Chapter 19: Business Continuity, Disaster Recovery, and Organizational Policies

Hot site

A hot site is a fully configured environment, similar to the normal operating environment that can be operational immediately or within a few hours. (has duplicate data or near original backup). Also has hardware redundancy.

Single Point of Failure

A single point of failure is a critical operation in the organization upon which many other operations rely and which itself relies on a single item that, if lost, would halt this critical operation. (could be a piece of hardware, utility, process, data, etc...)

Warm site

A warm site is partially configured, usually having the peripherals and software but perhaps not the more expensive main processing computer. It is designed to be operational in a few days. (has backups but they are a few days old).

Test, Exercise, and Rehearse

An organization should practice its DRP periodically. The time to find out whether it has flaws is not when the actual even occurs and the recovery of data and information means the continued existence of the organization. The DRP should be tested to ensure that it is sufficient and that all key individuals involved perform as they should during a simulated security incident. Notes: Exercises are an often overlooked aspect of security. Many organizations do not believe that they have the time to spend on such events, but the question to ask is whether they can afford to not conduct these exercises, as they ensure the organization has a viable plan to recover from disasters and that operations can continue. Make sure you understand what is involved in these critical test of your organization's plan.

Business Continuity Plans

As in most operational issues, planning is a foundational element to success. This is true in business continuity, and the Business Continuity Plan (BCP) represents the planning and advance policy decisions to ensure the business continuity objectives are achieved during a time of obvious turmoil. You might wonder what is the difference between a Business Continuity Plan and a Disaster Recovery Plan. The focus of the BCP is the continued operation of the essential elements of the business or organization. Business continuity is not about operations as normal but rather about trimmed down, essential operations only. The focus of the DRP is on recovering and rebuilding the organization after a disaster has occurred. The recovery's goal is the complete operation of all elements of the business. The DRP is part of the larger picture, while the BCP is a tactical necessity until operations can be restored. A major focus of the DRP is the protection of human life, meaning evacuation plans and system shutdown procedures should be addressed. The safety of employees should be a theme throughout a DRP.

Succession Planning

Business continuity planning is more than just ensuring that hardware is available and operational. The people who operate and maintain the system are also important.

Differential backup

In a differential backup, only the files that have changed since the last full backup was completed are backed up. This also implies that periodically a full backup needs to be done.

Utilities

In case of power outage have a generator or uninterruptible power supply to have enough time to shutdown. UPS or backup power generator.

Categories of Business Functions

In developing your disaster recovery plan or the business impact assessment, you may find it useful to categorize the various functions your organization performs, such as: -Critical = absolutely essential: the organization cannot function without it. -Necessary = required but can live without it for a short period of time: for a period of 30 days without being severely impacted. -Desirable = not needed for normal processing but enhances ability: more than 30 days without, but should be restored when normal operation is achieved. -Optional = nice to have: not essential -Consider eliminating = no discernable purpose: no impact to the organization. This categorization is based on how critical or important the function is to your business operation and how long your organization can last without the function. Those functions that are the most critical will be restored first, and your DRP should reflect this. If the function doesn't fall into any of the first four categories, then it is not really needed, and the organization should seriously consider whether it can be eliminated altogether. The difference between a disaster recovery plan and business continuity plan is that the business continuity plan will be used to ensure that your operations continue in the face of whatever event has occurred that has caused a disruption in operations. If a disaster has occurred and has destroyed all or part of your facility, the DRP portion of the business continuity plan will address the building or acquisition of a new facility. The DRP can also include details related to the long term recovery of the organization.

Business Continuity

Keeping an organization running when an even occurs that disrupts operations is not accomplished spontaneously but requires advanced planning and periodically exercising those plans to ensure they will work.

Recovery Time Objective and Recovery Point Objective

The term recovery time objective (RTO) is used to describe the target time that is set for resuming operations after an incident. A shorter RTO results in higher costs because it requires greater coordination and resources. This term is commonly used in business continuity and disaster recovery operations. Recovery Point Objective (RPO) is the time period representing the maximum period of acceptable data loss. The RPO determines the frequency of backup operations necessary to prevent unacceptable levels of data loss. Note: Although recovery time objective and recovery point objective seem to be the same or similar, they are very different. The RTO serves the purpose of defining the requirements for business continuity, while the RPO deals with backup frequency

