Home > Articles > Certification > Other IT

CISSP Exam Cram: Business Continuity and Disaster Recovery Planning

  • Print
  • + Share This
This chapter covers the steps that make up the business continuity plan (BCP) process to pass the business continuity and disaster recovery domain portion of the CISSP exam. Some key elements of this domain include project management and planning, business impact analysis (BIA), continuity planning design and development, and BCP testing and training.
This chapter is from the book

This chapter is from the book

Terms you'll need to understand:

  • u2713.gif Disaster recovery
  • u2713.gif Business continuity
  • u2713.gif Hot site
  • u2713.gif Warm site
  • u2713.gif Cold site
  • u2713.gif Criticality prioritization
  • u2713.gif Maximum tolerable downtime (MTD)
  • u2713.gif Remote journaling
  • u2713.gif Electronic vaulting
  • u2713.gif Qualitative assessment
  • u2713.gif Quantitative assessment
  • u2713.gif Database shadowing

Techniques you'll need to master:

  • u2713.gif Development and processing of contingency plans
  • u2713.gif Completing Business impact analyses
  • u2713.gif Creation of backup strategies
  • u2713.gif Integrating management responsibilities
  • u2713.gif Steering team responsibilities
  • u2713.gif Testing emergency plans
  • u2713.gif Notifying employees of procedures
  • u2713.gif Testing issues and concerns
  • u2713.gif Determining disaster recovery strategies

Introduction

Most of this book has focused on ways in which security incidents can be prevented. The business continuity plan (BCP) and disaster recovery plan (DRP) domain address the need to prepare for, and how to respond to, the occasions when things do go wrong. For a company to be successful under duress of hardship or catastrophe, it must plan how to preserve business operations in the face of these major disruptions. A BCP identifies how a business would respond in the wake of serious damage, and evolves only as the result of a risk assessment that identifies potentials for serious damage. It is an unfortunate reality that this critical planning for disasters and disruptions is an often overlooked area of IT security. One of the best sources of information about disaster recovery is http://www.drii.org, which is the Disaster Recovery Institute International (DRII).

Notable recent events such as tsunamis in Southeast Asia, 9/11 in New York, Pennsylvania, and Washington, D.C., Hurricane Katrina in New Orleans, earthquakes in China, and Hurricane Ike in Houston, continue to highlight the need for organizations to be adequately prepared. Even after these calamitous events, DRII reports that most United States companies still spend, on average, only 3.7% of their IT budget on disaster recovery planning, whereas best practice calls for 6%.

A CISSP exam candidate must know the steps that make up the BCP process to pass the business continuity and disaster recovery domain. Some key elements of this domain include project management and planning, business impact analysis (BIA), continuity planning design and development, and BCP testing and training. The DRP is a subset of the overall BCP plan and describes the planning and restoration that a business would undertake following a disastrous event.

Although some individuals believe that the creation of a disaster recovery plan completes the process, the truth is that no demonstrated recovery exists until the plan has been tested. A DRP can be tested in multiple levels, including tabletop, full interruptions, checklists, and functional tests.

  • + Share This
  • 🔖 Save To Your Account