Escolar Documentos
Profissional Documentos
Cultura Documentos
Agenda
Aspectos Generales
Gestin del BCP e Iniciacin
Roles y Responsabilidades
Anlisis de Impacto de Negocio
Medidas Preventivas
Estrategias de Recupero
Desarrollo
Prueba y Revisin
Referencias y Lecturas Complementarias
Preguntas
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 2
Copyright 2004-2008 SICinformtica S.R.L.
Aspectos Generales
1
CISSP Security Training Business Continuity Planning and Disaster Recovery Planning
Aspectos Generales
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 4
Copyright 2004-2008 SICinformtica S.R.L.
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 5
Copyright 2004-2008 SICinformtica S.R.L.
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 6
Copyright 2004-2008 SICinformtica S.R.L.
2
CISSP Security Training Business Continuity Planning and Disaster Recovery Planning
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 7
Copyright 2004-2008 SICinformtica S.R.L.
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 8
Copyright 2004-2008 SICinformtica S.R.L.
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 9
Copyright 2004-2008 SICinformtica S.R.L.
3
CISSP Security Training Business Continuity Planning and Disaster Recovery Planning
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 10
Copyright 2004-2008 SICinformtica S.R.L.
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 11
Copyright 2004-2008 SICinformtica S.R.L.
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 12
Copyright 2004-2008 SICinformtica S.R.L.
4
CISSP Security Training Business Continuity Planning and Disaster Recovery Planning
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 13
Copyright 2004-2008 SICinformtica S.R.L.
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 14
Copyright 2004-2008 SICinformtica S.R.L.
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 15
Copyright 2004-2008 SICinformtica S.R.L.
5
CISSP Security Training Business Continuity Planning and Disaster Recovery Planning
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 16
Copyright 2004-2008 SICinformtica S.R.L.
Algunos Conceptos
Desastre
Cualquier evento calamitoso, repentino y no planeado que
ocasiona grandes daos o prdidas.
Cualquier evento que inhabilite a una organizacin para
soportar sus funciones crticas de negocio por un perodo
de tiempo predeterminado.
Otras definiciones:
Interrupcin de servicio no planificada
Interrupcin de servicio extendida
Interrupcin que no puede ser tratada con los
procedimientos tpicos de gestin de problemas
Evento que causa un dao o prdida severa
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 17
Copyright 2004-2008 SICinformtica S.R.L.
Sistema Crtico
Software y hardware necesario para garantizar la viabilidad de una
unidad de negocio u organizacin durante una interrupcin en el
procesamiento normal de los datos.
Infraestructura
Instalaciones y facilidades bsicas sobre las cuales se apoya la
continuidad y el crecimiento de una comunidad o una organizacin.
Ej.: plantas de energa, sistemas de transporte, etc.
Facilidades
Equipamiento (no informtico) de soporte al procesamiento.
Funciones crticas del negocio
Aquellas funciones de negocio que deben ser recuperadas en caso
de interrupcin, para garantizar que los activos de la organizacin son
protegidos, los objetivos de la misma son alcanzados y la
organizacin cumple con las regulaciones del gobierno y la industria.
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 18
Copyright 2004-2008 SICinformtica S.R.L.
6
CISSP Security Training Business Continuity Planning and Disaster Recovery Planning
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 19
Copyright 2004-2008 SICinformtica S.R.L.
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 21
Copyright 2004-2008 SICinformtica S.R.L.
7
CISSP Security Training Business Continuity Planning and Disaster Recovery Planning
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 22
Copyright 2004-2008 SICinformtica S.R.L.
Roles y
Responsabilidades
Roles y Responsabilidades
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 24
Copyright 2004-2008 SICinformtica S.R.L.
8
CISSP Security Training Business Continuity Planning and Disaster Recovery Planning
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 25
Copyright 2004-2008 SICinformtica S.R.L.
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 26
Copyright 2004-2008 SICinformtica S.R.L.
Alta Gerencia
Inicia el proyecto, da la aprobacin final y apoya la iniciativa a lo
largo de todo su ciclo de vida.
Gerencia de Unidades de Negocio
Identifican y priorizan los sistemas y operaciones crticas del
negocio.
Comit de BCP
Dirige los procesos de planificacin, implantacin y prueba del
BCP.
Coordinador del BCP
Coordinar las tareas del Comit de BCP.
Unidades Funcionales
Participa en la planificacin, implantacin y prueba del BCP.
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 27
Copyright 2004-2008 SICinformtica S.R.L.
