Hey, guys, Welcome to another episode of the S S C P exam Prep Siri's I'm your host, Peter Sibylla.
This is going to be the third and last lesson off the fourth domain.
So far in the fourth domain, we've taken a look at incident handling, which is how an organization response to a security incident.
We've taken a look at forensic evidence, which is when the S S C P practitioner puts together all the little pieces of information that were based on the security event to discover and to figure out how the incident happened to begin with.
And finally, in this lesson will be looking at Business continuity plans, which are plans which can be executed to restore business operations within a pre differ predefined times after a disaster. And we'll also be looking at Disaster recovery plans, which focuses on the restoration of I t functions
Business Continuity Plan, also known as a B C P, focuses on the continuity and recovery of business functions during and after a disaster. So in the case of a disaster or a business gets rocketed for an extended period of time, a B C teams
help smooth the transition to coming back to normal system day to day operations.
It's really a pro active development of a plan to restore business operations. Now
BCPs are very very, uh, they're done. They're time consuming and money consuming, whether they're very significant organizational commitment to turn in terms of people and resources. But they are definitely very necessary in case the organization
or system does experience
some type of disaster or downtime.
A couple of key terms associated with the business continuity plan is the business impact analysis, also known as a B I. A. This is an exercise that determines the impact and losing the support of any resource to an organization.
So basically, it determines how much will a business suffer. If a particular resource is not available right now, how much? How much impact will a business take? If this resource is not available,
maximum tolerable downtime, NTD or Mt. P. O. D. Which is the maximum tolerable period of disruption.
This is the maximum time a business function could be unavailable before the organization is harm to a degree that puts the survivability of the organization at risk. So what it means is what is the longest time a resource to be unavailable before the organization is about to fail.
Recovery time objective. Artie. Oh, this is the earliest time period and a service level within a business process, which must be restored after a disaster to avoid unacceptable consequences. What is the earliest time period that a resource can come back from being different?
Recovery point objective. Our P O. Is a measurement of the point prior to an outage to which the data are to be restored. So if a system goes down and it loses its data, recovered point objective is usually
the last time there was assistant backup for the last time he safe was done.
So when the system gets backed up could be backed up to that point
Business continuity plan. This establishes the Business Continuity program and the directly related policy right. So when building a B, C P u want to establish the key participants, you want to identify who were the major players in this plan,
and what are the major resource is
after that, you want to conduct a business impact analysis which we have looked at, which really figures out one of the most mission critical resource is. And if the organization or system does not have access to these resource is
how How bad will this damage the organization or system?
We're gonna want to determine all the potential impacts If supporting resource is were unavailable Now, these impacts can be tangible or not tangible,
tangible results, air or things that can be measured that have a direct cost
associated with the organization. Examples include processing time, loss of money, decreased employee productivity, things, things like that.
Intangible results are results that aren't easily measured, but they definitely have a negative impact on the organization. These air things such as loss of customer confidence, bad employee morale and negative public relations.
Disaster Recovery Plan D R P. A document that details the steps that should be performed to restore critical i t systems in the event of a disaster. So a business continuity plan focuses on the entire business or system as a whole
and focuses on the mission
critical. What needs to happen to bring the system's back in to smooth out the process off the business recovering from a disaster while the disaster recovery plan
more or less does the same thing but focuses on Lee on the I T systems.
So considerations right? There's different types of disasters. There's intentional acts of sabotage or through insider threats of physical threats, any type of hacking going on and also any other potential threats.
Assets that are looked at an a D R P R data information systems, network devices, facilities, personnel anything related to information technology.
So sometimes when if they, you know, business or organization goes down in case of a disaster, the business must be removed. The organization must move to an alternative spot. So there are several different types off available spots in which an organization can choose from.
The first is calling a cold site.
This is really just a shell of a building with power raised floors, and that's about it. Just think of a warehouse with electricity and that's it.
There's no there's no frills. It's very empty.
There's there's nothing there. This is also the cheapest of all of the options, but it takes the longest to get ready in order for the business to power up. There is not a sight place called the warm site, which does not have computers, but it does have some things for I, such as this drives
controllers tape drives.
It might be a spot where their backup media might be available, or might be just kind of like an empty office building with awesome hardware equipment.
Then there's the hot site, which is a fully configured office base with hardware, software and all of the environmental needs. This is the most expensive off the three sites in order to have ready, but is also the quickest way to get an organization back up and running.
They can simply switch to the other new hot site
and everything goes impossible. Everything everything is
immediately back online.
Multiple processing sites on these support 100% availability data is processed simultaneously in both spots. Those really At this point, if you have a multiple processing sites, there is no difference between one site or the young. They do the exact same thing.
which is a site that can be deployed to any location based on the circumstances off disaster. This is usually a thing. I was like a trailer or something that could be pulled from place to place
plan testing. Obviously, if you're going to do anything you must tested to make sure it works as it's supposed to, especially B. C. P's and D R piece. These are huge, huge financial and time commitment to organizations on dhe. They're incredibly important,
so obviously they need to be tested to make sure they're accurate.
