A Brief Guide to Business Continuity and Disaster Recovery

Section 1. Introduction
"Why learn about Business Continuity and Disaster Recovery Plans?" - Well if
disaster strikes or an incident happens to your business or company you want your
business to continue. You don't want to lose customers.
You don't want to lose sales.
You want your business to be able to operate.
If an incident happens and if the incident is big enough that it's classified as a
disaster such as
a flood or a major power outage you need to be able to recover from that disaster.

So your business continuity plan is going to ensure that your business is able to
continue while your
disaster recovery plan is going to be a step by step document on how to recover
from that disaster.

Section 2. Risks, Threats and Incidents

What is Risk? - What are the odds that I'll pull an ace of spades from a deck of
cards.
Well we know that jokers has 52 cards in a deck you have 13 of each suit.
So the odds of me pulling out a specific card no matter what card it is in this
example it's the ace
of spades.
It's one in 52 or it's 1.9 percent.
We know these odds.
Easy to calculate.
But let me ask you this question.
What are the odds of your computer being hacked in the next six months.

A recent definition of risk comes from the International Organization for

Standardization (ISO), where risk is defined as "the effecct of uncertainty on
objectives"

measuring risk by two factors:

1. is the likelihood of an event
2. is the consequence of that event

What is a Threat? - When I talk about threats most people think about hackers and
computer viruses but threats are just
those things.
They can also be non-technical.
There are three main categories that we're going to put threats into.
The first being human, the natural and the third being technical

human threads can be anything from a

corporate spy to someone making an error.

natural threats are hurricanes earthquakes

fires floods and so on.

technical threats and we talked about a few in previous lectures but these can be
hardware
failures software failures malicious code.
We can reduce share accept or avoid it reducing risk is the most common.
We talked about this earlier.
One way to reduce risk is to backup your photos and reducing risk is simply finding
a way that lower
is a consequence of a threat.
We can also share risk.
So if we use a cloud storage solution and I'm just going to use Google for example
Google photos then
the risk is now on the provider.
The risk is on Google to ensure that our photos are safe and secure and that if one
of their drives
fails they have backups done.
But the risk isn't just all on them.
Again we're sharing this risk.

Section 3. Business Continuity Plan

One definition and I like to use is that a business continuity plan ensures that
critical business functions
can continue during that disaster.
Another definition from Wikipedia tells us that business continuity is the process
of creating systems
of prevention and recovery to deal with potential threats to a company.
So why have ABC with ABC AP we're dealing with threats and if we want to lower our
risk then we need
to create this VCP of VCP business continuity plan will help us lower risks to
potential threats out
there.
Risk Management at the heart of all this business continuity plans and disaster
recovery plans.
It's really risk management and business continuity is a subset of risk management.
Now we can branch off here and I could probably do a whole course just on risk
management