Add to collection(s) Add to saved
  1. Business
  2. Management

Principles of Computer Security

advertisement 
Principles of Computer Security:
CompTIA Security+
Security+® and Beyond, Third Edition
Disaster Recovery, Business Continuity,
and Organizational Policies
Chapter 19
© 2012
Principles of Computer Security:
CompTIA Security+
Security+® and Beyond, Third Edition
Objectives
• Describe the various ways backups are
conducted and stored.
• Explain different strategies for alternative site
processing.
• Describe the various components of a business
continuity plan.
• Explain how policies and procedures play a daily
role in addressing the security needs of an
organization.
© 2012
Principles of Computer Security:
CompTIA Security+
Security+® and Beyond, Third Edition
2.5 Compare and contrast aspects of
business continuity
•
•
•
•
•
•
•
© 2012
Business impact analysis
Removing single points of failure
Business continuity planning and testing
Continuity of operations
Disaster recovery
IT contingency planning
Succession planning
Principles of Computer Security:
CompTIA Security+
Security+® and Beyond, Third Edition
2.7 Execute disaster recovery plans and
procedures
• Backup / backout contingency plans or policies
• Backups, execution and frequency
• Redundancy and fault tolerance
• Hardware
• RAID
• Clustering
• Load balancing
• Servers
• High availability
• Cold site, hot site, warm site
• Mean time to restore, mean time between failures, recovery
time objectives and recovery point objectives
© 2012
Principles of Computer Security:
CompTIA Security+
Security+® and Beyond, Third Edition
Disaster Recovery
• Organizations face a variety of disaster
scenarios.
• Disasters can be caused by nature or manmade
events.
• Disaster recovery plans consider all types of
organizational disruption.
• Different disruptions will require different
recovery strategies.
© 2012
Principles of Computer Security:
CompTIA Security+
Security+® and Beyond, Third Edition
Disaster Recovery Plans (DRP) / Process
• DRPs intended to minimize disaster impact.
– Defines the data, resources, and necessary
steps to restore critical organizational
processes.
• Planning process, initial phase:
– Consider needed resources to perform the company’s
mission.
– Identify critical functions.
© 2012
Principles of Computer Security:
CompTIA Security+
Security+® and Beyond, Third Edition
Disaster Recovery Plans / Process
(continued)
• Initial phase yields the business impact
assessment (BIA).
• Continued planning includes:
– Outline of processes and procedures to restore an
organizations critical operations
– Prioritized according to criticality for restoral
© 2012
Principles of Computer Security:
CompTIA Security+
Security+® and Beyond, Third Edition
Business Continuity Plan (BCP)
• Focuses on continued operation of a business in
extenuating circumstances.
• Stronger emphasis placed on critical systems.
• Will describe the functions that are most critical, based
on a previously conducted BIA.
• Will describe the order in which functions should be
returned to operation.
• Describes what is needed for the business to continue
to operate.
© 2012
Principles of Computer Security:
CompTIA Security+
Security+® and Beyond, Third Edition
Backups
• Critical part of BCP and BRP
• Provides valid, uncorrupted data for restoration
• Good backups include all needed files
– Applications, operations systems, and utilities
© 2012
Principles of Computer Security:
CompTIA Security+
Security+® and Beyond, Third Edition
What Needs to Be Backed Up?
•
•
•
•
•
Data
Application programs
Operating systems
Utilities for the hardware platform
Personnel, equipment, and electrical power must
also be part of the plan.
• Backup plan should back up the files that
change more often than the files that do not
chance much.
© 2012
Principles of Computer Security:
CompTIA Security+
Security+® and Beyond, Third Edition
Backup Strategy
• Backup considerations
– Size of the resulting backup
– Media used for the backup
– How long backups will be stored
• Four types of backups
– Full, differential, incremental, delta
© 2012
Principles of Computer Security:
CompTIA Security+
Security+® and Beyond, Third Edition
Backup Types
• Full backup
– All files copied onto the storage media
• Differential backup
– Files that have changed since last full backup
• Incremental backup
– Files since last full or incremental backup
• Delta backup
– Portions of files changed since last backup
© 2012
Principles of Computer Security:
CompTIA Security+
Security+® and Beyond, Third Edition
Alternative Sites
• Should be considered in BCP / DRP
• Three types of sites:
– Hot site: Fully configured environment that
can be operational immediately
– Warm site: Partially configured, lacks more
expensive computing components
– Cold site: Basic environmental controls but
few computing components
© 2012
Principles of Computer Security:
CompTIA Security+
Security+® and Beyond, Third Edition
Utilities
• Power failures may disrupt operations
– UPSs provide enough power to allow systems
to be shutdown gracefully.
– Backup generator may be necessary for
sustained power needs.
© 2012
Principles of Computer Security:
CompTIA Security+
Security+® and Beyond, Third Edition
Cloud Computing
• Allows for the contracting of functions like
e-mail and file storage to third parties
• Can be more cost effective but also comes
with inherent risks
• Oct 21, 2012 Amazon Cloud outage
• June 29, 2012 Amazon Cloud outage
© 2012
Principles of Computer Security:
CompTIA Security+
Security+® and Beyond, Third Edition
High Availability and Fault Tolerance
• High availability is the ability to maintain
availability during disruptive events.
• Fault tolerance is the mirrored system that takes
over if a fault occurs.
• Single point of failure is the point in a critical
operation that would cause the entire operation
to fail if it failed.
© 2012
Principles of Computer Security:
CompTIA Security+
Security+® and Beyond, Third Edition
Incident Response Policies and
Procedures
• Several phases should be covered in an
incident response policy:
– Preparation
– Detection
– Containment and eradication
– Recovery
– Follow-up actions
© 2012
Principles of Computer Security:
CompTIA Security+
Security+® and Beyond, Third Edition
Chapter Summary
• Describe the various ways backups are
conducted and stored.
• Explain different strategies for alternative site
processing.
• Describe the various components of a business
continuity plan.
• Explain how policies and procedures play a daily
role in addressing the security needs of an
organization.
© 2012
Related documents
Chap10_R
Chap10_R
Newsletter_Aug_2009_..
Newsletter_Aug_2009_..
Principles of Computer Security
Principles of Computer Security
Chapter title
Chapter title
Disaster Recovery
Disaster Recovery
Performance Based Questions
Performance Based Questions
New Credentials Validation Service Available for CompTIA Certified
New Credentials Validation Service Available for CompTIA Certified
Principles of Computer Security
Principles of Computer Security
CompTIA A+ Essentials
CompTIA A+ Essentials
Business Continuity Plan
Business Continuity Plan
Principles of Computer Security
Principles of Computer Security
Disaster Recovery in IT
Disaster Recovery in IT
Download
advertisement