Domain 7: BCP/DRP pt 2 Flashcards
(30 cards)
- Business Continuity Planning process
- Formal method for determining how a disruption to IT systems will impact the organization’s requirements, process, and interdependencies with respect to the business mission
Business Impact Analysis (BIA)
Describes the total time a system can be inoperable before an organization is severely impacted
Maximum Tolerable Downtime (MTD)
What are some alternate terms for the Maximum Tolerable Downtime (MTD)?
Maximum Allowable Downtime
Maximum Tolerable Outage
Maximum Acceptable Outage
- Failure and recovery metric
- The amount of data loss or system inaccessibility that an organization can withstand
Recovery Point Objective (RPO)
- Failure and recovery metric
- Describes the maximum time allowed to recover an IT system
Recovery Time Objective (RTO)
The time required to configure a recovered system
MTD = RTO + ____
Work recovery time (WRT)
- Failure and recovery metric
- Describes the length of time a new or repaired system will run before failing
Mean Time between Failures (MTBF)
- Failure and recovery metric
- Describes the length of time it will take specific failed system to recover
Mean Time to Repair (MTTR)
- Failure and recovery metric
- Describes the minimum environmental and connectivity requirements in order to operate computer equipment
Minimum operating requirements (MOR)
- A location that is an exact production duplicate of main IT operation systems
- No loss of availability during a disruption
Redundant Site
- Location that contains all equipment and services required by the company
- Organization may relocate to following a major disruption or disaster
- Can be brought up within minutes or hours
Hot Site
Location with readily accessible hardware and connectivity, but relies on backup data in order to rebuild a system after a disruption
Warm Site
- Location that does not contain backup copies of data or any immediately available hardware
- Could take weeks to get up and running
Cold site
- Bidirectional agreement between two organizations
- One company promises another that it can move in and share space if it experiences a disaster
Reciprocal agreements aka Mutual Assistance Agreements (MAAs)
Transportable data centers that can be towed, supplied with power and network to be brought online
Mobile site
- Procedures for sustaining essential business operations while recovering from significant disruptions
- Addresses business processes; IT addressed bases only on its support for business process
Business Continuity Plan (BCP)
- Procedures for recovering business operations immediately following a disaster
- Addresses business processes; not IT focus; IT addressed based only on its support for business process
Business Recovery Plan (BRP)
- Procedures and capabilities to sustain an organization’s essential, strategic functions at an alternate site for up to 30 days
- Addresses the subset of organization’s missions that are deemed most critical; usually written at headquarters level; not IT-focused
Continuity of Operations Plan (COOP)
- Procedures and capabilities for recovering a major application or general support system
- Addresses IT system disruptions; not business process-related
Continuity of Support Plan/IT Contingency Plan
- Procedures for publishing status reports to personnel and public
- Not IT-focused
Crisis Communications Plan
Plan to detect, respond to and limit consequences of malicious cyber incidents
Cyber Incident Response Plan
- Detailed procedure to facilitate recovery of capabilities at an alternate site
- Often IT-focused; limited to major disruptions with long-term effects
Disaster Recovery Plan
- Coordinated procedure for minimizing loss of life or injury and protecting property damage in response to physical threat
- Focuses on personnel and property particularly of a specific facility
Occupant Emergency Plan (OEP)
What are the five steps of the Business Impact Analysis (BIA) process?
- Identification of priorities
- Risk identification
- Likelihood assessment
- Impact assessment
- Resource prioritization
