf Coast. Wildfires Burn Hundreds of Houses and Businesses in Colorado. Tornado Touches Down in Missouri. These headlines not only have caught the attention of people around the world, they have had a significant effect on IT professionals as well. The new 2nd Edition of Business Continuity and Disaster Recovery for IT Professionals gives you the most up-to-date planning and risk management techniques for business continuity and disaster recovery (BCDR). With distributed networks, increasing demands for confidentiality, integrity and availability of data, and the widespread risks to the security of personal, confidential and sensitive data, no organization can afford to ignore the need for disaster planning.

Author Susan Snedaker shares her expertise with you, including the most current options for disaster recovery and communication, BCDR for mobile devices, and the latest infrastructure considerations including cloud, virtualization, clustering, and more. Snedaker also provides you with new case studies in several business areas, along with a review of high availability and information security in healthcare IT.

Dont be caught off guardBusiness Continuity and Disaster Recovery for IT Professionals, 2nd Edition , is required reading for anyone in the IT field charged with keeping information secure and systems up and running.

Muu info

Increase your company's odds of surviving a major disaster.
Acknowledgments xix
About the Authors xxi
Introduction xxiii
Chapter 1 Business Continuity and Disaster Recovery Overview
1(28)
Introduction
1(2)
Business Continuity and Disaster Recovery Defined
3(1)
Components of Business
4(7)
People in BC/DR Planning
6(2)
Process in BC/DR Planning
8(2)
Technology in BC/DR Planning
10(1)
The Cost of Planning versus the Cost of Failure
11(7)
People
15(1)
Process
16(1)
Technology
17(1)
Types of Disasters to Consider
18(1)
Business Continuity and Disaster Recovery Planning Basics
19(5)
Project Initiation
21(1)
Risk Assessment
22(1)
Business Impact Analysis
22(1)
Mitigation Strategy Development
22(1)
Plan Development
23(1)
Training, Testing, and Auditing
23(1)
Plan Maintenance
23(1)
Summary
24(1)
Key Concepts
25(2)
BC/DR Defined
25(1)
Components of Business
26(1)
The Cost of Planning versus the Cost of Failure
26(1)
Types of Disasters to Consider
27(1)
BC/DR Planning Basics
27(1)
References
27(2)
Chapter 2 Legal and Regulatory Obligations Regarding Data and Information Security
29(22)
Introduction
29(2)
Impact of Recent History
31(2)
Current Regulatory Environment
33(4)
Source of Legal Obligations
33(2)
Scope of Legal Obligations
35(2)
Information Security Management
37(3)
Responsibility Lies at the Top
37(1)
Written Information Security Program (WISP)
38(2)
Did You Know?
40(1)
Summary
40(1)
Key Concepts
41(1)
Impact of Recent History
41(1)
Current Regulatory Environment
41(1)
Information Security Management
41(1)
References
42(1)
Case Study
Case Study: Legal Obligations Regarding Data Security
43(1)
Contributor Profile
43(1)
Background
44(1)
The Sony PlayStation Incident
44(1)
State Laws Regarding Data Security
45(2)
Notice of Security Breach Laws
45(2)
Safeguarding Personal Data State Laws
47(1)
Federal Laws Regarding Data Security
47(2)
U.S. House of Representatives Proposed Bill
48(1)
U.S. Senate Response
49(1)
Executive Order-improving Critical Infrastructure Cyber Security
49(1)
Conclusion
49(1)
References
50(1)
Chapter 3 Project Initiation
51(100)
Introduction
51(1)
Elements of Project Success
52(11)
Executive Support
53(3)
User Involvement
56(1)
Experienced Project Manager
56(1)
Clearly Defined Project Objectives
57(1)
Clearly Defined Project Requirements
58(1)
Clearly Defined Scope
59(2)
Shorter Schedule, Multiple Milestones
61(1)
Clearly Defined Project Management Process
