Chapter 21 - 02 - Discuss BCDR Activities_ocred_fax_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Exam 212-82
Business Continuity and Disaster Recovery

Module Flow

Understanding Business Continuity (BC) and
Disaster Recovery (DR) Concepts

Discuss BC/DR Activities

Understanding Business Continuity Plan
(BCP) and Disaster Recovery Plan (DRP) &

Discuss BC/DR Activities

The objective of this section is to discuss the prevention, response, resumption, recovery, and
restoration activities carried out as part of the BC and DR operations.

Module 21 Page 2324 Certified Cybersecurity Technician Copyright © by EG-Gouncil
EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Business Continuity and Disaster Recovery

Business Continuity and Disaster Recovery Activities
[ B

O The prevention activity of BC Q In this process, a set of activities
QO QO Resumption refers to the
involves actions taken to prevent a are implemented after a disaster recommencement of business
natural phenomenon or potential in order to assess business needs | operations after a disruptive
hazard from harming organizations and reduce and limit the negative incident
).. impacts of the disaster i
O Example of preventive actions: P - 0@ Arobust organizational
O Example of response actions: infrastructure is crucial to the
Imposing restrictions on certain..
s.
execution of activities pertaining
processes. For example, it restrict Evacuating personnel or shutting N ti.
organizations from spending capital down systems ii to0 resumption
resumption
on items
on not listed
items not listed in the DRP
in the or BCP
DRP or BCP. Oa Example of
Example of Resumption actions:
Resumption actions:. G Continuing operations at a primary
G @& or an alternate operating location
=
ey YeN s.
—_ ii (an alternate site is used in case the
M 5‘@, i primary
primary location
location is inaccessible or
j 5‘%
, I unusable due to some reason)

Copyright
pyrig ©© brbyY
Copyright L ANl [3
AN Rights P
Reserved. Reproduction
Reserved, Reproduction StrictlyY Prohibited
is Strictly

Business Continuity and Disaster Recovery
Activities (Cont’d)
Recovery Restoration

QO Recovery includes actions taken to resume OQO Restoration is the process of repairing the
services dependent on critical business old site affected by a disaster or setting up
applications a completely new alternate site to resume
Q Example of Recovery actions: business operations
Establishing a program to restore the QO This phase is concerned with restoring
disaster site
disaster site and
and the
the damaged
damaged materials to
materials to ~ #—___ business operations
business operations to
to normalcy,
normalcy, and
and itit
a stable and usable condition a often involves the migration of business
functions from the recovery site to the
long-term site

=—. —- ‘ O Restoration is based on the assumption
QO
— 2 that the migration of the most critical
business processes from a remote location
precedes the migration of the less critical
] functions

AL g TN R o~ ST Y
Copyright © by | ved. ReproductionIS Strictly Prohibited

Business Continuity and Disaster Recovery Activities
The main BC and DR activities are prevention, response, resumption, recovery, and restoration.
= Prevention
This activity involves actions taken to prevent a natural phenomenon or potential
hazard from harming organizations. A preventive action is implemented concurrently
and continuously along with certain proposed measures. It aims to reduce the likelihood

Module 21 Page 2325 Certified Cybersecurity Technician Copyright © by EG-Council
EG-Gouncil
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Business Continuity and Disaster Recovery

and impact of a disruptive event and calls for deterrent and preventive control
strategies. A deterrent control strategy minimizes the occurrence of threats, and a
preventive control strategy protects critical business areas and mitigates the impact of a
threat. In an effective prevention plan, prevention mechanisms do not allow
unauthorized access or cause any availability problem. For example, these mechanisms
restrict a company from spending money on certain processes not listed in the BCP and
DRP.

* Response
In this process, a set of activities are implemented after a disaster in order to assess
business needs and reduce and limit the negative impacts of the disaster. For example,
response actions include evacuating personnel or shutting down systems. An initial
response includes the following:
o Generating notifications

o Activating the business continuity team (BCT)
o Activating the business unit’s personnel
o Presenting an initial briefing to the BCT

o Reviewing the recovery strategies for implementation
o Implementing the BCP

= Resumption

Resumption refers to the recommencement of business operations after a disruptive
incident. A robust organizational infrastructure is crucial for executing the set of
activities pertaining to resumption. An example of a resumption activity is continuing
operations at a primary or an alternate operating location (an alternate site is used in
case the primary location is inaccessible or unusable due to some reason). Resumption
involves the activation of alternative infrastructure resources for facilitating smooth
operations.

Although resumption activates the time-sensitive business processes after a disruption,
it cannot resume the activities in the case of large-scale destruction. In such cases, after
consulting with their emergency operations center, organizations consider whether to
invoke the BCP. The first decision pertains to whether critical operations should be
resumed at the primary operating location or shifted to an alternate site. If the normal
site is damaged or access to that site is denied, then operations are shifted to an
alternate site.

* Recovery
Recovery includes actions taken to resume services dependent on critical business
applications. An example of a recovery activity is establishing a program to restore both
the disaster site and the damaged materials to the pre-disaster levels. It is a
predetermined procedure of providing partial and temporary services to the unit

Module 21 Page 2326 Certified Cybersecurity Technician Copyright © by EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Business Continuity and Disaster Recovery

affected by a disruption. Specifically, recovery focuses on a unit whose stakeholders are
impacted by an interruption in the resumption of activities and a long restoration time.
A recovery includes the following activities:
o Implementing recovery strategies

o Assessing damages in the primary facility

o Mobilizing the tactical teams for recovery
o Monitoring the recovery status

o Initiating the restoration process
= Restoration

Restoration is the process of repairing the old site affected by a disaster or setting up a
completely new alternate site to resume business operations. This process is concerned
with the repair and restoration of the primary site. This phase is initiated only in the
case of a physical damage. This phase is concerned with restoring business operations to
normalcy, and it often involves the migration of business functions from the recovery
site to the long-term site. In this phase, a team assesses the physical damage, replaces
damaged items, and refurbishes the premises, thereby restoring normalcy to the
operations. Restoration is based on the assumption that the migration of the most
critical business processes from a remote location precedes the migration of the less
critical functions.

Initially, the operations team implements a DRP/BCP at the alternate site. Subsequently,
the technical team formulates the restoration plan. The operations team is divided into
two groups— one group continuously implements the DRP/BCP, and the other group
manages the restoration process at the primary site. Often, the team simultaneously
executes the restoration plan and the DRP/BCP.

Module 21 Page 2327 Certified Cybersecurity Technician Copyright © by EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.