Ch.17 - Business Continuity and Disaster Recovery Flashcards

1
Q

What Is A Business Impact Analysis (BIA)?

A

• Study used to identify impact that can result from disruptions in business
• Focuses on failure of one or more critical IT functions
• Terms to know:
o Maximum acceptable outage (MAO)
o Critical business functions (CBFs)
o Critical success factors (CSFs)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Dimensions of a BIA

A

▪ Identify the business impact of IT disruptions
▪ Mission-critical IT systems and components
▪ Does not analyze all IT functions
▪ Stakeholders identify mission-critical systems
▪ Compliance issues often drive BIA
▪ Inputs into the business continuity plan (BCP) and risk assessment (RA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Objectives of BIA

A

▪ Identify critical business functions (CBFs)
o Unless you own process, critical business functions are not always apparent – Ex: if you
are the security expert, you may not know CBFs of an online Web site

▪ Identify critical resources
o Critical resources are those that are required to support CBFs
o Once you identified CBFs, you can analyze them to determine critical resources for each
▪ Identify maximum acceptable outage (MAO) and impact
o Once you identified CBFs and IT resources that support them, turn your attention to
MAO and its impact
o When calculating MAO for org, it’s important to consider direct/indirect costs
▪ Identify recovery requirements
o Recovery requirements show time frame in which systems must be recoverable

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Balancing Costs

A
  • Cost to recover
  • Cost of disruption
  • Consider Direct costs and Indirect costs
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What Is a Disaster Recovery Plan?

A
• Plan to restore critical business process or system to operation after disaster
• DRP terms to know:
o Critical business function (CBF)
o Maximum acceptable outage (MAO)
o Recovery time objectives (RTO)
o Business impact analysis (BIA)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Purpose of a DRP

A
  • Most DRPs include purpose statement – Helps identify goals of DRP
  • DRP often has multiples goals or purposes:
    o Saving Lives: Protection and safety of personnel is always important
    ▪ If any steps are required to protect personnel, DRP will identify these steps
    ▪ Includes preparation steps before impending disaster (ex: Hurricane)
    • Includes steps to take as disaster is occurring

o Ensuring Business Continuity: DRP includes procedures to restore CBFs if disaster occurs
▪ Purpose is to ensure that mission-critical operations continue to function during and after disaster

o Recovering After A Disaster: DRP also addresses processes to recover organization after
disaster has passed
▪ Include normalizing any CBFs moved to alternate location or normalizing noncritical functions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Critical Success Factors

A
  • Elements that are critical to success of DRP include:
    o Management support
    o Knowledge and authority for DRP developers
    o Identification of primary concerns
    ▪ Ex: recovery time objectives and alternate location needs
    o Disaster recovery budget
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Importance of Backups

A
  • Backups of data

* Off-site copies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Cold Site

A

▪ Available building
▪ Has electricity, running water, and restrooms
▪ No equipment or data needed for critical operations
▪ May support a server environment (no equipment, data, applications)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Hot Site

A

▪ Include all equipment and data necessary for business functions
▪ Able to assume operations within hours or minutes
▪ Personnel on location 24/7

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Warm Site

A

▪ Compromise between cold and hot sites
▪ Operational equipment maintained
▪ Usually no data kept up to date
▪ Capable of updating and going live

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Cloud Computing Alternatives

A
  • Not location dependent
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Common Elements of a DRP

A
➢ Purpose and scope
➢ Disaster/emergency declaration
➢ Communications
➢ Emergency response
➢ Activities
➢ Recovery procedures
➢ Critical operations, customer service, and operations recovery
➢ Restoration and normalization
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is a Business Continuity Plan?

A

• Plan designed to help organization continue to operate during and after disruption
• BIA is included as part of a BCP
• BIA key objectives that directly support BCP:
o Identify critical business functions (CBFs)
o Identify critical processes supporting CBFs
o Identify critical IT services supporting CBFs, including any dependencies
o Determine acceptable downtimes for CBFs, processes, and IT service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Elements of a BCP

A
▪ Purpose and scope
▪ Assumptions and planning principles
▪ System description and architecture
▪ Responsibilities
▪ Phases
▪ Plan training, testing, and exercises
▪ Plan maintenance
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Phases within a BCP Plan

A

1) Notification/activation phase
2) Recovery phase
3) Reconstitution phase

17
Q

Defining Data that Needs to Be Protected

A

• Identify all critical components for system
o There are two reasons for including this data:
a) Makes it clear which components are needed for CBF
b) Provides list that you can use to restore system from scratch
• Identify all equipment (servers, switches, routers)
o servers may need to be rebuilt from scratch – BCP should list OS and any applications needed to support system
o If image is used to rebuild servers, it will list version number
• Include databases hosted on system
• Include files (documents or spreadsheets)
• Include necessary supplies
o can be simple office supplies (printer/paper/toner)
o For some systems, it can include technical supplies (special oils for machinery or tools needed for maintenance)

18
Q

Business Continuity VS Disaster Recovery

A

Business Continuity Plan
- Covers all functional areas of business
(Ensures entire business can continue to operate in the event of disruption)
- Includes BIA, and address other non-technical elements of event
- Focused on getting overall business functions
back to normal

Disaster Recovery Plan
- Function of IT department
- Includes elements necessary to recover from
declared disaster
- Involves copying critical data to media or online. If required, move IT operations off site to recover
- Focused on restoring and recovering IT functions

19
Q

Steps for Implementing a BCP

A

1) Create BCP scope statements
2) Conduct business impact analysis (BIA)
3) Identify countermeasures and preventive controls
4) Develop individual disaster recovery plans (DRPs)
5) Implement training
6) Test and exercise plans
7) Maintain and update plans