• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

Card Range To Study

through

image

Play button

image

Play button

image

Progress

1/83

Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

83 Cards in this Set

  • Front
  • Back
Project Initiation Phase

Description:
Preplanning activities recommended in the project initiation phase will set the tempo for each succeeding phase. Clearly articulated management intentions and commitment will contribute to the success of later continuity planning phases. It is in this phase where all the project preplanning is performed
Project Initiation Phase

Steps:
Project Initiation Phase

Steps

Establish the organization's continuity planning scope and objectives criteria
Gain and demonstrate management support
Form the continuity planning project team (CPPT), and define their roles and responsibilities
Define and obtain continuity project resource requirements
Understand and leverage current and anticipated disaster avoidance preparations
1) Project Scope Development and Planning
a) Understand the organization first

b) BCP Team creation
i) Team leader/coordinator chosen

c) Continuity Planning Policy Statement
i) Disaster Recovery Planning (DRP)
ii) Business Continuity Planning (BCP)
iii) Crisis Management Planning (CMP)
iv) Continuous Availability (CA)
v) Incident Command System (ICS)

d) Legal and Regulatory Requirements

e) Identify critical assets, processes, resources, and functions
2) Executive Management support
a)Senior management commitment a must!
i)Policy regarding requirements, roles and esponsibilities.
ii)Establishing budget / approve funding
(1) Expenditures used for acquisition, implementation, and maintenance of preventative controls that are designed for physical environmental or information security.
(2) Expenditures utilized for purchasing alternative recovery resources like facilities, equipment, supplies, hardware, software, and telecommunication infrastructure facilities.
(3) Personnel expenses; consideration should be given to the annual salary requirements of continuity planning personnel
(4) Use of external consultants, vendors, that might be utilized and the consulting fees and travel expenses associated with their participation.
(5) Day-to-day management expenditures including testing maintenance and training.

iii) Top-down support approach will elicit more cooperation at all levels for the CPP
iv) Formalizing Continuity Planning Policy
v) Defining Continuity Planning Metrics.

b) Clearly articulated executive management communications of support
3) Continuity Planning Project Team (CPPT) Organization and Management
a) CPPT Creation

i) CPPT Leadership
ii) Senior and knowledgeable staff
iii) Technical, business and legal experts
iv) Those with understanding of the BCP

b) Project Management Office (PMO)
i) Used in large organizations/more structured
ii) Use of project management tools/software
iii) Project timelines, schedules & milestones

c) CPP project kickoff meeting
i) Allow the executive sponsor to introduce the continuity planning project and describe its value to the enterprise
ii) Introduce the CPPT
iii) Provide an overview of the continuity planning process
iv) Present an overview of the continuity planning methodology
v) Detail the project approach and scope
vi) Present the project objectives
vii) Review the project schedule
viii) Discuss project staffing
ix) Describe the project deliverables
x) Review the preliminary work plan
xi) Identify key business process owners or representative contacts outside the project team
xii) Obtain time commitments from business process owner or representative team members
xiii) Answer questions and address concerns
4) Resource Requirements
a) Personnel are the primary resource used at this point in the CPP
i) The majority of $$$ resource are used during the implementation & maintenance phases
b) Some hardware/software
c) Internal resource
i) Conference rooms, etc.
d) External resource (consultants, etc.)
5) Understand current and anticipated disaster avoidance mitigation
a) Current state of environmental, physical, and information security related controls

b) Determining current vulnerabilities supports the reasoning for continuity planning, which helps to sell the need to management
Current State Assessment Phase

Description:
The current state assessment phase is composed of several discrete sets of activities that will provide enterprise management with the practical information it must have to make informed decisions concerning business continuity planning. When the activities within this phase of the methodology are completed, you will have gained an understanding of the strategies, goals, and objectives of the enterprise
Current State Assessment Phase

Steps:
• Enterprise strategies, goals, and objectives
• Threat analysis
• Business impact assessment (BIA)
• CPP current state assessment
• Benchmark or peer review
• Enterprise strategies, goals, and objectives
a) Business process analysis
b) People and organization
i) Chart, lists and diagrams of people, locations, IT infrastructure, and other resources
c) Time dependencies
i) Identify time-critical business processes
d) Identify barriers and obstacles
i) People, motivations, risks, technological, financial, etc.
2) Threat analysis
a) Potential risks and vulnerabilities are assessed. Strategies and programs are developed to mitigate or eliminate them.

b) Types of threat assessments:

i) Physical and personnel security
(1) Loss of key personnel, temporary or permanent for any reason (even retirement)
(2) Physical access control weaknesses
(3) Health or accident
(4) Supply chain failure
(5) Vendor business interruption
(6) War/terrorism
(7) Shortage of raw materials
(8) Surveillance
(9) Business interruption and extra expense insurance
(10) Emergency response plan assessment, including a review of the enterprise crisis management plans, as well as other emergency response teams, to ensure there are recommendations to achieve the following:
ii) Environmental security
(1) Fire detection and suppression
(2) Protection from water damage
(3) Utility failure
(4) Gas leaks
(5) Electrical disruptions and controls
(6) HVAC controls
(7) General utilities review at both the primary and secondary operations locations, including ensuring that electrical power is sufficient at alternate sites
(8) Telecommunications availability

