Podcast
Questions and Answers
What is the primary goal of a business continuity and disaster recovery planning project?
What is the primary goal of a business continuity and disaster recovery planning project?
What is a disaster, according to the CISSP Guide to Security Essentials?
What is a disaster, according to the CISSP Guide to Security Essentials?
Which of the following is NOT an example of a natural disaster?
Which of the following is NOT an example of a natural disaster?
What is the primary objective of testing business continuity and disaster recovery plans?
What is the primary objective of testing business continuity and disaster recovery plans?
Signup and view all the answers
What is the focus of business continuity and disaster recovery planning?
What is the focus of business continuity and disaster recovery planning?
Signup and view all the answers
What is an example of a geological disaster?
What is an example of a geological disaster?
Signup and view all the answers
What is the purpose of training users in business continuity and disaster recovery planning?
What is the purpose of training users in business continuity and disaster recovery planning?
Signup and view all the answers
What is the business continuity and disaster recovery planning life cycle?
What is the business continuity and disaster recovery planning life cycle?
Signup and view all the answers
What is a type of man-made disaster that can disrupt services and supplies?
What is a type of man-made disaster that can disrupt services and supplies?
Signup and view all the answers
What is a consequence of a disaster that affects business operations?
What is a consequence of a disaster that affects business operations?
Signup and view all the answers
What is the primary focus of BCP and DRP in terms of data security?
What is the primary focus of BCP and DRP in terms of data security?
Signup and view all the answers
What is an example of a social-political disaster?
What is an example of a social-political disaster?
Signup and view all the answers
What is a consequence of a disaster that affects employees?
What is a consequence of a disaster that affects employees?
Signup and view all the answers
What is a type of utility disaster?
What is a type of utility disaster?
Signup and view all the answers
What is a security pillar supported by BCP and DRP?
What is a security pillar supported by BCP and DRP?
Signup and view all the answers
What is a consequence of a disaster that affects business operations?
What is a consequence of a disaster that affects business operations?
Signup and view all the answers
What is a key aspect of Communications in Business Resumption Planning?
What is a key aspect of Communications in Business Resumption Planning?
Signup and view all the answers
What is the primary goal of Restoration and Recovery in Business Resumption Planning?
What is the primary goal of Restoration and Recovery in Business Resumption Planning?
Signup and view all the answers
What is an important aspect of Improving System Resilience and Recovery?
What is an important aspect of Improving System Resilience and Recovery?
Signup and view all the answers
What is a key component of Business Resumption Planning?
What is a key component of Business Resumption Planning?
Signup and view all the answers
What is the purpose of Training Staff in Business Resumption Planning?
What is the purpose of Training Staff in Business Resumption Planning?
Signup and view all the answers
What is included in the Restoration and Recovery phase of Business Resumption Planning?
What is included in the Restoration and Recovery phase of Business Resumption Planning?
Signup and view all the answers
What is a benefit of Server Clusters in Improving System Resilience and Recovery?
What is a benefit of Server Clusters in Improving System Resilience and Recovery?
Signup and view all the answers
What is a key aspect of Access to Procedures and Business Records in Business Resumption Planning?
What is a key aspect of Access to Procedures and Business Records in Business Resumption Planning?
Signup and view all the answers
What is the primary component of a Business Impact Assessment (BIA)?
What is the primary component of a Business Impact Assessment (BIA)?
Signup and view all the answers
What is the purpose of a recovery time objective (RTO)?
What is the purpose of a recovery time objective (RTO)?
Signup and view all the answers
What is included in a DRP and BCP plan?
What is included in a DRP and BCP plan?
Signup and view all the answers
What type of BCP and DRP plan testing involves reviewing the plan document?
What type of BCP and DRP plan testing involves reviewing the plan document?
Signup and view all the answers
What is the purpose of a recovery point objective (RPO)?
What is the purpose of a recovery point objective (RPO)?
Signup and view all the answers
What is the last step in a DRP and BCP plan?
What is the last step in a DRP and BCP plan?
Signup and view all the answers
What is the purpose of a maximum tolerable downtime (MTD)?
What is the purpose of a maximum tolerable downtime (MTD)?
Signup and view all the answers
What type of BCP and DRP plan testing involves a real-world simulation of a disaster?
What type of BCP and DRP plan testing involves a real-world simulation of a disaster?
Signup and view all the answers
What is the primary goal of obtaining senior management buyoff on MTD, RTO, RPO, RCO, and RCapO?
What is the primary goal of obtaining senior management buyoff on MTD, RTO, RPO, RCO, and RCapO?
Signup and view all the answers
What is the primary purpose of publishing recovery targets into a database or spreadsheet?