Backup Frequency and Retention

The type of backup strategy an organization employs is often affected by how frequently the organization conducts the backup activity. The usefulness of a backup is directly related to how many changes have occurred since the backup was created, and this is obviously affected by how often backups are created. There are several strategies or approaches to backup retention. One common and easy to remember strategy is the "rule of three" in which the three most recent backups are kept. When a new backup is created, the oldest backup is overwritten. Another strategy is to keep the most recent copy of backups for various time intervals. For example, you might keep the latest daily, weekly, monthly, quarterly, and yearly backups. Note that in certain environments, regulatory issues may prescribe a specific frequency and retention period, so it is important to know your organization's requirements when determining how often you will create a backup and how long you will keep it. In determining the optimal backup frequency, two major costs need to be considered: the cost of the backup strategy you choose and the cost of recovery if you do not implement this backup strategy (that is, if no backups were created). You must also factor into this equation the probability that the backup will be needed on any given day. The two figures to consider then are these: Alternative 1: (probability the backup is needed) x (cost of restoring with no backup) Alternative 2: (probability the backup isn't needed) x (cost of the backup strategy) The first of these two figures, alternative 1, can be considered the probable loss you can expect if your organization has no backup. The second figure, alternative 2, can be considered the amount you are willing to spend to ensure that you can restore, should a problem occur (think of this as backup insurance - cost of an insurance policy that may be used but that you are willing to pay for, just in case). To optimize your backup strategy, you need to determine the correct balance between the two figures. When you are calculating the cost of the backup strategy, consider the following: -The cost of the backup media required for a single backup -The storage costs for the backup media based on the retention policy -The labor costs associated with performing a single backup -The frequency with which backups are created All of these considerations can be used to arrive at an annual cost for implementing your chosen backup strategy.

Mean Time To Failure (MTTF)

is a variation of MTBF, one that is commonly used when the system is replaced instead of repaired.

Delta backup

the goal of the delta backup is to back up as little information as possible each time you perform a backup. As with the other strategies, an occasional full backup must be accomplished. After that, when a delta backup is conducted at specific intervals, only the portions of the files that have been changed will be stored. The advantage of this is easy to illustrate. If you organization maintains a large database with thousands of records comprising several hundred megabytes of data, the entire database would be copied in the previous backup types even if only one record has changed. For a delta backup, only the actual record that changed would be stored. The disadvantage of this method is that restoration is a complex process because it requires more than just loading a file (or several files). It requires that application software be run to update the records in the files that have been changed.

Backout Planning

Backout planning is the reversal of a update due to the update causing a system or application failure. (i.e. restore point).

Implementing the Right Type of Backups:

Carefully consider the type of backup that you want to conduct. With the size of today's PC hard drives, a complete backup of the entire hard drive can take a considerable amount of time. Implement the type of backup that you need and check for software tools that can help you in establishing a viable backup schedule.

IT Contingency Planning

Important parts of any organization today are the information technology (IT) processes and assets. Without computers and networks, most organizations could not operate. Consequently, the IT contingency plans are more likely to be needed than the other aspects of a business continuity plan. These plans should account for disruptions caused by any of the security threats discussed throughout this book as well as disasters or simple system failures.

Offsite Backups

Offsite backups are backups that are stored in a separate location from the system being backed up.

Order of Restoration

Order of Restoration is deciding which systems to restore first, second, and last.

Secure Recovery

Several companies offer recovery services, including power, communications, and technical support that your organization might need if its operations are disrupted.

Legal Implications

When planning an offsite backup, you must consider the legal implications of where the data is being stored, Different jurisdictions have different laws, rules, and regulations concerning core tools such as encryption.

Types of Backups:

4 types of backups that can be conducted: 1. Full - space = large, restoration = simple 2. Differential - space = medium , restoration = simple 3. Incrimental - space = medium, restoration = involved 4. Delta - space = small, restoration = complex

Identification of Critical Systems and Components

A foundational element of a security plan is an understanding of the criticality of systems, the data, and the components. Identifying the critical systems and components is one of the first steps an organization needs to undertake in designing the set of security controls. This inform must be kept up to date.

Backups

A key element in any business continuity/disaster recovery plan is the availability of backups. This is true not only because of the possibility of disaster but also because hardware and storage media will periodically fail, resulting in loss or corruption of critical data. Data backup is thus a critical element in these plans, as well as in normal operation. These are several factors to consider in an organization's data backup strategy: -How frequently should backups be conducted? -How extensive do the backups need to be? -What is the process for conducting backups? -Who is responsible for ensuring backups are created? -Where will the backups be stored? -How long will backups be kept? -How many copies will be maintained? Keep in mind that the purpose of a backup is to provide valid uncorrupted data in the event of corruption or loss of the original file or media where the data was stored.

Removing Single Points of Failure

A key security methodology is to attempt to avoid a single point of failure in critical functions within an organization. When developing your BCP, you should be on the lookout for areas in which a critical function relies on a single item (such as switches, routers, firewalls, power supplies, software, or data) that if lost would stop this critical function. When these points are identified, think about how these possible single points of failure can be eliminated (or mitigated).

Long Term Backup Storage

An easy factor to overlook when upgrading systems is whether long term backups will still be usable. You need to ensure that the type of media utilized for your long term storage is compatible with the hardware that your are upgrading to. Otherwise you may find yourself in a situation in which you need to restore data, and you have the data, but you don't have any way to restore it.

