...DRP versus BCP Disaster Recovery Plan The Disaster Recovery Plan or DRP is a test of a system back up procedures and practice. DRP is something that is rehearsed before a disaster happens in order to prepare for an event that might leave a company crippled or without a service. In the event something should happen to a company such as an internet connection going down, the crash of a server, or loss of power it is important to what to do in the event of an emergency. Loss of any one of these system could cause a company loss of revenue. DRP needed to be practiced, rehearsed many times periodically to assure that everyone involved knows what to do. Practice makes perfect, the more practice and rehearsal is done the easier and quicker it will be for someone to implement the steps needed to complete the recovery plan. It’s always best to practice these steps during non-peak hours. Typically DRP testing would be done overnight, on weekends, or holidays. It’s important to test the DRP system and process to ensure that the backup system is functioning properly, and the steps taken to get there are effective. Ideally this would all be automated, but not always possible. Step by step instructions and procedures are what make up the DRP, primarily its intended for key departments the most important being the IT department. These procedures and instructions are what will recover critical business systems in the event of a disaster. Making sure they are relevant, work properly, and...
Words: 875 - Pages: 4
...learn to create BIA, BCP, and DRP. You will learn what types of support services would be deployed when an incident occurs You will explore support services that would be required when an incident impacts the operational performance of an organization. I have had a situation likes this, I was working for a company in Texas and the transformer blew, due to a sever storm rolling through and the entire company went dark. So we were called in over night to have the DRP take place, thankfully they did have as hot site as well. So the BCP worked great, and with very little issues at all. Over all the BIA, DRP and the BCP worked smoothly and we were up in running by morning before anyone came into work that morning. Business Continuity Planning (BCP) identifies an organization's exposure to internal and external threats and synthesizes hard and soft assets to provide effective prevention and recovery for the organization, whilst maintaining competitive advantage and value system integrity. An impact analysis results in the differentiation between critical (urgent) and non-critical (non-urgent) organization functions/ activities. A function may be considered critical if the implications for stakeholders of damage to the organization resulting are regarded as unacceptable. Perceptions of the acceptability of disruption may be modified by the cost of establishing and maintaining appropriate business or technical recovery solutions. Disaster recovery plan (DRP) is the process,...
Words: 303 - Pages: 2
...T e c h n i c a l n o T e s a n d M a n u a l s Operational Risk Management and Business Continuity Planning for Modern State Treasuries Ian Storkey Fiscal Affairs Department I N T e r N A T I o N A l M o N e T A r y F U N D INTerNATIoNAl MoNeTAry FUND Fiscal Affairs Department Operational Risk Management and Business Continuity Planning for Modern State Treasuries Prepared by Ian Storkey Authorized for distribution by Sanjeev Gupta November 2011 DISCLAIMER: This Technical Guidance Note should not be reported as representing the views of the IMF. The views expressed in this Note are those of the authors and do not necessarily represent those of the IMF or IMF policy. JEL Classification Numbers: Keywords: H12, H60, H63, H83 business continuity, disaster recovery, business continuity and disaster recovery plan, operational risk, operational risk management, treasury operations ian@storkeyandco.com Author’s E-Mail Address: TECHNICAL NoTEs ANd MANUALs Operational Risk Management and Business Continuity Planning for Modern State Treasuries Prepared by Ian Storkey This technical note and manual (TNM)1 addresses the following main issues: • What is operational risk management and how this should be applied to treasury operations. • What is business continuity and disaster recovery planning and why it is important for treasury operations. • How to develop and implement a business continuity and disaster recovery plan using a six practical-step...
