3.4 Explain the importance of resilience and recovery in security architecture

What’s the difference between load balancing and clustering?

Load balancing: This is where a load balancer distributes traffic evenly to multiple servers so that way a server doesn’t have a excessive load on it. The servers are all unaware of each other though. Servers can be added or removed from the load balancer as needed.

Clustering: This method takes all the servers and forms them into one server (cluster). The clients only see this one server and all are aware of each other. They use a shared resource to make sure all servers are kept up to date as well.

Match the site with it’s description:

Site:

Warm

Hot

Cold

Description:

This site is ready to go and is an exact replica of everything. Hardware and any applications are kept up to date so if a disaster happens, you can recover very quickly.

This site has no equipment or data. It is usually an empty building and will take time to be back up and running.

This site has some equipment and some data available. However, some setup will still need to be required and will take some time to recover.

Warm site: This site has some equipment and some data available. However, some setup will still need to be required and will take some time to recover.

Hot Site: This site is ready to go and is an exact replica of everything. Hardware and any applications are kept up to date so if a disaster happens, you can recover very quickly.

Cold Site: This site has no equipment or data. It is usually an empty building and will take time to be back up and running.

What is COOP?

COOP stands for Continuity of Operations Plan. This is a hand written plan to ensure that the organizations mission critical functions are up and running within 12 hours and for at least 30 days from a natural disaster.

Match the recovery testing methods with it’s description:

Recovery testing methods:

Simulation

Tabletop Exercises

Parallel processing

Fail over

Description:

strategic, discussion-based simulation of a cyber attack that allows an incident response team to walk through how they would handle a cyber incident without the pressure of a real-world data breach. It also helps fill in gaps where there may be a weakness, strengthen team communication and improve security.

Used to see if your redundant systems would take over in case there was an incident or failure somewhere. This is used to ensure the business can keep running without users knowing there was one.

Used to test user awareness and mainly used to test internal security. A phishing email is an example of this kind of recovery method.

Processes are split into different CPU cores. This can be achieved by using 1 PC with multiple CPU cores or multiple PC’s. If a core fails, the process can still continue until it’s repaired or replaced.

Simulation: Used to test user awareness and mainly used to test internal security. A phishing email is an example of this kind of recovery method.

Tabletop Exercises: strategic, discussion-based simulation of a cyber attack that allows an incident response team to walk through how they would handle a cyber incident without the pressure of a real-world data breach. It also helps fill in gaps where there may be a weakness, strengthen team communication and improve security.

Parallel processing: Processes are split into different CPU cores. This can be achieved by using 1 PC with multiple CPU cores or multiple PC’s. If a core fails, the process can still continue until it’s repaired or replaced.

Fail over: Used to see if your redundant systems would take over in case there was an incident or failure somewhere. This is used to ensure the business can keep running without users knowing there was one.