61(2)
Project Plan Components
63(11)
Project Initiation or Project Definition
64(7)
Forming the Project Team
71(3)
Project Organization
74(17)
Project Objectives
74(3)
Project Stakeholders
77(1)
Project Requirements
78(2)
Project Parameters
80(4)
Project Infrastructure
84(1)
Project Processes
85(4)
Project Communication Plan
89(2)
Project Planning
91(1)
Work Breakdown Structure
91(1)
Critical Path
91(1)
Project Implementation
92(2)
Managing Progress
93(1)
Managing Change
94(1)
Project Tracking
94(1)
Project Close Out
95(1)
Key Contributors and Responsibilities
96(10)
Information Technology
96(3)
Human Resources
99(1)
Facilities/Security
99(1)
Finance/Legal
100(1)
Warehouse/Inventory/Manufacturing/Research
101(1)
Purchasing/Logistics
102(1)
Marketing and Sales
102(1)
Public Relations
103(2)
Operations
105(1)
Project Definition
106(1)
Business Requirements
107(2)
Functional Requirements
109(2)
Technical Requirements
111(1)
Business Continuity and Disaster Recovery Project Plan
112(3)
Project Definition, Risk Assessment
113(1)
Business Impact Analysis
113(1)
Risk Mitigation Strategies
114(1)
Plan Development
114(1)
Emergency Preparation
114(1)
Training, Testing, Auditing
114(1)
Plan Maintenance
115(1)
Summary
115(2)
Key Concepts
117(2)
Elements of Project Success
117(1)
Project Plan Components
117(1)
Key Contributors and Responsibilities
118(1)
Project Definition
118(1)
Business Continuity and Disaster Recovery Plan
119(1)
References
119(2)
Industry Spotlight #1---Energy/Utilities
Business Continuity and Disaster Recovery in Energy/Utilities
121(1)
Introduction
121(2)
Integrating BC/DR Requirements into IT Governance
123(5)
BC/DR Requirements Definition
124(1)
IT Service Level Definition
125(1)
Application Recovery Procedures
126(1)
Summary of Integrating BC/DR Requirements into IT Governance
127(1)
Improving BC/DR Recovery and Risk Mitigation Strategies
128(15)
Ensuring Access to BC/DR Documentation in a Disaster
128(2)
Change Approval Board and Technical Change Review Committees
130(1)
Security Control Testing
131(1)
Separation of Duties
132(1)
Centralized Security Vulnerability Assessment
132(1)
IT Network Vulnerability Assessment
133(1)
Security Control Baselines and Change Detection
134(1)
Data Center and Network
134(1)
Compute and Data
135(4)
Self-service Application Failover and Fallback
139(1)
Industrial Control Systems
140(2)
Summary of Improving BC/DR Recovery and Risk Mitigation Strategies
142(1)
Improving BC/DR Testing
143(7)
Recovery from Actual Incidents: Postmortems and Documenting Lessons Learned
143(1)
Scheduled BC/DR Tests
144(5)
Summary of Scheduled BC/DR Testing
149(1)
Summary of Best Practices and Key Concepts
150(1)
References
150(1)
Chapter 4 Risk Assessment
151(74)
Introduction
151(2)
Risk Management Basics
153(6)
Risk Management Process
155(4)
People, Process, Technology, and Infrastructure in Risk Management
159(1)
People
159(3)
Process
160(1)
Technology
160(1)
Infrastructure
161(1)
IT-Specific Risk Management
161(1)
IT Risk Management Objectives
162(6)
The System Development Lifecycle Model
163(3)
Risk Assessment Components
166(2)
Information Gathering Methods
168(35)
Natural and Environmental Threats
169(16)
Human Threats
185(10)
Infrastructure Threats
195(4)
Threat Checklist
199(3)
Threat Assessment Methodology
202(1)
Quantitative Threat Assessment
203(11)
Qualitative Threat Assessment
207(4)
Vulnerability Assessment
211(3)
People, Process, Technology, and Infrastructure
214(5)
Vulnerability Assessment
216(3)
Summary
219(2)
Key Concepts
221(2)
Risk Management Basics
221(1)
Risk Assessment Components
222(1)
Threat Assessment Methodology
222(1)
Vulnerability Assessment
223(1)
References
223(2)
Chapter 5 Business Impact Analysis
225(112)
Introduction
