Page 757 - StudyBook.pdf
P. 757

Operational and Organizational Security: Policies and Disaster Recovery• Chapter 12  741

                 sonnel, documentation on systems architecture, and other elements related to
                 recovery, and clear procedures to follow when performing important tasks.
                    When considering the issue of personnel, administrators should designate
                 members who will be part of an incident response team who will deal with disas-
                 ters when they arise. Members should have a firm understanding of their roles in
                 the disaster recovery plan and the tasks they will need to perform to restore sys-
                 tems.A team leader should also be identified, so a specific person is responsible for
                 coordinating efforts.
                    Recovery methods discussed in the plan should focus on restoring the most
                 business-critical requirements first. For example, if a company depends on sales
                 from an e-commerce site, restoring this server would be the primary focus.This
                 would allow customers to continue viewing and purchasing products while other
                 systems are being restored.
                    Another important factor in creating a disaster recover plan is cost.As discussed,
                 hot, warm, and cold sites require additional cost such as rent, purchasing hardware
                 that may not be used until a disaster occurs (if one ever does), stock office supplies,
                 and other elements that allow a business to run properly.This can present a dilemma;
                 you do not want to spend more money on preparation than it would cost to recover
                 from a disaster, but you also do not want to be overly frugal and not be able to
                 restore systems in a timely manner. Finding a balance between these two extremes is
                 the key to creating a disaster recovery plan that is affordable and effective.

                 Business Continuity

                 Business continuity is a process that identifies key functions of an organization, the
                 threats most likely to endanger them, and creates processes and procedures that
                 ensure these functions will not be interrupted (at least for long) in the event of an
                 incident. It involves restoring the normal business functions of all business opera-
                 tions, so that all elements of the business can be fully restored.


                 EXAM WARNING

                      For the Security+ exam you should be able to differentiate between a
                      disaster recovery plan and a business continuity plan. A quick way to
                      remember this is to associate disaster recovery planning with IT func-
                      tions, while business continuity planning involves the business as a
                      whole. Business continuity plans are made up of numerous plans that
                      are focused with restoring the normal business functions of the entire




                                                                              www.syngress.com
   752   753   754   755   756   757   758   759   760   761   762