The risks to the corporation are:
financial, reputational, and regulatory
Maximum Tolerable Downtime (MTD)
describes the total time a system can be inoperable before an organization is severely impacted. It is the maximum time it takes to execute the reconstitution phase.
Recovery Time Objective (RTO)
ISC2 “The maximum time a service or system can be unavailable.”
It describes the maximum time allowed to recover business or IT systems before the unavailability of the system severely affects the organization.
Work Recovery Time (WRT)
describes the time required to configure a recovered systems.
Recovery Point Objective (RPO)
the amount of acceptable data, measured in time that can be lost from that same event. Iit is a factor of how much data loss the mission/business process can tolerate during the recovery process.
is the batch process of electronically transmitting data that is to be backed up on a routine, regularly scheduled time interval.
A good tool for data that must be backed up on a daily or possibly even hourly basis.
It stores sensitive data offsite and it can perform the backup at very short intervals to ensure that the most recent data is backed up.
It is used to transfer bulk information to an offsite facility.
It addresses the remote backup of confidential data and smaller time between backups as an example.
Hierarchical storage management (HSM)
provides a continuous online backup using various devices, including optical or tape drives.
An HSM is sometimes referred to as a jukebox.
event management plan
needs to identify who is authorized to declare a disaster, how a declaration is done, and when the decision to “declare” is made, how it will be communicated to the teams that need to respond.
executive emergency management team
a team that consists of the senior executives who have an overall responsibility for the recovery of the organization and services to others.
emergency management team
comprised of individuals who report directly to the command center and have responsibility to oversee the recovery and restoration process being executed by the emergency response teams.
Responsible for communicating the recovery status to the executive management team.
are set up as a central location for communications and decision making during an emergency situation. equipped with a copy of the plan document
continuity of operations plan (COOP)
describes the procedures required to maintain operations during a disaster.
It focuses on restoring an organization's essential functions at an alternate site.
Establish senior management and a headquarter after disaster
business recovery plan (BRP)
also known as the business resumption plan, details the steps required to restore normal business operations after recovering from a disruptive event.
Continuity of support plan
focuses narrowly on support of specific IT systems and applications. Also called the IT contingency plan, emphasizing IT over general business support.
emergency operations center (EOC)
the command post established during or just after an emergency event.
provide a location, equipped with all of the necessary resources to manage the organization resumption process
Testing the disaster recovery plan should be completed for the following reasons:
• Testing verifies the processing capability of the alternate backup site. • Testing prepares and trains the personnel to execute their emergency duties. • Testing identifies deficiencies in the recovery procedures. • Testing verifies the accuracy of the recovery procedures.
NIST SP 800-34
is the Contingency Planning Guide for Information Technology Systems.
walks through the different scenarios of the plan to ensure that nothing is left out.
The goal is to allow individuals who are knowledgeable about the systems and services targeted for recovery to thoroughly review the overall approach.
It helps to determine whether there are any noticeable omissions, gaps, or simply technical missteps that would hinder the recovery process
Simulation test/walk-through drill
simulates an actual failure based on a scenario to test the reaction of personnel to which the team must respond as they are directed to by the DRP.
involve recovery of critical processing components at an alternate computing facility and then restore data from a previous backup. Organizations that are highly dependent upon mainframe, midrange systems, and where transactional data is a key component will often employ this type of test.
BIA has 4 steps
1) Gathering the needed assessment materials.
2) Performing the vulnerability assessment.: idebtify cirtial IT systems/impacts, MTD, recovery procedures
3) Analyzing the information compiled:
o Document the process.
o Identify inter-dependability.
o Determine acceptable interruption periods
4) Documenting the results and presenting recommendations to management
Striped set – Block-level o No parity. o Fastest RAID in reading and writing. o Used to sore temporary data.
The main purpose is to improve system performance
o Write performance is decreased, though the read performance can see an increase.
o Used for system disks where the core operating system files are found.
o Very costly.
RAID Level 2
bit level striping. The parity information is created using a hamming code.
Striped set with dedicated parity (byte level) –
o 3 or more drives required.
o Data is striped across multiple disks at the byte level.
o Dedicated parity drive
o More efficient with disk space than RAID 4.
Striped set with dedicated parity (block level)
o 3 or more drives required.
o Data is striped across multiple disks at the block level.
o Dedicated parity drive.
o RAID 4 is faster than RAID 3.
