Business Continuity and Disaster Recovery Management Flashcards

1
Q

DR and BCP - (Disaster Recovery & Business Continuity Planning

A

Business Continuity (BC) aims to ensure that a business can continue delivering its services at agreed levels after a disruptive event, while Disaster Recovery (DR) focuses on restoring the IT services necessary for business functioning.

BC is about keeping the business functioning, and if a disruption occurs, DR comes into action to restore the necessary services. DR is predominantly considered an IT function.

BCDR (Business Continuity and Disaster Recovery) is a term commonly used to describe the combined processes of BC and DR, as they share the common goal of implementing procedures to enable business continuity and recovery after an incident.

In today’s digital world, many businesses heavily rely on e-commerce and web presence, making it challenging for them to survive extended periods of disruption without significant impact or even potential threats to their future viability.

Business continuity planning typically addresses events that have a high impact on the business but a low likelihood of occurrence. It focuses on building resilience to prevent long-term damage to the business.

Business continuity planning can also be seen as an extension of incident response planning, where DR components may be required to support the restoration of services in scenarios where incidents disrupt normal business functions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which of the following statements best describes the relationship between Business Continuity (BC) and Disaster Recovery (DR)?

A) BC focuses on restoring IT services after a disruption, while DR ensures the business can continue its operations.

B) BC and DR are two terms used interchangeably to refer to the same set of processes.

C) BC is an extension of incident response planning, while DR is primarily concerned with high-frequency events.

D) BC ensures the business can continue its operations, while DR aims to restore the necessary IT services.

A

D) BC ensures the business can continue its operations, while DR aims to restore the necessary IT services.

This option accurately captures the main focus and goal of each component.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the primary goal of Business Continuity Planning (BCP) and Disaster Recovery (DR) in an organization?

A) Preventing any disruption from occurring in the business.

B) Ensuring long-term viability and profitability of the business.

C) Restoring IT services and recovering from a disruptive event.

D) Identifying and mitigating risks to the organization’s assets.

A

C) Restoring IT services and recovering from a disruptive event.

BCP and DR are designed to enable the organization to recover from disruptions and restore essential services, ensuring the continuity of operations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Business Continuity Planning

A

Business Continuity Planning (BCP) involves four basic steps:
1. Identify what needs to be protected.
2. Determine the approach to protect it.
3. Test the effectiveness of the plan.
4. Raise awareness among stakeholders.

BCP starts with the development of a policy that serves as the foundation for business continuity management. The policy provides the authority for implementing the necessary measures.

BCP policies should be tailored to the specific needs of each business. There is no one-size-fits-all approach.

Setting the policy involves answering key questions:
1. What are the business’s goals and objectives?
2. Which products and services are critical for achieving those objectives?
3. What level of disruption could jeopardize the business’s future viability?
4. How would a disruption impact customers, suppliers, and reputation?
5. Are there any regulatory requirements that need to be considered?

A business continuity program should be treated as a project, requiring robust project management.
1. It should have a dedicated project manager or a designated role responsible for business continuity.
2. It should have a team, allocated budget, defined timelines, and other project management elements.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which of the following is one of the basic steps in Business Continuity Planning?

A) Establishing project management protocols
B) Conducting a risk assessment
C) Implementing security controls
D) Conducting penetration testing

A

B) Conducting a risk assessment

Conducting a risk assessment is one of the basic steps in Business Continuity Planning. It involves identifying potential threats and vulnerabilities, assessing their likelihood and impact, and prioritizing them based on their significance to the business. This information is crucial for developing effective strategies to protect the business and ensure its continuity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the purpose of developing a tailored policy in Business Continuity Planning?