iii) Information security
(1) Off-site data storage deficiencies
(2) Logical access control weaknesses
(3) Continuity planning — existing strategies for recoverability of timecritical processes and support resources
(4) Change or problem management
(5) Identification of single points of failure
3) Business impact assessment (BIA)
a) Obtain a prioritized list of time-critical business processes
b) Determine recovery time objectives (RTO)
i) Maximum Tolerable Downtime (MTD)
(1) Nonessential -30 days
(2) Normal- 7 days
(3) Important -72 hours
(4) Urgent- 24 hours
(5) Critical – minutes to hours
4) Assist in determining components which support these processes:
a) Facilities
b) Hardware, Software, Infrastructure
c) Business partner connectivity
5) Likelihood Assessment
a) Number of times expected disaster occurs in a single year
b) Identify for each risk, based upon:
c) Company history
d) Employee experience
e) industry standards
f) Professionals & consultants
6) Determine impact of each risk
a) Quantitative Formulas
i) Exposure Factor (EF)
ii) Amount of damage the risk poses - %
iii) Single Loss Expectancy (SLE)
iv) Monetary loss each time the risk materializes
v) EF x AV
vi) Annualized Loss Expectancy (ALE)
(1) Annualized loss expected over one year
(2) ARO x SLE
7) CPP current state assessment
i) All findings from the current state assessment phase are documented.
(1) The baseline is created
ii) Executive management will review and sign off on these findings before commencing with the design and development phase.
4) what are steps to conduct a BIA
a) Create interview list
b) Create data gathering techniques
c) Identify critical business functions/resources
d) Calculate how long functions can exist without resources
e) Identify vulnerabilities and threats
f) Calculate risk for each function
g) Document and report findings to management
9) Benchmark or peer review
a) Identify goals based on future performance instead of just past accomplishments
b) Thinking outside the box to improve or innovate processes and practices
c) Using best practices and focus on self improvement
d) Motivate employees
Design and Development Phase

Description:
Given the baseline information gathered in the current state assessment phase, the CPPT is in a position to devise preliminary recommendations and action plans regarding suitable next steps. This phase is where the organization, with the assistance of the CPPT, formulates the most efficient and effective recovery strategies to address the threats and recovery priorities identified. The primary activities that take place during this phase of the methodology are:
Design and Development Phase

Steps:
 Develop and design the most appropriate continuity strategies
 Develop the crisis management plan (CMP) and continuity planning (BCP and DRP) structures
 Develop continuity and crisis management plan infrastructure testing and maintenance activities
 Design initial acceptance testing of the plans
 Plan for recovery resource acquisition
1) Develop and Design Most appropriate Recovery Strategies.
a) develop IT and IT infrastructure DRP, strategy
i) Analysis and availability of critical recovery resources
ii) IT Recovery Alternative Processing and Support Agreements.
(1) Reciprocal or mutual aid agreements
iii) Recovery Alternative Considerations
(1) Cold, warm, hot, mobile, Multiple Processing Sites, Workspace and Facilities Virtual Business Partners..
iv) Data and Software Backup Approaches
(1) Electronic vaulting, Remote journaling, Off-Site Storage, Database Shadowing and Mirroring,
(2) Off-Site Storages (RTO 3-5 days)
(3) Storage area networks
(4) Reduces server load / centralized storage
(5) Consists of a network of storage devices

b) develop Business processes (or functions or units) BCP/DRP strategy

i) People are the most important element
ii) Business process/function/unit priorities
iii) Time-critical process descriptions
iv) IT Infrastructure needs
v) IT systems needs
vi) Recovery time objectives
vii) Recovery point objectives
viii) Cost/benefit analysis for each potential recovery alternative, including manual workaround procedures
ix) Recovery alternatives, such as:
(1) Workspace/facilities
(2) Virtual business partners
(3) Logistics and supplies
(4) Transportation of supplies and employees
(5) Workspace at alternate site for equipment and employees
(6) Emergency funds availability to speed decisions and acquisitions

c) develop Facilities BCP/DRP strategy

i) nondisasters,
ii) disasters
iii) catastrophes.
2) Develop the crisis management plan and continuity planning BCP and DRP) structures
a) Recovery Strategy Development Techniques

i) Determine if a hotsite or any other recovery resource is needed for IT recovery purposes
ii) Determine if additional communications circuits should be installed in a networking environment
iii) Determine if additional workspace is needed in a business operations environment, etc., using the information derived from the risk assessments
b) Identifying Recovery Alternatives.

c) Prioritizing business resources:


i) Tier I – (0 to 24 hours) resources must be available in advance-implemented first
ii) Tier II – (1-3 days) resources must be available in advance
iii) Tier III – (3-5 days) resources must be identified and quickly available
iv) Tier IV – (other) resources must be identified

d) Conducting the Recovery Alternative Meetings

i) Introduce the participants
ii) Provide an overview of current state (BIA, benchmarks, risk assessment, etc.)
iii) Present an overview of the meeting rules and expectations
iv) Discuss recovery alternatives and reach consensus
v) Identify recovery alternative resource providers