What is the primary purpose of publishing recovery targets into a database or spreadsheet?
Signup and view all the answers
What is the recovery time objective (RTO) for hot systems with high-speed backup media?
What is the recovery time objective (RTO) for hot systems with high-speed backup media?
Signup and view all the answers
Which of the following is a qualitative criterion for criticality analysis?
Which of the following is a qualitative criterion for criticality analysis?
Signup and view all the answers
What is the purpose of ranking business processes by criticality criteria?
What is the purpose of ranking business processes by criticality criteria?
Signup and view all the answers
What is the recovery point objective (RPO) for a system with a recovery time objective (RTO) of 2-3 days?
What is the recovery point objective (RPO) for a system with a recovery time objective (RTO) of 2-3 days?
Signup and view all the answers
What is the primary purpose of criticality analysis?
What is the primary purpose of criticality analysis?
Signup and view all the answers
What is the maximum tolerable downtime (MTD) used for in criticality analysis?
What is the maximum tolerable downtime (MTD) used for in criticality analysis?
Signup and view all the answers
Study Notes
Business Continuity and Disaster Recovery Planning
- Running a business continuity and disaster recovery planning project involves developing business continuity and disaster recovery plans, testing them, training users, and maintaining a planning life cycle.
What is a Disaster?
- A disaster is any natural or man-made event that disrupts business operations, requiring a significant and coordinated effort to achieve recovery.
Types of Disasters
- Natural disasters include:
- Geological: earthquakes, volcanoes, lahars, tsunamis, landslides, and sinkholes
- Meteorological: hurricanes, tornados, wind storms, hail, ice storms, snow storms, rainstorms, and lightning
- Other: avalanches, fires, floods, meteors and meteorites, and solar storms
- Health: widespread illnesses, quarantines, and pandemics
- Man-made disasters include:
- Labor: strikes, walkouts, and slow-downs that disrupt services and supplies
- Social-political: war, terrorism, sabotage, vandalism, civil unrest, protests, demonstrations, cyber attacks, and blockades
- Materials: fires, hazardous materials spills
- Utilities: power failures, communications outages, water supply shortages, fuel shortages, and radioactive fallout from power plant accidents
How Disasters Affect Businesses
- Disasters can cause:
- Casualties: employee or family member injuries, fatalities, or care for others
- Direct damage to facilities and equipment
- Transportation infrastructure damage: delays deliveries, supplies, and employee commutes
- Communications outages
- Utilities outages
How BCP and DRP Support Data Security
- BCP and DRP support availability, which is one of the three pillars of data security, along with confidentiality and integrity.
Developing Key Recovery Targets
- Obtain senior management buy-in on key recovery metrics, such as:
- MTD (maximum tolerable downtime)
- RTO (recovery time objective)
- RPO (recovery point objective)
- RCO (recovery consistency objective)
- RCapO (recovery capacity objective)
- Publish these metrics in a database or spreadsheet listing all business processes.
Sample Recovery Time Objectives
- RTOs vary depending on the technology required, such as:
- 8-14 days: new equipment, data recovery from backup
- 4-7 days: cold systems, data recovery from backup
- 2-3 days: warm systems, data recovery from backup
- 12-24 hours: warm systems, recovery from high-speed backup media
- 6-12 hours: hot systems, recovery from high-speed backup media
- 3-6 hours: hot systems, data replication
- 1-3 hours: clustering, data replication
- < 1 hour: clustering, near real-time data replication
Criticality Analysis
- Rank processes by criticality criteria, such as:
- MTD
- RTO
- RPO
- RCO
- RCapO
- Cost of downtime or other metrics
- Qualitative criteria: reputation, market share, goodwill
Business Resumption Planning
- Business resumption planning involves:
- Alternate work locations
- Alternate personnel
- Communications: emergency, support of business processes
- Standby assets and equipment
- Access to procedures, business records
Restoration and Recovery
- Restoration and recovery involve:
- Repairs to facilities and equipment
- Replacement equipment
- Restoration of utilities
- Resumption of business operations in primary business facilities
Improving System Resilience and Recovery
- Improving system resilience and recovery involves:
- Off-site media storage: assurance of data recovery
- Server clusters: improved availability, geographic clusters
- Data replication: hardware, OS, DBMS, application, current data on multiple servers even in remote places
Training Staff
- Training staff involves:
- Everyday operations
- Recovery procedures
- Emergency procedures
- Resumption procedures
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Related Documents
Description
Test your knowledge of business continuity and disaster recovery planning, including developing, testing, and training plans. Based on Chapter 4 of the CISSP Guide to Security Essentials.
