Continuity Flashcards
What is CONOPS?
___ of _____
Concept of Operations (Cloud SP)
How does CONOPS help organization ?
Helps ___ to document in ___ ____ what is _____ built for IS
Helps org to document in plain language what is Required & built for Information System
Which of the following statements correctly depicts the use of a Concept of Operations (CONOP) document?
A. Mandatory document required by ISO 27001 related
to security operations
B. Mandatory document required by ISSO 27023 related
to security operations
C. It helps an org to document in plain language what is
required and what should be built for an information
system
D. It provide requirements for an org to implem security
mgmt related to identity and access mgmt.
C. It helps an org to document in plain language what is
required and what should be built for an information
system
Bus Continuity contains 3 key elements?
_____ bounce back
_____ Planning
_____ Restore
- Resilience (Bounce back)
- Contingency (Planning)
- Recovery (Restore)
Which of the following actions should a company take if a cloud computing provider ceases to uphold their contract?
A. Consult the company’s exit plan.
B. Move the company data to the backup provider that was selected earlier.
C. Re-host all critical applications on the company’s internal servers.
D. Evaluate the company’s strategic options for an alternative provider
A. Consult the company’s exit plan.
Which of the following actions should a company take if a cloud computing provider ceases to uphold their contract?
A. Consult the company’s exit plan.
B. Move the company data to the backup provider that was selected earlier.
C. Re-host all critical applications on the company’s internal servers.
D. Evaluate the company’s strategic options for an alternative provider
A. Consult the company’s exit plan.
What (4) concerns do you consider with Bus Continuity Outage Support?
____ _____
____ of Data can afford to ____
How quickly you need to restore ____ _____
How vulnerable are ____ to _______
- Most Critical Processes
- Amount of data can afford to lose?
- How quickly do you need to restore Critical
Processes? - How Vulnerable are operations to disasters?
What (2) do you consider for BIA Business Impact Analysis
Identify all ___ ____
Assign level of ____ to each _____
- Identify all Bus function
2. Assign level of importance to each func
With Bus Continuity in Cloud what 4 benefits are there with using the cloud? (4) Resource \_\_\_\_\_, \_\_\_\_\_\_ \_\_ \_\_\_\_\_\_\_\_ service \_\_\_\_\_ of service Service \_\_\_\_\_\_\_
- Resource pooling & elasticity
- Self-serve ON DEMAND service
- Quality of service
- Selection of service location
What are the 7 steps of Bus Continuity Plan (BCP)(7)?
Document ___ ______
Work ___ _____
External ________ ie: Utility, municipal, police, fire, water, hospital, post office, office
Critical (2) _____ & _____
Contingency (2) ____ & ______
Create ___ __ ______
__________, stakeholders, members, impact by CBP
- Document key personnel
- (WORK ANY LOCATION) Telecommute / work
anywhere - External Suppliers – Utility, municipal, office, police,
fire, water, hospital, post office - Critical (2) equipment and docs
Equipment – Fax, Copy, printers
Documents - Contingency (2) equipment and location
Equipment
Location - Create HOW to instructions
- Communication – stakeholders, members, impact by
CBP
What are the PROS for Cloud Bus Continuity Plan (BCP)? (5)
- _____
- _______ _______
- Save __, __, ______
- Working _____
- Access data _______
- Storage, BU
- Offsite locations
- Save HW, SW, Infrastructure
- Remote Working
- Access data anywhere
What are the CONS for Cloud Bus Continuity Plan (BCP)?
- Existing BCP, could be ______
- Need clear _____
- Choose appropriate ___ to ____
- Consider ______
- Ensure relationship w/ ___
- Take time, careful to _______
- If org has existing BCP, chg plans could be expensive
- Need a CLEAR SLA
- Choose appropriate services to bus
- Consider policy
- Ensure credible relationship w/ SP
- FIPS 42 / ISO 9001
- Use small steps to implemlement
A company would like to move an application to the cloud which resides on a single physical server in their data center. The server has two drives, one of which hosts the operating system, and the other hosts the application data. The operating system has been showing errors recently and the application data was corrupted last Friday at 4:00PM. Data is backed up every day at 1:00AM. Which of the following would be the BEST option for migrating this application to the
cloud?
A. Setup a server in the cloud, install an operating system, install the application, and copy the data
to the cloud server from last Friday’s backup
B. Setup a server in the cloud, install an operating system, install and configure the application, and
copy the data to the cloud server from last Thursday’s backup
C. Clone or P2V the server with both drives to the cloud platform
D. Clone or P2V the server with the application drive to the cloud platform and copy the operating
system to the cloud server
A. Setup a server in the cloud, install an operating system, install the application, and copy the data
to the cloud server from last Friday’s backup
Which of the following is a negative business impact of cloud computing?
A. It lowers the company’s overall application processing availability.
B. It is difficult to implement problem management.
C. It is more difficult to ensure policy compliance.
D. It slows down the company’s ability to deal with server capacity issues.
C. It is more difficult to ensure policy compliance.
What are the 6 Common causes data losses occur due to disaster
- Natural Disasters
- Application failure
- System failure
- Network failure
- Network Intrusion
- Hacking or Malicious code
RPO
Recovery Point Objective
What is RPO?
Data Loss measured in _____
If RPO = 1 hrs and it is noon, then recovery must include all data up to ____ AM or PM
Recovery Point Objective
Data LOSS measured in time
If RPO = 1 hrs … and it is noon, then recovery must incl all data up to 11AM
RTO
Recovery Time Objective
What is RTO?
______________________
If RTO = 8 hrs … and it is noon, then the back uptime must be ______ AM or PM
Recovery Time Objective
Downtime: Back up restoration
If RTO = 8 hrs … and it is noon, then the back uptime must by 8PM
MTO
Max Tolerable Outage
What is MTO?
Means: ___ ___ down before _________ org object
Max tolerable Outage
Max amount time sys down before compromise org object
MTTR
Mean Time to Repair