WEBVTT

00:00.000 --> 00:03.030
>> Disaster recovery plans.

00:03.030 --> 00:05.580
The learning objectives
for this lesson are to

00:05.580 --> 00:08.220
differentiate the types
of alternate sites,

00:08.220 --> 00:11.100
to describe the role of the
Cloud in disaster recovery,

00:11.100 --> 00:12.945
and to explore
incident response.

00:12.945 --> 00:18.060
Let's get started. Alternate
operating facilities.

00:18.060 --> 00:20.730
Sometimes, it's
necessary that we have

00:20.730 --> 00:23.250
to operate from a
secondary location rather

00:23.250 --> 00:25.140
than our main location and this

00:25.140 --> 00:27.210
might be because of a
natural disaster such as

00:27.210 --> 00:30.720
a tornado has knocked our
facility offline or it may be

00:30.720 --> 00:32.460
that we have other issues

00:32.460 --> 00:34.410
such as Internet outages
or power outages,

00:34.410 --> 00:36.690
that type of thing at our
facility and we need to have

00:36.690 --> 00:39.315
a plan for a secondary
facility to take over.

00:39.315 --> 00:40.695
But because this is not

00:40.695 --> 00:44.000
a quick process for
this to be successful,

00:44.000 --> 00:46.250
it requires a lot
of pre-planning to

00:46.250 --> 00:48.875
ensure that everything is in
place when the time comes,

00:48.875 --> 00:51.060
when we need that site.

00:52.310 --> 00:56.240
Site selection. We first
start off with a cold site.

00:56.240 --> 00:58.865
This requires the least
maintenance for us,

00:58.865 --> 01:03.185
but it requires a large
amount of prep time.

01:03.185 --> 01:06.155
The site will only have
power and nothing else.

01:06.155 --> 01:08.795
The location is usually
just reserved for us,

01:08.795 --> 01:10.430
but has no prep and nothing

01:10.430 --> 01:13.625
has been done to it to
make it ready for us.

01:13.625 --> 01:17.645
A warm site is a scaled-down
version of our main site.

01:17.645 --> 01:20.615
Systems are mostly configured
to be ready for use,

01:20.615 --> 01:22.940
but some reconfiguration
would be necessary.

01:22.940 --> 01:26.165
We would need to get the most
recent backups to restore

01:26.165 --> 01:28.970
and maybe do a little
bit more configuration

01:28.970 --> 01:30.350
to get everything
up and running.

01:30.350 --> 01:32.150
In this case, we've got

01:32.150 --> 01:34.220
a lot more expense involved
because we have systems

01:34.220 --> 01:36.780
in place and they're
being kept fairly current

01:36.780 --> 01:40.635
and we have Internet access
and utilities are there,

01:40.635 --> 01:42.530
so there's a lot more
costs with that,

01:42.530 --> 01:45.200
but a lot less prep time
than say with a cold site.

01:45.200 --> 01:48.590
A hot site is one that can
be activated within minutes.

01:48.590 --> 01:50.375
It has very little prep time,

01:50.375 --> 01:52.070
but it's also the
most expensive to

01:52.070 --> 01:54.350
maintain because
we're keeping it very

01:54.350 --> 01:56.450
current so that we can
just flip the switch

01:56.450 --> 01:58.940
and roll over to that site
should it be necessary.

01:58.940 --> 02:01.025
We also have mobile sites which

02:01.025 --> 02:03.440
are somewhere between a
warm and a cold site.

02:03.440 --> 02:06.755
It contains everything that
we would need to configure,

02:06.755 --> 02:08.960
but it can be delivered

02:08.960 --> 02:11.690
very quickly by a mobile site
operator and then we would

02:11.690 --> 02:14.600
have to go in there and make
sure that it's set up for

02:14.600 --> 02:17.030
our current requirements and

02:17.030 --> 02:19.620
then shift over
operations to that.

02:20.810 --> 02:23.555
Cloud and disaster recovery.

02:23.555 --> 02:25.880
The Cloud allows for
running many apps

02:25.880 --> 02:28.855
that have been traditionally
ran locally on a network.