(1) Recovery Management Team
(2) Damage Assessment Team
(3) Backup Activation Team
(4) Backup Operations Team
(5) Restoration Team
(6) Primary Site/Service Reactivation Team

vi) Determine strategies for getting management approval
vii) Identify next steps
viii) Obtain time commitments from team members for next steps
ix) Answer questions and address concerns
3) Develop continuity and crisis management plan infrastructure testing and maintenance activities
a) Create and document the strategies needed to successfully manage the following ongoing processes:
i) Testing (short and long-term)
ii) Maintenance (short and long-term)
iii) Training
iv) Ongoing training and user awareness policies
4) Design initial acceptance testing of the plans
a) Walk-through test done prior to plan completion, insuring accuracy of:
i) Plan objectives
ii) Scope & assumptions
iii) Plan testing
iv) Maintenance
v) Training requirements
vi) Contingency organizational structure
vii) Interim & alternate procedures
viii) Action plan checklists
ix) Adequacy of plan appendices
5) Plan for recovery resource acquisition
a) At this point still primarily personnel.

b) The use of continuity planning software and tools offers benefits
i) Standardization
ii) Centralized development
iii) Oversight audit and management
iv) Improves testing & maintenance
v) Facilitates plan implementation
vi) Use of manual plans or available online
Implementation Phase

Description:
During this phase, CPPT professionals work with business process owners or representatives to deploy plans
Implementation Phase

Steps:
 Continuity plans (business continuity plans and disaster recovery plans) as well as the enterprise crisis management plan
 Program short-term and long-term testing
 Program short-term and long-term maintenance strategies
 Program training, awareness, and education processes
 Program management process
1) Continuity plans (BCP/DRP)
a) Validate working plans are implemented
b) Ensure issues/concerns are addressed
c) Monitor deployment schedules
2) Short/long-term testing
a) Types of tests
i) Checklist
ii) Walk-through
iii) Simulation
iv) Parallel
v) Full interruption
3) Short/long-term maintenance strategies
a) Final approved strategies are implemented and merged into normal business processes (SOPs).
b) Regular reviews and updates
c) Version Control
d) Retrieval and destruction
e) Update Contact Lists
Training, awareness and education
a) It’s people who know the business processes
b) People create/document the recovery process
c) People test and maintain the plans
d) It’s people who will be impacted by the event
e) The same people will recover the organization
Management / Maintenance Phase

Description:
The management phase of the methodology is where the day-to-day management of continuity planning is organized, executed, and sustained. During this ongoing process, the CPPT works with the business process owner or representatives to address overall continuity planning issues, which include program oversight and continuity planning manager roles and responsibilities.
Management / Maintenance Phase

Steps:
• Work with business owners/representatives
• Serve as leader/liaison on the CPPT
• Review/update CPP as needed
• Insure CPP concerns are represented in various business aspects/activities
• Short and long term budgeting
• Qualitative and quantitative CPP metrics
1) Focuses on day-to-day management (program oversight) of the continuity planning process
2) (CPP) and the overall maintenance of the program.
3) Work with business owners/representatives
4) Serve as leader/liaison on the CPPT
5) Review/update CPP as needed
6) Insure CPP concerns are represented in various business aspects/activities
7) Short and long term budgeting
8) Qualitative and quantitative CPP metrics
1) Focuses on day-to-day management (program oversight) of the continuity planning process
2) (CPP) and the overall maintenance of the program.
3) Work with business owners/representatives
4) Serve as leader/liaison on the CPPT
5) Review/update CPP as needed
6) Insure CPP concerns are represented in various business aspects/activities
7) Short and long term budgeting
8) Qualitative and quantitative CPP metrics
Business Continuity Planning
Preplanned procedures allow an organization to
• Provide an immediate and appropriate response to emergency
situations
• Protect lives and ensure safety
• Reduce business impact
• Resume critical business functions
• Work with outside vendors during the recovery period
• Reduce confusion during a crisis
• Ensure survivability of the business
• Get “up and running” quickly after a disaster
Part of business decisions today should include the following:
• Letting business partners know your company is prepared
• Reassuring shareholders and boards of trustees about your company’s
readiness
• Making sure a BCP is in place if industry regulations require it
Note:

A business impact analysis (BIA) is considered a functional analysis, in which a team
collects data through interviews and documentary sources; documents business functions,
activities, and transactions; develops a hierarchy of business functions; and finally
applies a classification scheme to indicate each individual function’s criticality
level. But how do we determine a classification scheme based on criticality levels? The
BCP committee must identify the threats to the company and map them to the following
characteristics:
• Maximum tolerable downtime
• Operational disruption and productivity
• Financial considerations
• Regulatory responsibilities
• Reputation
note:

BIA Steps
The more detailed and granular steps of a BIA are outlined here:
1. Select individuals to interview for data gathering.
2. Create data-gathering techniques (surveys, questionnaires, qualitative
and quantitative approaches).
3. Identify the company’s critical business functions.
4. Identify the resources these functions depend upon.
5. Calculate how long these functions can survive without these resources.
6. Identify vulnerabilities and threats to these functions.
7. Calculate the risk for each different business function.
8. Document findings and report them to management.
what are the MTD estimates that may be used within an organization according to AIO:

• Nonessential 30 days
• Normal Seven days
• Important 72 hours
• Urgent 24 hours
• Critical Minutes to hours
NOTE:

A BIA is performed at the beginning of business continuity planning to identify the areas that would suffer the greatest financial or operational
loss in the event of a disaster or disruption. It identifies the company’s critical systems needed for survival and estimates the outage time that can be tolerated by the company as a result of a disaster or disruption.
Note:

The following interrelation and interdependency tasks should be carried out by the BCP team and addressed in the resulting plan:

• Define essential business functions and supporting departments.
• Identify interdependencies between these functions and departments.
• Discover all possible disruptions that could affect the mechanisms necessary
to allow these departments to function together.
• Identify and document potential threats that could disrupt interdepartmental
communication.
• Gather quantitative and qualitative information pertaining to those threats.
• Provide alternative methods of restoring functionality and communication.
• Provide a brief statement of rationale for each threat and corresponding
information.
note:

The main goal of business continuity is to resume business as quickly as possible, spending the least amount of money. The overall business interruption and resumption plan should cover all organizational elements, identify critical services and functions, provide alternatives for emergency operations, and integrate each departmental plan.
define management’s responsibilities in the BCP process
• Committing fully to the BCP
• Setting policy and goals
• Making available the necessary funds and resources
• Taking responsibility for the outcome of the development of the BCP
• Appointing a team for the process
define the BCP team’s responsibilities during the BCP process
• Identifying regulatory and legal requirements that must be met
• Identifying all possible vulnerabilities and threats
• Estimating the possibilities of these threats and the loss potential
• Performing a BIA
• Outlining which departments, systems, and processes must be up and running
before any others
• Developing procedures and steps in resuming business after a disaster
Note:

Several software tools are available for developing a BCP that simplify the process.
Automation of these procedures can quicken the pace of the project and allow easier gathering of the massive amount of information. Many of the necessary items are provided in the boilerplate templates.
what are some preventive
mechanisms that should be put in place for conducting A BIA

• Fortification of the facility in its construction materials
• Redundant servers and communications links
• Power lines coming in through different transformers
• Redundant vendor support
• Purchasing of insurance
• Purchasing of UPS and generators
• Data backup technologies
• Media protection safeguards
• Increased inventory of critical equipment
• Fire detection and suppression systems
Note

Recovery Strategies

The BIA provides the blueprint for the recovery strategies for all the components, because the
business processes are totally dependent upon these other recovery strategies taking
place properly.

In the BIA, the team has calculated the necessary recovery times that must be met for
What Is the Difference Between Preventive Measures and Recovery Strategies?


Preventive mechanisms are put into place to try to reduce the possibility of the company experiencing a disaster and, if a disaster does hit, to lessen the amount of damage that will take place. Although the company cannot stop a tornado from coming, it could choose to move its facility from tornado valley in Kansas.
The company cannot stop a car from plowing into and taking out a transformer, but it can have a separate feed from a different transformer in case this happens.

Recovery strategies are processes on how to rescue the company after a disaster
takes place. These processes will integrate mechanisms such as establishing alternate sites for facilities, implementing emergency response procedures, and
possibly activating the preventive mechanisms that have already been implemented. the different critical business functions and the resources those functions rely upon. For example, let’s say the team has figured out it would cost the company $200,000 per day in lost revenue if its facility were destroyed and unusable. Now the team knows that the
company has to be up and running within five to six hours, or the company could be financially crippled.
note:

The team has figured out these types of timelines for the individual business functions,
operations, and resources. Now it has to identify the recovery mechanisms and
strategies that must be implemented to make sure everything is up and running within
the timelines it has calculated. The team needs to break down these recovery strategies
into the following sections:

• Business process recovery
• Facility recovery
• Supply and technology recovery
• User environment recovery
• Data recovery
Note:

The BCP team needs to understand these different steps of the company’s most
critical steps. The data are usually presented as a workflow document that contains the roles and resources needed for each process. The BCP team must understand the following
about critical business processes:

• Required roles
• Required resources
• Input and output mechanisms
• Workflow steps
• Required time for completion
• Interfaces with other processes
define Business Process
A business process is a set of interrelated steps linked through specific decision activities to accomplish a specific task. Business processes have starting and ending points and are repeatable. The processes should encapsulate the knowledge of services,
resources, and operations provided by a company. For example, when a customer
requests to buy a car via an organization’s e-commerce site, a set of steps must be
followed, such as these:

1. Validate that the car is available.
2. Validate where the car is located and how long it would take to ship it to the destination.
3. Provide the customer with the price and delivery date.
4. Accept the customer’s credit card information.
5. Validate and process the credit card order.
6. Send a receipt and tracking number to the cu
7. Send the order to the car inventory location.
8. Restock inventory.
9. Send the order to accounting.
Note:

Facility Recovery

Disruptions are of three main types: nondisasters, disasters, and catastrophes.

nondisaster is a disruption in service due to a device malfunction or failure.

A disaster is an event that causes the entire facility to be unusable for a day or longer. This usually requires the use of an
alternate processing facility and restoration of software and data from offsite copies. The alternate site must be available to the company until its main facility is repaired and usable.

