CISSP Security & Risk Management-Disaster Recovery (DR)

• gol


• 19 May 2016

Review the BIA

• • BIA contains the prioritized list of critical business functions
  • Should be reviewed for compatibility with the BC plan

• BIA is usually acceptable as it was prepared and released by the
• Contingency Planning Management Team Contingency Planning Management Team (CPMT).

 

 

Forming the Disaster Recovery Team

• Should include members from IT, InfoSec, and other departments
• DR team is responsible for planning for DR and for leading the DR process when a disaster is declared
• Must consider the organization of the DR team and the needs for documentation and equipment

• DR team
  • Should include representatives from every major organizational unit
  • Should be separate from other contingency-related teams
  • May include senior management, corporate support units, facilities, fire and safety, maintenance, IT, InfoSec
• May be advisable to divide the team up into sub teams.
• Sub-teams may include:
• Disaster management team: command and control, responsible for planning and coordination
• Communications: public relations and legal representatives to interface with senior management and general public
• Computer recovery (hardware): recovers physical computing assets
• Systems (OS) recovery: recovers operating systems
• Network recovery: recovers network wiring and hardware

• Sub-teams (continued):
  • Business interface: works with remainder of organization to assist in recovery of non-technology functions
  • Logistics: provides supplies, space, materials, food, services, or facilities needed at the primary site
  • Other teams needed to reestablish key business functions as needed

 

 

• Guidelines are found in NIST Contingency Planning Guide for Information Technology Systems
• Planning process steps:
  • Develop the DR planning policy statement
  • Review the business impact analysis (BIA)
  • Identify preventive controls
  • Develop recovery strategies
  • Develop the DR plan document
  • Test, train, and rehearse
  • Plan maintenance

• Purpose:
• Provide for the direction and guidance of any and all DR operations
• Must include executive vision and commitment
• Business disaster recovery policy should apply to the entire organization
• Scope:
  • Identifies the organizational units and groups of employees to which the policy applies
• Roles and responsibilities:
  • Identifies the key players and their responsibilities
• Resource requirements:
  • Identifies any specific resources to be dedicated to the development of the DR plan
• Training requirements:
  • Details training related to the DR plan
• Exercise and testing schedules:
  • Specifies the frequency of testing of the DR plan
• Plan maintenance schedules:
  • Details the schedule for review and update of the plan
• Special considerations:
  • May include issues such as information storage and retrieval plans, off-site and on-site backup schemes, or other issues
• Review the BIA within the DR context
• Ensure that the BIA is compatible with the DR specific plans and operations
• BIA is usually acceptable as it was prepared and released by the
• Contingency Planning Management Team Contingency Planning Management Team (CPMT).

 

 

 

 

To Become Certified For CISSP Please Visit This Link;