Continuity of Operations – CompTIA Security+ SY0-501 – 5.6

Continuity of Operations – CompTIA Security+ SY0-501 – 5.6

If you’ve built a plan
for a security incident, it’s always a good idea to
use that plan in a test, but putting together a
full-scale test of a disaster drill can cost a lot of
money and a lot of time. A lot of the logistics and
thinking through the process can be done by analyzing
the process in real time. You don’t necessarily have
to have a physical drill with everyone involved if you’re
really just trying to determine if your plan is viable. Because of this, it’s common
to get all the key players together in a room
around a table and have what’s called
a tabletop exercise. This is where you don’t actively
participate in a disaster drill, but you do step through
the process with everyone in the room and talk
about exactly what happens at what time. If you’re planning
a tabletop exercise, there needs to be some
idea of the total scope. Will this be an
internal group of people going through a
disaster drill or do we need to bring in third
parties from the outside– from law enforcement and
other organizations– to also participate
in the drill? We also need to think about
how large the scope will be for this disaster. Will this be contained
in a single room because we had a pipe break? Or will this be a very
large-scale disaster that involves many different people? If possible, you’ll
have everyone in the room that will need to
participate in this tabletop exercise. And it may be the
case that they don’t know what they’re walking into. They only know
that they’re coming to participate in the
tabletop exercise, and only then do
you provide them with the details of what
the disaster drill might be. During this tabletop
exercise, you’ll be able to put into
action all of these plans that you have made, but you
also need to be flexible. During a disaster, not
every piece of information will be available
and not all resources will be available to you. In that particular
case, you need to use this tabletop
exercise to find out where the gaps might be and
what some contingencies might be if a real disaster
was to occur. Once the disaster
exercise is over, we can then look
back at how we did. To be able to do that,
we need to understand what the total scope
was of the exercise and what the objectives
were to get everything back up and running. Our after action
report could also include the methodology
of the disaster drill so that we know exactly
what the explanation was for the entire exercise. It’s useful to include
in an after action report details about the things
that worked very well and information about the things
that didn’t work well at all. You need to be able to
plan for the next drill, and having that information will
help you understand everything that is correct in your
plans and the things that need to be updated. This means that we may
be updating procedures, we may be adding new
tools to our toolbox, and anything else
that can help us prepare for the next
disaster, should it occur. Many organizations will have
a disaster recovery site that they can use if
something does occur with the primary location. This recovery site
is usually prepared and has data synchronization
or any other resources you need to bring that
site up and running. When a disaster is called,
all of your business processes will then failover to this
disaster recovery site. This site may remain
up and running for weeks or even
months, depending on the scope of the event. And eventually you’ll
need to revert back to the original location. This is a relatively
involved process to make the switch over to
the disaster recovery site, and it’s just as complex
to move everything back to the original location. It’s important to
document things as they occur in both directions
so that as you move things into the disaster
recovery site, you’ll understand what the
challenges might be for moving things back. It’s also a good idea to have an
alternative business practice. We know that when
disasters strike, everything can be disrupted,
even the technology that we rely on every day to perform
our business processes. So there needs to be
some type of alternative. If you’re processing
transactions on a computer or over the network,
maybe you want to be able to process
those transactions on paper and provide paper receipts. Instead of automated
credit card approvals, you may have to pick up a
phone and manually process those approvals. The time to roll out this
alternative business practice is not when a disaster occurs. You want to have gone through
the practice and understanding of exactly what it takes to
keep everything up and running, even if a disaster has
occurred around you.

One comment

  1. From looking at these videos (which are extremely helpful and appreciated) it seems that the job of a security professional is extremely broad. Are they generally expected to perform all of these roles, or are organizations generally broken down into some smaller logical groups performing subsets of these functions?

Leave a Reply

Your email address will not be published. Required fields are marked *