Professional Documents
Culture Documents
© Copyright 2018 Cyberactive Security, LLC. All Rights Reserved. CISSP is a registered trademark of (ISC)2, Inc.
Module 6: Business Continuity And Disaster Recovery
BCP team should define all BCP team members and any outside parties
BCP dependencies should identify required resources and personnel to ensure a successful execution of the BCP
BCP testing and exercises should define in the BCP policy how the plan will be reviewed, tested, and audited
The BCP must be maintained or it can become ineffective and expose the organization to significant risk if a disaster
occurs
© Copyright 2018 Cyberactive Security, LLC. All Rights Reserved. CISSP is a registered trademark of (ISC)2, Inc.
Module 6: Business Continuity And Disaster Recovery
RTO is the maximum amount of time a critical process or function can be unavailable before the business is negatively
impacted
RPO is point in time in which the system can be recovered in order to resume operations
Recovery priorities should be based on tolerance levels
Results from the BIA must be captured in the Business Continuity Plan (BCP)
The BCP will support due care and due diligence for regulatory compliance
© Copyright 2018 Cyberactive Security, LLC. All Rights Reserved. CISSP is a registered trademark of (ISC)2, Inc.
Module 6: Business Continuity And Disaster Recovery
o An incremental backup backs up the files modified since the last full or incremental backup
o Backed up data should be stored onsite and offsite
Onsite backup data allows quickly data restoration
Offsite avoids data loss during a disaster
Electronic vaulting is the copying and transmitting digital information to an offsite storage location
Remote journaling is electronic vaulting of message or log files, not the data itself
Remote mirroring is electronic vaulting that is conducted in real-time
Using Alternative Locations:
o Cold Sites contains only essential environmental infrastructure
o Warm Sites contain basic infrastructure and HVAC equipment but no computing systems
o Hot Sites contain a full suite of all business and system components
o Mobile Sites are a rolling backup site containing the critical assets for disaster recovery
o Mirrored Sites are fully operational replicas of the primary operational site
SLA is a legal agreement between a service provider and a service client
Reciprocal agreements allows two companies to use each other’s facilities for disaster recovery
MAA is similar to a reciprocal agreement, but it is between multiple companies
Maintenance agreements are SLAs for hardware or software vendors to provide specific levels of support
© Copyright 2018 Cyberactive Security, LLC. All Rights Reserved. CISSP is a registered trademark of (ISC)2, Inc.
Module 6: Business Continuity And Disaster Recovery
If the DRP is ever used in a real disaster, it will be likely become evidence in a civil and or criminal case
For the Disaster Recovery Process:
o Personnel will create checklists of tasks and responsibilities
o Personnel process is how DRP personnel are selected within the organization
o Communication process is how DRP information or activation will be communicated
o Assessment process is how damage will be assessed during a disaster event
o Response process is how the organization will respond during a disaster
o Restoration process is how the organization will recover from a disaster
After the DRP is complete, it's time to implement, train, and test the plan to determine effectiveness
© Copyright 2018 Cyberactive Security, LLC. All Rights Reserved. CISSP is a registered trademark of (ISC)2, Inc.
Module 6: Business Continuity And Disaster Recovery
DRP personnel may require addition training such as first aid, CPR, and crisis management
Protecting employees takes priority over saving company data or the information system
Proper training and tests will help personnel develop appropriate DRP skills and responses
© Copyright 2018 Cyberactive Security, LLC. All Rights Reserved. CISSP is a registered trademark of (ISC)2, Inc.
Module 6: Business Continuity And Disaster Recovery
Types of Investigations:
o Operational investigation is used when an incident occurred in an operational or production environment
o Criminal investigation when a crime may/may not have occurred
o Civil investigation when a crime hasn't occurred, but may result in liability
o Regulatory investigation when a regulation violation occurs
Evidence is something tangible that proves or disprove something occurred
o All evidence must be relevant and legally obtained
o Direct evidence is proof/actual evidence that needs no other support
o Real evidence is tangible/physical or digital evidence
o Circumstantial evidence are facts that create a conclusion
o Corroborative evidence supports a claim of an event
o Hearsay evidence cannot be supported by firsthand evidence
o Opinion evidence are statements or an opinion of the facts
o Secondary evidence is unreliable yet supporting evidence
o Digital evidence is direct or real evidence in an electronic or digital format
Electronic discovery is digital evidence or forensic data
IOCE/SWGDE defines principals and standards for digital forensic evidence collection and handling
Evidence must be stored in a secure location that controls access
© Copyright 2018 Cyberactive Security, LLC. All Rights Reserved. CISSP is a registered trademark of (ISC)2, Inc.
Module 6: Business Continuity And Disaster Recovery
© Copyright 2018 Cyberactive Security, LLC. All Rights Reserved. CISSP is a registered trademark of (ISC)2, Inc.