Lecture 11 Notes Flashcards

1
Q

Business Continuity Planning (BCP)

A

focuses on maintaining business operations with reduced or restricted infrastructure capabilities or resources

As long as the continuity of the organization’s mission-critical tasks is maintained, BCP can be used to manage and restore the environment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Disaster Recovery Planning (DRP)

A

If the continuity is broken, then business processes have stopped and the organization is in disaster mode

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

BCP Steps

A

1 Project scope and planning
2 Business impact assessment
3 Continuity planning
4 Approval and implementation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Step 1 – Project Scope and Planning

A

Business Organization Analysis

BCP Team Selection

Resource Requirements

Legal and Regulatory Requirements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Business Organization Analysis

A

Project Scope and Planning
analyze the business organization and identify departments and individuals who have a stake in the process

Consider
Operational departments
Critical support services
Senior executives

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

BCP Team Selection

A

Project Scope and Planning
Representatives from each of the organization’s core departments

Representatives from the key support departments

IT professionals with technical expertise in areas covered by the BCP

Security representatives with knowledge of the BCP process

Legal representatives familiar with corporate legal, regulatory, and contractual responsibilities

Representatives from senior management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Resource Requirements

A

Project Scope and Planning
BCP development

BCP testing, training, and maintenance

BCP implementation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Legal and Regulatory Requirements

A

Project Scope and Planning

Federal, state, and local laws may mandate certain elements or degrees of BCP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Step 2 - Business Impact Assessment

A

identifies critical resources and the threats posed to those resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Maximum Tolerable Downtime (MTD)

A

The maximum length of time a business function can be inoperable without causing irreparable harm to the business

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Recovery Time Objective (RTO)

A

amount of time in which you think you can feasibly recover the function

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Goal of BCP (RTO vs MTD)

A

RTOs are less than MTDs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Step 3 – Continuity Planning

A

focuses on developing and implementing a continuity strategy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Strategy Development (Continuity Planning)

A

Determine which risks are acceptable vs. those that must be mitigated or otherwise addressed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Provisions and Processes (Continuity Planning)

A

designs the specific procedures and mechanisms that will mitigate the risks deemed unacceptable during the strategy development stage

Categories of assets
People
Buildings and facilities
Infrastructure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Step 4 - Plan Approval & Implementation

A

Once the BCP team completes the design phase of the BCP document, senior management must review and approve developed BCP plan

17
Q

Training and Education (BCP)

A

Everyone in the organization should receive at least a plan overview briefing

18
Q

Disaster Recovery Plan

A

When a disaster strikes and a business continuity plan fails to prevent interruption of business activities, the disaster recovery plan guides the actions of emergency-response personnel until the end goal is reached:

Restoring the business to full operating capacity

19
Q

Disaster Recovery Strategy Subtasks

A
Business Unit Priorities
Crisis Management
Emergency Communications
Work Group Recovery
Alternate Processing Sites
Mutual Assistance Agreements
Database Recovery
20
Q

Business Unit and Functional Priorities (Disaster Recovery Strategy Subtasks)

A

Business units and/or functions with the highest priority must be recovered first

You might find that it would be best to restore highest-priority units to 50 percent capacity

21
Q

Crisis Management (Disaster Recovery Strategy Subtasks)

A

If your training budget permits, investing in crisis training for your key employees is a good idea

22
Q

Emergency Communications (Disaster Recovery Strategy Subtasks)

A

When a disaster strikes, it is important that the organization be able to communicate internally as well as with the outside world

Have alternate means of communication available

23
Q

Work Group Recovery (Disaster Recovery Strategy Subtasks)

A

When designing a disaster recovery plan, it’s important to consider the restoration of work groups to the point that they can resume their activities

To facilitate this effort, it’s sometimes best to develop separate recovery facilities for different work groups

24
Q

Alternate Processing Sites (Disaster Recovery Strategy Subtasks)

A

Cold sites
Standby facilities large enough to handle the processing load of an organization, equipped with electrical/environmental support systems

Hot site
Backup facilities maintained in constant working order, with servers, etc.
Ready to assume primary operations responsibilities

Warm site
Similar to hot sites, but do not typically contain copies of the client’s data

Mobile site
Self-contained trailers or other easily relocated units

Service Bureaus
Companies that lease computer time

25
Q

Mutual Assistance Agreements (Disaster Recovery Strategy Subtasks)

A

Under an MAA, two organizations pledge to assist each other in the event of a disaster by sharing computing facilities or other resources

26
Q

Database Recovery (Disaster Recovery Strategy Subtasks)

A

Electronic vaulting
Database backups are transferred to a remote site using bulk transfers

Remote journaling
Only transfers copies of the database transaction logs containing the transactions that occurred since the previous transfer

Remote mirroring
A live database server is maintained at the backup site

27
Q

Disaster Recovery Plan Development

A
  • Emergency Response
  • Personnel Notification
  • Backups and Off-Site Storage
  • Software Escrow Arrangements
  • External Communications
  • Utilities
  • Logistics and Supplies
  • Recovery vs. Restoration
28
Q

Emergency Response (Disaster Recovery Plan Development)

A

contain simple yet comprehensive instructions for essential personnel to follow immediately upon recognizing that a disaster is in progress or is imminent

Often in the form of checklist

29
Q

Personnel Notification (Disaster Recovery Plan Development)

A

A disaster recovery plan should also contain a list of personnel to contact in the event of a disaster

30
Q

Backups and Off-Site Storage (Disaster Recovery Plan Development)

A

Access to backed up data is often essential for recovery from a disaster

Full backups: store a complete copy of the data

Incremental and differential backups: store only files that have been modified since the most recent full or incremental backup

31
Q

Software Escrow Arrangements (Disaster Recovery Plan Development)

A

Protect against the failure of a software development contractor

Source code is held in third-party escrow

32
Q

Recovery vs. Restoration

A

Recovery involves restoring business operations and processes to a working state

The recovery team members have a very short time frame in which to operate (MTD/RTO)

Restoration involves restoring a business facility and environment to a workable state

The salvage team has more time to work than the recovery team