A) To ensure compliance with regulatory requirements
B) To establish a budget for the project
C) To raise awareness among stakeholders
D) To address the specific needs of the business

A

D) To address the specific needs of the business

Developing a tailored policy in Business Continuity Planning is essential to address the specific needs of the business. Every organization has unique characteristics, objectives, and risk profiles, and a one-size-fits-all approach may not be suitable. A tailored policy allows the business to consider its goals, critical processes, and acceptable levels of disruption, ensuring that the continuity strategies and measures are aligned with its specific requirements.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Business Impact Analysis

A

Relationship with risk management: Business continuity management and risk management are closely related because the inability of a business to function poses a significant risk to its operations.

Understanding the organization: Before conducting a business impact analysis, it is important to have a comprehensive understanding of the organization, including its goals, objectives, and how it functions. This understanding helps identify critical aspects necessary for business functionality.

Purpose of business impact analysis: The business impact analysis is the initial step in ensuring business continuity. It serves two main purposes:
a) Identifying critical assets and processes: The analysis helps identify what is essential for the business to function effectively in terms of assets and processes.
b) Assessing the impact of disruptions: It determines the potential impact on the business if any critical assets or processes become unavailable.

Identifying criticality: During the business impact analysis, critical assets and processes are prioritized based on their significance to the organization’s operations. This prioritization helps allocate resources and develop appropriate continuity strategies.

Mitigating impact: Once the critical assets and processes are identified, measures can be implemented to mitigate the impact of disruptions. This may involve developing contingency plans, implementing redundancies, or adopting alternative processes or technologies.

Ongoing process: Business impact analysis is not a one-time activity but rather an ongoing process. As the organization evolves, new assets and processes may become critical, and existing ones may change in importance. Regular reviews and updates are necessary to ensure the analysis remains relevant.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the main purpose of conducting a business impact analysis?

A) Identifying critical assets and processes
B) Assessing the organization’s goals and objectives
C) Developing risk management strategies
D) Establishing project management guidelines

A

A) Identifying critical assets and processes

The main purpose of a business impact analysis is to identify critical assets and processes necessary for the organization’s functionality.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Why is understanding the organization’s goals and objectives important in business impact analysis?

A) To prioritize assets and processes based on their criticality

B) To identify potential risks and vulnerabilities

C) To determine the budget allocation for business continuity planning

D) To assess the impact of disruptions on suppliers and customers

A

A) To prioritize assets and processes based on their criticality

Understanding the organization’s goals and objectives helps prioritize assets and processes during the business impact analysis based on their criticality to the business.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Business Impact Analysis - MTD, RTO, RPO

A

Business impact analysis is conducted to assess the impact of non-availability of critical assets or processes on the operation of the business.

  • Maximum Tolerable Downtime (MTD) is the predicted or calculated point in time where, if the business has not recovered a defined level of operational capability, its future viability is in doubt. MTD is measured in hours or days and indicates the time by which the business should recover to avoid long-term failure.
  • Recovery Time Objective (RTO) is the period of time within which a product, service, or activity must be resumed or resources must be recovered after an incident. The RTO must be less than the MTD and can vary based on the chosen recovery strategy.
  • Recovery Point Objective (RPO) is the point to which information used by an activity must be restored to enable its operation upon resumption. RPO is based on the acceptable amount of data loss and is measured in terms of time. The ideal RPO is zero, indicating no data loss.
  • Continuous replication is a process that backs up data as soon as it is created or modified, minimizing the potential data loss in the event of a failure.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is the purpose of conducting a Business Impact Analysis (BIA)?

A) To assess the impact of security incidents on the organization

B) To identify critical assets and processes and evaluate their impact on business operations

C) To determine the recovery time objective (RTO) for different business functions

D) To calculate the maximum tolerable downtime (MTD) for the organization

A

B) To identify critical assets and processes and evaluate their impact on business operations.

The primary purpose of conducting a Business Impact Analysis is to identify critical assets and processes within the organization and assess their impact on business operations in the event of their non-availability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which of the following statements is true about Maximum Tolerable Downtime (MTD)?

A) MTD is the time period within which a product or service must be recovered after a disruption.

