Mirroring of critical elements is a tool that facilitates immediate recovery. Redundant Array of Inexpensive Disks (RAID) level 1 provides disk mirroring.
The primary purpose of table-top testing is to practice proper coordination since it involves all or some of the crisis team members and is focused more on coordination and communications issues that on technical process details. Functional testing involved mobilization of personnel and resources at various geographic sites. Full scale testing involves enterprise wide participation and full involvement of external organizations. Walk through testing requires the least effort of the options gives. Its aim is to promote familiarity of the BCP to critical personnel from all areas.
Preparedness test involve simulation of the entire environment and help the team to better understand and prepare for the actual test scenario.
Preparedness test is a localized version of a full test, wherein resources are expended in the simulation of a system crash. This test is performed regularly on different aspects of the plan and can be a cost-effective way to gradually obtain evidence about the plan’s effectiveness.
Walkthrough is a test involving a simulated disaster situation that test the preparedness and understanding of management and staff rather than the actual resources.
Paper Test (structured walk through) > Preparedness Test > Full Operational Test
In cost benefit analysis, the total expected purchase and operational/support cost and qualitative value for all actions are weighted against the total expected benefits in order to choose the best technical, most profitable, least expensive, or acceptable risk option. The annualized loss expectancy (ALE) is the expected monetary loss that is estimated for an asset over a one year period. It is a useful calculation that should be included in determining the necessity of controls, but is not sufficient alone. The cost of the hardware assets should be compared to the total value of the information that the asset protects, including the cost of the systems where the data reside and across which data are transmitted. Potential business impact is only one part of the cost-benefit analysis.
Integrity of transaction process is ensured by database commits and rollbacks.
A warm site has the basic infrastructure facilities implemented, such as power, air conditioning and networking. But is normally lacking computing equipment.
BIA will identify the diverse events that could impact the continuity of the operations of an organization.
Recovery managers should be rotated to ensure the experience of the recovery plan is spread among the managers.
Disaster recovery planning (DRP) is the technological aspect of business continuity planning (BCP). Business resumption planning addresses the operational part of BCP.
RTO is an important parameter used when creating prioritization plans during the business continuity management process and is derived as a result of a business impact analysis (BIA). RTO is best utilized to determine recovery prioritization. A system that has a low level of confidentiality of information could have immediate recovery requirements.
Last mile circuit protection > Providing telecommunication continuity through providing redundant combinations of local carrier T1’s, microwave and or local cable to access the local communication loop is the event of a disaster.
Long haul network diversity > Providing diverse long distance network availability utilizing T-1 circuits among major long distance carriers.
Diverse Routing > Routing traffic through split-cable facilities or duplicate-cable facilities is called diverse routing.
Alternate routing > method of routing information via an alternative medium such as copper cable or fiber optics.
Mitigation > Schedule file and system backup
Deterrence > Installation of firewalls for information systems.
Recovery > hot site to restore normal business operations.
BCP Process: BIA > develop recovery strategy > developed, tested and implemented specific plans.
Shadow file processing, exact duplicates of the files are maintained at the same site or at a remote site. The two files are processed concurrently. Electronic vaulting electronically transmits data either to direct access storage, an optical disk or another storage medium; this is a method used by banks. Hard-disk mirroring provide redundancy in case the primary hard disk fails. All transactions and operations occur on two hard disks in the same server. A hot site is an alternate site ready to take over business operations within a few hours of any business interruption and is not a methon for backing up data.
The recovery point objective (RPO) is the earliest point in time at which it is acceptable to recover the data. A high RPO means that the process can wait for a longer time. A high recovery time objective (RTO) means that additional time would be available for the recovery strategy, thus making other recovery alternatives. The lower the RTO the lower the disaster tolerance.
Network Data Management Protocol (NDMP) > data service, tape service, translator service
Risk assessment and business impact assessment are tools for understanding business-for-business continuity planning. Business continuity self audit is a tool for evaluating the adequacy of the business continuity plan. Resource recovery analysis is a tool for identifying a business resumption strategy. Gap analysis in business continuity planning is to identify deficiencies in a plan.
Fidelity insurance > covers the loss arising from dishonest or fraudulent acts by employees.
Business interruption insurance > loss of profit due to the disruption in the operations of an org.
Errors & omissions insurance > legal liability protection in the event that the professional practitioner commits an act that results in financial loss to a client.
Extra expense insurance > designed to cover the extra costs of continuing operations following a disaster/disruption within an organization.
Stockholders interview > simplicity of the BCP
Review plan and compare it with standards > adequacy of the BCP
Review result from previous test > Effectiveness of the BCP