Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
64 Cards in this Set
- Front
- Back
|
How can risk analysis be utilized during a BCP/DRP?
|
Can lead to immediate mitigation steps. If done before, future disasters may have less of an impact if risk analysis has led to proper preparation.
|
|
|
Difference between BCP and DRP
|
Business Continuity Plan is focused on making business run before, during and after disaster. More long term planning related.
Disaster Recovery Plan is more short term and is focused on primarily technical means to get through a disaster. |
|
|
How are BCP and DRP related?
|
DRP is part of the umbrella BCP. BCP focuses on business, and DRP focuses on systems. You have to have many of the systems to ensure that business will go on.
|
|
|
Three categories of Disaster (and a sometimes 4th)
|
1) Natural - Earthquake, flood, etc.
2) Human a) Intentional - Deliberate, motivated acts by a human b) Unintentional - Through laziness or lack of knowledge, a human can unintentionally cause harm. Errors and Omissions falls into this grouping. 3) Environmental - Typically refers to disruptions to the data center (black out, brown out, spike, etc). 4) Technical Threat - Could be lumped in with human, but would include malware, DoS, etc. |
|
|
What is the most common threat faced by an organization
|
Errors and Omissions
|
|
|
Most common occurring disaster event for a data center.
|
Electrical Problems.
|
|
|
Aurora Attacks
|
2010 - Chinese based attack aimed at Google and other large corporations.
|
|
|
Personnel issues and disaster
|
There can be personnel shortages during a disaster which must be kept in mind. This could be not only with major disasters but also pandemic and disease, strikes, and one key member of the team becoming unavailable.
|
|
|
Communications Failure
|
AT&T's cable woes in Plainview
|
|
|
What are the 5 basic steps involved in Disaster Recovery?
|
1) Respond
2) Activate the team 3) Ongoing tactical communication 4) Further assessment of the damage 5) Recovery of critical assets |
|
|
What trumps business in Disaster Recovery?
|
People
|
|
|
Respond Phase of DR
|
An initial assessment of damage (more full assessment will be done later on).
|
|
|
Activate Team Phase of DR
|
Contact the team any way possible
|
|
|
Communication Phase of DR
|
Set-up hand-offs and status updates between teams, and determine a plan for communication to the organization and those outside the organization as needed.
|
|
|
Assessment Phase of DR
|
This will include Maximum Tolerable Downtime (MTD), and the details of hampered systems, as well as safety aspects.
|
|
|
Reconstitution Phase of DR
|
Determining which critical systems can be brought back up an the current or an alternate site. Should not cause further security issues by moving to any alternate site.
|
|
|
What are the 8 High Level Steps for developing a BCP/DRP according to NIST?
|
1) Project Initiation
2) Scope the Project 3) Business Impact Analysis 4) Identify Preventative Controls 5) Recovery Strategy 6) Plan Design and Development 7) Implementation, Training and Testing 8) BCP/DRP Maintenance |
|
|
What are the 7 milestones for scoping the project (with regards to development of a BCP/DRP)?
|
1) Contingency planning policy statement.
2) Conduct the business impact analysis (BIA) - This will help to determine the critical systems. 3) Identify preventative controls. 4) Develop recovery strategies 5) Develop an IT contingency plan 6) Plan testing, training and exercises 7) Plan maintenance (routine upkeep of the document). |
|
|
Management Support (related to BCP/DRP)
|
You must have upper level management support on your BCP/DRP so that you can ensure that funds and resources will be available when needed.
|
|
|
CPPT
|
Continuity Planning Project Team
|
|
|
Three areas of support required from Executive Management for BCP/DRM
|
1) Support for initiating the plan.
2) Final approval of the plan 3) Must show due care and due diligence and show that they are holding to applicable laws/regulations |
|
|
What is BIA, and what is it's primary goal?
|
Business Impact Analysis
How will a disruption in systems affect the organization's business. Primary goal is to determine the Maximum Tolerable Downtime (MTD) |
|
|
What are the 2 processes in the BIA?
|
1) ID of critical assets
2) Comprehensive risk assessment |
|
|
What are the 2 metrics involved in MTD?
|
1) Recovery Time Objective (RTO)
2) Work Recovery Time (WRT) |
|
|
What are 3 other acceptable names for Maximum Tolerable Downtime?
|
1) Maximum Allowable Downtime (MAD)
2) Maximum Tolerable Outage (MTO) 3) Maximum Acceptable Outage (MAO) |
|
|
Recovery Point Objective (RPO)
|
The amount of data loss or system inaccessibility that a business can stand.
|
|
|
What are RTO and WRT, and how are they related?
|
Recovery Time Objective and Work Recovery Time.
RTO is the time required to get a system back up, and WRT is the time required to get the system reconfigured after bringing it back up. MTD=RTO+WRT |
|
|
MTBF
|
Mean Time Between Failures
How often is a piece of equipment expected to fail. Often provided by the vendor. |
|
|
MTTR
|
Mean Time to Repair
How long will it take to repair a downed device? |
|
|
MOR
|
Minimum Operating Requirements
This is necessary to know what systems will need for power, etc. to come back up in a disaster. |
|
|
Why is supply chain management necessary in BCP/DRP
|
You must know how you are going to be able to replace devices in the event of an emergency.
|
|
|
What is the difference between hot and redundant sites?
|
A hot site can be up in a very short amount of time, where as a redundant site is always ready and a user would not even notice an issue.
|
|
|
Reciprocal Agreement
|
Also referred to as Mutual Aid Agreements (MAA) - One site agrees with another to back each other up in case of emergency.
|
|
|
Mobile Site
|
Datacenters on wheels. Contain racks, HVAC, fire suppression and physical security.
|
|
|
Subscription Services
|
A 3rd party who provides BCP/DRP for companies at a fee. This is an example of transferring risk.