Words: 10882 - Pages: 44
...company will use to continue critical business operations in the event of disruption (of those specific and/or all critical business operations). For instance, if the ability to take phone calls is a critical business operation (i.e. maybe you run a help desk), then you may define, in your BCP, what may cause a phone interruption, and what procedures you would take to respond to it. Conversely, as stated by Massimo, the Disaster Recovery Plan (DRP) is a subset of your BCP. The DRP specifies the further reaching implications of disaster -- where your primary place (or all places) of business are uninhabitable. Not only is this relevant to your place of business, but your workforce as well (Workforce Continuity). 3. Typically, a business continuity plan is also a compilation or collection of other plans. What other plans might a BCP and all supporting documents include? Disaster Recovery Plan (DRP), Incident Response Plan (IRP) and Business Impact Analysis (BIA) Critical Business Functions (CBF). 4. What are the main difference between a Disaster recovery Plan (DRP) and a Business Continuity Plan (BCP)? DRP list the recovery plan for systems and functions of a business. BCP usually will list every...
Words: 354 - Pages: 2
...Quantitative risk analysis 5. Which type of risk analysis uses relative ranking? A. Objective risk analysis B. Qualitative risk analysis C. Subjective risk analysis D. Quantitative risk analysis 6. Which risk-analysis value represents the annual probability of a loss? A. EF B. SLE C. ALE D. ARO 7. Which risk-response option would best describe purchasing re insurance? A. Accept B. Mitigate C. Transfer D. Avoid 8. Which risk response would be most appropriate if the impact of a risk becoming a reality is negligible? A. Accept B. Mitigate C. Transfer D. Avoid 9. Which of the following statements best describes the relationship of a BCP to a DRP? A. A BCP is required but a DRP is not B. A DRP is a component of a BCP C. A DRP is required but a BCP is not D. A BCP is a component of a DRP 10. Which term is used to indicate the amount of data loss that is acceptable? A. RAI B. ROI C. RTO D. RPO 11. A(n) ________ identies processes that are critical to the operation of a business. 12. Which risk-assessment methodology is marketed as a self-directed approach and has two different editions for organizations of different sizes? A. CRAMM B. OCTAVE C. NIST D. EBIOS 13. ________ is the U.S. security-related act that governs health-related...
Words: 323 - Pages: 2
...Disaster Recovery Plan Company Overview Strategic Business Solutions is a Veteran-owned small business with less than fifty employees and the business goal is to continue specializing in Information Technology (IT), project management, and business development solutions. Our main projects involve Internet-based E-commerce solutions. The following diagram depicts our current network, which is PCI compliant and can handle high-traffic websites: Risk Assessment Critical business processes Disruption of an information resource is not a disaster in itself, unless it is related to a critical business process, for example, an organization losing its revenue generating business process due to an information system failure. Other examples of potential critical business processes may include: * Production of finished goods * Advertising of the organization’s product(s) to be sold * Selling of the enterprise’s products or services * Receiving payments * Dispatching of finished goods * Provision of final services * Legal and regulatory compliance * Safeguarding of private and confidential data and other Information assets * Logistics services in the organization * Paying the employees Internal, external, and environmental risks Although all forms of corporate risks and potential damage can’t be avoided, but a realistic objective is to ensure the survival of the organization by establishing a culture that will identify and manage...
Words: 1568 - Pages: 7
...undertaken to minimize the resulting risks to an acceptable level. b. Business Impact Analysis (BIA) is the key to a successful BCP implementation. Understanding and standardizing Enterprise business process names is critical to the success of the BIA. The intent of the BIA process is to help the organization’s management appreciate the magnitude of the operational and financial impacts associated with a disaster or serious disruption. When they understand, management can use this knowledge to calculate the recovery time objective (RTO) for time-critical support services and resources. For most Organizations, these support resources include: Facilities - IT infrastructure (including voice and data communications networks) - Hardware and software - Vital records Data - Business partners The connection is made when each of the time-critical business processes is mapped to the above supporting resources. 2. What is the difference between a disaster recovery plan (DRP) and a business continuity plan (BCP)? a. Disaster Recovery Plan (DRP) is plan for the intervention taken by an organization to minimize further losses brought on by a disaster and to begin the process of recovery, including activities and programs designed to restore critical business functions and return the organization to an acceptable condition. b. Business Continuity Plan (BCP) is an ongoing process...
