2 cissp ® Official Study Guide Eighth Edition

Chapter 18 ■ Disaster Recovery Planning Hardware/Software Failures

Download 19,3 Mb.

Pdf ko'rish

bet	755/881
Sana	08.04.2023
Hajmi	19,3 Mb.
	#925879

1 ... 751 752 753 754 755 756 757 758 ... 881

Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

810
Chapter 18
■
Disaster Recovery Planning
Hardware/Software Failures
Like it or not, computer systems fail. Hardware components simply wear out and refuse
to continue performing, or they suffer physical damage. Software systems contain bugs or
fall prey to improper or unexpected inputs. For this reason, BCP/DRP teams must provide
adequate redundancy in their systems. If zero downtime is a mandatory requirement, the best
solution is to use fully redundant failover servers in separate locations attached to separate
communications links and infrastructures (also designed to operate in a failover mode). If
one server is damaged or destroyed, the other will instantly take over the processing load. For
more information on this concept, see the section “Remote Mirroring” later in this chapter.
Because of financial constraints, it isn’t always feasible to maintain fully redundant sys-
tems. In those circumstances, the BCP/DRP team should address how replacement parts
can be quickly obtained and installed. As many parts as possible should be kept in a local
parts inventory for quick replacement; this is especially true for hard-to-find parts that
must otherwise be shipped in. After all, how many organizations could do without tele-
phones for three days while a critical private branch exchange (PBX) component is en route
from an overseas location to be installed on site?
nYC blackout
On August 14, 2003, the lights went out in New York City and in large areas of the
northeastern and midwestern United States when a series of cascading failures caused
the collapse of a major power grid.
Fortunately, security professionals in the New York area were ready. Many businesses
had already updated their disaster recovery plans and took steps to ensure their continued
operations in the wake of a disaster. This blackout served to test those plans, and many
organizations were able to continue operating on alternate power sources or to transfer
control seamlessly to offsite data-processing centers.
Lessons learned during this blackout offer insight for BCP/DRP teams around the world
and include the following:
■
Ensure that alternate processing sites are far enough away from your main site that
they are unlikely to be affected by the same disaster.
■
Remember that threats to your organization are both internal and external. Your next
disaster may come from a terrorist attack, a building fire, or malicious code running
loose on your network. Take steps to ensure that your alternate sites are segregated
from the main facility to protect against all of these threats.
■
Disasters don’t usually come with advance warning. If real-time operations are criti-
cal to your organization, be sure that your backup sites are ready to assume primary
status at a moment’s notice.

The Nature of Disaster

Download 19,3 Mb.

Do'stlaringiz bilan baham:

1 ... 751 752 753 754 755 756 757 758 ... 881