02:28.855 --> 02:30.945
Using the Cloud resources,

02:30.945 --> 02:34.400
this allows us for a hybrid
or an organization may

02:34.400 --> 02:36.140
use it in a traditional way

02:36.140 --> 02:38.400
until their main side is backup.

02:38.400 --> 02:40.420
But they may also have to

02:40.420 --> 02:42.190
transfer more of
their infrastructure

02:42.190 --> 02:43.660
to the Cloud to help ensure

02:43.660 --> 02:46.120
recovery is faster
for other areas.

02:46.120 --> 02:49.380
The Cloud allows us
to very quickly shift

02:49.380 --> 02:51.010
services over and then

02:51.010 --> 02:52.360
while we're repairing
our facility,

02:52.360 --> 02:53.430
we can shift it back.

02:53.430 --> 02:54.730
But depending on what is

02:54.730 --> 02:56.320
required for a
given organization,

02:56.320 --> 02:58.270
we may have to shift
a lot more of that

02:58.270 --> 03:00.800
to the Cloud and
that does take time.

03:00.800 --> 03:03.805
Disaster recovery in the
Cloud is often referred to as

03:03.805 --> 03:08.690
DRaaS or disaster
recovery as a service.

03:09.950 --> 03:14.530
Incident response
roles. NIST 800-61,

03:14.530 --> 03:17.200
computer security incident
response handling defines

03:17.200 --> 03:20.930
the following roles for
incident response; management,

03:20.930 --> 03:25.430
information assurance, IT
support, legal department,

03:25.430 --> 03:27.815
public affairs and
media relations,

03:27.815 --> 03:31.520
human resources, business
continuity planning,

03:31.520 --> 03:34.085
and physical security and
facilities management.

03:34.085 --> 03:36.395
All of these play a role

03:36.395 --> 03:38.870
in shifting from one
facility to another.

03:38.870 --> 03:40.730
If something were to happen,

03:40.730 --> 03:42.110
we would consider
this an incident

03:42.110 --> 03:43.925
and we have to build
to respond to that.

03:43.925 --> 03:45.785
We need to know ahead of time

03:45.785 --> 03:47.600
who we're going to need
to deal with and who is

03:47.600 --> 03:50.030
going to have to
have a say or a part

03:50.030 --> 03:52.460
to play in this incident
response and to

03:52.460 --> 03:54.950
let us know that these

03:54.950 --> 03:57.530
are the roles that need to be
performed by each of these.

03:57.530 --> 03:59.660
For example, when I said all

03:59.660 --> 04:01.880
this needs to be
decided ahead of time

04:01.880 --> 04:03.140
because you don't
want to have to go

04:03.140 --> 04:05.150
through and try to
figure out who you

04:05.150 --> 04:07.430
need to go grab
when your building

04:07.430 --> 04:08.990
is no longer available.

04:08.990 --> 04:11.525
Management obviously, has
a big role to play in

04:11.525 --> 04:13.010
this and information assurance

04:13.010 --> 04:14.510
and IT support do, as well.

04:14.510 --> 04:16.670
But because of the legal
concerns, especially,

04:16.670 --> 04:18.980
when it comes to
compliance frameworks

04:18.980 --> 04:21.230
and privacy of data,

04:21.230 --> 04:21.830
that type of thing,

04:21.830 --> 04:23.525
we want to involve
the legal department.

04:23.525 --> 04:25.040
If it involves something that's

04:25.040 --> 04:27.875
a fairly large incident that's
going to become public,

04:27.875 --> 04:29.000
then our public affairs and

04:29.000 --> 04:30.830
media relations would
need to be involved.

04:30.830 --> 04:33.170
Human resources would
need to be involved along

04:33.170 --> 04:35.915
with our business
continuity planning team.

04:35.915 --> 04:38.255
Then because we're shifting

04:38.255 --> 04:42.140
our resources over from
one facility to another,

04:42.140 --> 04:43.955
then we might not even own,

04:43.955 --> 04:46.820
we obviously need to involve
physical security as well as

04:46.820 --> 04:48.380
the facilities management
team there'll be

04:48.380 --> 04:51.080
managing that new location.

