CISSP - Certified Information Systems Security Professional Study Guide, 2nd Edition (2004)
.pdf
Review Questions |
471 |
17.What type of mitigation provision is utilized when redundant communications links are installed?
A.Hardening systems
B.Defining systems
C.Reducing systems
D.Alternative systems
18.What type of plan outlines the procedures to follow when a disaster interrupts the normal operations of a business?
A.Business continuity plan
B.Business Impact Assessment
C.Disaster recovery plan
D.Vulnerability assessment
19.What is the formula used to compute the single loss expectancy for a risk scenario?
A.SLE=AV*EF
B.SLE= RO*EF
C.SLE=AV*ARO
D.SLE=EF*ARO
20.When computing an annualized loss expectancy, what is the scope of the output number?
A.All occurrences of a risk across an organization during the life of the organization
B.All occurrences of a risk across an organization during the next year
C.All occurrences of a risk affecting a single organizational asset during the life of the asset
D.All occurrences of a risk affecting a single organizational asset during the next year
472 Chapter 15 Business Continuity Planning
Answers to Review Questions
1.B. The business organization analysis helps the initial planners select appropriate BCP team members and then guides the overall BCP process.
2.B. The first task of the BCP team should be the review and validation of the business organization analysis initially performed by those individuals responsible for spearheading the BCP effort. This ensures that the initial effort, undertaken by a small group of individuals, reflects the beliefs of the entire BCP team.
3.C. A firm’s officers and directors are legally bound to exercise due diligence in conducting their activities. This concept creates a fiduciary responsibility on their part to ensure that adequate business continuity plans are in place.
4.D. During the planning phase, the most significant resource utilization will be the time dedicated by members of the BCP team to the planning process itself. This represents a significant use of business resources and is another reason that buy-in from senior management is essential.
5.A. The quantitative portion of the priority identification should assign asset values in monetary units.
6.C. The annualized loss expectancy (ALE) represents the amount of money a business expects to lose to a given risk each year. This figure is quite useful when performing a quantitative prioritization of business continuity resource allocation.
7.C. The maximum tolerable downtime (MTD) represents the longest period a business function can be unavailable before causing irreparable harm to the business. This figure is very useful when determining the level of business continuity resources to assign to a particular function.
8.B. The SLE is the product of the AV and the EF. From the scenario, you know that the AV is $3,000,000 and the EF is 90 percent, based upon the fact that the same land can be used to rebuild the facility. This yields an SLE of $2,700,000.
9.D. This problem requires you to compute the ALE, which is the product of the SLE and the ARO. From the scenario, you know that the ARO is 0.05 (or 5 percent). From question 8, you know that the SLE is $2,700,000. This yields an SLE of $135,000.
10.D. The qualitative analysis portion of the BIA allows you to introduce intangible concerns, such as loss of customer goodwill, into the BIA planning process.
11.C. The strategy development task bridges the gap between Business Impact Assessment and Continuity Planning by analyzing the prioritized list of risks developed during the BIA and determining which risks will be addressed by the BCP.
12.D. The safety of human life must always be the paramount concern in Business Continuity Planning. Be sure that your plan reflects this priority, especially in the written documentation that is disseminated to your organization’s employees!
13.C. It is very difficult to put a dollar figure on the business lost due to negative publicity. Therefore, this type of concern is better evaluated through a qualitative analysis.
Answers to Review Questions |
473 |
14.B. The single loss expectancy (SLE) is the amount of damage that would be caused by a single occurrence of the risk. In this case, the SLE is $10 million, the expected damage from one tornado. The fact that a tornado occurs only once every 100 years is not reflected in the SLE but would be reflected in the annualized loss expectancy (ALE).
15.C. The annualized loss expectancy (ALE) is computed by taking the product of the single loss expectancy (SLE), which was $10 million in this scenario, and the annualized rate of occurrence (ARO), which was 0.01 in this example. These figures yield an ALE of $100,000.
16.C. In the provisions and processes phase, the BCP team actually designs the procedures and mechanisms to mitigate risks that were deemed unacceptable during the strategy development phase.
17.D. Redundant communications links are a type of alternative system put in place to provide backup circuits in the event a primary communications link fails.
