Business Continuity

Question 1

BCP

Answer 1

BCP: Is concerned with keeping critical business services running throughout and after a disaster has struck.

Question 2

BCP Subplans

Answer 2

BRP: Business Recovery Plan
DRP: Is concerned with immediate and temporary restoration of critical business functions. Short term and tactical regarding IT systems
COOP (Continuity of Operations Planning): strategic function at alternate site

Question 3

Phases of Business Continuity Planning

Answer 3

Phases of Business Continuity Planning
•	Project Initiation-Scope the project
•	Business Impact Analysis
•	Identify preventative controls- prevent events from occurring; improves security
•	Recovery Strategy
•	Plan Design & Development
•	Implementation
•	Testing
•	Maintenance

Question 4

Project Initiation Steps

Answer 4

Project Initiation Steps
• Establish need for BCP- establish business contingency policy statement
• Obtain management support- C-level management needed
• Select team Members-
o project manager (must have negotiation/people skills);
o CPPT (Continuity Planning Project Team) made from stakeholders (HR, IT, PR, mgrs) needed for critical business functions
Scoping Project
• ID what assets will be protected
• ID emergencies
• ID resources required
• Determine objectives and deliverables

Question 5

Purposes of a Business Impact Analysis

Answer 5

Purposes of a Business Impact Analysis: (analyzing all business functions to determine the impact of a disruption)
• Identify and prioritize all business processes
• Document the impact of outages
• Identify concerns if operation is degraded
• Analyze outage impact
• Determine recovery windows (for each business function)

Question 6

Steps of a Business Impact Analysis

Answer 6

Steps of a Business Impact Analysis:
•	Identify and prioritize all business processes- BIA and critical state asset list for every IT system
•	Conduct BCP-focused risk assessment- vulnerability analysis for each system; then risk 
BIA Metrics to use: 
o	SLO
o	MTD or MAD
o	RTO
o	WRT
o	RPO 
o	MTBF
o	MTTR
o	MOR
o	System Criticality

Question 7

MTD

Answer 7

MTD (Maximum Tolerable or Allowable (MAD) Downtime) = RTO + WRT; The maximum time a business function can be down before the business fails.

Question 8

SLO

Answer 8

SLO (Service Level Objectives)

Question 9

RTO

Answer 9

RTO (Recovery Time Objective)- the maximum time allowed to recover system

Question 10

WRT

Answer 10

WRT (Work Recovery Time)- time to configure a recovered system

Question 11

RPO

Answer 11

RPO (Recovery Point Objective)- amount of data loss or system inaccessibility that an org can withstand (determines backup, etc)

Question 12

MTBF

Answer 12

Mean Time Between Failure (MTBF): == component quantity X days X hours/day

Question 13

MTTR

Answer 13

Mean Time to Repair (MTTR)- how long to repair

Question 14

MOR

Answer 14

Minimum Operating Requirements (MOR)

Question 15

System Importance

Answer 15

System Importance- how relevant the system is for the business (e.g. auditing)

Question 16

System Criticality

Answer 16

System Criticality- how critical is downtime for the system

Question 17

Recovery Strategy Considerations

Answer 17

Recovery Strategy Considerations
• Business Recovery- Essential personnel; Succession plans; MOU/MOA (Memorandum of Understanding/Agreements)
• Facility and supply recovery
• Communications
• User Recovery
• Technical Recovery (reliant on documented CM)
• Vital records and data Recovery

Question 18

Off-Site Storage

Answer 18

Off-Site Storage: The purpose of off site storage is to make up-to-date data available in the event that the primary data center is damaged.
Types include:
• Electronic Vaulting - Copy of modified file is sent to a remote location where an original backup is stored; transfers bulk backup information; Batch process of moving data
• Remote Journaling - Moves the journal or transaction log to a remote location, not the actual files.
• Database Shadowing - A redundancy method that updates more than one database at the same time

Question 19

Backup Types

Answer 19

Backup Types:
• Incremental - Only backs up files modified since any previous backup.
• Differential - Backs up all files modified since the last “Full Backup”
• Full Backup - Backs up all files, modified or not.

Question 20

Alternate Site Types

Answer 20

Alternate Site Types:
• Cold Site (MTD=1week-month)- An empty computer room with environmental controls, but no equipment.
• Warm Site (MTD=1day-week)- Has communications links and some computers, but the computers are not loaded or running. May not have larger systems like mainframes.
• Hot Site (MTD=1hr-day) - A fully configured site with all required equipment and installed software;
• Mirror Site (MTD=immediate)- A fully operational site which is a functioning mirror of the primary site. Requires a redundant site.
• Reciprocal Agreement: Good if both companies share unusual hardware and it is cheap, but the agreement is informal and there may be resource and capacity issues.

Question 21

BCP Testing

Answer 21

Business Continuity Plan Testing:
• BCP Test frequency at least yearly.
• Testing- verifying the plan is suffictient;
• Drilling- verifying response is acceptable;

Question 22

BCP Test types

Answer 22

• DRP Review- reading by team
• Checklist – Ensures all necessary components are available
• Structured walkthrough (tabletop)- Step by step talking review of plan by experts
• Simulation/walkthrough drill - Practice execution of the plan using a scenario
• Parallel - A test that includes bringing new systems up. Production system are kept running.
• Full interruption - A full test that includes shutting down production systems and switching over to recovery systems.

Question 23

Disaster Recovery Process

Answer 23

Disaster Recovery Process:

1. Respond- initial assessment to determine if disaster, and if systems can be quickly recovered before moving to alternate site
2. Activate Team
3. Communicate- most difficult aspect is getting status back to team
4. Assess- detailed assessment to ensure business stays within MTD
5. Recovery- failover/focused on immediate recovery
6. Reconstitution- salvage team focused at primary site re-establishing steady state

Question 24

Disruption Classification

Answer 24

Disruption Classification:
• Non-Disaster - A disruption of service due to a device or software malfunction
• Emergency – could be declared by anyone; Urgent, immediate event where there is the potential for loss of life or property
• Disaster - An event that causes the facility to be unusable for a day or more
• Catastrophe - A major disaster that destroys the facility

Question 25

Disruption Categories

Answer 25

Disruption Categories
• Natural- tornado, flood, fire
• Human- intentional or unintentional (i.e. omissions cause most of the disruptive events)
o Technical- cyber attack
o Personnel- biological (epidemic (local) & pandemics (large area)) threats are the most significant
• Environmental- power, equipment failure

Question 26

BCP Teams

Answer 26

BCP Teams
• Rescue: Responsible for dealing with the immediacy of disaster—employee evacuation, “crashing” the server room, etc
• Recovery: Responsible for getting the alternate facility up and running and restoring the most critical services first.
• Salvage: Responsible for the return of operations to the original or permanent facility (reconstitution)