B) MTD represents the point in time where future viability of the business is in doubt if operational capability is not restored.

C) MTD is the time taken to resume business operations after an incident.

D) MTD should always be greater than the Recovery Time Objective (RTO).

A

B) MTD represents the point in time where future viability of the business is in doubt if operational capability is not restored.

Maximum Tolerable Downtime (MTD) is the predicted or calculated point in time where, if the business has not recovered a defined level of operational capability, its future viability is in doubt. It indicates the critical time by which the business should recover to avoid long-term failure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is the purpose of the Recovery Point Objective (RPO)?

A) To determine the acceptable amount of data loss after a disruption.

B) To identify critical assets and processes within the organization.

C) To calculate the maximum tolerable downtime (MTD) for the organization.

D) To evaluate the impact of security incidents on the organization.

A

A) To determine the acceptable amount of data loss after a disruption.

The Recovery Point Objective (RPO) defines the point to which information used by an activity must be restored to enable its operation upon resumption. It helps determine the acceptable amount of data loss after a disruption and guides the backup and recovery processes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What does the Recovery Time Objective (RTO) represent in business continuity planning?

A) The maximum tolerable downtime for critical assets and processes

B) The time taken to recover from a security incident or disruption

C) The point in time where future viability of the business is in doubt

D) The acceptable amount of data loss after a disruption

A

B) The time taken to recover from a security incident or disruption

The Recovery Time Objective (RTO) is the period of time following an incident within which a product, service, or activity must be resumed, or resources must be recovered. It represents the time taken to recover from a security incident or disruption and restore the desired level of service or functionality.

The difference between Recovery Time Objective (RTO) and Maximum Tolerable Downtime (MTD) lies in their respective purposes and the outcomes they represent:

Recovery Time Objective (RTO):
RTO refers to the targeted timeframe within which a specific product, service, or activity should be resumed or resources should be recovered after a disruption or incident. It represents the time taken to restore operations to a desired level of service or functionality. The RTO focuses on the recovery process and aims to minimize the duration of downtime. The RTO must always be less than the MTD.

Maximum Tolerable Downtime (MTD):
MTD, also known as Maximum Tolerable Period of Disruption (MTPD) or Maximum Allowable Downtime (MAD), is the predicted or calculated point in time where the impacts of a disruption become unacceptable. It signifies the maximum length of time an organization can tolerate before the lack of a product, service, or activity becomes detrimental to its future viability. The MTD determines the threshold beyond which the business’s survival or long-term success is uncertain.

In summary, RTO focuses on the recovery timeframe and restoring operations, while MTD defines the maximum duration of downtime that the business can endure before facing significant consequences.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

BIA Metrics

A
  1. Maximum Tolerable Data Loss (MTDL):
    - MTDL refers to the maximum loss of information, either electronic or other data, that an organization can tolerate.
  • It represents the point where the age or value of the lost data becomes significant enough to jeopardize operational recovery or put business viability at risk.
  • MTDL is linked to MTD and is also related to the Recovery Point Objective (RPO), which defines acceptable data loss.
  • The RPO should always be set to a value lower than the MTDL.
  1. Aggregating BIA Metrics:
    - After conducting a Business Impact Analysis (BIA), the calculated MTD, RTO, and RPO figures for each process or critical asset are aggregated.
  • The aggregation is based on the calculations that yield the shortest MTD times.
  • For example, if one process has an MTD of 5 days, but another process has an MTD of 5 hours, the 5-hour figure is chosen as the aggregated metric.
  • The focus is on the shortest MTD time because the potential failure of the business after that point is considered more critical, regardless of other processes that can tolerate longer downtime.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What does MTDL stand for in the context of Business Impact Analysis (BIA)?

