Business Continuity and Disaster Recovery Flashcards
Disruptions
unplanned event that interrupts any organizational asset like processes, functions, devices
3 Categories of disruptions
nondisasters
disasters
catastrophes
nondisasters
temporary due to malfunctions or failure. easiest to recover from
disaster
suddenly occurring, has long term negative impact.
catastrophe
much wider and longer impact than disaster. facilities are destroyed, requiring rebuilding and temporary offsite locations
Disaster
usually affects wide geographical area. severe damage, injury, death
severity is affected by amount of time organization takes to recover
officially over when all business elements return to normal function at original site
Technological disasters
device failures. usually unintentional, even if caused by errors in configuration
if a disaster occurs because of deliberate attack, it’s considered man-made even if it’s against a technology
Man Made disaster
occurs through human intent or error. Attacks, personnel unavailability due to evacuation
Typically intentional
Natual
floods, tsunami, tornados, etc. Fires except for arson
Natural
floods, tsunami, tornados, etc. Fires except for arson
Disaster Recovery Plan (DRP)
Business Continuity Plan (BCP)
Each organizational function will have a DRP. It includes steps to restore functions and systems. Goal is to minimize damage and injury
The DRP’s are part of the BCP
DRP’s are implemented when emergency occurs
Disaster Recovery Plan (DRP)
Business Continuity Plan (BCP)
Each organizational function will have a DRP. It includes steps to restore/recover functions and systems. Goal is to minimize damage and injury
DRP’s are implemented when emergency occurs
The DRP’s are part of the BCP
Business continuity Plan (BCP)
considers all aspects affected by a disaster: functions, systems, personnel, facilities.
Lists and prioritizes services needed, particularly IT, telecom
Business continuity Plan (BCP)
Availability
Reliability
Recoverability
considers all aspects affected by a disaster: functions, systems, personnel, facilities.
Lists and prioritizes services needed, particularly IT, telecom
Availability is a main component. Orgs must determine acceptable levels of availability for functions and systems
Reliability is the capability of a function or systems to consistently perform to its specifications
Recoverability is the capability of a function to be recovered after a disruption
Contingency Plan
Instructions on what personnel should do until functions and systems are restored to full functionality
includes contact information for personnel, vendors and system and equipment requirements
failure of the contingency plan considered a mgmt failure
How often should the BCP, DRP and contingency plans be reviewed?
annually. maintain version control
Fault Tolerance
when a backup component starts working when primary fails.
Business Impact Analysis
4 main steps
ID critical processes, resources
ID outage impacts, estimate downtime
ID resource requirements
ID recovery priorities
Business Impact Analysis
ID Critical processes and resources
first ID the business units or functional areas
select people to gather necessary data, select how to gather data
use questionnaires, interviews, surveys, vulnerability analysis, risk assessment
document business processes, functions and the resources they depend on