Review before CCSP exam

Ace your homework & exams now with Quizwiz!

"Which disaster recovery plan metric indicates how long critical functions can be unavailable before the organization is irretrievably affected? (A) Recovery time objective (RTO) (B) Mean time to switchover (MTS) (C) Recovery point objective (RPO) (D) Maximum allowable downtime (MAD)"

(D) Maximum allowable downtime (MAD)"

BCDR Steps

1) Define scope - ensure that security concerns are an intrinsic part of the plan from the start, 2) Gather requirements - Takes into account the RPO/RTO objectives to determine what needs to be included in the plan as well as gives a sense of what type of solutions are necessary to meet those objectives 3) Analyze - Involves a thorough analysis of the current production hosting location to determine the components that need to be replicated in the BCDR environment and the risks associated it 4) Assess risk - An ongoing and continual process to ensure security compliance and regulatory requirements1) Load capacity at the BCDR site2) Migration of services3) Legal and contractual issues 5) Design - The actual technical evaluation of the BCDR solution is considered and matched to the company's requirements and policies 6) Implement the plan - Will likely require changes from both technical and policy standpoints since can be fluid 7) Test the plan - Can only really be considered sound and valid once THIS has been performed to ensure its accuracy and feasibility. 8) Report - A comprehensive document detailing all activities, shortcomings and changes made during the course of testing and its effectiveness 9) Revise An alternative one since no one can agree: 1) Define 2) Analyze 3) Assess Risk 4) Design 5) Implement 6) Test

What is the Recovery Time Objective (RTO)

1st part of the MTD, which is the earliest time period and service level within a business process must be restored after a disaster to avoid an impact to the business. RTO is measured in time. The RTO must be lower than the MAD.

What is Work Recovery Time (WRT)

2nd part of the MTD value that deals with restoring data, testing processes, and then making the system live

Business Continuity Management

A holistic management process that identifies potential threats to an organization and the impacts to business operations those threats, if realized, might cause, and that provides a framework for building organizational resilience with the capability of an effective response that safeguards the interests of its key stakeholders, reputation, brand, and value-creating activities.

MAD -Maximum Allowable Downtime MTD -Maximum Tolerable Downtime

A measure of how long it would take for an interruption in service to kill an organization. For example, if a company would fail because it had to halt operations for a week, then it's MAD is one week. Measured in TIME

BC/DR Tests

Any BCDR plan should be tested at regular intervals. Tabletop Exercise Walk-Through Drill Functional Drill Full-Interruption

Business Continuity

Business continuity is defined as the capability of the organization to "continue" delivery of products or services at acceptable predefined levels following a disruptive incident. It focuses primarily on the continuity of business processes (as opposed to technical processes).

Business continuity management

Business continuity management is the process by which risks and threats are actively reviewed and managed at set intervals as part of the overall risk management process.

What is Recovery Point Objective (RPO)

DATA POINT - Is the acceptable amount of data loss measured in time. The point in time at which you would like to restore to

Disaster Recovery

Disaster recovery focuses on technology and data policies (as opposed to business processes).

Functional Drills

Functional Drill Involves moving personnel to the recovery site(s) to attempt to establish communications and perform real recovery processing. The drill will help the organization determine whether following the BCP will successfully recover critical systems at an alternate processing site. Because a functional drive fully tests the BCP, all employees are involved. It demonstrates emergency management capabilities and tests procedures for evacuation, medical response, and warnings.

Goal of BIA

Goals Identify critical business processes and dependencies. Such as determining RPOs and RTOs. Identify risks and threats. Such as CSP failure. Identify requirements. These may come from senior management, regulations, or a combination of both.

What parts make up the Maximum Tolerable Downtime (MTD)

Recovery Time Object (RTO) & Work Recovery Time (WRT)

BC/DR Walkthrough

Simulates a disaster scenario but only includes operational and support personnel. It is more complicated than a tabletop exercise. Attendees practice certain functional steps to ensure that they have the knowledge and skills needed to complete them. Acting out the critical steps, recognizing difficulties, and resolving problems is critical for this type of test.

What are the five steps used to create an Application Security Management Process?

Specifying the application requirements and environment, Assessing application security risks, Creating and maintaining the Application Normative Framework, Provisioning and operating the application and Auditing the security of the application

Attributes of Cloud computing - NIST SP 800-145

The NIST Definition of Cloud Computing - cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model is composed of five essential characteristics, three service models, and four deployment models.

Business Impact Analysis (BIA)

The business impact analysis gathers asset valuation information that is beneficial for risk analysis and selection of security controls, and criticality information that helps in BC/DR planning by letting the organization understand which systems, data, and personnel are necessary to continuously maintain. It is an assessment of the priorities given to each asset and process within the organization.

business continuity (BC)

The capability of the organization to continue delivery of products or services at acceptable predefined levels following a disruptive incident.

Business Continuity Plan

The creation of a strategy through the recognition of threats and risks facing a company, with an eye to ensure that personnel and assets are protected and able to function in the event of a disaster.

Full-Interruption Test

The entire organization takes part in an unscheduled, unannounced practice scenario, performing their full BCDR activities. Provides the highest level of simulation, including notification and resource mobilization. A real-life emergency is simulated as closely as possible. It is important to properly plan this type of test to ensure that business operations are not negatively affected. This usually includes processing data and transactions using backup media at the recovery site. All employees must participate in this type of test, and all response teams must be involved.

Recovery Service Level (RSL)

The recovery service level is a percentage measurement (0-100%) of how much computing power is necessary based on the percentage of the production system needed during a disaster.

RTO + WRT < MTD.

or SOL

An organization will conduct a risk assessment to evaluate

threats to its assets, vulnerabilities present in the environment, the likelihood that a threat willbe realized by taking advantage of an exposure, the impact that the exposure being realized will have on the organization and the residual risk


Related study sets

Chapter 6 -Lecture Quiz 🌸🌸🌸

View Set

EVERFI Financial Literacy Post Assessment - Consumer Skills

View Set

Understanding business - chapter 10

View Set

~Human Bio Chapter 6 APR~(for my lovely hoes <3) ~love Mireya

View Set

MS3, Exam 3, Ch. 60: - Trigeminal neuralgia, Bell's palsy, Guillain-Barre, Tetanus, Botulism

View Set

Chapter 4-5 notes vertebrate zooology

View Set