DISASTER CENTER Study Case

1
DISASTER CENTERStudy Case

• DEMIRBANK ROMANIA

Piata Financiara Conference
January 29, 2002
2
Mission Statement

• Improving the quality of banking service
• Decrease economic loss
• Decrease exposure
• Minimize disruption in operation
• Increase operational stability
• Provide orderly recovery
• Decrease insurance premiums
• Decrease reliance on key staff
• Protecting company assets
• Minimize decision making during a disaster
• Decrease legal liabilities

3
Initiation of the project

• Inventory of equipment
• computers
• power supplies
• fire detection/prevention systems
• Vendor/Supplier-alternate vendor/supplier
• Availability for re-purchasing
• Hard copy records
• Probability of theft
• Define backup procedures and locations, third
  party location
• Disaster avoidance should be the key element of
  any disaster recovery/business continuity plan.

4
Security Posture Assessment

• Periodically run a SPA with well known services
  providers
• External SPA
• Internal SPA
• Understand the function of probabilities and risk
  reduction / mitigation within the organisation.
• Identify potential risks to the organisation.
• Identify outside expertise required.
• Identify vulnerabilities / threats / exposures.
• Identify risk reduction / mitigation
  alternatives.
• Identify credible information sources.
• Interface with management to determine acceptable
  risk levels.
• Document and present findings.

5
Business Impact Assessment

• Identify knowledgeable and credible functional
  area representatives.
• Identify organisational functions.
• Identify and define criticality criteria.
• Present criteria to management for approval.
• Co-ordinate analysis.
• Identify interdependencies.
• Define recovery objectives and timeframes,
  including recovery times, expected losses, and
  priorities.
• Identify information requirements.
• Identify resource requirements.
• Define report format.
• Prepare and present business impact analysis.

6
Determine Recovery Strategies

• What we recover ?
• Facilities
• Equipment
• Software
• Communication
• Data files
• Customer services
• User operations
• MIS
• End-user systems
• Other processing operations
• How we recover?
• Hot sites
• Warm sites
• Cold sites
• Reciprocal agreements
• Two data centers
• Multiple computers
• Service centers

7
Plan development

• Define roles and responsibilities
• Prepare necessary contracts for specific recovery
  alternatives
• Employees training
• Update existing procedures accordingly with the
  new environment

8
Testing

• Types of testing
• checklist
• simulation
• parallel
• full interruption
• Define list of possible events to be considered
  as disaster
• Extended power outages
• Chemical spills or hazardous contamination of the
  premises
• Hard drive crashes
• Equipment failure
• Equipment theft
• Flooding
• Bomb threats
• Adverse weather conditions
• Iterative process
• define test purposes
• build test team
• structure test
• perform test

9
Resource requirements

• Personnel
• Investments
• Expenses

10
HEAD OFFICE
ROUTER
R/R
PSTN
PSTN
GSM
R/R
GSM
WAN
TELECOM NETWORK
BRANCH 1
BRANCH 2
BRANCH 3


BRANCH
BRANCH
BRANCH
11
Radio-Relay
DISASTER CENTER
HEAD OFFICE
ROUTER
ROUTER
ROUTER
ROUTER
R/R
Terrestrial Link
PSTN
PSTN
GSM
R/R
GSM
WAN
TELECOM NETWORK
BRANCH
BRANCH
BRANCH


BRANCH
BRANCH
BRANCH
12
HEAD OFFICE OR DISASTER CENTER DETAILED
ARCHITECTURE
SERVER POOL
SWIFT SERVER
DATABASE SERVER
PROXY SERVER
MAIL SERVER
TEST/DEVL SERVER
DMZ
FIREWALL
Electronic Banking
3DES Card
Internet Banking
VIRTUAL LAN SERVERS
VIRTUAL LAN CLIENTS
Switches
External MAIL
VIRTUAL LAN SERVERS
VIRTUAL LAN CLIENTS
WEB/MB Server
FIREWALL
LOCAL NET
DOMAIN COTROLER
ROUTER TO RADIO RELAY
TACACS/CRYPTO SERVER
Certified Authority
FIREWALL
CVP (Antivirus) UFP (Websense) Server
UFP (Websense) Server
CISCO IDS
Internet
ROUTER TO WAN
13
DISASTER CENTER
SWIFT SERVER
SWIFT SERVER
DATABASE SERVER
DATABASE SERVER
MAIL SERVER
Radio-Relay
MAIL SERVER
ROUTER
ROUTER
FIREWALL
FIREWALL
3DES Card
3DES Card
Printers
DMZ
VIRTUAL LAN SERVERS
VIRTUAL LAN CLIENTS
VIRTUAL LAN SERVERS
VIRTUAL LAN CLIENTS
VIRTUAL LAN SERVERS
Internet Banking
DMZ
WEB Server
FIREWALL
FIREWALL
TACACS SERVER
TACACS SERVER
Internet Banking
DOMAIN CONTROLLER
DOMAIN CONTROLLER
WEB Server
FIREWALL
Certified Authority
Certified Authority
FIREWALL
CISCO IDS
ROUTER
ROUTER
R/R
PSTN
CISCO IDS
Terrestrial Link
Internet
PSTN
R/R
Internet
GSM
WAN
GSM
TELECOM NETWORK
BRANCH
BRANCH
BRANCH
BRANCH
BRANCH
14
DEMIRBANK ROMANIA INTERNET BANKING WAP
SOLUTIONS
Access Server
WTLS
3DES
Wireless Network
Client (CL)
Internet
WTLS
WAP Gateway
Banking Server
SSL
SSL
Client (CL)
Firewall
Firewall
SSL
Replication
Certificates signing
Certificate Authority (CA)
Application Server (AS)
Database Replication
I-BNK
WAP Access Server
Replication
WAP