|
|
|
Name 7 plans under the umbrella of BCP.
|
1) DRP
2) Continuity of Operations Plan (COOP) 3) Business Resumption/Recovery Plan (BRP) 4) Continuity of Support Plan 5) Cyber Incident Response Plan 6) Occupant Emergency Plan (OEP) 7) Crisis Management Plan (CMP) |
|
|
Continuity of Operations Plan (COOP)
|
Procedures necessary to maintain operations during a disaster.
|
|
|
Business Recovery Plan (BRP)
|
aka... Business Resumption Plan (BRP)
This details steps to get things back to normal. Picks up after COOP is complete. |
|
|
Continuity of Support Plan
|
Focuses strictly on IT systems and applications over the business aspects.
|
|
|
Cyber Incident Response Plan
|
This is a plan specific to cyber attacks and events.
|
|
|
Occupant Emergency Plan (OEP)
|
This is focused on the occupant safety of a datacenter in the event of a disaster. Should include drills, etc. to aid in preparation.
|
|
|
Three Steps to Crisis Management Plan (CMP)
|
A plan to bring the managers of the organization together during an emergency.
Includes Crisis Communications Plan, Emergency Operations Center and Vital Records. |
|
|
Automated Call Tree
|
May involve voice mails, emails, texts etc. Can even have a link to automatically join the conference bridge. Typically supported by a 3rd party.
|
|
|
Vital Records
|
Should include contact information, policies and procedures, licensing information, etc.
|
|
|
Executive Succession Planning
|
Make sure that there is a plan for filling vacancies if needed during disaster to ensure that decision making and the ability to function will not be hampered.
|
|
|
Who is ultimately responsible for the BCP/DRP approval?
|
Senior Management
|
|
|
What is the difference between incremental and differential backups?
|
Incremental backups look at what has changed since the last full OR incremental backup. Differential backups look at what data has been changed since the last full backup. Differential backups take longer than incremental, but result in easier recovery as well.
|
|
|
Electronic Vaulting
|
Acts as a batch type backup that is done daily or even hourly. Sends the data offsite via internet.
|
|
|
Remote Journaling
|
A log of all database transactions. Can be combined with a database checkpoint (a snapshot of the database at a given point in time) to recover from failure.
|
|
|
Database Shadowing
|
A secondary database (usually offsite) that is updated concurrently with the primary database.
|
|
|
High Availability (HA) Cluster... What is it, and what are the 2 typical deployment approaches?
|
Redundancy in systems to allow return online in seconds rather than hours.
1) Active - Active Cluster: Both systems are active and processing at all times. If one goes down, the other takes over. 2) Active - Passive Cluster: Also referred to as a hot spare, standby or failover cluster. It is up and ready to begin processing at a moments notice. |
|
|
Software Escrow
|
When the writers of software give the code to a neutral 3rd party in the event that they go out of business or are otherwise incapacitated.
|
|
|
What is one of the more common mistakes in BCP/DRP?
|
Lack of training and testing of DRP.
|
|
|
6 types of DRP Testing and their meaning
|
1) DRP Review: Reviewing it at least yearly to ensure it's continued accuracy.
2) Checklist: Making a checklist and ensuring their availability for completing Disaster Recovery. 3) Structured Walkthrough/Tabletop: Walk through the steps on paper to ensure that you caught everything. 4) Simulation Test/Walkthrough Drill: Actually go through the steps instead of just discussing them. 5) Parallel Processing: Actually recovering and restoring a backup and the comparing it with the LIVE data to ensure it's accuracy. 6) Partial and Complete Business Interruption: Risky. Should be done where there is another synced system ready to go. |
|
|
Name 3 parts of training that are often overlooked.
|
1) Basic first aid and CPR
2) Starting Emergency Power 3) Call Tree Training/Test |
|
|
Change Mangement and the BCP/DRP
|
Changes must be reviewed in relation to the BCP/DRP. Make updates as needed.
|
|
|
What are some common BCP/DRP Mistakes (there were 10 of them listed, but at least know 6)
|
1) Lack of Management support
2) Lack of business unit involvement 3) Lack of prioritization among critical staff 4) Improper (often narrow) scope 5) Inadequate telecommunications management 6) Inadequate supply chain management 7) Incomplete or inadequate crisis management plan 8) Lack of testing 9) Lack of training and awareness 10) Failure to keep BCP/DRP up to date. |
|
|
What are 4 specific frameworks for mapping BCP/DRP?
|
1) NIST SP 800-34
2) ISO/IEC-27031 3) BS-25999 4) BCI |
|
|
NIST SP 800-34
|
Contingency Planning Guide for Information Technology Systems
|
|
|
ISO/IEC-27031
|
Information technology - Security Techniques - Guidelines for ICT Readiness for Business Continuity.
It is in draft form and cannot be used yet as your primary resource. It focuses on BCP ONLY!!! |
|
|
ICT
|
Information and Communication Technology (term used by ISO/IEC 27031)
|
|
|
ISMS
|
Information Security Management System (term used by ISO/IEC 27031)
|
|
|
BS-25999
|
A British Standards Institution (BSI) product.
Has 2 Parts... 1) Code of Practice - Business Continuity best practice recommendations. 2) the Specification - Provides the requirements for a Business Continuity Management System (BCMS). |
|
|
BCI... What is it, and what are it's 6 Good Practice Guideline (GPG)?
|
Business Continuity Institute
Has 6 steps to the Good Practice Guidelines (GPG)... 1) Introductory information with BCM Policy and Program Management 2) Understanding the organization 3) Determining BCM Strategy 4) Developing and Implementing BCM Response 5) Exercising, Maintaining and Reviewing BCM arrangements 6) Embedding BCM in the Organization's culture. |
