CISSP Domain 8 : BUSINESS CONTINUITY PLANNING (BCP) & DISASTER RECOVERY PLANNING (DRP)(page1)

.Overview

The Business Continuity Planning (BCP) and Disaster Recovery Planning

(DRP) domain addresses the preservation of the business in the face of

major disruptions to normal business operations. BCP and DRP involve the

preparation, testing and updating of specific actions to protect critical

business processes from the effect of major system and network failures.

Business Continuity Plans counteract interruptions to business activities and

should be available to protect critical business processes from the effects of

major failures or disasters. It deals with the natural and man-made events

and the consequences if not dealt with promptly and effectively.

Business Impact Assessment determines the proportion of impact an

individual business unit would sustain subsequent to a significant interruption

of computing or telecommunication services. These impacts may be

financial, in terms of monetary loss, or operational, in terms of inability to

deliver.

Disaster Recovery Plans contain procedures for emergency response,

extended backup operation and post-disaster recovery should a computer

installation experience a partial or total loss of computer resources and

physical facilities. The primary objective of the Disaster Recovery Plan is to

provide the capability to process mission-essential applications, in a

degraded mode, and return to normal mode of operation within a reasonable

amount of time.

The candidate will be expected to know the difference between business

continuity planning and disaster recovery; business continuity planning in

terms of project scope and planning, business impact analysis, recovery

strategies, recovery plan development, and implementation. The candidate

should understand disaster recovery in terms of recovery plan development,

implementation and restoration.

Key Areas of Knowledge

§ Business Continuity Planning

§ Project Scope and Planning

§ Business Organization Analysis

§ Resource Requirements

§ Legal and Regulatory Requirements

§ Business Impact Assessment

§ Emergency Assessment

§ Business Success Factors

§ Critical Business Functions

§ Establishment of Priorities

§ Development of Alternative Means of Accomplishing Objectives

§ Containment Strategy

§ How to develop a strategy, provisions, and processes

§ Recovery Strategy

§ Business Unit Priorities

§ Crisis Management

§ Work Group Recovery

§ Alternatives

§ Cold/Warm/Hot/Mobile Sites

§ Electronic Vaulting

§ Selection Criteria

§ Processing Agreements

§ Reciprocal/Mutual

§ Recovery Plan Development

§ Emergency Response

§ How to develop emergency response teams and procedures

§ Personnel Notification

§ How to handle personnel notification and communications to

management

§ Backups and Off-site Storage

§ How to determine what to back up (data, software,

parameters, tables, formulas, documentation, etc.) and how

often (cost of backups versus cost to recreate or process to

bring up to date)

§ How to determine a proper storage facility for backups

§ Software Escrow Arrangements

§ External Communications

§ Utilities

§ How to determine proper applications of UPSs

§ Logistics and Supplies

§ Fire and Water Protection

§ Documentation

§ Implementation

§ Work Group Recovery

§ Recovery Techniques

§ How to develop a containment strategy

§ How to determine provisions to stock and where to store them

§ How to develop recovery processes

§ Facilities

§ Telecommunications

§ Software

§ Data

Next Page ..