Week 10 Cybersecurity Resilience: Business Continuity, Disaster Recovery, and Redundancy Planning

What is a business continuity plan (BCP)?

A strategic document that provides alternative modes of operation for business activities that could suffer significant loss if interrupted.

What is the primary goal of business continuity?

To maintain operations after a disruptive event.

Name three examples of disruptive events.

Hurricane, tsunami, flooding, earthquake.

What is succession planning in the context of business continuity?

Determining in advance who is authorized to take over if a key employee is unavailable or incapacitated.

What does a Business Impact Analysis (BIA) do?

Analyses the most important business functions and quantifies the impact of their loss.

What is a Disaster Recovery Plan (DRP)?

A written document that details the process for restoring IT resources following a significant disruption.

List the typical outline features of a Disaster Recovery Plan.

1. Purpose and Scope 2. Recovery Team 3. Preparing for a Disaster 4. Emergency Procedures 5. Restoration Procedures.

What is the purpose of disaster exercises?

To test the effectiveness of the DRP, including interdepartmental planning and coordination.

What does disaster recovery focus on?

Protecting and restoring information technology functions.

What does Mean Time To Restore (MTTR) measure?

The average time needed to re-establish services after a disruption.

What is redundancy planning?

Building excess capacity to protect against failures, applicable to servers, storage, networks, power, and sites.

What is a server cluster?

The combination of two or more servers that are interconnected to appear as one.

What are the two types of server clusters?

1. Asymmetric server cluster - standby server takes over for a failed server. 2. Symmetric server cluster - every server performs useful work.

What is data backup?

Information copied to a different medium and stored offsite for use in the event of a disaster.

What are the five basic questions to consider for data backup?

1. What information should be backed up? 2. How often should it be backed up? 3. What media should be used? 4. Where should the backup be stored? 5. What hardware or software should be used?

How does backup software manage files that have already been backed up?

By setting an archive bit in the properties of the file.

What has been the traditional medium for data backups for over 30 years?

Magnetic tape.

What are the advantages of cloud backups?

Many advantages over traditional methods, including accessibility and scalability.

What is the Grandfather-Father-Son backup system?

A backup strategy that divides backups into three sets: daily (son), weekly (father), and monthly (grandfather).

What is the Recovery Point Objective (RPO)?

The maximum length of time that an organization can tolerate between backups.

What does Recovery Time Objective (RTO) refer to?

The length of time it will take to recover the data that has been backed up.

What is Disk to Disk (D2D) backup?

A backup method that uses magnetic disk, such as a large hard drive or RAID configuration, as an alternative to magnetic tape.

What are the advantages of D2D over tape backups?

D2D offers better Recovery Point Objectives (RPO) than tape backups.

What is Disk to Disk to Tape (D2D2T)?

A backup method that combines the best of magnetic tape and magnetic disk, using disk as temporary storage.

What is Continuous Data Protection (CDP)?

A backup method that performs continuous data backups that can be restored immediately.

What does RAID stand for?

Redundant Array of Independent Drives.

What is the purpose of RAID?

To use multiple hard disk drives for increased reliability and performance.

What is RAID Level 0?

A striped disk array without fault tolerance.

What is RAID Level 1?

A mirroring RAID configuration.

What is RAID Level 5?

A RAID configuration with independent disks and distributed parity.

What is RAID 0+1?

A RAID configuration that provides high data transfer rates.

What is a hot site in disaster recovery?

A duplicate of the production site that allows a business to continue operations, equipped with all necessary resources.

What is the significance of redundancy in data backup?

Redundancy ensures that data is preserved and accessible even in case of hardware failure or disasters.

What is a hot site in data backup?

A location where data backups can be quickly moved for immediate operations.

What is a cold site?

A site that provides office space but requires the customer to provide and install all necessary equipment.

What defines a warm site?

A site with all equipment installed but lacking active Internet, telecommunications, and current data backups.

What are environmental controls in the context of data protection?

Measures such as fire suppression, proper shielding, and HVAC configuration to prevent disruptions or attacks.

What is the function of an Uninterruptible Power Supply (UPS)?

To maintain power to equipment during interruptions in the primary electrical power source.

What are the two primary types of UPS?

Off-line UPS and On-line UPS.

How can a UPS communicate with a network operating system?

To ensure an orderly shutdown occurs during a power failure.

What tasks can a UPS perform during a power failure?

Notify the network administrator, alert users to log off, prevent new logins, and shut down the server.

What is a backup generator used for?

To provide power when a UPS can no longer supply it.

What four elements must be present for a fire to occur?

A combustible material, sufficient oxygen, enough heat, and a chemical reaction.

Why is fire suppression important for businesses?

To ensure employee safety and maintain business continuity.

What are the five categories of fires?

Fires are classified into five categories based on the type of fuel involved.

Why are handheld fire extinguishers not recommended in server rooms?

The chemical contents can contaminate electrical equipment.

What is a Faraday cage?

A metallic enclosure designed to prevent the entry or escape of electromagnetic fields.

What is Van Eck phreaking?

A form of eavesdropping that captures telecommunications signals from electromagnetic fields.

What does TEMPEST stand for?

Telecommunications Electronics Material Protected from Emanating Spurious Transmissions, a US government standard for reducing emissions from sensitive environments.

What is the role of HVAC systems in data centers?

To regulate heating and cooling, thus controlling environmental factors that can reduce electrostatic discharge (ESD).

What is electrostatic discharge (ESD)?

The sudden flow of electric current between two objects, which can damage electronic equipment.