Domain III – Information Technology – Section C: Disaster Recovery Flashcards
Business Continuity Management (BCM)
is the process by which an organization prepare for future incidents that could jeopardize the organization’s core mission and its long‐term viability. Such incidents include building fires, earthquakes, or natural events like pandemic illnesses.
The Key Components of the BCM
- Management Support
- Risk Assessment and Risk Mitigation
- Business Impact Analysis (BIA)
- Business Recovery and Continuity Strategy
- Awareness and Training
- Exercises
- Maintenance
Risk Assessment and Risk Mitigation
Potential risks due to threats must be identified, and the probability and potential impact to the business must be determined.
=> The BC risk assessment is used to shape the overall BCM program scope by providing a list of likely events and associated consequences that should be addressed in a risk mitigation plan and the BCM program.
- Business Impact Analysis (BIA)
The BIA is used to identify business processes that are integral to keeping the business unit functioning in a disaster and to determine how soon these integral processes should be recovered following a disaster. The steps of BIA are:
- Identifying the Business Processes.
- Determine a recovery time objective (RTO) based on the types of business impact (i.e. duration of time to restore a business process).
- Next, determine a recovery point objective (RPO) for information systems. (i.e amount of data that can be lost).
- Identifying the Other Parties and Physical Resources
- Obtaining Sponsor and Manager Approval
Business Recovery and Continuity Strategy
Business recovery and continuity strategies must be developed for critical business processes identified during the BIA.
=> This strategy addresses the actual steps, people, and resources required to recover critical business processes.
Hot Recovery Plan/Capabilities
- A recovery plan exists.
- Recovery resources are available at recovery site and data is synchronized in real‐time to enable the system to be recovered immediately or within hours.
- Typical recovery time is minutes to 1 day.
Warm Recovery Plan/Capabilities
- A recovery plan exists.
- Recovery resources (e.g., nonproduction systems, spare hardware, etc.) are available at recovery site but may need to be configured to support the production system when the disaster occurs.
- Some data may need to be restored (probably from tape or other backups).
- Typical recovery time is 2 to 13 days.