From the course: Cert Prep: ISC2 Certified in Cybersecurity (CC)
Disaster recovery planning
From the course: Cert Prep: ISC2 Certified in Cybersecurity (CC)
Disaster recovery planning
- Business continuity programs are designed to keep a business up and running in the face of a disaster. But unfortunately, they don't always work. Sometimes continuity controls fail or the sheer magnitude of a disaster overwhelms the organization's capacity to continue operations. That's where disaster recovery begins. Disaster recovery is a subset of business continuity activities designed to restore a business to normal operations as quickly as possible following a disaster. The disaster recovery plan may include immediate measures that get operations working again temporarily, but the disaster recovery effort isn't finished until the organization is completely back to normal. The disaster recovery plan may be triggered by an environmental natural disaster, such as a hurricane or a manmade disaster, such as a ransomware attack. The source of the disaster may be internal to the organization, such as a data center failure or external, such as a power outage. In any case, the organization must quickly recognize the circumstances and activate their disaster recovery plan. Once a disaster recovery plan is activated, the initial response following an emergency disruption is designed to contain the damage to the organization. And recover whatever capacity may be immediately restored. The activities during this initial response will vary widely, depending upon the nature of the disaster. And they may include activating an alternate processing facility, containing physical damage, and calling contractors to begin an emergency response. During a disaster recovery effort, the focus of most of the organization shifts from normal business activity to a concentrated effort to restore operations as quickly as possible. From a staffing perspective, this means that many employees will be working in temporary jobs. It may be completely different from their normally assigned duties. Flexibility is key during a disaster response. Also, the organization should plan out disaster responsibilities as much as possible in advance and provide employees with training that prepares them to do their part during a disaster. Communication is crucial to disaster recovery efforts. Responders must have secure, reliable means to communicate with each other and with the organization's leadership. This includes the initial communication required to activate the disaster recovery process, even if the disaster occurs after hours, regular status updates for both employees in the field and leadership, and ad hoc communications to meet tactical needs. After the immediate danger to the organization clears, the disaster recovery team shifts from immediate response mode into assessment mode. The goal of this phase is simple. To triage the damage to the organization and implement functional recovery plans to recover operations on a permanent basis. In some circumstances, it may also include intermediate steps that restore operations temporarily on the way to permanent recovery. There are three metrics used to help an organization plan disaster recovery efforts. The recovery time objective or RTO is the targeted amount of time that it will take to restore a service to operation following a disruption. The organization must also think about the amount of data that it needs to restore as well. The recovery point objective or RPO is the maximum time period from which data may be lost as the result of a disaster. Finally, the recovery service level or RSL is the percentage of a service that must be available during a disaster. For example, you might set the RSL for your website at 50%, recognizing that diminished capacity is acceptable during a disaster response. Together the RTO, RPO, and RSL provide valuable information to disaster recovery planners. After developing a plan, responders then execute that plan, restoring operations in an orderly fashion. Remember, the disaster recovery effort only concludes when the organization is back to normal operations in their primary operating environment. Training and awareness efforts are critical components of a disaster recovery plan. All personnel involved in disaster recovery efforts should receive training about their role in the plan on a periodic basis. And also engage in more frequent awareness programs designed to keep their disaster recovery responsibilities top of mind.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.