04:52.930 --> 04:56.295
Then we have our
after-action reports.

04:56.295 --> 04:58.130
After the incident has occurred

04:58.130 --> 05:00.140
and you have recovered
everything from it,

05:00.140 --> 05:02.435
you've shifted back to
your primary location

05:02.435 --> 05:03.650
and you're no longer running off

05:03.650 --> 05:04.910
of your secondary location,

05:04.910 --> 05:06.650
now, we need to
document everything.

05:06.650 --> 05:10.130
We need to make sure that
we find the areas that we

05:10.130 --> 05:11.720
didn't do a good job on and

05:11.720 --> 05:13.595
document ways to improve those.

05:13.595 --> 05:15.845
This is a critical
part of our disaster

05:15.845 --> 05:18.425
in our backup and disaster
recovery process.

05:18.425 --> 05:21.260
It allows us to measure
the overall performance

05:21.260 --> 05:24.500
of the process as well as
each member of the team.

05:24.500 --> 05:27.545
We document what went wrong
and what we did well,

05:27.545 --> 05:29.420
and then areas that
we can improve.

05:29.420 --> 05:31.370
This will help to ensure
that this process

05:31.370 --> 05:33.380
is always improving
and it will be

05:33.380 --> 05:38.825
better the next time we
need it. Let's summarize.

05:38.825 --> 05:40.220
We went over the different types

05:40.220 --> 05:42.140
of alternate
operating facilities.

05:42.140 --> 05:45.605
We discussed the Cloud's
role in disaster recovery.

05:45.605 --> 05:48.350
We went over the incident
response roles and

05:48.350 --> 05:51.500
then also the importance of
our after-action reports.

05:51.500 --> 05:56.085
Let's do some example
questions. Question 1.

05:56.085 --> 05:59.060
This type of alternate site
requires the most work,

05:59.060 --> 06:04.095
but these the cheapest
to maintain. Cold site.

06:04.095 --> 06:06.440
Because it basically
has only power,

06:06.440 --> 06:09.355
it is very inexpensive
for us to maintain.

06:09.355 --> 06:10.855
Since nothing else is there,

06:10.855 --> 06:12.040
it doesn't even have furniture

06:12.040 --> 06:14.140
and may not even have walls yet,

06:14.140 --> 06:15.700
it's going to take
a lot to get it up

06:15.700 --> 06:19.770
and running. Question 2.

06:19.770 --> 06:21.400
This type of alternate site can

06:21.400 --> 06:22.930
be up and running
within minutes,

06:22.930 --> 06:27.670
but it is very complicated
and expensive. Hot site.

06:27.670 --> 06:29.845
Because everything
is already in place

06:29.845 --> 06:33.915
and all the technology is
there even our data is there,

06:33.915 --> 06:35.320
it would just take minutes to

06:35.320 --> 06:37.480
flip over from one
site to this one.

06:37.480 --> 06:40.240
This is very expensive
to maintain and again,

06:40.240 --> 06:42.250
this increases the complexity of

06:42.250 --> 06:47.370
our overall enterprise
environment. Question 3.

06:47.370 --> 06:49.625
True or false. The
Cloud has replaced

06:49.625 --> 06:51.410
all other forms of
disaster recovery

06:51.410 --> 06:54.145
since everything is
always available.

06:54.145 --> 06:58.054
False. While Cloud
migration is accelerating,

06:58.054 --> 06:59.810
many sites use the Cloud

06:59.810 --> 07:01.660
to help them restore
their local systems,

07:01.660 --> 07:03.230
and then once they're
up and running,

07:03.230 --> 07:06.420
they shift operations back
to their local network.

07:06.740 --> 07:09.630
Question 4. Which
of the following

07:09.630 --> 07:11.760
are not needed in
incident response?

07:11.760 --> 07:14.210
The HR department,
the legal department,

07:14.210 --> 07:17.810
the accounting department or
the facilities management.

07:17.810 --> 07:20.465
Three, the accounting
department.

07:20.465 --> 07:22.070
Hope this lesson was helpful for

07:22.070 --> 07:24.300
you, and I'll see
you in the next one.