A) Maximum Tolerable Downtime
B) Maximum Tolerable Data Loss
C) Minimum Time for Disaster Recovery
D) Minimum Time for Data Loss

A

B) Maximum Tolerable Data Loss

MTDL stands for Maximum Tolerable Data Loss. It refers to the maximum loss of information (electronic or other data) that an organization can tolerate without putting its business viability at risk. The age or value of the lost data may make operational recovery impossible or have a substantial impact on the organization. The MTDL is linked to the MTD (Maximum Tolerable Downtime) and the RPO (Recovery Point Objective) in terms of ensuring the future viability of the business.

17
Q

What is the relationship between RPO and MTDL?

A) RPO should always be higher than MTDL
B) RPO should always be lower than MTDL
C) RPO and MTDL are independent metrics
D) RPO and MTDL have no correlation

A

B) RPO should always be lower than MTDL.

RPO (Recovery Point Objective) is the point to which information used by an activity must be restored to enable the activity to operate on resumption. It is based on the acceptable amount of data loss during recovery. On the other hand, MTDL (Maximum Tolerable Data Loss) is the maximum loss of data that an organization can tolerate without risking its business viability. The RPO should always be lower than the MTDL because the RPO defines the acceptable amount of data loss, and exceeding the MTDL could put the business at risk or make operational recovery impossible. Therefore, the RPO needs to be set at a level that ensures data loss is kept below the maximum tolerable threshold (MTDL).

18
Q

Recovery Strategies

A

A recovery strategy is chosen based on the Business Impact Analysis (BIA) and factors such as MTD (Maximum Tolerable Downtime) and RTO (Recovery Time Objective).

Moving to an alternate operational site is a common option when the primary site experiences disruption or damage that can be recovered within the MTD deadline.

  • Recovery strategy options for alternate sites include:

Mirror site: Two or more fully functional data centres where operations can be transferred in the event of disruption. Virtually no loss of service or data, but comes at a high cost.

Hot site: Alternate premises fully equipped with infrastructure and systems. Requires data loading and personnel to become operational.

Warm site: Partially equipped premises that require additional work to become operational. May have infrastructure but may be missing specific equipment like servers.

Cold site: Empty premises that require building from scratch. Takes time to set up, especially if acquiring an Internet line.

Mobile site: Replicated processing facilities in mobile trailers. Can be towed to the site when needed, reducing capital expenditure.

  • Comparison table of options:
    • Mirror: Very high cost, minutes to operational.
    • Hot: High cost, hours to operational.
    • Warm: Moderate cost, days to operational.
    • Cold: Low cost, weeks to operational.
    • Mobile: Low cost, days to operational.

Recovery strategies must be fully documented, ideally in hardcopy format for availability during disruption. The documented plan should be protected and regularly updated as the business changes to ensure its effectiveness.

19
Q

Which recovery strategy option involves two or more fully functional data centres where operations can be transferred in the event of disruption, resulting in virtually no loss of service or data?

A) Hot site
B) Warm site
C) Mirror site
D) Cold site

A

C) Mirror site

A mirror site involves having two or more fully functional data centres that can be used in case of disruption, ensuring minimal or no loss of service or data.

20
Q

Which recovery strategy option requires additional work to be done in terms of infrastructure setup and data loading before becoming operational?

A) Cold site
B) Mobile site
C) Warm site
D) Hot site

A

C) Warm site

A warm site is partially equipped and requires additional work to become operational, such as data loading and infrastructure setup.

21
Q

Which recovery strategy option is characterized by a low cost but may take weeks to become operational as it requires building premises from scratch?

A) Hot site
B) Warm site
C) Mirror site
D) Cold site

A

D) Cold site

A cold site is an empty premises that needs to be built from scratch, which takes time and may result in a longer time to become operational despite being a low-cost option.

