{"id":341,"date":"2015-07-18T18:38:53","date_gmt":"2015-07-18T18:38:53","guid":{"rendered":"https:\/\/learncisco.net\/index.php\/disaster-recovery-and-business-continuity\/"},"modified":"2023-01-19T20:29:24","modified_gmt":"2023-01-19T13:29:24","slug":"disaster-recovery-and-business-continuity","status":"publish","type":"page","link":"https:\/\/www.learncisco.net\/courses\/iins\/common-security-threats\/disaster-recovery-and-business-continuity.html","title":{"rendered":"Disaster Recovery and Business Continuity"},"content":{"rendered":"

A key section of your written security policy should address business continuity planning (BCP) and disaster recovery processes. This really leads to the continuous operation of your organization if there is a prolonged outage, or a service interruption, or some type of natural disaster. These should include emergency response phases: a recovery phase, and then the return to normal operations phase. You also want to identity the responsibilities of the key personnel, and kind of a chain of commands so that if something happens to certain people, who is going to be responsible. Also what resources do you have available during a particular emergency. You also want to make sure that you have scenarios thought out \u2013 possible scenarios for flood, hurricane, power outage, things like that \u2013 and then make sure that you, if you can, go through some testing.<\/p>\n

You’re thinking about things that could most likely occur, okay. If you don’t live in a part of the country that is going to have earthquakes very often, then you won’t want to spend time in resources preventing or protecting yourself against earthquake, you know, you’re going to be realistic.<\/p>\n

Business continuity planning is going to provide a framework for short to medium time continuous operations. There is really two objectives here \u2013 being able to move or relocate your critical business components (your hardware, your software, and your people) to a nearby location while you can fix the original location, and then having multiple channels of communication to be able to talk to your customers, your vendors, your shareholders, and your partners until the time that business operations get back to normal.<\/p>\n

Disaster recovery<\/h2>\n

Disaster recovery is really exactly what it is. That’s recovering from some disastrous or catastrophic situation where you can get access again to hardware, and software \u2013 and the data that resides in that hardware and software, whatever you need to do to get back to your business operations after some type of natural or manmade event. This should include plans for unexpected or sudden loss of important personnel as well, so contingency plans for that. Disaster recovery plan is typically part of a larger plan known as BCP or business continuity planning. So there are really four key points here: protecting data (making sure it’s not compromised during the emergency), keeping employees and personnel safe as possible, making sure business functionality is not compromised and can be resumed in a timely way, and then minimize the decision making that’s needed during a disaster. And again, that may involve doing some scenarios, or some testing, or we could call them drills.<\/p>\n

Business continuity planning<\/h2>\n

Here are three critical acronyms or terms that relate to business continuity:<\/p>\n