Domain 7: BCP/DRP pt 2 Flashcards
- Business Continuity Planning process
- Formal method for determining how a disruption to IT systems will impact the organization’s requirements, process, and interdependencies with respect to the business mission
Business Impact Analysis (BIA)
Describes the total time a system can be inoperable before an organization is severely impacted
Maximum Tolerable Downtime (MTD)
What are some alternate terms for the Maximum Tolerable Downtime (MTD)?
Maximum Allowable Downtime
Maximum Tolerable Outage
Maximum Acceptable Outage
- Failure and recovery metric
- The amount of data loss or system inaccessibility that an organization can withstand
Recovery Point Objective (RPO)
- Failure and recovery metric
- Describes the maximum time allowed to recover an IT system
Recovery Time Objective (RTO)
The time required to configure a recovered system
MTD = RTO + ____
Work recovery time (WRT)
- Failure and recovery metric
- Describes the length of time a new or repaired system will run before failing
Mean Time between Failures (MTBF)
- Failure and recovery metric
- Describes the length of time it will take specific failed system to recover
Mean Time to Repair (MTTR)
- Failure and recovery metric
- Describes the minimum environmental and connectivity requirements in order to operate computer equipment
Minimum operating requirements (MOR)
- A location that is an exact production duplicate of main IT operation systems
- No loss of availability during a disruption
Redundant Site
- Location that contains all equipment and services required by the company
- Organization may relocate to following a major disruption or disaster
- Can be brought up within minutes or hours
Hot Site
Location with readily accessible hardware and connectivity, but relies on backup data in order to rebuild a system after a disruption
Warm Site
- Location that does not contain backup copies of data or any immediately available hardware
- Could take weeks to get up and running
Cold site
- Bidirectional agreement between two organizations
- One company promises another that it can move in and share space if it experiences a disaster
Reciprocal agreements aka Mutual Assistance Agreements (MAAs)
Transportable data centers that can be towed, supplied with power and network to be brought online
Mobile site
- Procedures for sustaining essential business operations while recovering from significant disruptions
- Addresses business processes; IT addressed bases only on its support for business process
Business Continuity Plan (BCP)
- Procedures for recovering business operations immediately following a disaster
- Addresses business processes; not IT focus; IT addressed based only on its support for business process
Business Recovery Plan (BRP)
- Procedures and capabilities to sustain an organization’s essential, strategic functions at an alternate site for up to 30 days
- Addresses the subset of organization’s missions that are deemed most critical; usually written at headquarters level; not IT-focused
Continuity of Operations Plan (COOP)
- Procedures and capabilities for recovering a major application or general support system
- Addresses IT system disruptions; not business process-related
Continuity of Support Plan/IT Contingency Plan
- Procedures for publishing status reports to personnel and public
- Not IT-focused
Crisis Communications Plan
Plan to detect, respond to and limit consequences of malicious cyber incidents
Cyber Incident Response Plan
- Detailed procedure to facilitate recovery of capabilities at an alternate site
- Often IT-focused; limited to major disruptions with long-term effects
Disaster Recovery Plan
- Coordinated procedure for minimizing loss of life or injury and protecting property damage in response to physical threat
- Focuses on personnel and property particularly of a specific facility
Occupant Emergency Plan (OEP)
What are the five steps of the Business Impact Analysis (BIA) process?
- Identification of priorities
- Risk identification
- Likelihood assessment
- Impact assessment
- Resource prioritization
- BCP Business Impact Analysis (BIA) process
- Involves creating a comprehensive list of business processes and ranking them in order or importance
- Metrics: asset value (AV), maximum tolerable downtime (MTD), recovery time objective (RTO)
Identification of priorities
- BCP Business Impact Analysis (BIA) process
- Natural and man-made threats posed to your organization
Risk identification
- BCP Business Impact Analysis (BIA) process
- Determines probability of a risk occurring
Likelihood assessment
- BCP Business Impact Analysis (BIA) process
- Determine the effect each of the identified risks would have on the business if it were to occur
- Metrics: exposure factor (EF), single loss expectancy (SLE), annualized loss expectancy (ALE)
Impact assessment
- BCP Business Impact Analysis (BIA) process
- Here we allocate resources to the various risks we’ve already identified and assessed
Resource prioritization
- Company that owns large server farms and fields of workstations, it leases this computer time
- Can support all IT needs in the event of a disaster even desktops
- Tend to oversell their capacity by betting all their contracts will not be excised at the same time
- Potential for resource contention in the event of a major disaster
Service bureaus