Storage of Backups

An important element to factor into the cost of the backup strategy is the expense of storing the storage. This is affected by many variables, including number and size of the backups, and the need for quick restoration. This can be further complicated by keeping hot, warm, and cold sites synchronized.

Geographic Considerations

An important element to factor into the cost of the backup strategy might be to store all you backups together for quick and easy recovery actions. This is not a good idea. The solutions is to keep copies of backups in separate locations. The most recent copy can be stored locally because it is most likely to be needed, while other copies can be kept at other locations.

Alternative sites

An issue related to the location of backup storage is where the restoration services will be conducted. Determining when or if an alternative site is needed should be included in recovery and continuity plans. There are a number of ways to approach this problem, including hot sites, warm sites, cold sites, and mobile backup sites. Shared alternative sites may also be considered. These sites can be designed to handle the needs of different organizations in the event of an emergency. With a Mutual Aid Agreement, similar organizations agree to assume the processing for the other party in the event a disaster happens. Aka a reciprocal site. Such an arrangement may not be legally enforceable. Also, trouble might arise if both entities are hit so this should be planned for.

Cold site

a cold site will have the basic environmental controls necessary to operate but few of the computing components necessary for processing. Getting a cold site operational might take weeks (has no current copies of the original site data).

What Needs To Be Backed Up

Backups commonly comprise the data that an organization relies on to conduct its daily operations. While this is certainly essential, a good backup plan will consider more than just the data; It will include any application programs needed to process the data and operating system and utilities that the hardware platform requires to run the applications.

Incremental vs Differential Backups

Both incremental and differential backups begin with a full backup. An incremental backup only includes the data has changed since the previous backup, including the last incremental. A differential backup contains all of the data that has changed since the last full backup. the advantage that differential backups have over incremental is shorter restore times. The advantage of the incremental backup is shorter backup times. To restore a differential backup, you restore the full backup and the latest differential backup: 2 events. To restore an incremental system, you restore the full backup and then all of the incremental backups in order. Notes: You need to make sure you understand the different type of backups and their advantages and disadvantages for the exam.

Business Impact Analysis (BIA)

Business Impact Analysis is the term used to describe the document that details the specific impact of elements on a business operation (this may also be referred to as a business impact assessment). A BIA outlines what the loss of any of your critical functions will mean to the organization. This is a foundational document used to establish a wide range of priorities, including the system backups and restoration that are needed to maintain continuity of operation Note: Conducting a BIA is a critical part of developing your BCP. This assessment will allow you to focus on the most critical elements of your organization. These critical elements are the ones that you want to ensure are recovered first, and this priority should be reflected in your BCP and subset DRP.

Clustering

Clustering, links a group of systems to have them work together functioning as a single system.

Data Sovereignty

Data sovereignty is a relatively new phenomenon, but in the past couple of years several countries have enacted laws stating that certain types of data must be stored within their boundaries.

Issues with Long-Term Storage of Backups

Depending on the media used for an organization's backups, degradation of the media is a distinct possibility and needs to be considered. Magnetic media degrades over time (measured in years). Magnetic media should be rotated and tested to ensure that it is still usable. Another issue is security related. If the file you stored was encrypted for security purposes, more than one employee in the company should know the key to decrypt the files, and this information should be passed along to another person when a critical employee with that information leaves, is terminated, or dies.

Tabletop exercises

Exercising operational plans is an effort that can take on many different forms. For senior decision makers, the point of action is more typically a desk or conference room, with their method being meetings and decisions. Hence the name Tabletop exercises

Failover

Failover is the process of moving from a normal operational capability to the continuity of operations version of the business. Simple transparent failovers can be achieved through architecture and technology choices, but they must be designed into the system. Once a system is fixed, resolving whatever caused the outage, there is a need to move back to the original production system.

Fault Tolerance

Fault Tolerance has the same goals as high availability - the uninterrupted access to data and services. This can be accomplished by the mirroring of data and hardware systems.

High Availability

High Availability refers to the ability to maintain the availability of data and operational processing (services) despite a disrupting event. (requires redundant systems in terms of power and processing).

Load Balancing

Load Balancing is designed to distribute the processing load over two or more systems. Review page 675 for uptime metrics. 2 x 200 = 400

Disaster Recovery

Many types of disasters, whether natural or caused by people, can disrupt your organization's operations for some length of time. Such disasters are unlike threats that intentionally target your computer systems and networks. Such as industrial espionage, hacking, attacks from disgruntled employees, and insider threats, because the events that cause the disruption are not specifically aimed at your organization. examples: natural disasters, war, terrorism, etc...

