Lecture 1.4: Business Continuity and Disaster Recovery – Flashcards
Unlock all answers in this set
Unlock answersquestion
Incident Handling
answer
Handling an incident in accordance with your security policy, local laws, and regulations
question
Goal of Incident Management:
answer
Restoring normal operations as quickly as possible with the least possible impact on either the business or the user, at a cost-effective price.
question
Definition of Incident
answer
Any event that is not part of the standard operation of a service and causes, or may cause, a negative outcome to confidentiality, integrity, or availability
question
The initial response of incident management should include
answer
• Retrieving information — Needed to confirm an incident • Identifying the scope and size of the affected environment (i.e., networks, systems, applications) • Determining the degree of loss, modification, or damage • Identifying the possible path and means of attack • Backing up all possible sources of evidence and relevant information when appropriate
question
Forensics (Collection of Evidence)
answer
• Identify, label, record, and acquire data from possible sources, while following guidelines and procedures that preserve the integrity of the data
question
Preservation of Evidence
answer
• Identify, label, record, and acquire data from possible sources, while following guidelines and procedures that preserve the integrity of the data
question
Damage and Loss Control: Containment
answer
• Limit the scope of damage and prevent other resources from being negatively impacted
question
Lessons Learned from damage and loss control
answer
• Evaluate the response plan and procedures in order to form lessons learned for re-integration into the plan
question
Forensic guidelines and procedures should be consistent with
answer
the organization's policies and all applicable laws.
question
Organizations should include technical experts and legal advisors in the development of guidelines and procedures as a __________.
answer
quality assurance measure
question
Business Continuity Planning
answer
Identification, selection, implementation, testing, and updating of processes and specific actions necessary to prudently protect critical business processes from the effects of major system and network disruptions
question
Disaster Recovery Planning
answer
Ensure the timely restoration of business operations if significant disruption occurs • Part of BCP
question
Five types of recovery metrics:
answer
1. Mean time to repair/restore (MTTR) 2. Mean time between failures (MTBF) 3. Recovery Time Objectives (RTOs) 4. Recovery Point Objectives (RPOs) 5. Maximum Tolerable Downtime (MTD)
question
Mean time to repair/restore
answer
• Average length of time required to perform repairs on a device
question
Mean time between failures
answer
• Expected lifetime of a device given a specific operating environment
question
Recovery Time Objectives
answer
• Defined as the amount of time allowed for recovery of a business function and resource after a disaster occurs • Effective incident management includes resolving incidents within an acceptable interruption window
question
Recovery Point Objectives
answer
• A measurement of the point prior to an outage that data is to be restored • Describes the state of recovery that should be achieved to facilitate acceptable outcomes
question
Maximum Tolerable Downtime
answer
• Maximum amount of time the business can suffer an inoperable business process before significant negative consequences are felt • Also known as Maximum Tolerable Period of Disruption (MTPD)
question
T/F: RTO < MTPD
answer
True
question
Business Continuity Plan (BCP)
answer
A collection of plans and other documentation that enables an organization to continue operating during and after a disruption - may be written for a specific business process or may address all key business processes
question
Plans included to Business Recovery
answer
1. Continuity of Operations Plan (COOP) 2. Disaster Recovery Plan (DRP) 3. Crisis Communication Plan 4. Cyber Incident Response Plan 5. Information System Contingency Plan (ISCP) 5. Occupent Emergency Plan 6. Succession Plan
question
Continuity of Operations Plan (COOP)
answer
• Provides procedures and guidance to sustain an organization's essential functions at an alternate site for up to 30 days
question
Disaster Recovery Plan (DRP)
answer
• Provides procedures for relocating information systems operations to an alternate location • Activated after major system disruptions with long-term effects
question
Crisis Communications Plan
answer
• Provides procedures for disseminating internal and external communications; means to provide critical status information • Addresses communications with personnel and the public; not information system-focused
question
Cyber Incident Response Plan
answer
Provides procedures for mitigating and correcting a cyber attack, such as a virus, worm, or Trojan horse • Addresses mitigation and isolation of affected systems, cleanup, and minimizing loss of information
question
Information System Contingency Plan
answer
• Provides procedures and capabilities for recovering an information system • Addresses single information system recovery at the current or alternate location
question
Occupant Emergency Plan
answer
• Provides procedures for minimizing loss of life or injury and protecting property damage in response to a physical threat • Focuses on personnel and property particular to a specific facility; not business process or information system-based.
question
Succession Plan
answer
• Who will run the company if the CEO and CFO are attending a conference together and a natural disaster occurs at their location? ? Difficult for senior leaders to consider, but an important planning factor • Should clearly identify succession of responsibilities, allowing for those identified to be trained to the higher level of responsibility.