225(1)
Business Impact Analysis Overview
226(6)
Upstream and Downstream Losses
229(1)
Understanding The Human Impact
230(2)
Understanding Impact Criticality
232(9)
Criticality Categories
232(3)
Recovery Time Requirements
235(6)
Identifying Business Functions
241(8)
Facilities and Security
242(1)
Finance
243(1)
Human Resources
244(1)
Information Technology
245(1)
Legal/Compliance
245(1)
Manufacturing (Assembly)
246(1)
Marketing and Sales
246(1)
Operations
247(1)
Research and Development
247(1)
Warehouse (Inventory, Fulfillment, Shipping, and Receiving)
248(1)
Other Areas
248(1)
Gathering Data for the Business Impact Analysis
249(5)
Data Collection Methodologies
250(4)
Determining the Impact
254(2)
Business Impact Analysis Data Points
256(12)
Understanding IT Impact
260(8)
Preparing the Business Impact Analysis Report
268(2)
Summary
270(1)
Key Concepts
271(2)
BIA Overview
271(1)
Understanding Impact Criticality
271(1)
Identifying Business Functions
272(1)
Gathering Impact Data
272(1)
Determining Impact
273(1)
BIA Data Points
273(1)
References
273(2)
Industry Spotlight #2 Healthcare
Business Continuity and Disaster Recovery in Healthcare
275(1)
Introduction to Healthcare IT
275(14)
Types of Healthcare Organizations
277(3)
The Rising Cost of Healthcare
280(1)
Governmental Incentives and Penalties
281(2)
HIEs and Accountable (Care) Organizations
283(2)
Integration of Healthcare IT and Medical Equipment
285(1)
Consumer-Driven Healthcare
286(1)
Real-Time Data
287(1)
Summary
288(1)
Regulatory Environment
289(7)
Centers for Medicare and Medicaid Services/Joint Commission on Accreditation of Healthcare Organizations
289(1)
U.S. Food and Drug Administration
290(2)
Health Insurance Portability and Accountability Act
292(2)
Health Information Technology for Economic and Clinical Health
294(1)
Payment Card Industry
295(1)
State and Local Requirements
296(1)
Healthcare IT Risk Management
296(3)
Patient Safety
297(1)
Patient Care
298(1)
Organizational Solvency
298(1)
Facility Management
299(1)
Technical Needs---Healthcare IT Architecture
299(11)
Clinical Systems
300(1)
Business Systems
301(1)
Types of Data
302(2)
Types of Systems and Storage
304(6)
Healthcare Operational Needs
310(5)
Admitting
310(1)
Insurance Verification and Billing Services
311(2)
Clinical Care
313(2)
Interoperability Among Disparate Systems
315(3)
Electronic Medical Record
315(1)
Diagnostic Imaging
316(1)
Medical Equipment
316(1)
Food Services
316(1)
Environmental Services
316(1)
Billing and Payment Systems
317(1)
Payroll
317(1)
Human Resources
318(1)
Current Environment and New Technology
318(5)
Advances in Data Storage and Replication
318(1)
Mobile Devices
319(1)
Virtualization and Cloud Computing
320(2)
Communication Systems
322(1)
Current Environment and New Technology Summary
323(1)
Healthcare IT BC/DR Best Practices
323(5)
Security Frameworks
323(3)
Best Practices
326(2)
Summary
328(4)
Overview of Healthcare IT
328(1)
Regulatory Requirements
328(1)
Healthcare IT Risk Management
329(1)
Technical Needs---Healthcare IT Architecture
329(1)
Healthcare Operational Needs
330(1)
Interoperability Among Disparate Systems---Integration in Healthcare IT
330(1)
Current Environment and New Technology
331(1)
Healthcare IT BC/DR Best Practices
331(1)
Key Concepts
332(3)
References
335(2)
Chapter 6 Risk Mitigation Strategy Development
337(32)
Introduction
337(2)
Types of Risk Mitigation Strategies
339(4)
Risk Acceptance
340(1)
Risk Avoidance
340(3)
The Risk Mitigation Process
343(7)
Recovery Requirements
343(1)
Recovery Options
343(3)
Recovery Time of Options
346(1)
Cost versus Capability of Recovery Options
347(1)
Recovery Service Level Agreements
347(2)
Review Existing Controls
349(1)
Developing your Risk Mitigation Strategy
350(4)
