ISC2 BCP/DRP
Mean Time Between Failures (MTBF)
Quantifies how long a new or repaired system will run on average before failing.
Business Continuity Plan (BCP)
A long-term plan to ensure the continuity of business operations.
Continuity of Operations Plan (COOP)
A plan to maintain operations during a disaster.
Disaster Recovery Plan (DRP)
A short-term plan to recover from a disruptive event.
simulation test/walkthrough test
A simulation test, also called a walkthrough drill (not to be confused with the discussion-based structured walkthrough), goes beyond talking about the process and actually has teams carry out the recovery process. The team must respond to a simulated disaster as directed by the DRP.
Structured walkthrough/tabletop
Another test that is commonly completed at the same time as the checklist test is that of the structured walkthrough, which is also often referred to as a tabletop exercise. During this type of DRP test, usually performed prior to more in-depth testing, the goal is to allow individuals who are knowledgeable about the systems and services targeted for recovery to thoroughly review the overall approach. illustrative, as the group will talk through the proposed recovery pro- cedures in a structured manner
Parallel processing test
Another type of DRP test is that of parallel processing. This type of test is common in environments where transactional data is a key component of the critical business processing. Typically, this test will involve recovery of critical processing compo- nents at an alternative computing facility, and then restore data from a previous backup.
DRP Test types
DRP review Checklist (also known as consistency test) Structured walkthrough/tabletop( also often referred to as a tabletop exercise.) Simulation test/walkthrough drill Parallel processing Partial and complete business interruption
Errors and omissions
Data entry mistakes are an example of errors and omissions Though errors and omissions are the most common threat faced by an organization, they also represent the type of threat that can be most easily avoided
Mean Time to Repair (MTTR)
Describes how long it will take to recover a failed system.
BCP/DRP project initiation
Develop the contingency planning policy statement Conduct the business impact analysis (BIA) Identify preventive controls Develop recovery strategies Develop an IT contingency plan Plan testing, training, and exercises Plan maintenance
Electronic vaulting
Electronic vaulting is the batch process of electronically transmitting data that is to be backed up on a routine, regularly scheduled time interval. It is used to transfer bulk information to an offsite facility.
ISO/IEC-27031
ISO/IEC-27031 [20] is part of the ISO 27000 series, which also includes ISO 27001 and ISO 27002 ISO/IEC 27031 focuses on BCP (DRP is handled by another framework; see below).
MTD
Maximum tolerable downtime
NIST SP 800-34
NIST Special Publication 800-34, Contingency Planning Guide for Information Technology Systems [19], is of high quality and in the public domain.
BS-25999
The British Standards Institute (BSI) released BS 25999, which is in two parts Part 1, the Code of Practice, provides business continuity management best practice recommendations. Please note that this is a guidance document only. • Part 2, the Specification, provides the requirements for a business continuity management system (BCMS) based on BCM best practice. This is the part of the standard that you can use to demonstrate compliance via an auditing and certification process.
BCI
The Business Continuity Institute (BCI) 2008 Good Practice Guidelines (GPGs) de- scribe the business continuity management (BCM) process as follows Section 1 consists of the introductory information plus BCM Policy and Programme Management. • Section 2 is Understanding the Organisation • Section 3 is Determining BCM Strategy • Section 4 is Developing and Implementing BCM Response • Section 5 is Exercising, Maintaining & Reviewing BCM arrangements • Section 6 is Embedding BCM in the Organisation's Culture
BRP
The business recovery plan (BRP), also known as the business resumption plan, de- tails the steps required to restore normal business operations after recovering from a disruptive event.
Occupant Emergency plan (OEP)
The occupant emergency plan (OEP) provides the "response procedures for occu- pants of a facility in the event of a situation posing a potential threat to the health and safety of personnel, the environment, or property.