Words: 966 - Pages: 4
...countermeasures to reduce the risk and uses risk mitigation to identify threats to business processes and data systems. A business impact analysis (BIA) is an analysis of the business as a whole to determine what kinds of events will have an impact on what systems. 2. A Disaster Recovery Plan (DRP) establishes an emergency operations center (EOC) as an alternate location from which the Business Continuity Plan (BCP) / DRP will be coordinated and implemented, names an EOC manager, and determines when that manager should declare an incident a disaster. A BCP is designed to help an organization to operate during and after a disruption, covers all functions of a business, and generally includes only mission-critical systems. 3. Purpose and scope, assumptions and planning principles, system description and architecture, responsibilities, notification or activation phase, recovery and reconstitution phases, training, testing, maintenance, DRPs, Business Impact Analysis (BIA), Computer Incident Response Team (CIRT) Plans, and Risk Assessments. 4. The main difference is that a DRP is a plan to get the business back up and running from backup tapes and equipment in the event of a disaster and a BCP is a plan to continue critical business functions until the network and business is back up to 100% from an event. 5. A risk assessment and BIA are used to identify and evaluate risks based on importance or impact of severity to the business’ processes and data systems and what kind of events...
Words: 379 - Pages: 2
...Answers 1. What is the difference between a risk analysis (RA) and a business impact analysis (BIA)? Risk analysis is often identifying the potential threats and the associated vulnerabilities to the organizations .Risk analysis doesn’t view the organization from the mission critical Business Process point of view. BIA the organization from the impact that is going to occur for an organization if the critical business processes are interrupted or tampered 2. What is the difference between a disaster recovery plan (DRP) and a business continuity plan (BCP)? Disaster recovery plan is have a full access to recover any lost data or essentials after a disaster while the business continuity is having what ever bare bones essentials to continue business and not have any losses. 92 Lab #6 | Perform Business Continuity Implementation Planning 3. Typically, a business continuity plan is also a compilation or collection of other plans. What other plans might a BCP and all supporting documents include? Technical back up plan, communication back up plan 4. Why is it...
Words: 681 - Pages: 3
...Name: Instructor Name: Lab Due Date: Overview In this lab, you implemented a portion of your organization’s BCP. Based on the BIA, the organization determined that the internal Active Directory database and the corporate Web site must be recoverable in the event of system failure or natural disaster. To accomplish this, you configured local backups of Active Directory on the existing virtual server using Windows Server Backup. You also configured the organization’s Web servers to host content from a single NFS share, and back up that NFS share daily using Windows. Lab Assessment Questions & Answers 1. What is the purpose of the business impact analysis (BIA)? The BIA perceives the organization from the impact that is going to occur for an organization in the critical business processes are interrupted or tampered with. 2. What is the difference between the disaster recovery plan (DRP) and a business continuity plan (BCP)? The DRP helps recover the infrastructure necessary for normal business operation whereas the BCP helps keep the critical business processes running should a disaster occur. 3. What are the commands used in Windows 2012 to mount the NFS share on the Linux server. mount -o mtype=hard 4. Is creating redundancy for systems such as Active Directory or Web servers a part of the DRP or the BCP? Yes 5. Why use the mklink command? Because mklink creates a simbolic link between the remote drive ans the local...
Words: 304 - Pages: 2
...is interrupted.” On average, over 40% of businesses that don't have a disaster plan go out of business after a major loss. What Is Contingency Planning? The overall planning for unexpected events is called contingency planning (CP). CP is the process by which organizational planners position their organizations to prepare for, detect, react to, and recover from events that threaten the security of information resources and assets, both human and artificial. The main goal of CP is the restoration to normal modes of operation with minimum cost and disruption to normal business activities after an unexpected event. CP Components Incident response plan (IRP) focuses on immediate response to an incident. Disaster recovery plan (DRP) focuses on restoring operations at the primary site after disasters occur. Business continuity plan...
