Ashford Global IT
1800 Pembrook Dr. Suite 300
Orlando, Florida 32810
Toll Free: (888) 838-5498
Local: (407) 612-6999
Domains of CISSP: Business Continuity and Disaster Recovery Planning
Overview
The Business Continuity and Disaster Recovery Planning domain addresses the preservation of the business in face of major disruptions to normal business operations. Business Continuity Plans (BCP) and Disaster Recovery Plans (DRP) involve the preparation, testing, and updating of specific actions to protect critical business processes from the effects of major system and network failures.
Business Continuity Plans counteract interruptions to business activities and should be available to protect critical business processes from the effects of major failures or disasters. It deals with natural and man-made events and the consequences if not dealt with promptly and effectively.
Business Impact Assessment determines the proportion of impact an individual business unit would sustain subsequent to a significant interruption of computing or telecommunication services. These impacts may be financial, in terms of monetary loss, or operational, in terms of inability to deliver.
Disaster Recovery Plans contain procedures for emergency response, extended backup operation, and post-disaster recovery should a computer installation experience a partial or total loss of computer resources and physical facilities. The primary objective of the Disaster Recovery Plan is to provide the capability to process mission-essential applications in a degraded mode and return to normal mode of operation within a reasonable amount of time.
The candidate will be expected to know the difference between business continuity planning and disaster recovery; the candidate should also understand business continuity planning in terms of project scope and planning, business impact analysis, recovery strategies, recovery plan development, and implementation. The candidate should understand disaster recovery in terms of recovery plan development, implementation, and restoration.
Key Areas of Knowledge
- Understand business continuity requirements
- Develop and document project scope and plan
- Conduct business impact analysis
- Identify and prioritize critical business functions
- Determine maximum tolerable downtime and other criteria
- Assess exposure to outages (e.g., local, regional, global)
- Define recovery objectives
- Develop a recovery strategy
- Implement a backup storage strategy (e.g., offsite storage, electronic vaulting, tape rotation)
- Recovery site strategies
- Understand disaster recovery process
- Response
- Personnel
- Communications
- Assessment
- Restoration
- Provide training
- Test, update, assess, and maintain the plan (e.g., version control, distribution)
