Disaster Recovery Plan (DRP)

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
44 minutes
Difficulty
Intermediate
CEU/CPE
1
Video Transcription
00:00
Hello, everyone. This is instructor Gerry Roberts, and this is risk policies and security controls.
00:06
In this video, we're gonna talk about the d. A r P.
00:09
And we're specifically going to talk about what the D. R P is,
00:13
how it differentiates from the business continuity plan.
00:17
Who was involved in the D. R P process for the D. R P and some standards and organizations.
00:24
First of all, what is the D. R P or Disaster recovery response play?
00:29
You might hear this refer to as the disaster recovery plan to disaster response plan or the emergency response plan.
00:40
The plan itself is meant to minimize the effects of a disaster or disruption. Hence why, in some places you might hear the word response you might hear, recover or you might even hear it refer to as emergency.
00:53
This is meant for short term events and is usually implemented during the event.
00:59
So how does this differ from the business continuity plant?
01:03
The D. R P itself is meant to be implemented during the event, while the BCP is supposed to be for long term.
01:10
In other words, the goal of the d r. P is to handle the disaster and its consequences immediately after.
01:17
Whereas the business continuity plan is more concerned with longer term effects and being able to survive and continue after a disaster.
01:26
Often these two plans work together and have some overlap.
01:30
So who exactly is involved?
01:33
The D. A R P team is like the team for the BCP, and often the same people might be a part of both.
01:38
The team is comprised of management,
01:42
a team leader or project manager
01:45
who he's usually chosen by management at the beginning of the project.
01:49
You also have a committee
01:53
or team members
01:55
that worked with the project manager or team leader
01:57
to put the plan together.
02:00
Now these air similar to those in the B. C P and that these members are usually from different departments in different levels of management, so they can get a good eye on the different components of the organization to make a better plan.
02:15
Sometimes the entire company is involved, just like with the BCP for drills and training
02:23
the D. R P process.
02:25
Now the process for the D. R. P is pretty much the same as the BCP process. However, it's going to focus on the short term response to emergency or disaster.
02:36
Now Miss recommends that the B, C, P, D, air peon and all other contingency planning used the same process.
02:44
To begin with, a continuity policy is put together. This will guide the D R P document.
02:50
In this document
02:52
or policy, you will provide information on the various portions of the organization that you want to focus on and any pertinent information that you feel should be included before anything is started.
03:06
Next,
03:07
the B I A. R Business impact analysis is done.
03:10
This is where you can identify important functions, and resource is as well as threats.
03:16
This is where you would identify critical infrastructure
03:21
so that in the event of an emergency,
03:23
those pieces can be taken into consideration
03:28
next. To identify preventative controls,
03:30
identify an implement controls that can lower the overall risk to the organization.
03:37
Hopefully, this prevents a disaster,
03:39
but they can't always.
03:43
Then you develop your recovery strategies.
03:45
So if a disaster happens, even though you have preventative controls in place,
03:50
you need to have a recovery strategy so that you may recover.
03:54
In this strategy, you create methods for bringing critical infrastructure back online quickly, so the business is not interrupted for variable.
04:05
The next stage is to develop the contingency plan,
04:09
these air procedures and guidelines for how the business could stay afloat, even in a critical failure.
04:15
Next, exercise, test and drill.
04:18
Always test your plans,
04:20
and if you find flaws or issues, improve the plant.
04:24
Train your employees. You want to make sure they're ready
04:28
and do drills if possible. That also helps with readiness.
04:32
Last but not least, maintain your plan.
04:34
If you don't maintain your plan when something happens, information might be out of date
04:41
or you might have other issues with the plan.
04:45
Standard Is it organizations,
04:46
so pretty much the same. Organizations and standards that apply to the BCP could also apply to the d. A r P.
04:54
So organizations such as n'est the British Standards Organization I so the Business Continuity and Stupid
05:00
and the D. R I International Institute all provide documentation for the D. A R P.
05:05
Government entities often must follow one or more of the standards set by these organizations.
05:14
Post assessment question time.
05:15
The D. R. P takes place when,
05:19
during an event right after
05:23
long term
05:24
during a hurricane
05:26
or never.
05:28
I'll give you a few moments to take a look at this and figure out your answer.
05:32
As always, you can pause. And then we would come back for the answer.
05:41
The answer's A during an event and right after
05:46
now here's the thing
05:47
you might say during Hurricane might also qualify.
05:53
But I will be honest living in Florida.
05:56
You don't want to go out in the middle of the hurricane.
05:58
You're probably gonna get hit with something and hurt pretty badly.
06:00
So typically
06:02
in an event like a hurricane,
06:04
you hunker down,
06:06
then deal with the issue after the hurricane has passed.
06:11
So the correct answer is still a during an event and right after.