2 cissp ® Official Study Guide Eighth Edition

838
Chapter 18 
■
Disaster Recovery Planning
A disaster recovery planner should refer to the organization’s business continuity plan as 
a template for its recovery efforts. This and all the supportive material must comply with 
federal regulations and reflect current business needs. Business processes such as payroll 
and order generation should contain specified metrics mapped to related IT systems and 
infrastructure.
Most organizations apply formal change management processes so that whenever the
IT infrastructure changes, all relevant documentation is updated and checked to reflect 
such changes. Regularly scheduled fire drills and dry runs to ensure that all elements of 
the DRP are used properly to keep staff trained present a perfect opportunity to integrate 
changes into regular maintenance and change management procedures. Design, implement,
and document changes each time you go through these processes and exercises. Know 
where everything is, and keep each element of the DRP working properly. In case of 
emergency, use your recovery plan. Finally, make sure the staff stays trained to keep their 
skills sharp—for existing support personnel—and use simulated exercises to bring new 
people up to speed quickly.
Summary
Disaster recovery planning is critical to a comprehensive information security program. 
DRPs serve as a valuable complement to business continuity plans and ensure that the 
proper technical controls are in place to keep the business functioning and to restore service 
after a disruption.
In this chapter, you learned about the different types of natural and man-made disasters 
that may impact your business. You also explored the types of recovery sites and backup 
strategies that bolster your recovery capabilities.
An organization’s disaster recovery plan is one of the most important documents under 
the purview of security professionals. It should provide guidance to the personnel respon-
sible for ensuring the continuity of operations in the face of disaster. The DRP provides an 
orderly sequence of events designed to activate alternate processing sites while simultane-
ously restoring the primary site to operational status. Once you’ve successfully developed 
your DRP, you must train personnel on its use, ensure that you maintain accurate docu-
mentation, and conduct periodic tests to keep the plan fresh in the minds of responders.
Exam Essentials

Download 19,3 Mb.

Do'stlaringiz bilan baham: