Disaster Recovery Plans

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
8 hours 20 minutes
Difficulty
Advanced
CEU/CPE
9
Video Transcription
00:00
>> Disaster recovery plans.
00:00
The learning objectives for this lesson are to
00:00
differentiate the types of alternate sites,
00:00
to describe the role of the Cloud in disaster recovery,
00:00
and to explore incident response.
00:00
Let's get started. Alternate operating facilities.
00:00
Sometimes, it's necessary that we have
00:00
to operate from a secondary location rather
00:00
than our main location and this
00:00
might be because of a natural disaster such as
00:00
a tornado has knocked our facility offline or it may be
00:00
that we have other issues
00:00
such as Internet outages or power outages,
00:00
that type of thing at our facility and we need to have
00:00
a plan for a secondary facility to take over.
00:00
But because this is not
00:00
a quick process for this to be successful,
00:00
it requires a lot of pre-planning to
00:00
ensure that everything is in place when the time comes,
00:00
when we need that site.
00:00
Site selection. We first start off with a cold site.
00:00
This requires the least maintenance for us,
00:00
but it requires a large amount of prep time.
00:00
The site will only have power and nothing else.
00:00
The location is usually just reserved for us,
00:00
but has no prep and nothing
00:00
has been done to it to make it ready for us.
00:00
A warm site is a scaled-down version of our main site.
00:00
Systems are mostly configured to be ready for use,
00:00
but some reconfiguration would be necessary.
00:00
We would need to get the most recent backups to restore
00:00
and maybe do a little bit more configuration
00:00
to get everything up and running.
00:00
In this case, we've got
00:00
a lot more expense involved because we have systems
00:00
in place and they're being kept fairly current
00:00
and we have Internet access and utilities are there,
00:00
so there's a lot more costs with that,
00:00
but a lot less prep time than say with a cold site.
00:00
A hot site is one that can be activated within minutes.
00:00
It has very little prep time,
00:00
but it's also the most expensive to
00:00
maintain because we're keeping it very
00:00
current so that we can just flip the switch
00:00
and roll over to that site should it be necessary.
00:00
We also have mobile sites which
00:00
are somewhere between a warm and a cold site.
00:00
It contains everything that we would need to configure,
00:00
but it can be delivered
00:00
very quickly by a mobile site operator and then we would
00:00
have to go in there and make sure that it's set up for
00:00
our current requirements and
00:00
then shift over operations to that.
00:00
Cloud and disaster recovery.
00:00
The Cloud allows for running many apps
00:00
that have been traditionally ran locally on a network.
00:00
Using the Cloud resources,
00:00
this allows us for a hybrid or an organization may
00:00
use it in a traditional way
00:00
until their main side is backup.
00:00
But they may also have to
00:00
transfer more of their infrastructure
00:00
to the Cloud to help ensure
00:00
recovery is faster for other areas.
00:00
The Cloud allows us to very quickly shift
00:00
services over and then
00:00
while we're repairing our facility,
00:00
we can shift it back.
00:00
But depending on what is
00:00
required for a given organization,
00:00
we may have to shift a lot more of that
00:00
to the Cloud and that does take time.
00:00
Disaster recovery in the Cloud is often referred to as
00:00
DRaaS or disaster recovery as a service.
00:00
Incident response roles. NIST 800-61,
00:00
computer security incident response handling defines
00:00
the following roles for incident response; management,
00:00
information assurance, IT support, legal department,
00:00
public affairs and media relations,
00:00
human resources, business continuity planning,
00:00
and physical security and facilities management.
00:00
All of these play a role
00:00
in shifting from one facility to another.
00:00
If something were to happen,
00:00
we would consider this an incident
00:00
and we have to build to respond to that.
00:00
We need to know ahead of time
00:00
who we're going to need to deal with and who is
00:00
going to have to have a say or a part
00:00
to play in this incident response and to
00:00
let us know that these
00:00
are the roles that need to be performed by each of these.
00:00
For example, when I said all
00:00
this needs to be decided ahead of time
00:00
because you don't want to have to go
00:00
through and try to figure out who you
00:00
need to go grab when your building
00:00
is no longer available.
00:00
Management obviously, has a big role to play in
00:00
this and information assurance
00:00
and IT support do, as well.
00:00
But because of the legal concerns, especially,
00:00
when it comes to compliance frameworks
00:00
and privacy of data,
00:00
that type of thing,
00:00
we want to involve the legal department.
00:00
If it involves something that's
00:00
a fairly large incident that's going to become public,
00:00
then our public affairs and
00:00
media relations would need to be involved.
00:00
Human resources would need to be involved along
00:00
with our business continuity planning team.
00:00
Then because we're shifting
00:00
our resources over from one facility to another,
00:00
then we might not even own,
00:00
we obviously need to involve physical security as well as
00:00
the facilities management team there'll be
00:00
managing that new location.
00:00
Then we have our after-action reports.
00:00
After the incident has occurred
00:00
and you have recovered everything from it,
00:00
you've shifted back to your primary location
00:00
and you're no longer running off
00:00
of your secondary location,
00:00
now, we need to document everything.
00:00
We need to make sure that we find the areas that we
00:00
didn't do a good job on and
00:00
document ways to improve those.
00:00
This is a critical part of our disaster
00:00
in our backup and disaster recovery process.
00:00
It allows us to measure the overall performance
00:00
of the process as well as each member of the team.
00:00
We document what went wrong and what we did well,
00:00
and then areas that we can improve.
00:00
This will help to ensure that this process
00:00
is always improving and it will be
00:00
better the next time we need it. Let's summarize.
00:00
We went over the different types
00:00
of alternate operating facilities.
00:00
We discussed the Cloud's role in disaster recovery.
00:00
We went over the incident response roles and
00:00
then also the importance of our after-action reports.
00:00
Let's do some example questions. Question 1.
00:00
This type of alternate site requires the most work,
00:00
but these the cheapest to maintain. Cold site.
00:00
Because it basically has only power,
00:00
it is very inexpensive for us to maintain.
00:00
Since nothing else is there,
00:00
it doesn't even have furniture
00:00
and may not even have walls yet,
00:00
it's going to take a lot to get it up
00:00
and running. Question 2.
00:00
This type of alternate site can
00:00
be up and running within minutes,
00:00
but it is very complicated and expensive. Hot site.
00:00
Because everything is already in place
00:00
and all the technology is there even our data is there,
00:00
it would just take minutes to
00:00
flip over from one site to this one.
00:00
This is very expensive to maintain and again,
00:00
this increases the complexity of
00:00
our overall enterprise environment. Question 3.
00:00
True or false. The Cloud has replaced
00:00
all other forms of disaster recovery
00:00
since everything is always available.
00:00
False. While Cloud migration is accelerating,
00:00
many sites use the Cloud
00:00
to help them restore their local systems,
00:00
and then once they're up and running,
00:00
they shift operations back to their local network.
00:00
Question 4. Which of the following
00:00
are not needed in incident response?
00:00
The HR department, the legal department,
00:00
the accounting department or the facilities management.
00:00
Three, the accounting department.
00:00
Hope this lesson was helpful for
00:00
you, and I'll see you in the next one.
Up Next