Incident Response Processes, Teams, and Policies Part 2
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
Already have an account? Sign In »
3 hours 20 minutes
so sometimes the incidents are really bad. Sometimes they are so bad the incident response process can't really can't really fix the situation. And then from there you have to upgrade the instant response process to the disaster Recovery plan. Disaster recovery Plan
specifically focuses on the restoration of critical systems
after a disaster.
So the whole purpose of a disaster recovery plan is to get your assets in your I T infrastructure back up and running after a disaster as quickly as possible.
Assets include data systems, network devices and telecom equipment.
Now, sometimes the disaster at your organization is so bad that the area where all the I T infrastructure is, it's no longer feasible to host it there for the time being. So at that point, you have to move to an alternative site.
Now there are three main alternative sites. There is the cold site, warm site and hot site.
Cold site is the cheapest, but it's really it's going to take you the longest to get back up and running. So the cold site there's usually water, electricity and a space to have have things, so just think of like a really big warehouse with water and electric, and that's about it.
The warm site usually has some type of infrastructure sit network and data systems and computers already there, but there is no current data,
so the data would have to be imported in. This is an upgrade from a cold site, but obviously it's still going to be a wild to get your business and infrastructure back up and running with a warm site and a warm side is also more expensive.
The most expensive option is what known is, ah, hot site. This is like a mirror image off your infrastructure and organization, so that if something happens at your primary facility, this backup facility can be ready to G O immediately.
Now, obviously, you want to test your DRP after you create it, and just to make sure that it works, you want to make sure that it will happen the way you think it will happen. Now there's several ways to test the disaster recovery plan. There is the checklist test where the department heads
kind of walked themselves through the plan
and just to make sure everything looks good, there is the structured walk through test, where the department heads get together, present their plans to everyone else and receive feedback and then make the necessary adjustments. There is a simulation test
where a disaster is simulated and then the plan gets kicked into action.
But it's just a simulation for this one. There is no actual interruption
at the primary infrastructure facility. There is the parallel test, in which parallel testing involves processing, actually processing data at the actual site
at the alternative site, although there is no interruption to the primary facility. And finally there is the full interruption test. This is the most
expensive kind of test, and obviously the most disruptive kind of test. This is where the information they're facility actually gets interrupted and everything actually moves to the secondary facility.
Business Continuity Plan
Business Continuity Plan focuses on the continuity of critical business operations after a disaster. So while the disaster recovery plan focuses on I t infrastructure, specifically, the BCP kind of focuses on all the other aspects of critical business operations.
Now, when creating a business continuity plan,
what you really want to do first off is create an impact analysis. You want to figure out what are the financial risks and losses, and also as well as the non financial risks and losses to a business
after a disaster occurs. You want to figure out how severe the disaster will be.
Several key terms to know when creating a business continuity plan. The first is MTD, known as maximum tolerable downtime. This is the maximum amount of time that a business can be down before the existence of the business comes into question. This is the total amount of time
that business could be down before it can no longer recover
in a reasonable manner.
You have the RTO recovery time objective. This is where you take this is this objective is the amount of time it will take to bring back a business after a disaster.
And then you have the R P O recovery point objective. Usually during a severe disaster, there's going to be some type of data loss. The recovery point objective is the point in time in which the data can be recovered and brought back to a business.
In this video, we discussed the incident response process and we took a look at instant response teams and policies.
Quiz time. What is the main purpose of a disaster recovery plan. Is it a bring back I T infrastructure? After a disaster? Be bring back business continuity of critical business operations.
See handle everyday incidents or D support infrastructure mentioned in the business impact analysis.
If you said a, then you are correct. Remember, the disaster recovery plan
focuses on bringing back I t infrastructure while the BCP focuses on bringing back critical business operations. Hope you guys learned a lot in this lesson, and I'll see you next time.