Business Continuity

(BCP) Business Continuity Planning

  • The set of controls designed to keep a business running in the face of adversity, whether natural or man-made
  • Continuity of Operations Planning (COOP)
  • Focus
    • Keep business operations running
  • Primary control that supports the security objective of Availability
  • BCP Scope
    • What business activities will the plan cover
    • What systems will it cover
    • What controls will it consider
  • Business Impact Assessment
    • Identifies and prioritizes risks
  • Business continuity planning in the cloud requires collaboration between providers and customers.

Business Continuity Controls

  • Redundancy
    • Protects against the failure of a single component
  • Single Point of Failure Analysis (SPOF)
    • continues until the cost of addressing risks outweighs the benefit
  • Succession planning
    • When someone leaves the organization have a replacement or successor ready for that position.

High Availability and Fault Tolerance

  • High Availability
    • Uses multiple systems to protect against service failure
  • Fault Tolerance
    • Makes a single system resilient against technical failures
  • Load Balancing
    • Spreads demand across systems
    • Different than High Availability (They have different goals)
  • Common Points of Failure
    • Power Supply
    • Contain moving parts
    • Have High Failure rates
    • Can be redundant
    • May use multiple power sources
    • (UPS) Uninterruptible power supplies
      • supply battery power to devices during brief disruptions
    • (PDUs) Managed power distribution units
      • provide power cleaning and management for a rack
    • Storage media
    • (RAID) Redundant Array of Inexpensive Disks
      • Disk Mirroring (Lvl 1)
      • Two disks have identical contents
      • Synchronized copy of the primary disk.
      • Disk Stripping (Lvl 5)
      • Three or more disk
      • Parity Blocks
        • The system can regenerate that disk’s contents using parity information.
      • Raid is a fault-tolerance technique, not a backup strategy! (Exam Tip)
    • Networking
    • Multiple Internet service providers
    • (NIC) teaming
      • Network Interface Card
    • Multipath networking
  • Redundancy Through Diversity
    • Technologies
    • Vendors
    • Cryptography
    • Security Controls