3 hours 49 minutes
Hey, everyone, welcome back to the core. So in the last video would talk through a little bit of the common reasons why a business continuity plan might fail. Now we're into the disaster recovery planning module. So we're gonna talk through that a little bit and this we don't want to talk through
risk assessment. I want to stress We're just taking kind of a high level overview and thinking through some things we're not gonna actually deep dive into a risk assessment
in this particular video. So first thing we need to think through our threats are these actually going to be probable? Right? And we've talked several times about different disasters like earthquakes, floods, hurricanes, tsunamis, et cetera. In this course so far,
and I really want to stress, is this a probable threat to our particular organization? So is ransomware a threat to our organization? In most cases, that's gonna be a yes, right? Is an insider threat a probable threat to our organization again? In most cases, Yes. Is a earthquake or a hurricane
a probable threaten or organization? That's probably gonna depend, Right?
Is a manufacturer going out of business, something that affects us? Well, maybe not if we're selling a software as a service online, and we don't really deal with that particular manufacturer, so there's a lot of different things to think through there. What's an actual threat to our business operations?
What do you think through the scope itself of the disaster recovery plan? So when we think about that, we're thinking through things like the damage, right? So what kind of damage are we suffering? Is what if the building is destroyed? What kind of damage will that be for our organization?
Maybe None. Because maybe nobody really works in the office building. It's just kind of there, right, because we have a long term lease that we don't really use.
What if it's something where our employees can only go there to do the work? So let's say that we have a secure government facility and it gets completely damaged in the storm. What are we going to do? Can our employees go to another secure facility in the same area? Is there another secure facility they can go to? These were things that we need to think through based off our organizational needs.
What about the downtime? How long can we actually have our system's down
from that natural disaster or that disaster?
Is it something where we could have him down for a couple of hours only, and then it starts negatively impacting our business. Or is this something where it's not a big deal for most of these? Maybe a couple of days We've got some lead way off. We could actually be down on these systems. So things we need to think through
the cost itself, right? So I'm gonna go back to those tangible cost we house. So things like affecting your revenue or getting us finds.
And then the indirect costs again, going back to things like the employee turnover. People are sick of us brand damage. These were things we really need to think through on both the B, c, P and the d a r p side of the House.
All the things we need to consider is
I've seen some companies try to project out like a this kind of playing a disaster recovery plan like
10 20 years out. It's no realistic because you really don't know what's going to happen at that period of time. In most cases, people will d'oh at Max about a five year limit. A lot of times, what I see is about 12 to 18 month window, and that's where you're planning out. You're kind of planning through things and again,
that's where we go back to the maintenance of the B, C, P and the D. R P is
you've got to think through Okay, what's changed in our organization because needs may change over time technology of also, these are things we need to take into consideration as we're developing these things
support. Do we actually have support for this? And on top of that, the top down approach Do we have the funding we need? And that's why, again is critical to get that support and that buy in from upper management.
So just a quick summary of this video. We really wanted Thio have anything through a risk assessment. So some of the key things we need to think through right number one being the threats are these actually threats that will have an impact on our company or these just kind of threats that we see on a template. We got off line or whatever, and we really are gonna have earthquakes hit our particular company
so again, things we need to think through. So even if you're not focused on developing the B, c, p, r D, r p or involved in that process for your organization, these air still thinks that you need to actually think through for your day to day to prevent interruptions or help mitigate those interruptions that you may have to try to do. You're a particular job.
Business Continuity - Disaster Recovery Lab
This lab is part of a series of lab exercises designed to supplement coursework and ...
Become a CISO
Taught by CISOs for CISOs, this Career Path has developed thousands of executives worldwide. Interact ...