Hi, I'm Mike Chapple and this is the audio review of the study essentials for chapter 18 of the official CISSP study guide. Here are the top things that you need to know from this chapter on disaster recovery planning.
Know the common types of natural disasters that may threaten an organization. Natural disasters that commonly threaten organizations include earthquakes, floods, storms, fires, pandemics, tsunamis and volcanic eruptions.
Know the common types of human made disasters that may threaten an organization explosions, electrical fires, terrorist acts, power outages, other utility failures, infrastructure failures, hardware and software failures, labor difficulties, theft and vandalism are all common human made disasters. Be familiar with the common types of recovery facility. The common types of recovery facilities are cold sites, warm sites, hot sites, mobile sites, cloud computing and multiple sites. Be sure that you understand the benefits and drawbacks of each such facility.
Explain the potential benefits behind mutual assistance agreements as well as the reasons they are not commonly implemented in business today. Mutual assistance agreements MAAs provide an inexpensive alternative to disaster recovery sites, but they're not commonly used, because they are difficult to enforce. Organizations participating in MAA may also be shut down by the same disaster and MAAs raise confidentiality concerns.
Understand the technologies that may assist with database backup. Databases benefit from three backup technologies. Electronic vaulting is used to transfer database backups to a remote site as part of a bulk transfer. In remote journaling, data transfers occur on a more frequent basis. With remote mirroring technology, database transactions are mirrored at the backup site in real time.
Explain the common processes used in disaster recovery programs. These programs should take a comprehensive approach to planning and include considerations related to the initial response effort, personnel involved, communication among the team members and with internal and external entities, assessment of response efforts and restoration of services. DR programs should also include training and awareness efforts to ensure that personnel understand their responsibilities and lessons learned sessions to continuously improve the program.
Know the six types of disaster recovery plan testing and the impact that each test type has on normal business operations. The six types of disaster recovery plan tests are read-throughs, tabletops, walkthroughs, simulation tests, parallel tests and full interruption tests. Read-throughs are purely paperwork exercises, whereas tabletops and walkthroughs involve project team meetings. They have no impact on business operations. Simulation tests may shut down non-critical business units. Parallel tests involve relocating personnel, but do not affect day-to-day operations. Full interruption tests involve shutting down primary systems and shifting responsibility to the recovery facility. Those are the study essentials that you'll need to know for chapter 18, disaster recovery planning.