Lecture 11 Notes Flashcards
Business Continuity Planning (BCP)
focuses on maintaining business operations with reduced or restricted infrastructure capabilities or resources
As long as the continuity of the organization’s mission-critical tasks is maintained, BCP can be used to manage and restore the environment
Disaster Recovery Planning (DRP)
If the continuity is broken, then business processes have stopped and the organization is in disaster mode
BCP Steps
1 Project scope and planning
2 Business impact assessment
3 Continuity planning
4 Approval and implementation
Step 1 – Project Scope and Planning
Business Organization Analysis
BCP Team Selection
Resource Requirements
Legal and Regulatory Requirements
Business Organization Analysis
Project Scope and Planning
analyze the business organization and identify departments and individuals who have a stake in the process
Consider
Operational departments
Critical support services
Senior executives
BCP Team Selection
Project Scope and Planning
Representatives from each of the organization’s core departments
Representatives from the key support departments
IT professionals with technical expertise in areas covered by the BCP
Security representatives with knowledge of the BCP process
Legal representatives familiar with corporate legal, regulatory, and contractual responsibilities
Representatives from senior management
Resource Requirements
Project Scope and Planning
BCP development
BCP testing, training, and maintenance
BCP implementation
Legal and Regulatory Requirements
Project Scope and Planning
Federal, state, and local laws may mandate certain elements or degrees of BCP
Step 2 - Business Impact Assessment
identifies critical resources and the threats posed to those resources
Maximum Tolerable Downtime (MTD)
The maximum length of time a business function can be inoperable without causing irreparable harm to the business
Recovery Time Objective (RTO)
amount of time in which you think you can feasibly recover the function
Goal of BCP (RTO vs MTD)
RTOs are less than MTDs
Step 3 – Continuity Planning
focuses on developing and implementing a continuity strategy
Strategy Development (Continuity Planning)
Determine which risks are acceptable vs. those that must be mitigated or otherwise addressed
Provisions and Processes (Continuity Planning)
designs the specific procedures and mechanisms that will mitigate the risks deemed unacceptable during the strategy development stage
Categories of assets
People
Buildings and facilities
Infrastructure