WEBVTT

00:00:01.050 --> 00:00:03.330
Let's continue looking at Business Continuity,

00:00:03.330 --> 00:00:04.490
Disaster Recovery,

00:00:04.490 --> 00:00:08.720
and Incident Response for the Certified in Cybersecurity course.

00:00:09.300 --> 00:00:13.630
Now let's take a look at the third part of this, disaster recovery.

00:00:14.410 --> 00:00:17.540
We looked earlier at this slide about the outcomes of a

00:00:17.540 --> 00:00:19.800
business continuity management system,

00:00:20.010 --> 00:00:23.590
and we said the three parts incident response planning was,

00:00:23.590 --> 00:00:26.050
first of all, concerned with life safety,

00:00:26.050 --> 00:00:29.720
containment, documentation, and getting back to normal.

00:00:30.330 --> 00:00:35.010
Business continuity planning was based on the business impact analysis,

00:00:35.020 --> 00:00:39.260
the critical business functions, the recovery time objective,

00:00:39.320 --> 00:00:44.360
the data recovery point objective, and the various recovery requirements.

00:00:44.870 --> 00:00:47.890
Now when we look at disaster recovery planning,

00:00:48.040 --> 00:00:51.680
we're looking primarily at the relocation of IT and

00:00:51.690 --> 00:00:54.580
other services to an alternate location.

00:00:54.690 --> 00:00:58.400
Our primary location has been damaged, we can't use it,

00:00:58.800 --> 00:01:02.320
so we need to recover by rebuilding systems,

00:01:02.320 --> 00:01:05.330
for example, our processes, at another place.

00:01:06.060 --> 00:01:10.820
When we choose those other places, we could call that our recovery site,

00:01:11.290 --> 00:01:15.160
there is a number of factors that were used in determining

00:01:15.160 --> 00:01:18.210
what was an appropriate recovery site.

00:01:18.620 --> 00:01:21.830
For example, how quickly do I need to recover?

00:01:22.370 --> 00:01:24.610
If it's 8 hours drive away,

00:01:24.620 --> 00:01:29.340
that's maybe not something that's going to work if I need to recover in 4 hours.

00:01:29.520 --> 00:01:33.920
So the recovery time objective drives the site selection,

00:01:34.030 --> 00:01:38.390
but we also know that if I need to recover very quickly,

00:01:38.430 --> 00:01:40.840
it's probably going to cost me more as well.

00:01:41.140 --> 00:01:46.100
So in some cases, the fastest recovery would be having redundant sites,

00:01:46.250 --> 00:01:48.210
if one fails, the other is still running,

00:01:48.280 --> 00:01:50.950
but that doubles my cost of operation.

00:01:51.330 --> 00:01:56.050
So quite often, we choose a less expensive option, such as a warm site.

00:01:57.070 --> 00:02:02.910
We also have to look at how are we going to prioritize our systems recovery.

00:02:03.280 --> 00:02:08.919
We want to prioritize by recovering the most critical business processes first.

00:02:09.330 --> 00:02:14.410
Now most critical could be from a financial perspective or it

00:02:14.410 --> 00:02:17.650
could be from a reputational perspective as well.

00:02:18.580 --> 00:02:21.020
We also realize there are challenges.

00:02:21.240 --> 00:02:24.410
If I have a recovery site too far away,

00:02:24.640 --> 00:02:29.330
it could be difficult to manage when I have employees and systems at

00:02:29.330 --> 00:02:33.520
different sites based on a course process criticality.

00:02:35.130 --> 00:02:39.470
So the selection of that contingency site is going to bring in a

00:02:39.470 --> 00:02:42.170
number of factors such as what would it cost,

00:02:42.700 --> 00:02:47.400
what's its availability, can I be sure it's there when I need it,

00:02:47.400 --> 00:02:50.610
and will it help me meet my recovery time objective?

00:02:51.010 --> 00:02:52.510
I want it close enough,

00:02:52.520 --> 00:02:56.030
but not so close that it could be affected by the same

00:02:56.030 --> 00:03:01.260
threat that damaged my primary site, so proximity is a consideration.

00:03:01.990 --> 00:03:05.060
We want to have a site which is secure so we don't

00:03:05.060 --> 00:03:07.840
have to worry about other problems, for example,

00:03:08.630 --> 00:03:12.950
relocating the site which itself would be under an immense threat.

00:03:13.580 --> 00:03:16.030
We also have to worry about employees.

00:03:16.260 --> 00:03:18.190
They need to get to that site,

00:03:18.340 --> 00:03:22.530
and logistics is often missed in disaster recovery plans.

00:03:22.660 --> 00:03:25.740
How can my employees get to this alternate site?

00:03:25.840 --> 00:03:28.990
If they have to work there for the next 6 months to a year,

00:03:29.200 --> 00:03:33.420
that may not be so easy if that site is hours drive away

00:03:33.580 --> 00:03:35.760
and there is no public transit available.

00:03:36.220 --> 00:03:38.770
We also want to make sure we have support,

00:03:38.780 --> 00:03:42.020
whether or not we're discussing power, fire,

00:03:42.340 --> 00:03:45.390
police, ambulances, food,

00:03:45.400 --> 00:03:49.380
all of these are important for the recovery site as well.