18.C. Disaster recovery plans pick up where business continuity plans leave off. After a disaster strikes and the business is interrupted, the disaster recovery plan guides response teams in their efforts to quickly restore business operations to normal levels.
19.A. The single loss expectancy (SLE) is computed as the product of the asset value (AV) and the exposure factor (EF). The other formulas displayed here do not accurately reflect this calculation.
20.D. The annualized loss expectancy, as its name implies, covers the expected loss due to a risk during a single year. ALE numbers are computed individually for each asset within an organization.
Chapter Disaster Recovery
16 Planning
THE CISSP EXAM TOPICS COVERED IN THIS
CHAPTER INCLUDE:
Recovery Strategy
Recovery Plan Development
Implementation
Work Group Recovery
Training/Testing/Maintenance
BCP/DRP Events
In the previous chapter, you learned the essential elements of Business Continuity Planning (BCP)—the art of helping your organization avoid being interrupted by the devastating effects of
an emergency. Recall that one of the main BCP principles was risk management—you must assess the likelihood that a vulnerability will be exploited and use that likelihood to determine the appropriate allocation of resources to combat the threat.
Because of this risk management principle, business continuity plans are not intended to prevent every possible disaster from affecting an organization—this would be an impossible goal. On the contrary, they are designed to limit the effects of commonly occurring disasters. Naturally, this leaves an organization vulnerable to interruption from a number of threats—those that were judged to be not worthy of mitigation or those that were unforeseen.
Disaster Recovery Planning (DRP) steps in where BCP leaves off. When a disaster strikes and the business continuity plan fails to prevent interruption of the business, the disaster recovery plan kicks into effect and guides the actions of emergency response personnel until the end goal is reached—the business is restored to full operating capacity in its primary operations facilities.
While reading this chapter, you may notice many areas of overlap between the BCP and DRP processes. Indeed, our discussion of specific disasters provides information on how to handle them from both BCP and DRP points of view. This serves to illustrate the close linkage between the two processes. In fact, although the (ISC)2 CISSP curriculum draws a distinction between the two, most organizations simply have a single team/plan that addresses both business continuity and disaster recovery concerns in an effort to consolidate responsibilities.
Disaster Recovery Planning
Disaster recovery planning brings order to the chaotic events surrounding the interruption of an organization’s normal activities. By its very nature, the disaster recovery plan is implemented only when tension is high and cooler heads might not naturally prevail. Picture the circumstances in which you might find it necessary to implement DRP measures—a hurricane just destroyed your main operations facility, a fire devastated your main processing center, terrorist activity closed off access to a major metropolitan area.
The disaster recovery plan should be set up in a manner such that it can almost run on autopilot. Essential personnel should be well trained in their duties and responsibilities in the wake of a disaster and know the steps they need to take to get the organization up and running as soon as possible.
We’ll begin by analyzing some of the possible disasters that might strike your organization and the particular threats that they pose. Many of these were mentioned in the previous chapter, but we will now explore them in further detail.
478 |
Chapter 16 Disaster Recovery Planning |
|
|
T A B L E |
1 6 . 1 Seismic Hazard Level by State (continued) |
||
|
|
|
|
Moderate Seismic Hazard |
High Seismic Hazard |
Very High Seismic Hazard |
|
|
|
|
|
New Hampshire |
Tennessee |
Virgin Islands |
|
New Jersey |
Utah |
Washington |
|
New York |
|
Wyoming |
|
North Carolina
Ohio
Oklahoma
Pennsylvania
Rhode Island
Texas
Vermont
Virginia
West Virginia
Floods
Flooding can occur almost anywhere in the world at any time of the year. Some flooding results from the gradual accumulation of rainwater in rivers, lakes, and other bodies of water that then overflow their banks and flood the community. Other floods, known as flash floods, strike when a sudden severe storm dumps more rainwater on an area than the ground can absorb in a short period of time. Floods can also occur when dams are breached.
According to government statistics, flooding is responsible for over $1 billion (that’s billion with a b!) of damage to businesses and homes each year in the United States. It’s important that your DRP make appropriate response plans for the eventuality that a flood may strike your facilities.
