WEBVTT

00:00:01.020 --> 00:00:04.340
Congratulations on completing the Business Continuity,

00:00:04.500 --> 00:00:05.840
Disaster Recovery,

00:00:05.850 --> 00:00:10.250
and Incident Response for the Certified in Cybersecurity examination.

00:00:10.710 --> 00:00:14.610
Let's do a quick summary of the important things we covered in this domain.

00:00:15.620 --> 00:00:18.540
This domain is worth 10% of the examination.

00:00:18.840 --> 00:00:22.600
It looked at these three areas and how they relate to each other

00:00:22.610 --> 00:00:26.370
and how they ensure that our systems will be available for

00:00:26.370 --> 00:00:28.980
business to operate in a secure manner.

00:00:29.670 --> 00:00:33.370
The first step in all of this really is incident response.

00:00:33.610 --> 00:00:37.430
We deal with incidents as they happen, some maybe major,

00:00:37.430 --> 00:00:38.590
some maybe minor,

00:00:38.970 --> 00:00:42.980
but sometimes we need to then also invoke a second

00:00:42.980 --> 00:00:45.810
process, that of business continuity.

00:00:46.280 --> 00:00:52.300
That is when the duration of an incident would exceed acceptable timelines,

00:00:52.310 --> 00:00:55.730
and we need to take steps to keep the business going,

00:00:55.740 --> 00:00:58.400
hence the name business continuity.

00:00:59.140 --> 00:01:02.220
One of the things that we often have to do when there has been a

00:01:02.220 --> 00:01:06.360
major disruption is recover things like IT services,

00:01:06.430 --> 00:01:10.410
and that is why we also have disaster recovery often

00:01:10.410 --> 00:01:14.860
seen to be the recovery of IT, even at an alternate location,

00:01:15.130 --> 00:01:20.400
which in many ways is kind of a subset of business continuity.

00:01:21.800 --> 00:01:24.430
We have to remember that when something happens,

00:01:24.810 --> 00:01:27.930
the first priority is always life safety.

00:01:28.090 --> 00:01:30.670
We want to make sure that people are safe,

00:01:30.680 --> 00:01:34.430
and therefore, that is the first thing we must address.

00:01:35.430 --> 00:01:40.420
We can look at how NIST, the National Institute for Standards and Technology,

00:01:40.420 --> 00:01:43.960
defined all of these areas of incidents as,

00:01:43.960 --> 00:01:46.010
first of all, being prepared.

00:01:46.410 --> 00:01:51.110
We're prepared, we know what to do, then when we detect something,

00:01:51.110 --> 00:01:52.700
we already have a plan.

00:01:53.150 --> 00:01:57.890
We execute that plan to try to contain the incident and

00:01:57.900 --> 00:02:00.470
recover from what actually happened.

00:02:00.640 --> 00:02:02.920
And sometimes as we're trying to contain,

00:02:02.920 --> 00:02:03.920
we learn more,

00:02:03.920 --> 00:02:08.990
we do more detection and analysis until we finally have completed

00:02:08.990 --> 00:02:12.340
and eradicated the problem and we can do a review,

00:02:12.350 --> 00:02:13.340
what did we learn,

00:02:13.670 --> 00:02:17.610
and what we learned as part of post incident activity can

00:02:17.610 --> 00:02:20.320
help us be better prepared for next time.

00:02:21.480 --> 00:02:23.810
When we looked at business continuity,

00:02:23.830 --> 00:02:28.300
we defined a number of key parts of what we're trying to do.

00:02:28.740 --> 00:02:31.620
We often don't try to recover everything.

00:02:31.930 --> 00:02:36.090
We set a priority on critical business functions first,

00:02:36.530 --> 00:02:41.250
and we do this through that process we called business impact analysis,

00:02:41.400 --> 00:02:47.650
in other words, analyzing what that impact of an outage would be on the business.

00:02:48.170 --> 00:02:52.820
We also had to determine what our drop dead deadlines were,

00:02:53.010 --> 00:02:55.420
the maximum tolerable downtime,

00:02:55.640 --> 00:02:59.260
and that is the point by which we had to recover or else

00:02:59.260 --> 00:03:01.770
maybe we could be out of business altogether,

00:03:01.770 --> 00:03:04.460
but that wasn't our goal for recovery.

00:03:04.470 --> 00:03:09.380
Our goal for recovery was based on the recovery time objective,

00:03:09.400 --> 00:03:11.780
that's when we wanted to recover by,

00:03:12.220 --> 00:03:17.980
and we set that so that we could put in place a plan to help us to recover

00:03:17.980 --> 00:03:21.320
the critical business functions by that point in time.

00:03:23.210 --> 00:03:27.780
We looked at disaster recovery as recovery of operations at

00:03:27.780 --> 00:03:30.890
an alternate location which included, of course,

00:03:30.890 --> 00:03:34.170
the recovery of the data we needed for the business to run,

00:03:34.530 --> 00:03:36.580
the personnel required,

00:03:36.960 --> 00:03:40.360
the equipment that we required for our business to operate,

00:03:40.450 --> 00:03:46.020
and of course, looking at things such as where that location could be as well.

00:03:47.240 --> 00:03:52.720
So here we've looked at these three important points worth 10% of the exam,

00:03:52.880 --> 00:03:56.280
and we can move on to our next steps.

00:03:56.550 --> 00:03:58.730
Review each of these areas,

00:03:58.880 --> 00:04:02.190
make sure we understood them and didn't just memorize them,

00:04:02.190 --> 00:04:02.950
for example,

00:04:03.450 --> 00:04:06.730
do the sample questions to ensure we really have

00:04:06.740 --> 00:04:11.020
understood the concepts behind them, and then proceed to the next domain,

00:04:11.160 --> 00:04:13.450
Access Control Concepts.