Mean Time Between Failures (MTBF)

Mean Time Between Failure (MTBF) is a common measure of reliability of a system and is an expression of the average time between failures. MBTF = (start of downtime - start of uptime) / # of failures

Mean Time To Repair

Mean Time To Repair (MTTR) is a common measure of how long it takes to repair a failure.

Disaster Recovery Plans/Process

No matter what event you are worried about - whether natural or man made and whether targeted at your organization or more random - you can make preparations to lessen the impact on your organization and the length of time that your organization will be out of operation. A Disaster Recovery Plan (DRP) is critical for effective disaster recovery efforts. A DRP defines the data and resources necessary and the steps required to restore critical organizational processes. To begin creating your DRP, firstly identify all critical functions for your organization and then answer the following questions for each of these critical functions: -Who is responsible for the operation of this function? -What do these individuals need to perform the function? -When should this function be accomplished relative to other functions? -Where will this function be performed? -How is this function performed (what is the process)? -Why is this function so important or critical to the organization? The name often used to describe the document created by addressing these questions is a Business Impact Assessment (BIA) Notes: It is often informative to determine what category your various business functions fall into. You may find that certain functions currently being conducted are not essential to your operations and could be eliminated. In this way, preparing for a security event may actually help you streamline your operational processes.

Exercises/Tabletop

Once a plan is in place, a tabletop exercise should be performed to walk though all of the steps and ensure all elements are covered and that the plan does not forget a key dataset or person. The table top exercise is a critical last step that validates the (RDP/BCP) plan.

Onsite Backup Storage

One of the most frequent errors committed with backups is to store all backups onsite. While this greatly simplifies the process, it means that all data is stored in the same facility. Should a natural disaster occur (such as a fire or hurricane), you could lose not only your primary data storage devices but your backups as well. You need to used an offsite location to store at least some of your backups.

Backups are a Key Responsibility for Administrators:

One of the most important tools a security administrator has is a backup. While backups will not prevent a security event from occurring, they often can save an organization from a catastrophe by allowing it to quickly return to full operation after an event occurs. Conducting frequent backups and having a viable backup and recovery plan are two of the most important responsibilities of a security administrator.

Cloud Computing

One of the newer innovations coming to computing via the internet is the concept of cloud computing. (use 3rd party server farms). Aka infrastructure as a Service (Iaas).

Location Selection

Picking a storage location has several key considerations. Physical safety, etc....

Redundant Array of Independent Disks (RAID)

RAID spreads data among many disks. -RAID 0 = (striped disks) spreads the data across disks speeds -RAID 1 = (mirroring) Creates a mirror of one disk to another creating data redundancy -RAID 2 = (bit level error correcting code) stripes data at bit level instead of block level. Can recover data through error correcting. -RAID 3 = (byte striped with error check) spreads the data across multiple disks and uses one disk for parity. -RAID 4 = (dedicated parity drive) similar to RAID 3 -RAID 5 = (block striped with error check) uses 3 drives and increases speed and reliability.

Spare Parts and Redundancy

Raid creates redundancy, it is good to have some spare parts.

Redundancy

Redundancy is the use of multiple, independent elements to perform a critical function so that if one fails, there is another that can take over the work.

Snapshots

Snapshots refer to copies of virtual machines, one of the advantages of a virtual machine over a physical machine is the ease in which the virtual machine can be backed up and restored. A snapshot is a copy of a virtual machine at a specific point in time.

After Action Reports

The After Action Report associated with invoking continuity of operations reports on two functions: 1. Is the level of operations upon transfer. Is all of the desired capability up and running? 2. The second questions address how the actual change from normal operations to those supported by continuity systems occurred.

Archive bits:

The archive bit is used to indicate whether a file has (1) or has not (0) changed since the last backup. The bit is set (changed to a 1) if the file is modified, or in some cases, if the file is copied, the new copy of the file has its archive bit set. The bit is reset (changed to a 0) when the file is backed up. The archive bit can be used to determine which files need to be backed up when using methods such as the differential backup methods

Continuity of Operations

The continuity of operations is imperative because it has been shown that if an organization cannot quickly recover from a disruption, there is a possibility they may never recover, and could go out of business. The overall goal of business continuity planning is to determine which subset of normal operations needs to be continued during periods of disruptions.

Distance

The distance associated with an offsite backup is a logistic problem. If you need to restore a system and the backup is stored hours away by car, this can increase the recovery time.

Full backup

The easiest type of backup to understand is the full backup. In a full backup, all files and software are copied onto the storage media. This process can take a considerate amount of time.

Risk Assessment

The principles of risk assessment can be applied to business continuity planning. Determining the sources and magnitudes of risks is necessary in all business operations, including business continuity planning. Determining the sources and magnitudes of risk is necessary in all business operations, including business continuity planning.

Strategies for Backups

The process for creating a backup copy of data and software requires more though than simply stating "copy all required files". The size of the resulting backup must be considered, as well as the time required to conduct the backup.