Unit 10 Lab
Chapter 14 is about developing a Disaster Recovery Plan to help mitigate risk. A DRP is a plan on how your business will react and recover from a disaster by restoring a critical business process or system to operation. A DRP or several DRPs could be included in a Business Continuity Plan. A DRP will most likely include a purpose. This can include anything from saving lives to ensuring the continuity of your business by recovering from a disaster. The success of your DRP is dependent on several critical success factors. These CSFs can include management support, knowledge and authority, identification of recovery time objectives or alternate location needs, and a disaster recovery budget. Management needs to provide resources (manpower, financial support) and leadership. DRP Developers need to have knowledge of disaster recovery, knowledge of the organization’s functions, and authority. Although there are no specific rules regarding what a DRP should include, there are many common elements. These can include purpose, scope, disaster/emergency declaration, communications, emergency response, activities, recovery steps and procedures, critical business operations, recovery operations, and critical operations, customer service, and operations recovery. Any plan put in place should be tested. For a DRP, you can use desktop exercises, simulations, or a full-blown DRP test. DRPs should also be reviewed regularly and updated as needed. As things in your organization change, it could degrade the usability of your DRP. DRPs mitigate risk by reducing the effect of disasters. With a clear plan established and tested, a disaster will be much quicker to recover from than it would be if no plan was in place.
Chapter 15 deals with using Computer Incident Response Teams to mitigate risk. A CIRT is a group of people that respond to incidents. A CIRT plan is a formal document that establishes the procedure for responses to incidents. These incidents can include denial of service attacks, malicious code, unauthorized access, inappropriate usage, or multiple