A catastrophe is a major disruption that destroys the facility altogether. This requires both a short-term solution, which would be an offsite facility, and a long-term solution, which may require rebuilding the original facility.
note:

The BCP team needs to think through onsite backup requirements and make well-informed decisions. The team must identify the critical equipment and estimate the mean time between failures (MTBF) and the mean time to repair (MTTR) to provide the necessary statistics of when a device may be meeting its maker and a new device may be required.
NOTE

MTBF is the estimated lifetime of a piece of equipment and is calculated by the vendor of the equipment or a third party. The reason for using this value is to know approximately when a particular device will need to be replaced. MTTR is an estimate of how long it will take to fix a piece of equipment and get it back into production
Note:

what is a Hot site

A facility that is leased or rented and is fully configured and ready to operate within a few hours. The only missing resources from a hot site are usually the data, which will be retrieved from a backup site, and the people who will be processing the data. The equipment and system software must absolutely be compatible with the data being restored from the main site and must not cause any negative interoperability issues. These sites are a good choice for a company that needs to ensure a site will be available for it as soon as possible. Most hot-site facilities support annual tests that can be done by the company to ensure the site is functioning in the necessary state. This is the most expensive of the three types of offsite facilities and can have problems if a company requires proprietary or unusual hardware or software.
NOTE

The vendor of a hot site will provide the most commonly used hardware and software products to attract the largest customer base. This will most likely not include one specific customer’s proprietary or unusual hardware or software products.
what is a Warm site

A leased or rented facility that is usually partially configured with some equipment, but not the actual computers. In other words, a warm site is usually a hot site without the expensive equipment. Staging a facility with duplicate hardware and computers configured for immediate operation is extremely expensive, so a warm site provides an alternate facility with some peripheral devices. This is the most widely used model. It is less expensive
than a hot site and can be up and running within a reasonably acceptable
time period. It may be a better choice for companies that depend upon proprietary and unusual hardware and software, because they will bring their own hardware and software with them to the site after the disaster hits. The
odds of finding a remote site vendor that would have a Cray supercomputer readily available in a time of need are pretty slim. The drawback, however, is that the annual testing available with hot-site contracts is not usually available with warm-site contracts, and thus a company cannot be certain that it will in fact be able to return to an operating state within hours.
what is a Cold site

A leased or rented facility that supplies the basic environment, electrical wiring, air conditioning, plumbing, and flooring, but none of the
equipment or additional services. It may take weeks to get the site activated and ready for work. The cold site could have equipment racks and dark fiber (fiber that does not have the circuit engaged) and maybe even desks, but
would require the receipt of equipment from the client, since it does not provide any. The cold site is the least expensive option, but takes the most time and effort to actually get up and functioning right after a disaster. Cold
sites are often used as backups for call centers, manufacturing plants, and other services that either can be moved lock, stock, and barrel in one shot orwould require extensive retooling and building.
NOTE

It is important to understand that the different site types listed here are provided by service bureaus, meaning a company pays a monthly
subscription fee to another company for this space and service. A hot site is a subscription service. A redundant site is a site owned and maintained by the company, meaning the company does not pay anyone else for the site. A
redundant site might be “hot” in nature, meaning it is ready for production quickly, but the CISSP exam differentiates between a hot site (subscription
service) and a redundant site (owned by the company).
note:
Most companies use warm sites, which have some devices such as disk drives, tape drives, and controllers, but very little else. These companies usually cannot afford a hot site, and the extra downtime would not be considered detrimental. A warm site can provide a longer-term solution than a hot site. Companies that decide to go with a cold site must be able to be out of operation for a week or two. The cold site usually includes power, raised flooring, climate control, and wiring.
NOTE

MTBF is the estimated ifetime of a piece of equipment and is calculated by the vendor of the equipment or a third party. The reason for using this value is to know approximately when a particular device will need to be replaced. MTTR is an estimate of how long it will take to fix a piece of equipment and get it back into production
note

Hot Site Advantages
• Ready within hours for operation
• Highly available
• Usually used for short-term solutions, but available for longer stays
• Annual testing available
note


Hot Site Disadvantages
• Very expensive
• Limited on hardware and software choices
note;

Warm and Cold Site Advantages
• Less expensive
• Available for longer timeframes because of the reduced costs
• Practical for proprietary hardware or software use
note:

Warm and Cold Site Disadvantages
• Not immediately available
• Operational testing not usually available
• Resources for operations not immediately available
note:

Tertiary Sites
During the BIA phase, the team may recognize the danger of the primary backup
facility not being available when needed, which could require a tertiary site. This
is a secondary backup site, just in case the primary backup site is unavailable. The
secondary backup site is sometimes referred to as a “backup to the backup.” This
is basically plan B if plan A does not work out.
note:

Reciprocal Agreements is a approach to alternate offsite facilities is to establish a reciprocal agreement, also referred to as mutual aid, with another company. This means that company A agrees to allow company B to use its facilities if company B is hit by a disaster, and vice versa. This is a cheaper way to go than the other offsite choices, but it is not always the best choice. Most environments are maxed out pertaining to the use of facility space, resources, and computing capability.
Note

Offsite Location
When choosing a backup facility, it should be far enough away from the original
site so one disaster does not take out both locations. In other words, it is not
logical to have the backup site only a few miles away if the company is concerned
about tornado damage, because the backup site could also be affected or destroyed.
There is a rule of thumb that suggests that alternate facilities should be at
a bare minimum at least five miles away from the primary site, while 15 miles is
recommended for most low-to-medium critical environments, and 50–200 miles
note:

Important issues need to be addressed before a disaster hits if a company decides to
participate in a reciprocal agreement with another company:
• How long will the facility be available to the company in need?
• How much assistance will the staff supply in integrating the two environments
and ongoing support?