question
Motivation for BCP
answer
Improve survivability of a business Increase survival of people and assets
question
BCP Statistics
answer
• 93% of companies that lose their data center for 10 days file for bankruptcy within a year • 50% of companies that lose their data management capability for 10 days file for bankruptcy immediately • Only 6% of businesses that suffer a large data loss survive
question
Purpose of Business Impact Analysis (BIA)
answer
Purpose: To differentiate between critical (or the most timesensitive) and non-critical functions of an organization and understand the impacts of an interruption
question
Business Impact Analysis Activities
answer
• Perform risk / threat analysis — Make recommendations on whether risks should be accepted, transferred through insurance, or mitigated • Determine critical business processes, dependencies, and priorities — Through questionnaires, workshops, interviews, hybrids • Review legal, regulatory, and contractual obligations • Understand third-party dependencies • Understand management succession plan
question
________ are "choke points" in the network where a fault in a single component causes some level of system failure. Not always "equipment" problems...
answer
Single points of failure
question
Business Continuity Planning and Testing
answer
Plans to ensure that critical business operations may resume in the event of failure or interruption of services
question
Business Continuity Planning and Testing should include
answer
• Notification, escalation, and communications plans • Logistics required • Documentation development
question
Periodic testing of the plans include
answer
• Developing test objectives • Evaluating the test • Developing recommendations to improve the response and recovery plans • Implementing a follow-up process to ensure implementation of recommendations
question
Disaster Recovery Plans details how ____________ will be restored after a disaster
answer
business operations
question
Disaster Recovery Plan may include
answer
• Mutual Aid Agreements • Subscription Services • Multiple Centers
question
Backup contingency plans or policies
answer
An alternate solution should the primary plan fail
question
Backout contingency plans or policies
answer
• Plans or policies that would require backing out of preparations, contracts, or agreements • Should include legal and financial consequences for doing so
question
Non-technical recovery conditions
answer
People Utilities Logistics Agreements
question
People
answer
• Facilities, equipment, and processes have one thing in common - your people — Plan for the fact that during a disaster people will want to be with their families.
question
Utilities
answer
• Power, water, HVAC, communications • You should have backups for these. — Diversity is key here - do not rely ona single provider or method. — Do not forget the gas for the generator - how will it be refueled?
question
Logistics
answer
• How you are going to execute the plan! — Who declares the disaster? — How is the recovery team activated? o What do you do if cell phones do not work? — How will the team get to the alternate site? o It is not too far away is it? — How will you get equipment, supplies, and other necessities? o The alternate site is stockpiled right? But if not - are there agreements for equipment delivery?
question
Agreements
answer
• Contingency contracts between parties — Service agreements - between the organization and a vendor; addresses the organization's needs during a crisis o Will the organization get what it needs if everyone else needs it too? — Mutual support agreements - between the organization and a similar (non-competitive) business. — All agreements should o Clearly detail expectations and roles o Be tested
question
Backups
answer
Copies of original information assets that are critical to data recovery Include electronic data, paper documentation and redundant systems
question
Essential that backup data is kept _______ and the procedure for the backup and recovery process is ______
answer
current; documented
question
Redundancy - ensure continuous availability
answer
• Maintain backups - redundancy usually propagates issues • Storage / backup solutions — Direct attached storage — Network attached storage (NAS) — Storage area network (SAN) — RAID
question
Fault Tolerance
answer
continue normal operation despite the presence of hardware or software faults
question
High Availability
answer
Identify critical assets and identify failure vulnerabilities
question
Build in fault tolerances (High Availability)
answer
• RAID solutions • Hot site with mirrored functionalities • UPS, redundant services
question
Multiple Processing Centers
answer
• Geographically separated, but in continuous use. — When one center is disrupted, the "load" shifts to a different processing center - no downtime, but need to consider added "load" on other center.
question
Mirrored Site
answer
• Exact functioning copy of primary site - including data. — Very high costs, but immediately available because systems, software, and data are all current copies - no downtime.
question
Hot Site
answer
• Fully equipped, less cost than mirrored, with short setup time due to restoring data backups and configurations - ~4 hours of downtime
question
Warm Site
answer
• Partially equipped, moderate cost, higher setup time than hot site due to added equipment, data, and configuration - generally a few days of downtime
question
Cold Site
answer
• A shell, not equipped, but lowest cost and long setup time -generally the longest downtime
question
Mobile Unit
answer
• Typically contracted, a facility (trailer) of equipment that can be delivered anywhere to provide temporary services - usually requires extensive time to get it operational
question
Secure Recovery
answer
Disaster recovery plans will include details for asset restoration. • Includes retrieving assets from backup site as well as processes and order of urgency for system and data redeployment
question
Recovery Strategies
answer
Recommendations should be based on recovery time objectives balanced against cost.