3.20 Testing the Plan

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »

12 hours 48 minutes
Video Transcription
next element. We've written the plan. Now we've got to test the plan. Um, and we have to realize that we can test the plan all the time. We can't always do.
Ah, high end test. We may have to start with a very basic test, but ultimately, what we want to find out is does our plan meet its objectives? Can we do what we want to do?
Um, can I meet the objectives from the business impact analysis? Can I meet the expectation of senior management? Do I have the capabilities have overlooked in thing?
Are there dependencies? Maybe I didn't examine. So, ultimately, testing the plan has ultimate goal of helping us improve the plan. We want to make sure that we're ready
now. Like I said, not all tests can be lengthy in nature. Not all tests can be fully comprehensive. Many camps. We start with what we call a checklist test. So I will have a checklist that I'll hand out to department managers. And essentially, it says. Did I think of everything? Yep. Yep. Yeah. Oh, you forgot this.
All right, that's a checklist test.
You're functional. Managers are going to review it, then we're gonna bring those functional managers together with their handy checklist. We're going to sit around the table and we're gonna talk about it. That is called a structured walk through or cable Top test.
Now the same thing. Structured walkthrough, tabletop test. Be careful when you're calling it structured. Walk through in your mind, though, because when you tell me the phrase walk through, I picture myself going through the motions. Right? So I call it my head of structure. Talk through
because it's still just paper based. We're still just talking about things. We don't actually go through the motions until we do a simulation test. And that's exactly what a simulation test is. We're testing at our facility. Do we know how to do the right things? Right?
Can we unlock the generator? Can we,
um, do you know where to go to turn off the H Vac system? Are our fire extinguishers charged? Right? Just all of those things. That's where we're going through the motions, seeing if we could carry it out now,
up to that point. You know, through that point, we haven't risked any sort of loss of transactions or loss of business time. Really? That's just been kind of a test group once removed to the parallel test.
Parallel. So both our disaster recovery site and our traditional site or processing transactions So small amount of transactions were transferred over to site B so that we want to make sure it can you know it. It'll work
now. Problem is of type B isn't ready. Site B fails. We're gonna lose transactions.
So we start getting riskier with the parallel test.
But the most risky is the full interruption test site. A fully shuts down all business resumes at site B.
I see that done a lot of times. Friday afternoon, we shut down the primary facility Monday morning. We're up in our offsite facility, right? We're gonna minimize thehe mount of potential for loss. But no matter how brilliant your planning,
probably a good idea to conduct some tests
Up Next
Certified Cloud Security Professional (CCSP)

This Certified Cloud Security Professional (CCSP) certification course covers topics across six domains, to ensure the candidate has a wide range of competencies and is capable in the assessment and implementation of cloud service solutions.

Instructed By