• How quickly can the company in need move into the facility?

• What are the issues ertaining to interoperability?
note:

redundant sites, meaning one site is equipped and configured exactly like the primary site, which serves as a redundant environment. These sites are owned by the company and are mirrors of the original production environment. This is one of the most expensive backup facility options, because a full environment
must be maintained even though it usually is not used for regular production activities until after a disaster takes place that triggers the relocation of services to the redundant site. But expensive is relative here. If the company would lose a million dollars if it were out of business for just a few hours, the loss potential would override the
cost of this option. Many organizations are subjected to regulations that dictate they must have redundant sites in place, so expense is not an issue in these situations.
define rolling hot site, or mobile hot site, where the back of a large truck or a trailer is turned into a data processing or working area. The trailer has all of the necessary power, elecommunications, and systems to allow for processing to take place right away. The trailer can be brought to the company’s parking lot or another location. Another, similar solution is a prefabricated building that can be easily and quickly put together. Military organizations and large insurance companies typically have rolling hot sites or trucks preloaded with equipment because they often need the flexibility to quickly relocate some or all of their processing facilities to different locations around the world depending on where the need arises.
note

what is a multiple processing centers.

An organization may have ten different facilities throughout the world, which may include products and technologies that would move all data processing from one facility to another in a matter of seconds when an interruption is detected. This technology can be implemented within the organization or from one facility to a third-party facility. Certain service bureaus provide this type of functionality to their customers. So if a company’s
data processing is interrupted, all or some of the processing can be moved to the service
bureau’s servers.
define the Supply and Technology Recovery strategy

the BCP team has mapped out the necessary business functions that need to be up and running and the specific backup facility option that is best for its organization.
Now the team needs to dig down into the more granular items, such as backup
solutions for the following:
• Network and computer equipment
• Voice and data communications resources
• Human resources
• Transportation of equipment and personnel
• Environment issues (HVAC)
• Data and personnel security issues
• Supplies (paper, forms, cabling, and so on)
• Documentation of the organization’s current technical
NOTE Different types of backup tape technologies can be used (digital linear
tape, digital audio tape, advanced intelligent tape). The team needs to make
sure it knows the type of technology that is used by the company and identify
the necessary vendor in case the tape-reading device needs to be replaced.
note:

Organizations should have executive succession planning in place. This
means that if someone in a senior executive position retires, leaves the company, or is
killed, the organization has predetermined steps to carry out to protect the company.
The loss of a senior executive could tear a hole in the company’s fabric, creating a leadership
vacuum that must be filled quickly with the right individual. The line of succession
plan defines who would step in and assume responsibility for this role.
what is a full backup
all data are
backed up and saved to some type of storage media. During a full backup, the archive
bit is cleared, which means that it is set to 0. A company can choose to do full backups
only, in which case the restoration process is just one step, but the backup and restore processes could take a long time.
what is a differential back up
A differential process backs up the files that have been modified since the last
full backup. When the data need to be restored, the full backup is laid down first, and
then the most recent differential backup is put down on top of it. The differential process does not change the archive bit value.
what is a incremental back up
An incremental process backs up all the files that have changed since the last full or
incremental backup and sets the archive bit to 0. When the data need to be restored, the
full backup data are laid down, and then each incremental backup is laid down on top
of it in the proper order
what is Disk duplexing
means there is more than one disk controller. If one disk controller fails, the other is ready and available.
what is Disk Shadowing
is used to ensure the availability of data and to provide a fault tolerant solution by duplicating hardware and maintaining more than one copy of the information. The data are dynamically created and maintained on two or more identical disks. If only disk mirroring is used, then each disk would have a corresponding mirrored disk that contains the exact same information. If shadow sets are used, the data can be stored as images on two or more disks.
what is Electronic vaulting
Electronic vaulting makes copies of files as they are modified and periodically transmits them to an offsite backup site. The transmission does not happen in real time, but is carried out in batches. So, a company can choose to have all files that have been changed sent to the backup facility every hour, day, week, or month. The information can be stored in an offsite facility and retrieved from that facility in a short time. This form of backup takes place in many financial institutions, so when a bank teller accepts a deposit or withdrawal, the change to the customer’s account is made locally to that branch’s database and to the remote site that maintains the backup copies of all customer records.
what is Remote journaling
Remote journaling is another method of transmitting data offsite, but this usually only includes moving the journal or transaction logs to the offsite facility, not the actual files. These logs contain the deltas (changes) that have taken place to the individual files. If and when data are corrupted and need to be restored, the bank can retrieve these logs, which are used to rebuild the lost data. Journaling is efficient for database recovery, where only the reapplication of a series of changes to individual records is required to resynchronize the database.

