Business Continuity and Disaster Recovery

Question 1

Disruptions

Answer 1

unplanned event that interrupts any organizational asset like processes, functions, devices

Question 2

3 Categories of disruptions

nondisasters

disasters

catastrophes

Answer 2

nondisasters
temporary due to malfunctions or failure. easiest to recover from

disaster
suddenly occurring, has long term negative impact.

catastrophe
much wider and longer impact than disaster. facilities are destroyed, requiring rebuilding and temporary offsite locations

Question 3

Disaster

Answer 3

usually affects wide geographical area. severe damage, injury, death

severity is affected by amount of time organization takes to recover

officially over when all business elements return to normal function at original site

Question 4

Technological disasters

Answer 4

device failures. usually unintentional, even if caused by errors in configuration

if a disaster occurs because of deliberate attack, it’s considered man-made even if it’s against a technology

Question 5

Man Made disaster

Answer 5

occurs through human intent or error. Attacks, personnel unavailability due to evacuation

Typically intentional

Question 6

Natual

Answer 6

floods, tsunami, tornados, etc. Fires except for arson

Question 7

Natural

Answer 7

floods, tsunami, tornados, etc. Fires except for arson

Question 8

Disaster Recovery Plan (DRP)

Business Continuity Plan (BCP)

Answer 8

Each organizational function will have a DRP. It includes steps to restore functions and systems. Goal is to minimize damage and injury

The DRP’s are part of the BCP

DRP’s are implemented when emergency occurs

Question 9

Disaster Recovery Plan (DRP)

Business Continuity Plan (BCP)

Answer 9

Each organizational function will have a DRP. It includes steps to restore/recover functions and systems. Goal is to minimize damage and injury

DRP’s are implemented when emergency occurs

The DRP’s are part of the BCP

Question 10

Business continuity Plan (BCP)

Answer 10

considers all aspects affected by a disaster: functions, systems, personnel, facilities.

Lists and prioritizes services needed, particularly IT, telecom

Question 11

Business continuity Plan (BCP)

Availability
Reliability
Recoverability

Answer 11

considers all aspects affected by a disaster: functions, systems, personnel, facilities.

Lists and prioritizes services needed, particularly IT, telecom

Availability is a main component. Orgs must determine acceptable levels of availability for functions and systems

Reliability is the capability of a function or systems to consistently perform to its specifications

Recoverability is the capability of a function to be recovered after a disruption

Question 12

Contingency Plan

Answer 12

Instructions on what personnel should do until functions and systems are restored to full functionality

includes contact information for personnel, vendors and system and equipment requirements

failure of the contingency plan considered a mgmt failure

Question 13

How often should the BCP, DRP and contingency plans be reviewed?

Answer 13

annually. maintain version control

Question 14

Fault Tolerance

Answer 14

when a backup component starts working when primary fails.

Question 15

Business Impact Analysis

4 main steps

Answer 15

ID critical processes, resources
ID outage impacts, estimate downtime
ID resource requirements
ID recovery priorities

Question 16

Business Impact Analysis

ID Critical processes and resources

Answer 16

first ID the business units or functional areas

select people to gather necessary data, select how to gather data

use questionnaires, interviews, surveys, vulnerability analysis, risk assessment

document business processes, functions and the resources they depend on

Question 17

Business Impact Analysis

Determine criticality level of resources by using these terms

Maximum Tolerable Downtime (MTD) aka Maximum Period Time of Disruption (MPTD)

Mean Time to Repair (MTTR)

Mean Time Between Failures (MTBF)

reliability increased by higher MTBF, lower MTTR

Answer 17

MTD/MPTD - maximum time an organization can tolerate a single resource being down

MTTR - Average time needed to repair a resource when a disaster happens

MTBF - Estimated time a device will operate before failure occurs. Calculated by device vendor

Question 18

Business Impact Analysis

Terms to ID outage impacts and estimate downtime

Recovery Time Objective (RTO)

