Business Continuity and DRP

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
15 hours 43 minutes
Difficulty
Advanced
CEU/CPE
16
Video Transcription
00:00
>> Now, in our previous sections,
00:00
we've talked about means of redundancy.
00:00
A lot of times those areas of
00:00
redundancy have been proactive in nature.
00:00
We're going to prevent loss by
00:00
having redundancy of servers,
00:00
redundancy of equipment,
00:00
whatever, but now what we have
00:00
to do is we have to kind of say,
00:00
''Okay, but what if we have significant loss?
00:00
What if the redundancy wasn't enough to
00:00
keep operations from having major disruptions.''
00:00
Well, at that point in time,
00:00
we need to start talking about
00:00
disaster recovery and business continuity planning.
00:00
We'll talk about the relationship.
00:00
You always hear BCP and
00:00
DCP talked about at the same time.
00:00
>> We'll talk about why.
00:00
>> Then we'll talk about the relationship
00:00
between BCP and risk management.
00:00
Business continuity planning.
00:00
Business continuity planning is long term.
00:00
It covers or let's say,
00:00
it can give us long-term coverage.
00:00
We move into business continuity the
00:00
moment we have a major business disruption,
00:00
all the way to the point where we're
00:00
fully restored to normal operations.
00:00
Part of that is disaster recovery.
00:00
Disaster recovery planning focuses
00:00
on the immediacy of the disaster.
00:00
DRP is, the sky is falling,
00:00
BCP says, ''Okay,
00:00
the sky is falling, well,
00:00
what do we do now and what do we do
00:00
tomorrow and the next day, the next day.''
00:00
Business continuity planning is
00:00
an overarching term of what we're going to do to
00:00
protect our organization's help in the event of
00:00
a major disruption all the
00:00
way to the point where we can get full recovery.
00:00
Disaster recovery focuses on protecting
00:00
human life and restoring
00:00
most critical services as quickly as possible.
00:00
Now, when we talk about this relationship with risk,
00:00
because there's a very tight relationship
00:00
between business continuity, planning,
00:00
and risk, we have to do risk management to
00:00
assess what we need to be
00:00
prepared for in our business continuity plan.
00:00
But I'll also mention
00:00
the business continuity plan has to be
00:00
a safety net under
00:00
risk management because remember
00:00
when we talked about risk management,
00:00
we said there's some risks
00:00
that we're just going to accept.
00:00
I think I've mentioned that in the DC area
00:00
we had an earthquake and I said, well,
00:00
I just chose to accept the risk
00:00
that we're going to have an earthquake because
00:00
it happens so rarely here and even when it does happen,
00:00
it's such a minimal impact.
00:00
That's a risk I accept.
00:00
But what if I accept
00:00
that risk and don't have an active strategy,
00:00
and an earthquake happens on a large scale?
00:00
Business continuity can help me with
00:00
excepted risks that materialize
00:00
in a greater than considered.
00:00
What about for major risks I didn't look at,
00:00
those black swan events that we talked about
00:00
where I didn't even put this on my radar.
00:00
Or what about when risk strategies don't work?
00:00
For the risks with the larger impacts,
00:00
that's what business continuity is for.
00:00
A lot of time those risks have
00:00
very low probability but high impact.
00:00
Being low in probability,
00:00
I may not have an active mitigation strategy.
00:00
But if they happen,
00:00
I'd better be able to move into disaster recovery
00:00
quickly so that we can withstand
00:00
>> these major disruptions.
00:00
>> We've talked about the difference between
00:00
business continuity and disaster recovery planning.
00:00
Really, I just said,
00:00
disaster recovery planning is part of
00:00
business continuity planning but it's just a part.
00:00
Disaster recovery planning focuses
00:00
on the elements that are
00:00
necessary to restore our most critical operations.
00:00
That's what DRP is all about.
00:00
Most critical operations get those backup
00:00
and running because that's
00:00
>> where my company suffers loss.
00:00
>> Then we also talked about the fact that BCP and
00:00
risk management both work
00:00
together to protect the company.
00:00
Risk management generally deals with
00:00
the medium and high probability risks,
00:00
where business continuity picks up on
00:00
those low probability but high impact event.
Up Next