Business Continuity Flashcards
BCP
BCP: Is concerned with keeping critical business services running throughout and after a disaster has struck.
BCP Subplans
BRP: Business Recovery Plan
DRP: Is concerned with immediate and temporary restoration of critical business functions. Short term and tactical regarding IT systems
COOP (Continuity of Operations Planning): strategic function at alternate site
Phases of Business Continuity Planning
Phases of Business Continuity Planning • Project Initiation-Scope the project • Business Impact Analysis • Identify preventative controls- prevent events from occurring; improves security • Recovery Strategy • Plan Design & Development • Implementation • Testing • Maintenance
Project Initiation Steps
Project Initiation Steps
• Establish need for BCP- establish business contingency policy statement
• Obtain management support- C-level management needed
• Select team Members-
o project manager (must have negotiation/people skills);
o CPPT (Continuity Planning Project Team) made from stakeholders (HR, IT, PR, mgrs) needed for critical business functions
Scoping Project
• ID what assets will be protected
• ID emergencies
• ID resources required
• Determine objectives and deliverables
Purposes of a Business Impact Analysis
Purposes of a Business Impact Analysis: (analyzing all business functions to determine the impact of a disruption)
• Identify and prioritize all business processes
• Document the impact of outages
• Identify concerns if operation is degraded
• Analyze outage impact
• Determine recovery windows (for each business function)
Steps of a Business Impact Analysis
Steps of a Business Impact Analysis: • Identify and prioritize all business processes- BIA and critical state asset list for every IT system • Conduct BCP-focused risk assessment- vulnerability analysis for each system; then risk BIA Metrics to use: o SLO o MTD or MAD o RTO o WRT o RPO o MTBF o MTTR o MOR o System Criticality
MTD
MTD (Maximum Tolerable or Allowable (MAD) Downtime) = RTO + WRT; The maximum time a business function can be down before the business fails.
SLO
SLO (Service Level Objectives)
RTO
RTO (Recovery Time Objective)- the maximum time allowed to recover system
WRT
WRT (Work Recovery Time)- time to configure a recovered system
RPO
RPO (Recovery Point Objective)- amount of data loss or system inaccessibility that an org can withstand (determines backup, etc)
MTBF
Mean Time Between Failure (MTBF): == component quantity X days X hours/day
MTTR
Mean Time to Repair (MTTR)- how long to repair
MOR
Minimum Operating Requirements (MOR)
System Importance
System Importance- how relevant the system is for the business (e.g. auditing)
System Criticality
System Criticality- how critical is downtime for the system
Recovery Strategy Considerations
Recovery Strategy Considerations
• Business Recovery- Essential personnel; Succession plans; MOU/MOA (Memorandum of Understanding/Agreements)
• Facility and supply recovery
• Communications
• User Recovery
• Technical Recovery (reliant on documented CM)
• Vital records and data Recovery
Off-Site Storage
Off-Site Storage: The purpose of off site storage is to make up-to-date data available in the event that the primary data center is damaged.
Types include:
• Electronic Vaulting - Copy of modified file is sent to a remote location where an original backup is stored; transfers bulk backup information; Batch process of moving data
• Remote Journaling - Moves the journal or transaction log to a remote location, not the actual files.
• Database Shadowing - A redundancy method that updates more than one database at the same time
Backup Types
Backup Types:
• Incremental - Only backs up files modified since any previous backup.
• Differential - Backs up all files modified since the last “Full Backup”
• Full Backup - Backs up all files, modified or not.
Alternate Site Types
Alternate Site Types:
• Cold Site (MTD=1week-month)- An empty computer room with environmental controls, but no equipment.
• Warm Site (MTD=1day-week)- Has communications links and some computers, but the computers are not loaded or running. May not have larger systems like mainframes.
• Hot Site (MTD=1hr-day) - A fully configured site with all required equipment and installed software;
• Mirror Site (MTD=immediate)- A fully operational site which is a functioning mirror of the primary site. Requires a redundant site.
• Reciprocal Agreement: Good if both companies share unusual hardware and it is cheap, but the agreement is informal and there may be resource and capacity issues.
BCP Testing
Business Continuity Plan Testing:
• BCP Test frequency at least yearly.
• Testing- verifying the plan is suffictient;
• Drilling- verifying response is acceptable;
BCP Test types
- DRP Review- reading by team
- Checklist – Ensures all necessary components are available
- Structured walkthrough (tabletop)- Step by step talking review of plan by experts
- Simulation/walkthrough drill - Practice execution of the plan using a scenario
- Parallel - A test that includes bringing new systems up. Production system are kept running.
- Full interruption - A full test that includes shutting down production systems and switching over to recovery systems.
Disaster Recovery Process
Disaster Recovery Process:
- Respond- initial assessment to determine if disaster, and if systems can be quickly recovered before moving to alternate site
- Activate Team
- Communicate- most difficult aspect is getting status back to team
- Assess- detailed assessment to ensure business stays within MTD
- Recovery- failover/focused on immediate recovery
- Reconstitution- salvage team focused at primary site re-establishing steady state
Disruption Classification
Disruption Classification:
• Non-Disaster - A disruption of service due to a device or software malfunction
• Emergency – could be declared by anyone; Urgent, immediate event where there is the potential for loss of life or property
• Disaster - An event that causes the facility to be unusable for a day or more
• Catastrophe - A major disaster that destroys the facility
Disruption Categories
Disruption Categories
• Natural- tornado, flood, fire
• Human- intentional or unintentional (i.e. omissions cause most of the disruptive events)
o Technical- cyber attack
o Personnel- biological (epidemic (local) & pandemics (large area)) threats are the most significant
• Environmental- power, equipment failure
BCP Teams
BCP Teams
• Rescue: Responsible for dealing with the immediacy of disaster—employee evacuation, “crashing” the server room, etc
• Recovery: Responsible for getting the alternate facility up and running and restoring the most critical services first.
• Salvage: Responsible for the return of operations to the original or permanent facility (reconstitution)