People, Buildings, and Infrastructure
354(1)
IT Risk Mitigation
355(3)
Critical Data and Records
356(1)
Critical Systems and Infrastructure
356(2)
Backup and Recovery Considerations
358(7)
Alternate Business Processes
358(1)
IT Recovery Systems
359(5)
Documenting Your Risk Mitigation Strategy
364(1)
Summary
365(1)
Key Concepts
365(2)
Types of Risk Mitigation Strategies
365(1)
Risk Mitigation Process
366(1)
IT Risk Mitigation
367(1)
Backup and Recovery Considerations
367(1)
References
367(2)
Chapter 7 Business Continuity/Disaster Recovery Plan Development
369(58)
Introduction
369(2)
Implement Risk Mitigation
371(4)
Phases of Business Continuity and Disaster
375(8)
Activation Phase
375(6)
Recovery Phase
381(1)
Business Continuity Phase
382(1)
Maintenance/Review Phase
383(1)
Defining BC/DR Teams and Key Personnel
383(9)
Crisis Management Team
384(1)
Management
385(1)
Damage Assessment Team
385(1)
Operations Assessment Team
385(1)
IT Team
386(1)
Administrative Support Team
386(1)
Transportation and Relocation Team
386(1)
Media Relations Team
387(1)
Human Resources Team
387(1)
Legal Affairs Team
387(1)
Physical/Personnel Security Team
388(1)
Procurement Team (Equipment and Supplies)
388(1)
General Team Guidelines
389(1)
BC/DR Contact Information
390(2)
Defining Tasks and Assigning Resources
392(8)
Alternate Site
393(2)
Cloud Services
395(2)
Contracts for BC/DR Services
397(3)
Communications Plans
400(2)
Internal
400(1)
Employee
400(1)
Customers and Vendors
401(1)
Shareholders
401(1)
The Community and the Public
401(1)
Event Logs, Change Control, and Appendices
402(5)
Event Logs
403(1)
Change Control
404(1)
Distribution
405(1)
Appendices
406(1)
Additional Resources
407(1)
What's Next
407(1)
Summary
408(1)
Key Concepts
409(2)
Phases of Business Continuity and Disaster Recovery
409(1)
Defining BC/DR Teams and Key Personnel
409(1)
Defining Tasks and Assigning Resources
410(1)
Communications Plans
410(1)
Event Logs and Change Control
411(1)
Appendices
411(1)
References
411(2)
Industry Spotlight #3 Financial
Business Continuity and Disaster Recovery in Financial Services
413(1)
Overview
413(1)
Finance Industry Regulation Overview
413(3)
United States Financial Regulation
414(1)
European Financial Regulation
415(1)
Other Regions' Financial Regulation
415(1)
Finance Industry Requirements for Business Continuity
416(1)
Industry Impact---September 11 Attacks
416(4)
Industry Impact---Hurricane Sandy
420(2)
Industry Impact---Cyber Threats
422(2)
Looking Forward
424(1)
Summary
425(1)
References
425(2)
Chapter 8 Emergency Response and Recovery
427(52)
Introduction
427(1)
Emergency Management Overview
428(1)
Emergency Response Plans
428(2)
Emergency Response Teams
430(2)
Crisis Management Team
432(4)
Emergency Response and Disaster Recovery
433(1)
Alternate Facilities Review and Management
433(1)
Crisis Communications
433(2)
Human Resources
435(1)
Legal
436(1)
Insurance
436(1)
Finance
436(1)
Disaster Recovery
436(8)
Activation and Emergency Response Checklists
437(1)
Recovery Checklist
437(1)
IT Recovery Task
438(6)
Business Continuity
444(2)
Summary
446(1)
Key Concepts
447(2)
Emergency Management Overview
447(1)
Emergency Response Plans
447(1)
Crisis Management Team
448(1)
Disaster Recovery
448(1)
IT Recovery
448(1)
Business Continuity
449(1)
References
449(2)
Industry Spotlight #4 SMBs
Business Continuity and Disaster Recovery for Small- and Medium-Sized Businesses
451(1)
Overview of SMB Disaster Recovery
451(2)
SMB Disaster Preparedness: Survey Results
453(1)
On-Premise Disaster Recovery
453(3)
SMB Case Studies
455(1)
Using a Co-location Data Center for Disaster Recovery
456(4)
The Value of Co-location Data Centers in a Disaster
457(1)
Tips for Selecting a Co-location Provider
457(1)
What Does a Co-location Center Cost?
