Chapter 16 – Disaster Recovery and Business Continuity

One major security concern is availability. Often overlooked is the damage that can be caused by disaster which would stop you from performing some business function | Security+ All-In-One Edition Chapter 16 – Disaster Recovery and Business Continuity Brian E. Brzezicki Business continuity One major security concern is availability. Often overlooked is the damage that can be caused by disaster which would stop you from performing some business function Some Types of Disasters (475) Natural Fire Hurricane Earthquake Tornado Man Made Hacking Political riot Gas leak Key staff resigning Disaster Recovery Plan (476) Disaster Recovery Planning deals with trying to prepare for a disaster in order to minimize the effects and as such the loss. Spells out the required actions and resources necessary to restore mission critical processes. Ideally make the recovery process as transparent to users as possible One of the most important steps in DRP Planning is the BIA (in a few slides) BIA* (477) A BIA helps identify mission critical functions (examples?) and the effect a disaster would have on those functions. Determine for each function the MTD/category of each | Security+ All-In-One Edition Chapter 16 – Disaster Recovery and Business Continuity Brian E. Brzezicki Business continuity One major security concern is availability. Often overlooked is the damage that can be caused by disaster which would stop you from performing some business function Some Types of Disasters (475) Natural Fire Hurricane Earthquake Tornado Man Made Hacking Political riot Gas leak Key staff resigning Disaster Recovery Plan (476) Disaster Recovery Planning deals with trying to prepare for a disaster in order to minimize the effects and as such the loss. Spells out the required actions and resources necessary to restore mission critical processes. Ideally make the recovery process as transparent to users as possible One of the most important steps in DRP Planning is the BIA (in a few slides) BIA* (477) A BIA helps identify mission critical functions (examples?) and the effect a disaster would have on those functions. Determine for each function the MTD/category of each Critical – 1-4 hours Urgent – 24 hours Important – 72 hours Normal – 7 days Non-essential – 30 days Once BIA has been done, contingency planning can be done Contingency plan Who is responsible for each business function What individuals are needed What is the priority Responsibility checklist Emergency contacts Warning system Procedures (more) Contingency Plan (n/b) Documentation System configuration Diagrams Vendor and supplier lists – why? Backup plan Alternative sites (next slide) Alternate sites (484) Types of sites are provided by a “service bureau” Hot site – fully configured ready for operation in a few hours Expensive Can be used for DRP testing Warm site Only partially configured Cannot really be used for DRP testing Less Cold site Just basic environment (space, AC, power etc) No equipment Cheap Cannot be used for DRP testing Alternate sites (n/b) Rather than having a “subscription service” the company may own it’s own redundant sites Mirror sites Multiple data processing .