Business Continuity

(BCP) Business Continuity Planning

• The set of controls designed to keep a business running in the face of adversity, whether natural or man-made
• Continuity of Operations Planning (COOP)
• Focus
  • Keep business operations running
• Primary control that supports the security objective of Availability
• BCP Scope
  • What business activities will the plan cover
  • What systems will it cover
  • What controls will it consider
• Business Impact Assessment
  • Identifies and prioritizes risks
• Business continuity planning in the cloud requires collaboration between providers and customers.

Business Continuity Controls

• Redundancy
  • Protects against the failure of a single component
• Single Point of Failure Analysis (SPOF)
  • continues until the cost of addressing risks outweighs the benefit
• Succession planning
  • When someone leaves the organization have a replacement or successor ready for that position.

High Availability and Fault Tolerance

• High Availability
  • Uses multiple systems to protect against service failure
• Fault Tolerance
  • Makes a single system resilient against technical failures
• Load Balancing
  • Spreads demand across systems
  • Different than High Availability (They have different goals)
• Common Points of Failure
  • Power Supply
  • Contain moving parts
  • Have High Failure rates
  • Can be redundant
  • May use multiple power sources
  • (UPS) Uninterruptible power supplies
    • supply battery power to devices during brief disruptions
  • (PDUs) Managed power distribution units
    • provide power cleaning and management for a rack
  • Storage media
  • (RAID) Redundant Array of Inexpensive Disks
    • Disk Mirroring (Lvl 1)
    • Two disks have identical contents
    • Synchronized copy of the primary disk.
    • Disk Stripping (Lvl 5)
    • Three or more disk
    • Parity Blocks
      • The system can regenerate that disk’s contents using parity information.
    • Raid is a fault-tolerance technique, not a backup strategy! (Exam Tip)
  • Networking
  • Multiple Internet service providers
  • (NIC) teaming
    • Network Interface Card
  • Multipath networking
• Redundancy Through Diversity
  • Technologies
  • Vendors
  • Cryptography
  • Security Controls