INFORMATION

ASSURANCE &
SECURITY 1
 MODULE 10
Business Continuity and Disaster
Recovery Planning
OBJECTIVES
Upon completion of this module, the student would be able to:
▪ Define the Business Continuity Planning (BCP) and its goals;
▪ Discuss Disaster Recovery Planning and it’s use;
▪ Enumerate the Business Impact Analysis
▪ Explain the Plan for Disaster Recovery;
▪ Discuss IT Contingency Planning;
▪ Define the Disaster Recovery Process and its goals;
▪ Discuss Backout Contingency Plan and it’s use;
▪ Enumerate the Backup Storage Locations and it’s difference;
BUSINESS CONTINUITY
Business Continuity

Business continuity is an organization's ability to maintain essential functions

during and after a disaster has occurred.
BCP – Business Continuity Plan

Decision-making
authority

Communications
Recovering business
functions

Review and
testing

Business continuity planning (BCP) is the process involved in creating a system of

prevention and recovery from potential threats to a company.
Goals of Business Continuity Plan

1. Guide the company’s disaster recovery teams

2. Identify disaster recovery personnel
3. Assess risks and impact
4. Provide the step-by-step protocols
5. Identify the location of critical data and assets
Goals of Business Continuity Plan

6. Prioritize emergency communications

7. Identify back-up locations and resources
8. Outline existing preventative measures
9. Find weaknesses and propose solutions
Recovery Point Objective (RPO) determines the maximum
acceptable amount of data loss measured in time. For example, the
maximum tolerable data loss is 15 minutes.
Recovery Time Objective (RTO) determines the maximum tolerable
amount of time needed to bring all critical systems back online.
Work Recovery Time (WRT) determines the maximum tolerable amount
of time that is needed to verify the system and/or data integrity.
 MTD - Maximum Tolerable Downtime

Event MTD

Business Fails
Time

The sum of RTO and WRT is defined as the Maximum Tolerable Downtime
(MTD) which defines the total amount of time that a business process can be
disrupted without causing any unacceptable consequences.
Business Impact Analysis

BUSINESS IMPACT ANALYSIS is analyzing are the operational and financial

impacts of a disruption of business functions and processes.
BIA - Business Impact Analysis

Prioritization of critical processes Estimates of tolerable downtime

Possibility of reduced
Impact of financial loss
efficiency operation
BIA

Resources needed to restore

A business impact analysis (BIA) predicts the consequences of disruption of a

business function and process and gathers information needed to develop
recovery strategies.
The information you collect for your BIA report should include the following:
• The name of the process
• A detailed description of where the process is performed
• All the inputs and outputs in the process
• Resources and tools that are used in the process
• The users of the process
• The timing
• The financial and operational impacts
• Any regulatory, legal or compliance impacts
• Historical data
 PLAN FOR DISASTER
RECOVERY, EXECUTE DRPS
AND PROCEDURES
Continuity of Operations Plan
• A component of the BCP that provides best practices to mitigate risks, and
best measures to recover from the impact of an incident.
 Alternate Sites
Hot Site

Warm Site

Business
Primary Site Functions
Transfer to
Alternate Sites Cold Site

Alternate Site is a facility to be occupied in the event that access to the primary site is prevented.
IT Contingency Planning

Orient Key
Personnel

Review Checklist Train and Prepare

A contingency plan is a course of action designed to help an organization respond

effectively to a significant future event or situation that may or may not happen
Succession Planning
• Ensures that all key business personnel have one or more designated backups
who can perform critical functions as needed.

Chief Information Officer

IT Director

Senior IT Administrator
Business Continuity Testing Methods
BCP Testing Method Description

Paper testing Plan developers review the BCP's contents.

Performing
Specifically focus on each BCP phase.
walkthroughs
Used to ensure that systems perform adequately at any
Parallel testing
alternate offsite facility, without taking the main site offline.
Mimics an actual business disruption by shutting down the
Cutover original site to test transfer and migration procedures to the
alternate site.
Disaster Recovery Plan

Protecting people
and resources

Responsible
individuals

Recovery Resource
steps inventory

A Disaster Recovery Plan (DRP) is a business plan that describes how work
can be resumed quickly and effectively after a disaster.
 Ability of a network or system to withstand a
Fault Tolerance foreseeable component failure

Fault tolerance is the property that enables a system to continue operating properly
in the event of the failure of (or one or more faults within) some of its components.
 High Availability

99.999% Uptime

A rating that expresses how closely systems approach the goal of providing data
availability 100% of the time while maintaining a high level of system performance.
Guidelines for Planning for Disaster Recovery
▪ If your BCP or DRP hasn’t been tested recently, test it.
▪ When creating BCPs and DRPs, use online resources for guidance.
▪ Verify redundancy measures for servers, power supplies, and ISPs.
▪ Verify access to spare equipment, and that spare devices are secure.
▪ Review SLAs to determine acceptable downtime.
▪ Establish lines of communication outside normal channels to ensure
communications during power failures.
▪ Identify and document single points of failure and redundancy measures.
▪ Verify that redundant storage is secure.
▪ Implement regular testing of DRPs.
▪ Provide employee training for DRPs.
Disaster Recovery Process

Begin Begin
Notify Assess Assess
Emergency Recovery
Stakeholders Damage Facility
Operations Process
 Recovery Team

Recovery Team

Restore Critical Business Processes

A group of individuals responsible for maintaining the business recovery

procedures and coordinating the recovery of business functions and processes.
Backup Types and Recovery Plans

Backup Type Description

Full backup Backs up all selected files regardless of the state of the archived bit.

All selected files that have changed since the last full backup are backed
Differential backup
up.
All selected files that have changed since the last full or differential
Incremental backup
backup are backed up.
 Backout Contingency Plan

A contingency plan is a plan devised for an outcome other than in the usual (expected) plan
Secure Backups

Backup refers to the copying of physical or virtual files or databases to a

secondary location for preservation in case of equipment failure or
catastrophe
Backup Storage Locations

Onsite Offsite
Onsite storage has some advantages over offsite storage, including:
✓ immediate access to data
✓ less expensive
✓ Internet access not needed

Offsite storage has some advantages over onsite storage, including:

✓ access to data from any location, via Internet or FTP
✓ data will be preserved in the event of failure taking place within the business
✓ backup data can be shared with a number of different remote locations
• CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide
Paperback – October 12, 2017 by Darril Gibson

• CompTIA Security+ SY0-501 Cert Guide (4th Edition) (Certification

Guide), David L. Prowse (2018)

• CompTIA Security+ Study Guide: Exam SY0-501 7th Edition by

Emmett Dulaney (Author), Chuck Easttom (Author)