458(1)
SMB Case Study: Balancing Internal Capability and Cost with Co-location Data Centers for DR
459(1)
Disaster Recovery in the Cloud
460(14)
Disaster Recovery in the Cloud Options
462(3)
Protecting Branch Offices with Cloud Disaster Recovery
465(4)
SMB Case Studies
469(5)
Summary
474(1)
Key Concepts
474(3)
Overview of SMB Disaster Recovery
474(1)
SMB Disaster Preparedness: Survey Results
475(1)
On-premise Disaster Recovery
475(1)
Using a Co-location Data Center for Disaster Recovery
476(1)
Disaster Recovery in the Cloud
476(1)
References
477(2)
Chapter 9 Training, Testing, and Auditing
479(26)
Introduction
479(1)
Training for Disaster Recovery and Business Continuity
479(6)
Emergency Response
480(1)
Disaster Recovery and Business Continuity Training Overview
481(1)
Training Scope, Objectives, Timelines, and Requirements
481(1)
Performing Training Needs Assessment
482(1)
Developing Training
483(1)
Scheduling and Delivering Training
484(1)
Monitoring and Measuring Training
485(1)
Training and Testing for Your Business Continuity and Disaster Recovery Plan
485(8)
Paper Walk-Through
487(4)
Functional Exercises
491(1)
Field Exercises
492(1)
Full Interruption Test
492(1)
Training Plan Implemented
493(1)
Testing the BC/DR Plan
493(6)
Understanding of Processes
494(1)
Validation of Task Integration
495(1)
Confirm Steps
495(1)
Confirm Resources
495(1)
Familiarize with Information Flow
495(1)
Identify Gaps or Weaknesses
496(1)
Determine Cost and Feasibility
496(2)
Test Evaluation Criteria
498(1)
Recommendations
499(1)
Performing IT Systems and Security Audits
499(1)
IT Systems and Security Audits
499(2)
Summary
501(2)
Key Concepts
503(1)
Training for Emergency Response, Disaster Recovery, and Business Continuity
503(1)
Testing your Business Continuity and Disaster Recovery Plan
503(1)
Performing IT Systems Audits
504(1)
References
504(1)
Chapter 10 BC/DR Plan Maintenance
505(16)
Introduction
505(1)
BC/DR Plan Change Management
506(7)
Training, Testing, and Auditing
507(1)
Changes in Information Technologies
507(1)
Changes in Operations
508(1)
Corporate Changes
509(1)
Legal, Regulatory, or Compliance Changes
510(1)
Strategies for Managing change
510(1)
Monitor Change
511(1)
Evaluate and Incorporate Change
512(1)
BC/DR Plan Audit
513(1)
Plan Maintenance Activities
514(1)
Project Close Out
515(1)
Summary
516(2)
Key Concepts
518(3)
BC/DR Plan Change Management
518(1)
Strategies for Managing Change
518(1)
BC/DR Plan Audit
519(1)
Plan Maintenance Activities
519(1)
Project Close Out
519(2)
APPENDIX A Risk Management Checklist
521(6)
Risk Assessment
521(3)
Mitigation Strategies
524(3)
APPENDIX B Crisis Communications Checklist
527(2)
Communication Checklist
527(1)
Message Content
528(1)
APPENDIX C Emergency Response and Recovery Checklists
529(8)
High-Level Checklist
529(1)
Activation Checklists
530(1)
Emergency Response Checklists
531(2)
Recovery Checklists
533(4)
APPENDIX D Business Continuity Checklist
537(6)
Resuming Work
537(2)
Manufacturing, Warehouse, Production, and Operations
539(1)
Resuming Normal Operations
539(2)
Transition to Normalized Activities
541(2)
APPENDIX E IT Recovery Checklists
543(4)
IT Recovery Checklist One: Infrastructure
543(1)
Recovery Checklist Three: Office Area and End-User Recovery
544(1)
Recovery
544(1)
Recovery Checklist Four: Business Process Recovery
545(1)
Recovery Checklist Five: Manufacturing, Production, and Operations Recovery
545(2)
APPENDIX F Training, Testing, and Auditing Checklists
547(2)
Training and Testing
547(1)
IT Auditing
547(2)
APPENDIX G BC/DR Plain Maintenance Checklist
549(2)
Change Management
549(2)
Glossary of Terms 551(14)
Index 565
Susan Snedaker, currently Director of IT and Information Security Officer at a large community hospital in Arizona, which has achieved HIMSS Analytics Stage 7 (EMR) certification and has been voted 100 Most Wired Hospitals two years in a row. Susan has over 20 years experience working in IT in both technical and executive positions including with Microsoft, Honeywell, and VirtualTeam Consulting. Her experience in executive roles has honed her extensive strategic and operational experience in managing data centers, core infrastructure, hardware, software and IT projects involving both small and large teams. Susan holds a Masters degree in Business Administration (MBA) and a Bachelors degree in Management. She is a Certified Professional in Healthcare Information Management Systems (CPHIMS), Certified Information Security Manager (CISM), and was previously certified as a Microsoft Certified Systems Engineer (MCSE), a Microsoft Certified Trainer (MCT). Susan also holds a certificate in Advanced Project Management from Stanford University and an Executive Certificate in International Management from Thunderbird Universitys Garvin School of International Management. She is the author of six books and numerous chapters on a variety of technical and IT subjects.