There's a bunch of different ways you could test this. There's the checklist. Test is when each participant reviews their section of the plan to know what they do. There is the structure and walk through tests where usually like the department head or the person in charge of a particular area on, they all get together
and they review the plan. Together
there is a simulation test where a disaster is simulated.
There is a parallel test where there's a performing, processing, an alternative site, and there's the full interruption test, where regular operations air stopped at the original site and everything is physically moved and started back up again at the new site.
Backups and restoration. Obviously, if something goes off line or something crashes, you definitely want to bring back any data or system configurations. You want to bring them and restore them so the business organization can continue to operate as normal. There are several different types of
there is. The full backup is where the entire system is copping to backup media.
There is a differential backup, which records all the differences in data since the most recent
And then there is the incremental backup, which records different changes that are made to the system on a daily basis. It really comes down to what kind of organization that what were your organization does, which determines what kind of backups you might have? But normally most organizations have a full back up,
a differential backup or an incremental backup.
There's also offsite storage. Backup should obviously be stored in an off site in a secure location. If you're going to have your backups on a computer, please make sure that computer is off line. Please make sure that they are in an isolated network with no Internet access, so no one
can actually get the backups
off of the computer unless they're physically there.
Electronic vaulting. This allows backups across the Internet to an off site location. This is not bad in itself, because at that point you don't have to physically transport the backups to the off site location. But once the backups are at the off site location, you definitely want to make sure they have no access to the Internet.
And there's remote journaling where journals and transaction logs are transmitted electronically. It's very similar to electronic vaulting
You definitely wanna have all of your systems available as much as possible. There's a couple different ways to implement availability. The 1st 1 is clustering right. This is a method of configuring multiple computers, so they operate as a single system. So if you think of
three computers and they are all operating as one, so if one goes down and the other two can continue to function
and you won't even notice the difference,
you have high availability clustering, which is clustering method that uses multiple systems to reduce the risk associated with a single point of failure.
High availability. Clustering is the diagram on the top, so you have your server A and your server be surfer is the act of one B is the passive one. So if something happens to server A and it goes down server be picks right up where Server A left off and continues to process
eyes fixed. And at that point server be gives up its responsibilities. Back to server A and then server be goes back to being a passive server again.
There's also load bouncing, clustering. This is where all the clusters are active, So if the system fails, all the other ones take its place. This is ah, where what processes? Responsibilities are distributed evenly among all of the active cluster news. So if
something comes in to say there was like four responsibilities,
First Responsibility gets assigned to the first ***. The second parental responsibility gets re signed, assigned to the second ***. The third goes to the third ***, and then the fourth responsibility goes back up to the first ***. And then the process repeats
redundant array of independent discs, also known as raid. This is very good for having backup data and being accessed, being able to access it when you need it.
There are three main types.
The three main types of raid there is mirroring, which is when data is written to separate hard drives. At the same time, there is a parody, which is the technique of determining whether data has been lost or written. And then they're striping, which is a data element,
which is broken down in the motel pieces. And each piece is
Bren across different hard drives.
Let's take a look at Raid and a little bit more detail. There's a bunch of different kind. So first we have raid zero.
Raid zero simply does striping where Block one goes on. This born blocked two goes on. This, too, and so on. All the data is broken up into little chunks on. Then the chunks are alternated. Between the two discs.
He half raid one, which focuses on Lee on Miriam.
These are identical copies that data just store on two separate drives. So whatever is in this one isn't just to
raid tomb, and three. These are not used in practice, but it's good to be familiar with them, So raid to use is striping. Data is broken up into chunks on the chunks are written across the disks. A little pieces written to each disc, but it's done at the bit level, so this is
that there's good data redundancy, but since it works at the bit level, it's way thio time and power consuming.
Raid three is the exact same thing, but it uses a parodist which helps you turn while not data gets over written. And it's also used at the blight well, which again? The peace the boy is just. It's just useful
wherefore implements striping again. But this time it's at the block level, and it also uses a dedicated parody disc to make sure that there is no data being overwritten. This also is not used in practice, and then Rafe, I've read five is very popular. This uses block level striping with
that is that are distributed across multiple disks.
You can also combine the ray levels so they can do different things and have the best of the best of both worlds. So if you can this example, if you combine rate zero and raid one, you can have mere discs which are then striped across two disks. So in the diagram
the raid zero, which is mirrored disks, right. So this zero and this one of the same and then just two in just three of the same. And then from there you have the data broken up in the little blocks, which are spread out between the two discs.
In today's lecture, we discussed business continuity plans, disaster recovery plans
and availability and dungeon see
Having representatives from each business unit gathered together to review is considered to be what type of plant testing is it? A checklist test.
Be structured, walk through tests.
See simulation test or deep parallel test.
If you said be structured, walk through tests than you are correct. Remember the structure of all through test this when each of the department heads or people in charge of an area come together and they review the type of plan together.
Thanks for watching guys. I hope you learned a lot in this domain. I'll see you next time.