9
CISSP Security Training Business Continuity Planning and Disaster Recovery Planning
Anlisis de Impacto en
el Negocio
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 29
Copyright 2004-2008 SICinformtica S.R.L.
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 30
Copyright 2004-2008 SICinformtica S.R.L.
10
CISSP Security Training Business Continuity Planning and Disaster Recovery Planning
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 31
Copyright 2004-2008 SICinformtica S.R.L.
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 32
Copyright 2004-2008 SICinformtica S.R.L.
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 33
Copyright 2004-2008 SICinformtica S.R.L.
11
CISSP Security Training Business Continuity Planning and Disaster Recovery Planning
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 34
Copyright 2004-2008 SICinformtica S.R.L.
Ej.:
Funciones no esenciales: 30 das
Funciones normales: 7 das
Funciones importantes: 72 horas
Funciones urgentes: 24 horas
Funciones crticos: minutos a horas
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 35
Copyright 2004-2008 SICinformtica S.R.L.
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 36
Copyright 2004-2008 SICinformtica S.R.L.
12
CISSP Security Training Business Continuity Planning and Disaster Recovery Planning
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 37
Copyright 2004-2008 SICinformtica S.R.L.
Es importante contemplar:
Mal funcionamiento de equipamiento
Falta de disponibilidad de facilidades (energa,
comunicaciones)
Falta de disponibilidad de las instalaciones
Falta de disponibilidad de personal crtico
Falta de disponibilidad de proveedores o servicios
Daos a software o hardware
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 38
Copyright 2004-2008 SICinformtica S.R.L.
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 39
Copyright 2004-2008 SICinformtica S.R.L.
13
CISSP Security Training Business Continuity Planning and Disaster Recovery Planning
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 40
Copyright 2004-2008 SICinformtica S.R.L.
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 41
Copyright 2004-2008 SICinformtica S.R.L.
Medidas Preventivas
14
CISSP Security Training Business Continuity Planning and Disaster Recovery Planning
Medidas Preventivas
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 43
Copyright 2004-2008 SICinformtica S.R.L.
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 44
Copyright 2004-2008 SICinformtica S.R.L.
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 45
Copyright 2004-2008 SICinformtica S.R.L.
15
CISSP Security Training Business Continuity Planning and Disaster Recovery Planning
Estrategias de
Recupero
Introduccin
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 47
Copyright 2004-2008 SICinformtica S.R.L.
Introduccin (Cont.)
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 48
Copyright 2004-2008 SICinformtica S.R.L.
16
CISSP Security Training Business Continuity Planning and Disaster Recovery Planning
Introduccin (Cont.)
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 49
Copyright 2004-2008 SICinformtica S.R.L.
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 50
Copyright 2004-2008 SICinformtica S.R.L.
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 51
Copyright 2004-2008 SICinformtica S.R.L.
17
CISSP Security Training Business Continuity Planning and Disaster Recovery Planning
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 52
Copyright 2004-2008 SICinformtica S.R.L.
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 53
Copyright 2004-2008 SICinformtica S.R.L.
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 54
Copyright 2004-2008 SICinformtica S.R.L.
18
CISSP Security Training Business Continuity Planning and Disaster Recovery Planning
Hot Site
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 56
Copyright 2004-2008 SICinformtica S.R.L.
Warm Site
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 57
Copyright 2004-2008 SICinformtica S.R.L.
19
CISSP Security Training Business Continuity Planning and Disaster Recovery Planning
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 58
Copyright 2004-2008 SICinformtica S.R.L.
Cold Site
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 59
Copyright 2004-2008 SICinformtica S.R.L.
Reciprocal Agreements
20
CISSP Security Training Business Continuity Planning and Disaster Recovery Planning
Redundant Sites
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 61
Copyright 2004-2008 SICinformtica S.R.L.
Mobile Sites
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 62
Copyright 2004-2008 SICinformtica S.R.L.
21
CISSP Security Training Business Continuity Planning and Disaster Recovery Planning
Hardware Backup
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 64
Copyright 2004-2008 SICinformtica S.R.L.
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 65
Copyright 2004-2008 SICinformtica S.R.L.
Software Backup
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 66
Copyright 2004-2008 SICinformtica S.R.L.
22
CISSP Security Training Business Continuity Planning and Disaster Recovery Planning
Documentacin
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 67
Copyright 2004-2008 SICinformtica S.R.L.
Documentacin (Cont.)
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 68
Copyright 2004-2008 SICinformtica S.R.L.
Documentacin (Cont.)
23
CISSP Security Training Business Continuity Planning and Disaster Recovery Planning
Recursos Humanos
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 70
Copyright 2004-2008 SICinformtica S.R.L.