This level extends the capabilities of RAID 5 by computing two sets of parity
striped set with dual distributed parity.
Allows writing the same parity information to two different disks.
Performance of this level is slightly less than that of RAID 5.
The first set of disks stripes all of the data across the available drives (RAID 0 part) and those drives are mirrored to a different set of disks (the RAID 1 part).
RAID 1+0 (10)
RAID 0 combined with RAID 1 two different arrays of disk used.
Each drive is mirrored to a matching drive.
When data is striped to one drive, it is immediately striped to another.
Continuity planning project team (CPPT)
is comprised of stakeholders within an organization and focuses on identifying who would need to play a role if a specific emergency event were to occur. This includes people from the human resources section, public relations (PR), IT staff, physical security, linne managers, essential personnel
Business Impact Analysis (BIA)
the formal method for determining how a disruption to the IT systems of an organization will impact the organization’s requirements, processes, and interdependencies with respect the business mission
The primary goal of the BIA is to
determine the maximum tolerable downtime (MTD) for a specific IT asset.
The BIA is comprised of two processes:
(1) Identification of critical assets, and (2) Comprehensive risk assessment. developed for every IT system within the organization, no matter how trivial or unimportant. Once the list is assembled and users and user representatives have provided input, the critical asset list can be created.
crisis management plan (CMP)
designed to provide effective coordination among the managers of the organization in the event of an emergency or disruptive event. The CMP details the actions management must take to ensure that life and safety of personnel and property are immediately protected in case of a disaster.
Business Continuity Plan (BCP)
Provide procedures for sustaining essential business operations while recovering from a significant disruption
Business Recovery (or Resumption) Plan (BRP)
details the steps required to restore normal business operations after recovering from a disruptive event.
* include switching operations from an alternative site back to a (repaired) primary site
Update and Maintenance of the Plan
It needs to be updated on an on-going basis such as after each exercise and after each material change to the production, IT, or organization environment.
The plan needs to have version control numbers.
The plan needs to be published to everyone who has a role and also needs to be stored in a secure offsite location.
Which teams should be included in the contingency plan's development to aid in the execution of the final plan?
the restoration, damage assessment, and salvage teams
What are financial considerations regarding a BIA?
accounting and payroll issues that may arise
Which disaster recovery test involves examining the plan in detail?
a structured walk-through test
Which test is a review of the plan to ensure that all steps are included?
a structured walk-through test
Who should be responsible for directing immediate recovery procedures following a disaster?
the disaster recovery manager
Which event causes most unplanned downtime for organizations?
a hardware failure
What is the primary concern of the business impact analysis (BIA)?
identifying all business resources that could be lost
What are the two main purposes of a disaster recovery plan?
to minimize property damage and to prevent loss of life
Emergancy Response Team
are comprised of individuals who are responsible for executing the recovery processes necessary for the continuity or recovery of critical organization
functions in that site.
In which order should the following steps be taken to create an emergency management plan?
o Form a planning team.
o Conduct a vulnerability assessment
o Develop a plan.
o Implement the plan.
What si the purpose of Threat analysis?
will help provide guidance in the planning and prioritization of recovery and response capabilities, which requires a more detailed understanding of the types of threats is needed.
What are BIA goals are?
determining how a disruption to the IT systems of an organization will impact the organization’s requirements, processes, with respect the business mission.
The objective is to associate the IT system components with the critical service it supports. It also aims to quantify the consequence of a disruption to the system component and how that will affect the organization.
The primary goal of the BIA is to determine the maximum tolerable downtime (MTD) for a specific IT asset. This will directly impact what disaster recovery solution is chosen
It provides information to improve business processes and efficiencies because it details all of the organization’s policies and implementation efforts.
The steps of business continuity
Develop the continuity planning policy statement.
Conduct the BIA. identify and prioritize critical IT systems and components.
Identify preventative controls. to reduce the effects of system disruptions can increase system availability and reduce contingency lifecycle costs.
Develop recovery strategies. ensure that the system may be recovered quickly and effectively
Develop the contingency plan. detailed guidance and procedures for restoring a damaged system.
Test the plan, and conduct training and exercises. Testing the plan identifies planning gaps,
Maintain the plan. Update regularly.