Recovery Point Objective (RPO)

Work Recovery Time (WRT)

Answer 18

RTO - shortest time period after a disruption that a resource must be restored to avoid unacceptable consequences. RTO should be smaller than MTD

RPO - Point in time to which the disrupted resource must be returned

WRT - difference between the RTO and MTD. The time left over after the RTO, before reaching MTD

Question 19

Business Impact Analysis

Organizations must develop their own documented criticality levels:

critical resources
urgent resources
important resources
normal resources

Answer 19

critical - vital to operation, restored within minutes or hours

urgent - restored in 24 hours

important - restored in 72 hours

normal - resorted in 7 days

Question 20

Recovery Strategies

Alternate locations include:

hot site
cold side

Answer 20

hot - contains all resources needed for full operation. Only resource needed to restore at hot site is data. Quickest recovery, but expensive, hard to manage.

cold - contains electrical, HVAC, communications wiring, plumbing. Longer to restore than hot or warm site. cheapest, but hard to test

Question 21

Warm Site

Tertiary Site

Answer 21

Warm Site
typically has everything except computers
Most widely implemented alternate location

Tertiary Site
secondary backup site in case hot, warm or cold site is unavailable
usually used to protect against large catastrophes affecting wide geographic areas

Question 22

Reciprocal agreements

Redundant sites

Answer 22

Reciprocal agreements
two organizations agree to act as alternate locations for each other. Can’t be legally enforced. May not handle workload of both organizations simultaneously

Redundant sites
not leased site, but owned by same organization as primary site.
most expensive but fastest way to recover

Question 23

Disaster Recovery Plan Should include these things for hardware

Answer 23

vendor contact information in case new supplies need to be bought

recovery information for:
hardware backup (computers, network gear, etc.
guidelines and procedures for restoring data

Question 24

Disaster Recovery Plan Should include these things for software

Answer 24

software backups including applications and data, should be stored at an alternate location.

All license information should be documented

software installation media, service packs, updates

frequent backups of applications should be taken

software escrow in case the software vendor goes out of business

Question 25

Disaster Recovery Plan Should include these things for human resources

Answer 25

occupant emergency plan to minimize loss of life or injury

HR contacts personnel in event of disaster. Contact information should be stored on and offsite

After initial event, HR monitors personnel to guard against stress and burnout during recovery period

Provide adequate periods of rest

Guidelines to replace personnel lost during disaster

Ensure salaries and funding continue during and after disaster

signed checks should be securely stored offsite

executive succession plan should be created

Question 26

Disaster Recovery Plan Should include these things for supplies

Answer 26

supplies - paper, cabling, water. Any vital resources to daily operations and vendors to get them from, plus alternate suppliers

Documentation
Each dept. should maintain their own critical documentation. Stored in central location onsite with offsite copy. Personnel should be tasked to ensure it’s created, stored and updated.

Question 27

Create Recovery Strategies
DRP must include recovery information on these assets:

operations team

BCP teams

Answer 27

operations team - determines what data is backed up, how often and method of backup

BCP teams - ensure data is backed up and can be restored

Question 28

Backup Types

full
incremental
differential

Answer 28

full backup - archive bit for each file is cleared. Best for offsite archiving. Longest time and most space. differential or incremental start with a full backup.

incremental
backups up everything changed since last backup of any kind. Archive bit for each file is cleared. Least amount of time and space to complete. To restore, full backup and each successive incremental backup must be restored

differential
backs up everything changed since the last full backup. Archive bit for each file is NOT cleared. Only the full and most recent differential backup are needed to restore

Question 29

Backup schemes

transaction log backup
FIFO rotation scheme
grandfather/father/son rotation scheme

Answer 29

transaction log backup
recover to a specific point in time. Covers transactions that occurred since the last backup

