Disaster Recovery Criteria

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *

Already have an account? Sign In »

12 hours 57 minutes
Video Transcription
Okay. So we're going to continue our discussion of disaster recovery and business kind of doing by talking about the specific criteria related to disaster recovery
in this lesson, we're gonna explain the key performance indicators for disaster recovery, identify the priorities for disaster recovery process and help an organization determine and identify the key disaster recovery metrics for the business case,
first and foremost, maximum allowable downtime.
You know, this is easy to remember because you'll be mad that your organization doesn't doesn't exist. Your maximum allowable downtime is the amount of time an interruption in service will basically end your business.
If your customers say, hey, uh I can't tolerate this product or service not being available after a week. That's your maximum allowable downtime.
And then we also want to talk about your recovery time objective. So a recovery time objective is really a goal for recovery of operational capabilities after an interruption in service.
It doesn't necessarily have to mean they are fully up and going but the capabilities for critical functions have to be up and established. So this is your recovery time objective.
The recovery point objective is the goal for limiting the loss of data when an unplanned event occurs. Now it's measured in time, which seems a little unusual, but you really are thinking like well over this amount of time based on our network, our traffic baseline and the amount of data that's produced in our environment.
This is the estimate of the amount that we think we can lose without causing too much of a compromise to our ongoing operations. So that's how you should think about it. The time measuring the loss of data recovery point objective
then the annual loss expectancy. This metric is really a combination of two different metrics. When it comes to thinking about disaster recovery, the annual loss expectancy
measures the amount of money and organization expected to lose on an annual basis because of certain disaster recovery scenarios or even risk. More generally, it's really comprised of two different measurements, the annual rate of occurrence, how frequently something is willing is likely to occur within a given year and then the single loss expectancy,
what's the cost that something's going to happen? So that's a meteorite destroys your data center? The probability the annual rate of occurrence for that extremely low. The single loss expectancy, probably catastrophic. And the millions, maybe tens of millions, depending on the size of the facility.
Now, when it comes to things like that, you really should think of the annual loss expectancy as uh, as the probability that a catastrophic event is going to happen within a given year.
And it's important when planning our disaster recovery because you should really only be planning for scenarios that are likely to happen, then you're going to have enough of an impact
and you want a budget below that value for the annual loss expectancy because anything over is really wasting wasting money trying to fix the situation that's not gonna occur that often.
Alright. Quiz question. Which metric reflects the organization's goal for limiting data loss loss during disaster recovery?
Is that the maximum allowable downtime? Mad recovery point objective. RTO recovery time objective. RTO
if you said recovery point objective, you're correct. So although it is a is captured in terms of time, it's the amount of data that an organization can lose without compromising their business operations.
Okay. So in summary we talked about the key metrics used in disaster recovery, Mad R T. O. R P. O. And then the annual loss expectancy.
And then we talked about the considerations when setting these metrics.
Some organizations are more sensitive to um to mad than others. Others can be unavailable for long periods of time. Others can't their their customers are relying on data or the data quality. So there are P. O. May be very short compared to other organizations.
All these metrics should really be defined for a given organizations business recovery process
and based on their business case, what their customers expect, what they're contractually obligated to provide
and how dynamic their data is.
All right.
I hope you'll give you something to consider when designing your disaster recovery process and I'll see in the next lesson.
Up Next