NOTE Remote journaling takes place in real time and transmits only the file
deltas. Electronic vaulting takes place in batches and moves the entire file that
has been updated.
what is tape vaulting
tape vaulting, the data are
sent over a serial line to a backup tape system at the offsite facility. The company that maintains the offsite facility maintains the systems and changes out tapes when necessary. Data can be quickly backed up and retrieved when necessary. This technology reduces the manual steps in the traditional tape backup procedures.
note

Cyberinsurance is a new type of coverage that insures losses caused by denial-of-service attacks, malware damages, hackers, electronic theft, privacy-related lawsuits, and more. While a person is asked how old he is, previous health issues, if he smokes, and so on, to determine his health insurance premium, companies are asked questions about their
security program, such as whether they have an IDS, antivirus software, firewalls, and other security measures.
note:

business interruption insurance policy. With this type of policy, if the company is out of business for a certain length of time,
the insurance company will pay for specified expenses and lost earnings. Another policy that can be bought insures accounts receivable. If a company cannot collect on its
accounts receivable for one reason or another, this type of coverage covers part or all of
the losses and costs.
The BCP coordinator needs to define several different teams that should be properly
trained and available if a disaster hits. The types of teams an organization needs
depends upon the organization. The following are some examples of teams that a company
may need to construct:
• Damage assessment team
• Legal team
• Media relations team
• Network recovery team
• Relocation team
• Restoration team
• Salvage team
• Security team
• Telecommunications team
The restoration team is responsible for getting
the alternate site into a workingand functioning environment
salvage team is responsible for
starting the recovery of the original site. Both teams must know how to do many tasks, such as install operating systems, configure workstations and servers, string wire and cabling, set up the network and configure networking services, and install equipment and applications. Both teams must also know how to restore data from backup facilities, and how to do so in a secure manner that ensures the system’s and data’s confidentiality, integrity, and availability are not compromised.
note:

The BCP must outline the specific teams, their responsibilities, and notification procedures. The plan must indicate the methods that should be used to contact team leaders during business hours and after business hours. The assessment procedures should be properly documented and include the following steps:

• Determine the cause of the disaster.
• Determine the potential for further damage.
• Identify the affected business functions and areas.
• Identify the level of functionality for the critical resources.
• Identify the resources that must be replaced immediately.
• Estimate how long it will take to bring critical functions back online.
• If it will take longer than the previously estimated MTD values to restore
operations, then a disaster should be declared
note

Many logistical issues need to be considered as to when a
company must return from the alternate site to the original site. The following lists a
few of these issues:
• Ensuring the safety of employees
• Ensuring an adequate environment is provided (power, facility infrastructure,
water, HVAC)
• Ensuring that the necessary equipment and supplies are present and in
working order
• Ensuring proper communications and connectivity methods are working
• Properly testing the new environment
note:

Once the coordinator, management, and salvage team sign off on the readiness of
the facility, the salvage team should carry out the following steps:
• Back up data from the alternate site and restore it within the new facility.
• Carefully terminate contingency operations.
• Securely transport equipment and personnel to the new facility.
note:


The least critical functions should be moved back first, so if there are issues in network
configurations or connectivity, or important steps were not carried out, the critical
operations of the company are not negatively affected. Why go through the trouble of
moving the most critical systems and operations to a safe and stable site, only to return
it to a main site that is untested? Let the less critical departments act as the canary. If
they survive, then move over the more critical components of the company.
Developing Goals for the Plans

what is Responsibility
Each individual involved with recovery and continuity should have their responsibilities spelled out in writing to ensure a clear
understanding in a chaotic situation. Each task should be assigned to the
individual most logically situated to handle it. These individuals must
know what is expected of them, which is done through training, drills,
communication, and documentation. So, for example, instead of just running
out of the building screaming, an individual must know that he is responsible
for shutting down the servers before he can run out of the building screaming.
Developing Goals for the Plans

define Authority
In times of crisis, it is important to know who is in charge. Teamwork is important in these situations, and almost every team does much
better with an established and trusted leader. Such leaders must know that
they are expected to step up to the plate in a time of crisis and understand
what type of direction they should provide to the rest of the employees. Clearcut
authority will aid in reducing confusion and increasing cooperation.
Developing Goals for the Plans

define Priorities
It is extremely important to know what is critical versus what is merely nice to have. Different departments provide different functionality for an organization. The critical departments must be singled out from the departments that provide functionality that the company can live without
for a week or two. It is necessary to know which department must come online first, which second, and so on. That way, the efforts are made in the most useful, effective, and focused manner. Along with the priorities of departments, the priorities of systems, information, and programs must be established. It may be necessary to ensure that the database is up and running before working to bring the file server online. The general priorities must be set by the management with the help of the different departments and IT staff.
Developing Goals for the Plans

define Implementation and testing
It is great to write down very profound ideas and develop plans, but unless they are actually carried out and tested, they may not add up to a hill of beans. Once a continuity plan is developed, it actually has to be put into action. It needs to be documented and put in
places that are easily accessible in times of crisis. The people who are assigned
specific tasks need to be taught and informed how to fulfill those tasks, and
dry runs must be done to walk people through different situations. The drillsshould take place at least once a year, and the entire program should be continually updated and improved.
note

Implementing Strategies

Once the strategies have been decided upon, they need to be documented and put into
place by the BCP team. This moves the efforts from a purely planning stage to an actual implementation and action phase.
note:

Testing and Revising the Plan

Tests and disaster recovery drills and exercises should be performed at least once a
year. A company should have no real confidence in a developed plan until it has actually been tested. The tests and drills prepare personnel for what they may be faced with and provide a controlled environment to learn the tasks expected of them. These tests and drills also point out issues to the planning team and management that may not have been previously thought about and addressed as part of the planning process. The exercises, in the end, demonstrate whether a company can actually recover after a disaster.
NOTE

After a disaster, telephone service may not be available. Forcommunications purposes, there should be alternatives in place, suchas cell phones or walkie-talkies
NOTE

After a disaster, telephone service may not be available. Forcommunications purposes, there should be alternatives in place, suchas cell phones or walkie-talkies
what is a Checklist Test
In this type of test, copies of the BCP are distributed to the different departments
and functional areas for review. This is done so each functional manager can review the
plan and indicate if anything has been left out or if some approaches should be modified
or deleted. This is a method that ensures that some things have not been taken for
granted or omitted. Once the departments have reviewed their copies and made suggestions,
the planning team then integrates those changes into the master plan.
define Structured Walk-Through Test
In this test, representatives from each department or functional area come together
to go over the plan to ensure its accuracy. The group reviews the objectives of the plan, discusses the scope and assumptions of the plan, reviews the organization and reporting structure, and evaluates the testing, maintenance, and training requirements described. This gives the people responsible for making sure a disaster recovery happens effectively and efficiently a chance to review what has been decided upon and what is
expected of them. The group walks through different scenarios of the plan from beginning to end to make sure nothing was left out. This also raises the awareness of team members about the recovery procedures.
define Simulation Test
This type of test takes a lot more planning and people. In this situation, all employees
who participate in operational and support functions, or their representatives, come
together to practice executing the disaster recovery plan based on a specific scenario.
The scenario is used to test the reaction of each operational and support representative. Again, this is done to ensure specific steps were not left out and that certain threats were not overlooked. It acts as a catalyst to raise the awareness of the people involved. The drill includes only those materials that will be available in an actual disaster, to portray a more realistic environment. The simulation test continues up to the point of actual relocation to an offsite facility and actual shipment of replacement equipment.
define Parallel Test
A parallel test is done to ensure that the specific systems can actually perform adequately at the alternate offsite facility. Some systems are moved to the alternate site and processing takes place. The results are compared with the regular processing that is done at the original site. This points out any necessary tweaking, reconfiguring, or steps that need to take place.
define Full-Interruption Test
This type of test is the most intrusive to regular operations and business productivity. The original site is actually shut down, and processing takes place at the alternate site. The recovery team fulfills its obligations in preparing the systems and environment for the alternate site. All processing is done only on devices at the alternate offsite facility.
This is a full-blown drill that takes a lot of planning and coordination, but it can reveal many holes in the plan that need to be fixed before an actual disaster hits. Full interruption tests should be performed only after all other types of tests have been successful. They are the most risky and can impact the business in very serious and devastating ways if not managed properly; therefore, senior management approval needs to be obtained prior to performing full-interruption tests. The type of organization and its goals will dictate what approach to the training exercise
is most effective. Each organization may have a different approach and unique aspects. If detailed planning methods and processes are going to be taught, then specific training may be required, rather than general training that provides an overview. Higher quality training will result in an increase of employee interest and commitment.
During and after each type of test, a record of the significant events should be documented and reported to management so it is aware of all outcomes of the test.
note Employees need to be trained on other issues besides disaster recovery, including first aid and CPR, how to properly use a fire extinguisher, evacuation routes and crowd control methods, emergency communications procedures, and how to properly shut down equipment in different types of disasters. The more technical employees may need to know how to redistribute network resources and how to use different telecommunications lines if the main one goes down. A redundant power supply needs to be investigated, and the procedures for how to move critical systems from one power supply to the next should be understood and tested.
note:

Emergency Response

Often, the initial response to an emergency affects the ultimate outcome. Emergency response procedures are the prepared actions that are developed to help people in a crisis situation better cope with the disruption. These procedures are the first line of defense when dealing with a crisis situation. People who are up-to-date on their knowledge of disaster recovery will perform the best, which is why training and drills are very important. Emergencies are unpredictable, and no one knows when they will be called upon to perform.
Note:


Maintaining the Plan

Unfortunately, the various plans that have been covered in this chapter can become quickly out of date. An out-of-date BCP may provide a company with a false sense of security, which could be devastating if and when a disaster actually takes place. The main reasons plans become outdated include the following:

• The business continuity process is not integrated into the change management process.
• Infrastructure and environment changes occur.
• Reorganization of the company, layoffs, or mergers occur.
• Changes in hardware, software, and applications occur.
• After the plan is constructed, people feel their job is done
• Personnel turns over.
• Large plans take a lot of work to maintain.
• Plans do not have a direct line to profitability.
note:

Organizations can keep the plan updated by taking the following actions:
• Make business continuity a part of every business decision.
• Insert the maintenance responsibilities into job descriptions.
• Include maintenance in personnel evaluations.
• Perform internal audits that include disaster recovery and continuity
documentation and procedures.
• Perform regular drills that use the plan.
• Integrate the BCP into the current change management process.