BCP DRP Flashcards
BCP
Business continuity planning deals with keeping business operations running when disaster struck(backup)
DRP
Disaster recovery planning , restoring normal business operations .
BCP DRP have three common elements
> identification of critical business functions
Identification of possible disaster scenarios
Experts
Successful BCP project inlcudes
> sr management support
sr management involvement
BCP project team must include all business unit team members
Successful BCP project components
> Scope determination
political pressures can influence the scope of the BCP as well.
Scope creep : when project scope grows beyond the Original content
The business impact assestment
How disaster can effect a business. quantitive and qualitive analysis is required.
quantitive analysis -> financial
qualititve analysis -> value of good or service delivery
The business continuity planning
Implementation
BIA
> Perform a vulnerability assesment > Carry out a Criticality assessment > Determine the Maximum tolerable downtime > Establish recovery target > determine resource requirements
MTD
Maximum Tolerable Downtime (MTD) which defines the total amount of time that a business process can be disrupted without causing any unacceptable consequences. This value should be defined by the business management team or someone like CTO, CIO or IT manager.
RTO
Recovery Time Objective (RTO) determines the maximum tolerable amount of time needed to bring all critical systems back online.
WRT
Work Recovery Time (WRT) determines the maximum tolerable amount of time that is needed to verify the system and/or data integrity. This could be, for example, checking the databases and logs, making sure the applications or services are running and are available
Emergency Response
emergency response team should be available for all disasters to keep critical business up . this response team needs written procedures and checklists.
full backup
A full backup is exactly what the name implies. It is a full copy of your entire data set. Although full backups arguably provide the best protection, most organizations only use them on a periodic basis because they are time consuming, and often require a large number of tapes or disk.
Incremental backup
Incremental backups only backup the data that has changed since the previous backup,The primary disadvantage to incremental backups is that they can be time-consuming to restore.
Diffrential backup
A differential backup is similar to an incremental backup in that it starts with a full backup, and subsequent backups only contain data that has changed. The difference is that while an incremental backup only includes the data that has changed since the previous backup, a differential backup contains all of the data that has changed since the last full backup.
Software escrow
Source code escrow is the deposit of the source code of software with a third party escrow agent,
Necessity of escrow
As the continued operation and maintenance of custom software is critical to many companies, they usually desire to make sure that it continues even if the licensor becomes unable to do so, such as because of bankruptcy. This is most easily achieved by obtaining a copy of the up-to-date source code. The licensor, however, will often be unwilling to agree to this, as the source code will generally represent one of their most closely guarded trade secrets.[1]
As a solution to this conflict of interest, source code escrow ensures that the licensee obtains access to the source code only when the maintenance of the software cannot otherwise be assured, as defined in contractually agreed-upon conditions.[2]
