Chapter 6. Disaster Planning and Recovery

OBJECTIVES

This chapter covers the following TruSecure-specified objectives for the TICSA exam:

Identify or explain examples of risk management fundamentals and the basic tenets of security.

• This exam objective ensures you are aware of the fundamental principles of computer security. A strong set of business continuity and disaster recovery plans is essential to a healthy organization.

OUTLINE

Introduction 184

Assembling the Project Team 184

Business Continuity Versus Disaster Recovery 185

The Business Continuity Plan 186

Establishing Operational Priorities 187

Performing a Business Impact Analysis 187

Identify the Risks 188

Assess the Likelihood 188

Judge the Impact 189

Prioritize Resource Allocation 189

Continuity Strategies 190

Data Backup 191

Single Point of Failure Elimination 192

The BCP Document 194

The Disaster Recovery Plan 194

Recovery Facilities 194

Data Recovery 196

Restoration of Normal Operations 197

The DRP Document 198

Step-by-Step Procedures 198

Phase I—Project Initiation 198

Phase II—Risk Analysis 199

Phase III—Business Impact Analysis 199

Phase IV—Building the Plans 200

Phase V—Testing and Validating the Plans 200

Phase VI—Plan Modification 200

Phase VII—Plan Approval 201

Phase VIII—Implementation 201

Testing and Training 202

Testing the BCP/DRP Plans 202

Training Key Personnel 203

STUDY STRATEGIES

• The TICSA exam normally contains several questions on disaster preparedness and recovery procedures. Don't be surprised if you see questions asking you to recognize common types of disaster or identify essential elements of disaster recovery and business continuity plans.