CISSP Security & Risk Management-Disaster Recovery (DR)

Posted filed under CISSP.

Review the BIA

    • BIA contains the prioritized list of critical business functions
    • Should be reviewed for compatibility with the BC plan

  • BIA is usually acceptable as it was prepared and released by the
  • Contingency Planning Management Team Contingency Planning Management Team (CPMT).

 

 

Forming the Disaster Recovery Team

  • Should include members from IT, InfoSec, and other departments
  • DR team is responsible for planning for DR and for leading the DR process when a disaster is declared
  • Must consider the organization of the DR team and the needs for documentation and equipment
  • DR team
    • Should include representatives from every major organizational unit
    • Should be separate from other contingency-related teams
    • May include senior management, corporate support units, facilities, fire and safety, maintenance, IT, InfoSec
  • May be advisable to divide the team up into sub teams.
  • Sub-teams may include:
  • Disaster management team: command and control, responsible for planning and coordination
  • Communications: public relations and legal representatives to interface with senior management and general public
  • Computer recovery (hardware): recovers physical computing assets
  • Systems (OS) recovery: recovers operating systems
  • Network recovery: recovers network wiring and hardware
  • Sub-teams (continued):
    • Business interface: works with remainder of organization to assist in recovery of non-technology functions
    • Logistics: provides supplies, space, materials, food, services, or facilities needed at the primary site
    • Other teams needed to reestablish key business functions as needed

 

 

  • Guidelines are found in NIST Contingency Planning Guide for Information Technology Systems
  • Planning process steps:
    • Develop the DR planning policy statement
    • Review the business impact analysis (BIA)
    • Identify preventive controls
    • Develop recovery strategies
    • Develop the DR plan document
    • Test, train, and rehearse
    • Plan maintenance
  • Purpose:
  • Provide for the direction and guidance of any and all DR operations
  • Must include executive vision and commitment
  • Business disaster recovery policy should apply to the entire organization
  • Scope:
    • Identifies the organizational units and groups of employees to which the policy applies
  • Roles and responsibilities:
    • Identifies the key players and their responsibilities
  • Resource requirements:
    • Identifies any specific resources to be dedicated to the development of the DR plan
  • Training requirements:
    • Details training related to the DR plan
  • Exercise and testing schedules:
    • Specifies the frequency of testing of the DR plan
  • Plan maintenance schedules:
    • Details the schedule for review and update of the plan
  • Special considerations:
    • May include issues such as information storage and retrieval plans, off-site and on-site backup schemes, or other issues
  • Review the BIA within the DR context
  • Ensure that the BIA is compatible with the DR specific plans and operations
  • BIA is usually acceptable as it was prepared and released by the
  • Contingency Planning Management Team Contingency Planning Management Team (CPMT).

 

 

 

 

To Become Certified For CISSP Please Visit This Link;

Comments are closed.