When you evaluate your firm’s risk of damage from flooding to develop your business continuity and disaster recovery plans, it’s also a good idea to check with responsible individuals and ensure that your organization has sufficient insurance in place to protect it from the financial impact of a flood. In the United States, most general business policies do not cover flood damage, and you should investigate obtaining specialized government-backed flood insurance under FEMA’s National Flood Insurance Program.
Disaster Recovery Planning |
479 |
Although flooding is theoretically possible in almost any region of the world, it is much more likely to occur in certain areas. FEMA’s National Flood Insurance Program is responsible for completing a flood risk assessment for the entire United States and providing this data to citizens in graphical form. You can view flood maps online at www.esri.com/hazards/. This site also provides valuable information on historic earthquakes, hurricanes, wind storms, hail storms, and other natural disasters to help you in preparing your organization’s risk assessment. When viewing the flood maps, like the one shown in Figure 16.1, you’ll find that the two risks often assigned to an area are the “100-year flood plain” and the “500-year flood plain.” These evaluations mean that the government expects these areas to flood at least once every 100 and 500 years, respectively. For a more detailed tutorial on reading flood maps, visit www.fema.gov/mit/tsd/ot_firmr.htm.
Storms
Storms come in many forms and pose diverse risks to a business. Prolonged periods of intense rainfall bring the risk of flash flooding described in the previous section. Hurricanes and tornadoes come with the threat of severe winds exceeding 100 miles per hour that threaten the structural integrity of buildings and turn everyday objects like trees, lawn furniture, and even vehicles into deadly missiles. Hail storms bring a rapid onslaught of destructive ice chunks falling from the sky. Many storms also bring the risk of lightning, which can cause severe damage to sensitive electronic components. For this reason, your business continuity plan should detail appropriate mechanisms to protect against lightning-induced damage and your disaster recovery plan should provide adequate provisions for the power outages and equipment damage that might result from a lightning strike. Never underestimate the magnitude of damage that a single storm can bring.
F I G U R E 1 6 . 1 Flood hazard map for Miami-Dade County, Florida
480 Chapter 16 Disaster Recovery Planning
If you live in an area susceptible to a certain type of severe storm, it’s important that you regularly monitor weather forecasts from the responsible government agencies. For example, disaster recovery specialists in hurricane-prone areas should periodically check the website of the National Weather Service’s Tropical Prediction Center (www.nhc.noaa.gov) during the hurricane season. This website allows you to monitor Atlantic and Pacific storms that may pose a risk to your region before word of them hits the local news. This allows you to begin a gradual response to the storm before time runs out.
Fires
Fires can start for a variety of reasons, both natural and man-made, but both forms can be equally devastating. During the BCP/DRP process, you should evaluate the risk of fire and implement at least basic measures to mitigate that risk and prepare the business for recovery from a catastrophic fire in a critical facility.
Some regions of the world are susceptible to wildfires during the warm season. These fires, once started, spread in somewhat predictable patterns, and fire experts in conjunction with meteorologists can produce relatively accurate forecasts of a wildfire’s potential path.
As with many other types of large-scale natural disasters, you can obtain valuable information about impending threats on the Web. In the United States, the National Interagency Fire Center posts daily fire updates and forecasts on its website: www.nifc.gov/firemaps.html. Other countries have similar warning systems in place.
Other Regional Events
Some regions of the world are prone to localized types of natural disasters. During the BCP/DRP process, your assessment team should analyze all of your organization’s operating locations and gauge the impact that these types of events might have on your business. For example, many regions of the world are prone to volcanic eruptions. If you conduct operations in an area in close proximity to an active or dormant volcano, your DRP should probably address this eventuality. Other localized natural occurrences include monsoons in Asia, tsunamis in the South Pacific, avalanches in mountainous regions, and mudslides in the western United States.
If your business is geographically diverse, it would be prudent to include area natives on your planning team. At the very least, make use of local resources like government emergency preparedness teams, civil defense organizations, and insurance claim offices to help guide your efforts. These organizations possess a wealth of knowledge and will usually be more than happy to help you prepare your organization for the unexpected—after all, every organization that successfully weathers a natural disaster is one less organization that requires a portion of their valuable recovery resources after disaster strikes.