FIFO rotation scheme
Newest backup is saved to oldest media. simplest but doesn’t protect against data errors. If error exists, you may not have a version of data without the error

grandfather/father/son rotation scheme
3 sets of backups, usually: daily, weekly, monthly.
daily backups are the “son”
weekly backups are the “father”
monthly backups are the “grandfather”
each week one son advances to the father set, each month one father advances to the grandfather set

Question 30

data recovery terms

electronic vaulting
remote journaling
tape vaulting
hierarchical storage management (HSM)
optical jukebox
replication

Answer 30

electronic vaulting
copies files when they’re modified

remote journaling
copies transaction logs offsite

tape vaulting
creates backups over network to offsite facility

hierarchical storage management (HSM)
moves data to different types (expenses) of media

optical jukebox
duh

replication - copies data to another location
synchronous - constant data updates
asynchronous - on a schedule

Question 31

data recovery terms

RAID
SAN
Failover
Failsoft

Answer 31

RAID
redundant array of independent disks

SAN
storage devices connected by high speed network

Failover
ability to switch to a backup system if primary fails

Failsoft
ability to terminate non-critical processes when failure occurs

Question 32

data recovery terms

clustering
load balancing

Answer 32

clustering
software product that does load balancing between applications.
One instance acts as a master controller distributing work to other instances

load balancing
hardware product that does load balancing. also called farms or pools

Question 33

Top 2 priorities in a disaster

Answer 33

personnel safety

damage mitigation

Question 34

Teams to support the DRP

Damage Assessment Team

Legal Team

Answer 34

Damage Assessment Team
determines disaster cause and amount of damage to organization. Identifies assets and functionality after disaster.

Legal Team
Overseas legal issues, PR events. Consult to ensure recovery operations follow laws and regulations

Question 35

Teams to Support the DRP

Media Relations

Recovery Team

Relocation Team

Answer 35

Media Relations - informs public

Recovery Team - recovers critical business functions, ensures physical assets are in place. Oversees the relocation and restoration teams

Relocation Team - oversees transfer of assets between locations.

Question 36

Teams to support the DRP

Restoration Team

Salvage Team

Security Team

Answer 36

Restoration Team - ensures assets and data are restored from backups

Salvage Team - recovers assets at disaster location, ensures primary site returns to normal. Does cleaning, rebuilding original facility, declares when original site can resume operations

Security Team - manages security at primary and alternate locations.

Question 37

Types of tests for assessing BCP and DRP

Checklist test
Table-top exercise
Structured walk-through

Answer 37

Checklist test
department managers review the BCP. BCP committee uses their notes to update BCP

Table-top exercise
Most efficient and cost-effective way to ID areas of overlap early on. Brainstorming session where participants agree to a disaster scenario to focus on

Structured walk-through
each department rep reviews the BCP’s accuracy. Most important to perform before a live disaster

Question 38

Types of tests for assessing BCP and DRP

Checklist test
Table-top exercise
Structured walk-through

Answer 38

Checklist test
department managers review the BCP. BCP committee uses their notes to update BCP

Table-top exercise
Most efficient and cost-effective way to ID areas of overlap early on. Brainstorming session where participants agree to a disaster scenario to focus on

Structured walk-through
each department rep reviews the BCP’s accuracy. Most important to perform before a live disaster

Question 39

Types of tests for assessing BCP and DRP

Simulation test
Parallel test
Full-interruption test

Answer 39

Simulation test
operations and support personnel execute the DRP in a role-playing scenario.

Parallel test
validates new system against its predecessor. Performance of the replacement is compared to the original. If deficiencies are found, they’re resolved

Full-interruption test
shut down primary facility and bring up the alternate facility to full operation. Requires coordination between all parties. Perform after all other tests have been completed successfully

Question 40

Types of tests for assessing BCP and DRP

Functional Drill
Evacuation Drill

Answer 40

Functional Drill
tests a single function or department to see if DRP is complete for that function.

Evacuation Drill
personnel follow evacuation or shelter in place guidelines.