22
Q

Business Continuity Testing and Auditing

A
  1. Testing the business continuity plan is crucial to ensure its viability and identify any shortcomings.
  2. Testing should be conducted without causing disruption to the business.
  3. Various stages of testing gradually increase the level of activity: checklist, read-through/tabletop, walkthrough, simulation, parallel testing, and full interruption.
  4. Checklist testing involves periodic checks to ensure the plan aligns with business requirements.
  5. Read-through/tabletop testing involves the key personnel in managing the recovery process get together, read through the plans and then practice independently moderated scenarios. This allows the personnel to validate their roles within the plan and to identify any shortcomings.
  6. Walkthrough testing requires personnel to physically visit locations to carry out their duties and check accessibility.
  7. Simulation testing involves executing parts of the plan as simulations, such as conducting a fire drill or evacuation practice.
  8. Parallel testing is performed by activating alternate sites without completing the switch, allowing for a full test of processes.
  9. Full interruption testing involves activating and switching over to alternate resources, typically feasible with mirror sites.
  10. Business continuity plans should undergo regular testing and be open to audit by external parties, especially for ISO27000 accreditation.
23
Q

What is the purpose of a walkthrough test in business continuity planning?

a) To physically visit alternate sites and check accessibility

b) To execute parts of the plan as simulations without causing disruption

c) To periodically check the plan’s alignment with business requirements

d) To activate and switch over to alternate resources in a full interruption scenario

A

a) To physically visit alternate sites and check accessibility

A walkthrough test involves key personnel visiting locations where they have to carry out their duties to ensure accessibility and availability.

24
Q

Which testing method allows for a full test of all processes without causing business disruption?

a) Checklist testing
b) Parallel testing
c) Read-through/tabletop testing
d) Simulation testing

A

b) Parallel testing

Parallel testing involves activating alternate sites and taking the testing process right up to the point of switchover without completing the process, allowing for a full test of all processes without disrupting the business.

25
Q

Why is it important for business continuity plans to undergo regular testing and be open to audit?

a) To identify shortcomings in the plan and make necessary changes

b) To ensure the plan aligns with business requirements

c) To comply with ISO27000 accreditation requirements

d) All of the above

A

d) All of the above

Regular testing helps identify shortcomings in the plan and make necessary changes, ensures alignment with business requirements, and compliance with ISO27000 accreditation requirements. Openness to audit ensures external validation of the plan’s effectiveness.

26
Q

Embedding in business continuity planning

A
  1. Embedding refers to the final stage of business continuity planning.
  2. It involves ensuring that the plan and processes are integrated into the culture of the organization.
  3. Information campaigns are conducted to raise awareness among all staff about the processes in place and their roles and responsibilities.
  4. HR processes should regularly check and update employee emergency contact details.
  5. Key personnel involved in business continuity may change as roles evolve and staff join or leave the organization.
  6. Staff involved in business continuity should be aware of their responsibilities, and training provided through various testing methodologies helps in fulfilling those roles.
27
Q

How often should HR processes check and update employee emergency contact details?

a) Quarterly
b) Annually
c) Biannually
d) Only when employees join or leave the organization

A

b) Annually

HR processes should regularly check and update employee emergency contact details at least on an annual basis to ensure accurate and up-to-date information is available in case of a business disruption.

28
Q

What is the purpose of conducting information campaigns in the context of embedding business continuity?

a) To raise awareness about the risks of business disruption

b) To promote the importance of data backup and recovery

c) To ensure that all staff are aware of the business continuity processes and their roles

d) To identify shortcomings in the existing business continuity plan

A

c) To ensure that all staff are aware of the business continuity processes and their roles

Information campaigns are conducted to ensure that all staff members are aware of the business continuity processes in place and understand their roles and responsibilities during a disruption event.

29
Q

What does embedding refer to in the context of business continuity planning?

a) The process of integrating business continuity with risk management

b) The final stage of business continuity planning

c) The identification of critical assets and processes in the organization

d) The testing and validation of the business continuity plan

A

b) The final stage of business continuity planning

Embedding in business continuity planning refers to ensuring that the plan and processes are integrated into the culture of the organization, which is the final stage of the planning process.