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 72
Copyright 2004-2008 SICinformtica S.R.L.
24
CISSP Security Training Business Continuity Planning and Disaster Recovery Planning
Usuario Final
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 73
Copyright 2004-2008 SICinformtica S.R.L.
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 74
Copyright 2004-2008 SICinformtica S.R.L.
Backup de Datos
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 75
Copyright 2004-2008 SICinformtica S.R.L.
25
CISSP Security Training Business Continuity Planning and Disaster Recovery Planning
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 76
Copyright 2004-2008 SICinformtica S.R.L.
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 77
Copyright 2004-2008 SICinformtica S.R.L.
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 78
Copyright 2004-2008 SICinformtica S.R.L.
26
CISSP Security Training Business Continuity Planning and Disaster Recovery Planning
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 80
Copyright 2004-2008 SICinformtica S.R.L.
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 81
Copyright 2004-2008 SICinformtica S.R.L.
27
CISSP Security Training Business Continuity Planning and Disaster Recovery Planning
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 82
Copyright 2004-2008 SICinformtica S.R.L.
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 83
Copyright 2004-2008 SICinformtica S.R.L.
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 84
Copyright 2004-2008 SICinformtica S.R.L.
28
CISSP Security Training Business Continuity Planning and Disaster Recovery Planning
Electronic Vaulting
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 86
Copyright 2004-2008 SICinformtica S.R.L.
Remote Journaling
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 87
Copyright 2004-2008 SICinformtica S.R.L.
29
CISSP Security Training Business Continuity Planning and Disaster Recovery Planning
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 89
Copyright 2004-2008 SICinformtica S.R.L.
Tape Vaulting
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 90
Copyright 2004-2008 SICinformtica S.R.L.
30
CISSP Security Training Business Continuity Planning and Disaster Recovery Planning
Desarrollo
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 92
Copyright 2004-2008 SICinformtica S.R.L.
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 93
Copyright 2004-2008 SICinformtica S.R.L.
31
CISSP Security Training Business Continuity Planning and Disaster Recovery Planning
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 94
Copyright 2004-2008 SICinformtica S.R.L.
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 95
Copyright 2004-2008 SICinformtica S.R.L.
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 96
Copyright 2004-2008 SICinformtica S.R.L.
32
CISSP Security Training Business Continuity Planning and Disaster Recovery Planning
I II III IV V
FASE INICIAL FASE DE FASE DE FASE DE APNDICES
ACTIVACIN RECUPERO RECONSTRUC-
CIN
- Definicin de - Pasos para la - Traslado al sitio - Recupero de las - Contactos
objetivos notificacin alternativo facilidades - Esquemas
- Conceptos - Anlisis de daos - Procesos de - Ambiente de - Requerimientos
generales - Activacin del restauracin prueba
- Roles y plan - Procesos de - Traslado de
responsabilidades recupero operaciones
- Definicin de
tareas
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 97
Copyright 2004-2008 SICinformtica S.R.L.
Prueba y Revisin
Prueba
33
CISSP Security Training Business Continuity Planning and Disaster Recovery Planning
Prueba (Cont.)
Prueba (Cont.)
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 101
Copyright 2004-2008 SICinformtica S.R.L.
Prueba (Cont.)
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 102
Copyright 2004-2008 SICinformtica S.R.L.
34
CISSP Security Training Business Continuity Planning and Disaster Recovery Planning
Prueba (Cont.)
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 103
Copyright 2004-2008 SICinformtica S.R.L.
Checklist
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 104
Copyright 2004-2008 SICinformtica S.R.L.
Seguimiento Estructurado
35
CISSP Security Training Business Continuity Planning and Disaster Recovery Planning
Simulacin
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 106
Copyright 2004-2008 SICinformtica S.R.L.
Prueba en Paralelo
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 107
Copyright 2004-2008 SICinformtica S.R.L.
Interrupcin Completa
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 108
Copyright 2004-2008 SICinformtica S.R.L.
36
CISSP Security Training Business Continuity Planning and Disaster Recovery Planning
Revisin
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 109
Copyright 2004-2008 SICinformtica S.R.L.
Revisin
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 110
Copyright 2004-2008 SICinformtica S.R.L.
Referencias y Lecturas
Complementarias
37
CISSP Security Training Business Continuity Planning and Disaster Recovery Planning
CISSP Security Training - Business Continuity Planning and Disaster Recovery Planning 112
Copyright 2004-2008 SICinformtica S.R.L.
Preguntas?
38