Business Continuity

The set of controls designed to keep a business running in the face of adversity, whether natural or man-made
Continuity of Operations Planning (COOP)
Focus * Keep business operations running
Primary control that supports the security objective of Availability
BCP Scope * What business activities will the plan cover * What systems will it cover * What controls will it consider
Business Impact Assessment * Identifies and prioritizes risks
Business continuity planning in the cloud requires collaboration between providers and customers.

Redundancy * Protects against the failure of a single component
Single Point of Failure Analysis (SPOF) * continues until the cost of addressing risks outweighs the benefit
Succession planning * When someone leaves the organization have a replacement or successor ready for that position.

High Availability * Uses multiple systems to protect against service failure
Fault Tolerance * Makes a single system resilient against technical failures
Load Balancing * Spreads demand across systems * Different than High Availability (They have different goals)
Common Points of Failure * Power Supply * Contain moving parts * Have High Failure rates * Can be redundant * May use multiple power sources * (UPS) Uninterruptible power supplies * supply battery power to devices during brief disruptions * (PDUs) Managed power distribution units * provide power cleaning and management for a rack * Storage media * (RAID) Redundant Array of Inexpensive Disks * Disk Mirroring (Lvl 1) * Two disks have identical contents * Synchronized copy of the primary disk. * Disk Stripping (Lvl 5) * Three or more disk * Parity Blocks * The system can regenerate that disk’s contents using parity information. * Raid is a fault-tolerance technique, not a backup strategy! (Exam Tip) * Networking * Multiple Internet service providers * (NIC) teaming * Network Interface Card * Multipath networking
Redundancy Through Diversity * Technologies * Vendors * Cryptography * Security Controls