Shared Flashcard Set

Details

CISSP (ElementK) Bus. Continuity & Disaster Recover Planning
CISSP, Element K 2nd Edition, Lesson 11
35
Computer Science
Professional
11/19/2009
Click here to study/print these flashcards.

Create your own flash cards! Sign up here.

Additional Computer Science Flashcards

 

 

Cards

Term
Business Continuity Plan (BCP)
 Definition
  • policy defines how enterprise will maintain OPs in event of disruption/crisis
  • preserve key docs
  • est. decsion-making authority
  • communication
  • protect/recover assets
  • maintain financial functions
  • review/testing
  • backups/high availability
Term
BCP Development Process (7 steps)
 Definition
  1. Initiate process
  2. Develop Goals/Objectives
  3. Determine Impact
  4. Determine Prevention
  5. Determine Response
  6. Test
  7. Update
Term
Nation Instit. of Stds and Tech. (NIST) Contingency Planning Steps (7)
 Definition
  1. Develop policy
  2. Conduct Biz. Analysis
  3. ID preventative ctrls
  4. Develop recovery strat.
  5. Develop IT Contingency plan
  6. Plan Test/train/exercises
  7. Plan Maintenance
Term
Project Mgt Applications (5)
 Definition
Term
NFPA Business Planning Framework
 Definition
  • National Fire Protection Assoc.
  • created document NFPA 1600
  • standard for planning content NOT planning/process itself
Term
Disruptive Events (3)
 Definition
  • Natural Hazards earthquakes, tornados, etc
  • Human-caused accidental/intentional. accidental file deletion; vandalism, theft, fraud.
  • Technology-caused HW/SW malfunction; not obvious
Term
Business Impact Analysis (BIA)
 Definition
  • BCP phase that IDs risks and impact to critical OPs if risks happen
  • vulnerability assessments/evals
  1. prioritization of crit. processes
  2. reduced effeciency
  3. estimated tolerable downtime
  4. financial loss impact
  5. resources needed to restore
Term
BIA Org. Goals (4)
 Definition
  1. Ensure health/safety of staff
  2. Enable continual operations: property, infrastructure, facilities
  3. Maintain continuous goods/services to customers
  4. Provide safe workplace environment when disaster occurs
Term
BIA Process (4)
 Definition
  1. Project Plan/Development
  2. Data Collection
  3. App/Data criticality assessment
  4. Data Analysis to assess vulnerabilities, other factors
Term
Critical Business Process
 Definition
  • activity, that if not recovered, will cause loss and biz failure
  • by Sr. Mgt on ACTUAL impact; not just internal policies
  • ID Key Personnel
Term
Vulnerability Assesment
 Definition
  • BIA phase where financial and operational loss impact is ID'd
  • Vulnerability tables: strategic tools for completing assessment
Term
Max. Tolerable Downtime (MTD)
 Definition
  • longest period of time outage may occur w/o causing serious biz failures
Term
Recovery Point Objectives (RPO)
 Definition
  • point in time, where data recovery begins
  • last backup before disaster happens

 
Term
Recovery Time Objectives (RTO)
 Definition
  • time it takes to restore to NORMAL business ops/activities after a disturbance
  • time to return to RPO point
  • must be achieved before MTD
Term
RPO/RTO Optimization
 Definition
  • ideal 0 (immediate recovery)
  • near 0 is $$$$
  • need to determine RPO/RTO cost vs loss cost
Term
Program Coordinator
 Definition
  • BCP implentator/controller
  • maintains and updates
  • periodict meetings
  • ensures BCP available
Term
Advisory Committee-BCP Team
 Definition
  • Mgmt
  • Security
  • Business Partner
  • Remote Business Assoc
  • Company Personnel
  • Legal Adviser
  • IT Professional
Term
BCP Team Responsibilities
 Definition
  • ID threats/vulner
  • Provide Estimates of threats/vuln
  • Perform BIA
  • Prioritize Recovery efforts
  • Determine disaster recovery plans
  • Ensure legal req. during DRP execution
Term
BCP Contents
 Definition
  • BCP vision/mission statement
  • statement of authorization
  • roles/respons. of team members
  • Plan goals/obj/eval methods
  • Applicable laws/regulations/authorities/codes of conduct
  • budget
  • project schedule
  • record mgt practices
    • Document team act.
    • Document act. for due diligence (insurance/audit purposes)
Term
Business Plan Evaluations
 Definition
  • Coverage of all biz areas
  • Threat/Vul ID
  • Response Prioritization
  • Training
  • Testing
  • Comm.
  • staffing/time allocations
  • freq of updates
Term
Business Plan Testing (7)
 Definition
  1. Review Contents
  2. Analyze business continuity solution
  3. Using Checklists
  4. Perf. Walkthrus
  5. Parallel Testing test @ alt. site
  6. Conducting Simulations exercised, not actual test
  7. Full Interruption Testing mimics actual business disruption
Term
Business Plan Maintenance
 Definition
  • Annual review
  • Update baed on eval/tests
  • Update for dept. changes
Term
Business Continuity Process
 Definition
  1. Notify Stakeholders (staff/partners)
  2. Begin Continuity Operations
  3. Assess Level of Impact
Term
Disaster Recovery Plan (DRP)
 Definition
  • how people/resources are protected in disaster
  • how org will recover
  • DR team, inventory, procedures, contact info
Term
Disaster Recovery Strategy (3 factors)
 Definition
  • Risk People, Places, Things
    • People: safety of people
    • Places: relocation?
    • Things: equipment
  • Cost vs Benefits make sure its affordable
  • Prioritization what will be recovered first
Term
Disaster Recovery Priority Levels
 Definition
  1. Short rapid response
  2. Mid quick response
  3. Long
  4. Not-required hurricane in San Diego for example
Term
Disaster Recovery Response Approaches
 Definition
  1. Short-term
    • Mirrored Sites
    • Shared Location
  2. Long-term
    • Relocation
    • Rebuilding
Term
Backup Strategies (4)
 Definition
  1. Tape/disk full/incremental/differential
  2. Mirrored reproduced on drive in another location
  3. Remote Journaling (DB) transactions vs backups;off-site;less $
  4. Electronic Vaulting copies sent to another location
Term
Data Restoration Strategies
 Definition
  1. Full
  2. Incremental different versions
  3. Differential first full back up, plus last differential backup
Term
Alternative Sites
 Definition
  1. Hot/mirrored site alt. network setup
  2. Warm dormant, non critical site that can be converted into full site
  3. Cold predetermined alt location for rebuilding
  4. Portable mobile site like van/trailer
Term
Recovery Team
 Definition

Individuals who implement recovery procedures and control recovery operations in the event of disaster or business disruption

  • Implement/Control operations
  • Provide intermediate/rapid response
  • Reach RTO before MTD
Term
Salvage Team
 Definition
  • Restore primary team
  • clean/repair/salvage/assess
  • create plan & obtain budget approval
Term
DRP Evaluation/Maintenance
 Definition
  • evaluate techniques periodically
  • maintain on going basis
  • BRP techniques
Term
DRP Testing Methods (3)
 Definition
  • Checklist/dropbox not as thorough, but cheap
  • Offsite Restoration transport to warm site
  • Mirrored site cutover cutover to alt site; easiest way
Term
DRP Process
 Definition
  1. Notify Stakeholders
  2. Begine ER OPs
  3. Assess Damage
  4. Assess Facility
Supporting users have an ad free experience!