This video is part of the computer/information/cyber security and ethical hacking lecture series; by Z. Cliffe Schreuders at Leeds Beckett University. Laboratory work sheets, slides, and other open educational resources are available at http://z.cliffe.schreuders.org.
The slides themselves are creative commons licensed CC-BY-SA, and images used are licensed as individually attributed.
Topics covered in this lecture include:
Contingency planning
Businesses need to plan for when things go wrong, and have procedures in place:
Business continuity planning (BCP)
Disaster recovery planning
Incident response (IR) planning
A business continuity plan describes procedures to continue operations under “adverse conditions”
Adverse conditions
Business continuity planning (BCP) involves
Analysis (threat analysis and business impact analysis)
Solution design
Solution implementation
Testing
Maintainance
Business impact analysis involves
Determining which business processes are mission critical
Determining recovery requirements
Recovery Point Objective (RPO)
Recovery Time Objective (RTO)
Threat analysis
Solution design
Business needs might include a secondary site
Implement
Test (for example, run drills)
Maintainance (keep up-to-date, and verify)
Disaster recovery
Data availability
Systems and services availability
Downtime and uptime
Five nines
Recovery time
Disaster recovery involves: Prevent, detect, recover
Prevention techniques
Redundancy
Mirrored data and or services
RAID: Redundant Array of Independent Disks
Backup power supply: generator or uninterruptible power supply (UPS)
Fail over: when one service goes down a redundant one is used instead
Security controls (access control, admin policies, physical controls, anti-malware)
Recovery techniques
Data backups
Off-site, and/or on-site
Direct, or via network
Service backups
Synchronised to another (possibly outsourced) site, with backup servers
Procedures to restore networks and systems
Including: hardware, software, and configuration
Recovery techniques
Secondary site may be:
Hot site: fully equipped and ready to go live immediately
Warm site: ready to go live soon at a reduced capacity
Cold site: requires some effort to go live