Chapter 21 - 03 - Understanding Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP)_ocred_fax_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Exam 212-82
Business Continuity and Disaster Recovery

Module Flow

Understanding Business Continuity (BC) and
Disaster Recovery (DR) Concepts

Discuss BC/DR Activities

Understanding Business Continuity Plan
(BCP) and Disaster Recovery Plan (DRP)

Copyright © by EC-C
EC-Councll.cll. All Rights Reserved. Reprodi
Reproductionon sIs Strictly Prohibitec
Prohibited

Understanding Business Continuity Plan (BCP) and Disaster
Recovery Plan (DRP)
The objective of this section is to explain the BCP and the DRP and their goals.

Module 21 Page 2328 Certified Cybersecurity Technician Copyright © by EC-Council
EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Business Continuity and Disaster Recovery

Business continuity plan is aa comprehensive document that is
Business formulated to ensure resilience against potential threats and
C ti
t. itv.t Pl allow the operations to continue under adverse or abnormal
oniinuil
ontinui 34 Y anl
an conditions

» Analyzing the potential risks and losses
» Enabling the risk management process to lessen the prospect of a complete
shutdown in the event of a disruption
»> Prioritizing safety, health, and welfare of the organization and its staff
» Minimizing infrastructural damage in the event of a disaster
» Restoring business conditions to the pre-disaster levels
» Maintaining vital documents and details such as telephone numbers,
employee details, vendor details, and client details
»> Providing staff training, building awareness, and promoting disaster
preparedness
Copyright © by EC-Councll. All Rights Reserved. ReproductionisIs Strictly Prohibited

Business Continuity Plan
Business continuity plan is a comprehensive document that is formulated to ensure resilience
against potential threats and allow the operations to continue under adverse or abnormal
conditions. During a disruption, a BCP protects the personnel and assets of an organization. It is
created using the inputs provided by several stakeholders.

Goals of a BCP

= Analyzing the potential risks and losses: Based on an analysis of the potential risks that
can impact a business, a BCP contributes toward the formulation of continuity and
recovery strategies. It also estimates the financial losses that may occur because of an
interruption to critical business functions.
= Enabling the risk management process: A BCP aims to lessen the prospect of a
complete shutdown because of a disruption. It guides an organization in its endeavor to
recover from and prevent a disaster while reducing the risks of an operational
downtime. It predicts the likelihood of events that disrupt organizational operations,
determines the extent of disruption, and provides preventive measures to mitigate their
effects.
= Prioritizing safety, health, and welfare of the organization and its staff: The incident
response plan of a BCP regulates the impact of a disruption through a set of responses
such as an evacuation, emergency health services, and personnel safety and welfare.

= Minimizing infrastructural damage in the event of a disaster: A proper BCP ensures
minimal damage to the IT infrastructure during an incident.

Module 21 Page 2329 Certified Cybersecurity Technician Copyright © by EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Business Continuity and Disaster Recovery

Restoring business conditions to the pre-disaster levels: A BCP reduces the impact of a
disaster and contributes toward restoring business operations within a short time.

Maintaining vital documents and details: As part of the BCP, an organization maintains
a list of important details such as telephone numbers, employee details, vendor details,
and client details. During an emergency, these details help an organization to establish
contact with emergency services, vendors, and media. It controls the spread of negative
information and provides assurance to affected stakeholders. Specifically, a BCP
facilitates the implementation of a pre-defined communication plan to address all
requirements.
Providing staff training, building awareness, and promoting disaster preparedness: An
organization must ensure that its employees are aware of its BCP; this is crucial to the
successful implementation of a BCP. Employees should receive proper training on the
types and purposes of BCPs and the objectives of BCP implementation during a
disruption. An organization must also be aware of its employees’ expectations during a
disruption.

Module 21 Page 2330 Certified Cybersecurity Technician Copyright © by EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
 Certified Cybersecurity
Certified Cybersecurity Technician
Technician Exam
Exam 212-82
212-82
Business Continuity and
Business Continuity Recovery
Disaster Recovery
and Disaster

Disaster Recovery Plan
E@fi
@ AA disaster
disaster recovery
recovery plan
plan (DRP) isis developed
developed for
for specific
specific departments
departments within
within an
an organization
organization to help
help
WL |
L@ them
them to
to recover
recover from
from aa disaster

DRP Goals
DRP Goals

the overall organizational risk
Reduce the risk

@
@ Alleviate the concerns of the senior management

Ensure compliance with regulations

@ Provide a rapid response after a disruption

Disaster Recovery Plan
A disaster recovery plan (DRP) is developed for specific departments within an organization to
help them to recover from a disaster. It elaborates on the preventive mechanisms an
organization must adopt to reduce the effects of the disaster in order to continue or
instantaneously
instantaneously resume critical business functions.
Goals of a DRP

* Reduce the overall organizational
organizational risk: A DRP reduces the likelihood and the impact of a
risk and increases the resilience of business operations. A good DRP aims to minimize an
organization’ss overall risk. Therefore, before formulating a DRP, companies must
organization’
conduct a risk assessment to identify critical vulnerabilities
vulnerabilities..
* Alleviate the concerns of the senior management: A DRP is an important part of an
operations strategy, and its success is determined by the support received from the
senior management. Hence, the goals and scope of a DRP must align with the
expectations of the senior management. After formulation, the DRP should be
submitted to the senior management for their approval. An approved not only alleviates
senior management’
management’s implementation
s concerns but also ensures its smooth implementati on andand
enforcement.
* Ensure compliance with regulations: Most organizations uphold the various compliance
standards. An effective DRP minimizes the chance of penalties as a result of a non-
compliance.
* Provide a rapid response
Provide response after
after a disruption:
disruption: Since
Since aa disaster causes
causes customer
dissatisfactio n, revenue
dissatisfaction, revenue loss, and
and reputational
reputational damage,
damage, itit is crucial
crucial for aa DRP to
to provide
aa quick response in the event ofof aa disruption.
quick response in the event DRP contributes
good DRP
disruption. AA good expediting
toward expediting
contributes toward
aa disaster
disaster response,
response, irrespective
irrespective of of the
the source
source of
of disruption.
disruption.

Module
Module 21
21 Page
Page 2331
2331 Certified
Certified Cybersecurity
Cybersecurity Technician
Technician Copyright
Copyright ©© by by EG-@ouncil
E@-Gouncil
All Rights
All Reproduction isis Strictly
Reserved. Reproduction
Rights Reserved. Prohibited.
Strictly Prohibited.