Вы находитесь на странице: 1из 4

Study Notes and Theory Home Start Here Study Resources Crack the CISSP Blog Shop Forum

CISSP Blog Shop Forum About

Downloads
Study Resources Security and Risk Management

BCP/DRP Quick Notes


March 22, 2017 | Luke Ahmed

In case you haven't studied the BCP/DRP section of your studies yet, here is

some information that I sent to the folks on the newsletter:

Digital Signature Process


and PDF
The topic of proper business continuity and disaster recovery planning ishighly April 4, 2017

testable. Study Session Videos


We'resorry,this We'resorry,this
ontentcannotbe contentcannotb
played.Pleasetry displayed.Please
againlater. Expect to be tested on the following: againlater.

BCP process and steps (Not specifics, just the general flow)

Components of the Business Impact Analysis (ARO, MTTR, MTBF, SLE)

The idea that all stakeholders of a BCP should be involved in the planning
How Vivek Cracked His
Business continuation strategies CISSP Exam
February 13, 2017
The importance of documentation

Here are some important concepts to remember:


The process of restoring an organization's critical business functions after a

disaster is known as BCP


Ed Took a MIT Course to
Dealing with a more immediate or specific emergency is known as DRP. Boost CISSP Knowledge
March 7, 2016
Difference between BCP and DRP Study Resources
BCP is more high-level than DRP. DRP falls under the umbrella of BCP.
Answers To Your CISSP
"What if our main data center was destroyed by an earthquake, what do FAQs
March 29, 2017
we do?" - That's BCP.
The Core CISSP Concepts
"What if our firewall failed at our main data center, what do we do?" - March 28, 2017

That's DRP.
CISSP Exam
The start of any organization's DRP/BCP program must have the approval of Brain Dumps
March 27, 2017
the senior management team
BCP/DRP Quick
Management's approval is also a show of their support Notes
March 22, 2017
BCP/DRP is all about documentation, documentation, documentation

According to the CISSP, the first thing to look for in a disaster is the 5 Tips For
Passing The
proper documentation that contains procedures and guidelines on how CISSP Exam
March 16, 2017
to deal with a disaster
Where Do I
Start Studying
Here are some types of disasters: for the CISSP?
March 14, 2017

Man-made
Cryptography
Negligence Quick Notes
March 10, 2017
Study Notes and Theory Home Start Here Study Resources Crack the CISSP Blog Shop Forum About
Warfare
Archive
Fires

Terrorism June 2017 (1)

Insider threat May 2017 (2)

April 2017 (9)


Cyber attack
March 2017 (21)
Natural
February 2017 (6)
Flood January 2017 (4)

Earthquake December 2016 (3)

Tornado November 2016 (2)

October 2016 (10)


Tsunami
September 2016 (1)
The basic steps of a sound BCP are: July 2016 (7)

Phase 1: Scope and Initiation

Phase 2:Business Impact Analysis Search By Tags

Phase 3: Recovery Strategies and Continuity Development ARO CIA CPE NAT
access control aggregation
Phase 4: Implementation and Testing chain of custody cissp
cissp brain dumps cissp pass
Phase 5: Maintenance
classification cloud
cryptography disasater recovery
downloads encryption
List the steps of the BIA endorsement feature1 feature2
feature3 feature4 inference iso
The below graphic is from Shon Harris AIO 7th Edition page 134, this was the
movies network security
source of Study Session 4, as well as the Sybex. You can see the list of the BIA non-discretionary notes
old new cissp domains pass pdf
as explained by Shon, as well as some of the other phases.
physical security risk roles tips

RTO vs RPO vs MTTF vs MTTR


RTO is the maximum amount of time that is needed to bring critical

businessfunctionsback to normal operating status before that business is


crushed.
Study Notes and Theory Home Start Here Study Resources Crack the CISSP Blog Shop Forum About

RPO is the measure of at what point in time a business can go back and still

salvage enough data to fully operate. For example, can a business lose all the
data it has accumulated in the last 10 minutes and still operate as a business?

Probably. But can it lose all the data it has accumulated in a 12 hour period

and still function? This depends on the type of business. A company that deals

with the stock market and money, probably has a really short RPO, compared

to a school with a database of past test scores, which could have a longer RPO.

MMTF as we stated is the same thing as MTBF. It is the measure of how long

something is supposed to operate before failure.

MTTR is the amount of time required that is necessary to bring a critical

business function back to operation. The mean time to recovery for your 2nd

monitor in a dual monitor setup can probably be 72 hours to a week before

you start finding it necessary to have a 2nd monitor again. The mean time to

recovery for your mouse is probably a lot shorter, maybe minutes to hours?

Click here for a video and PDF download onMTD, RPO, RTO, WRT.

Due Care vs Due Diligence Example


Differentiating these two is a tough one, it's like comparing when you are

angry vs when you are frustrated. The best way to understand it is to keep

reading examples of it until it sinks in.

Due Care: Updating, patching, and securing a firewall

Due Diligence: Keep firewall support license warranty up-to-date, review SLA

annually, check the news for CVEs against the firewall technology.

Due Care: Doing the immediate right thing, like updating your Windows

machine when updates come in


Due Diligence: Maybe look into other types of solutions where there aren't so

many vulnerabilities. For example, if you have a Windows web server, but

Windows is experiencing a lot of vulnerabilities that is affecting your business,

research the possibility of moving to a Linux machine.

Due Care: Taking the CISSP exam

Due Diligence: Studying everything you can about the exam before taking it
Study Notes and Theory Home Start Here Study Resources Crack the CISSP Blog Shop Forum About
Due Care: An action

Due Diligence: A process or framework

You'll also have to know stuff like hot site, cold site, warm site, and the

differences between them, along with when each site should be utilized.

Tags: notes

We'resorry,thiscontentcannotbedisplayed.Pleasetryagainlater.

ShareonFacebook ShareonTwitter 2 1 6

2Comments StudyNotesandTheory
1 Login

SortbyBest
Recommend 2 Share

Jointhediscussion

DeviS2monthsago
Excellentpost!!Justasmallquery.UnderBCPsteps,youpostedstepsasperSybexbook,
howeverthestepsaredifferentinotherstudymaterials.Butisitstillrelevanttograsp
fromsybexalone?IammuchconfusedonwhichbooktofollowforBCPandyour
responsewouldbehighlyhelpful!!
Reply Share

studynotesandtheory Mod >DeviS 2monthsago

Greatquestion!Thetruthisthateverystudyguidehasadifferentversionofthe
BCP/DRP,whilesomebooksjusthaveBCPandnotDRP!Thisisbecausenobody
reallyknowshowitisgoingtobeontheexam,thebooksaremerelyaguide.Itis
bestpracticetojustunderstandthestepsandtheirGENERALorder,andtheir
concepts,insteadofjustmemorizingeachofthesteps.Justknowthegeneralflow,
mustliketheSDLC..
Reply Share

Subscribe d AddDisqustoyoursiteAddDisqusAdd Privacy

2013 Study Notes and Theory Proudly created to make you


Terms and Conditions/Privacy Policy a better security professional.