Posted filed under CISSP.

Result contains:

  • Identified critical functions and required resources

  • MTD for each function and resource
  • Identified threats and vulnerabilities
  • Impact the company will endure with each threat
    • Calculation of risk
  • Protection and recovery solutions


Document and present to management for approval

The results from the BIA are used to create a BCP/DRP.


BCP/DRP Plan design and development – Some Items to include

  • Emergency response
  • Personnel responsibility/notification
  • Backups and off-site storage
  • Communications
  • Utilities
  • Logistics and supplies
  • Documentation
  • Business resumption planning


  • Implementation
    • Training
    • Testing/Drills and assessment
    • Recovery procedures
    • Maintenance



  • Systematic approach to training is required to support the BCP/DRP plans
  • A sufficient number of qualified staff members must be cross-trained to ensure coverage
  • Trained staff must also have the required credentials to be able to execute the actions required by the plan


Testing and Drills

Testing Characteristics

  • Testing helps to indicate if an organization can actually recover
  • Testing should be an annual affair or after significant changes have occurred in the environment
  • Identifies items that need to be improved upon (expect mistakes)


  • Decide on the type of drill (Classroom/tabletop or Functional)
  • Create a disaster scenario
  • Create goals to be accomplished during drill
  • Run drill
  • Report results to management


Types of Tests

  • Checklist Test
    • Copies of BCP/DRP distributed to functional managers
    • They review parts that address their department
  • Structured Walk-Through
    • A meeting is held where functional managers go (walk) through the entire plan
  • Simulation Test
    • Carry out or practice a disaster scenario
    • Could involve the actual offsite facility
  • Parallel Test
    • Test conducted including parallel processing from offsite facility
  • Full-Interruption Test
    • Original site shut down
    • All processing takes place at offsite facility


Recovery Procedures

  • Procedures on what to do, when to do, and in which sequence
  • Procedures should cover several different types of events
  • Copies of recovery plans should be kept offsite or another safe location
  • Employees must be taught and drilled
  • The least critical department/function/resources should be moved first to restored primary location



BCP/DRP Plan Maintenance

  • Ongoing maintenance of the BC/DR plan is a major commitment for an organization


Maintenance includes:

  • Effective after-action review meetings
  • Plan review and maintenance
  • Ongoing training of staff involved in incident response
  • Rehearsal process to maintain readiness of the BC/DR plan






To Become Certified For CISSP Please Visit This Link;

Comments are closed.