Words: 3573 - Pages: 15
...Computers, networks, and software are the heart and soul of the IT world today. Because of the availability of those systems, they are very vulnerable to malicious attacks and activity. It is of upmost importance that an organization takes security seriously and takes the proper measures to protect their systems. They can do this through a number of different ways, but one area of focus is through the authentication process and the related hardware and software to go along with it. Identification and Authentication Authentication is the process of the system or program recognizing the user and granting them access, which has been predetermined by access controls. It begins with two major parts; Identification and Authentication. Identification is the process in which the system recognizes the user and gives them access according to Abstract object that are controlled by the administrators of the files and systems. Privileges will be granted based on their user account having been verified. This process is usually a user ID. The system recognized the ID and knows the access right and privileges of that individual that have been verified. The Authentication begins once the user account ID has been identified. This is the process in which the user credentials are actually verified, meaning the specific attributes of their specific user account and authenticated and verified to make sure the access rights are correct. This process uses a password or some sort of credential such...
Words: 2199 - Pages: 9
...1. The difference between a risk analysis and a business impact analysis is that the (RA) just defines the risks that are possible for the location or business, and the (BIA) includes what the impact to the business would be if one of those risks were to happen. 2. The difference between a Disaster Recovery Plan and a Business Continuity Plan is that the (DRP) defines exactly how the company plans to bring the system back up to working operations, and the (BCP) includes the (DRP) but also covers all functions of the business. 3. The (BCP) would also include the (DRP), (CBF), (MAO), (RTO), and the (BIA). 4. The difference between a risk analysis and a business impact analysis is that the (RA) just defines the risks that are possible for the location or business, and the (BIA) includes what the impact to the business would be if one of those risks were to happen. 5. The purpose of the risk assessment and business impact analysis is to identify all the risks that can be a danger to the company and to figure out exactly how the business would be impacted, this is an important first step because the rest of the business continuity plan depends on knowing what to worry about and how to go about avoiding these risks. 6. The (RA) relates to the (BIA) because the (RA) helps to figure out the (BIA) by identifying what the risks are and what kind of threat it poses to the company. 7. I think that this company is most likely an online sales business and its most important...
Words: 319 - Pages: 2
...involve the identification, selection, implementation, testing and updating of processes and specific actions necessary to prudently protect criticial busin precesses from the effects of major system and network disruptions and to ensure the timely restoration of business ops if significant disruptions occur BCP and DRP BIA stands for Business Impact Analysis MTD stands for Maximum Tolerable Downtime first step in building BC program Project initiation and management activites of project initiation and mgmt 1) obtain senior mgmt support 2) define a project scope, the objectives, to be achieved and planning assumptions 3) estimate the project resources needed (human and financial) 4) Define a timeline and major deliverables Senior leadership's two major goals 1) Grow the business 2) Protect the brand What are the risk to a corporation for not having BC/DRP? 1) Financial 2) Reputational 3) Regulatory Formula for calculating financial risk P * M = C P: Probability of harm M: Magnitude of harm C: Cost of prevention Prudent man rule exercise the same care in managing the company affairs as in managing one's own affairs 1. Which of the following is considered the most important component of the enterprisewide continuity planning program? c. Executive management support 2. During the threat analysis phase of the continuity planning methodology, which of the following threats should be addressed? a. Physical security b. Environmental security c. Information security ...
Words: 2067 - Pages: 9
...business continuity implementation plan outline as part of this lab’s deliverables. Lab #6 Assessment Questions & Answers 1. What is the different between a risk analysis (RA) and a business impact analysis (BIA)? 2. What is the difference between a Disaster Recovery Plan and a Business Continuity Plan? Copyright © 2013 Jones & Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com -58All Rights Reserved. Current Version Date: 02/11/2012 Student Lab Manual 3. Typically, a business continuity plan is also a compilation or collection of other plans. What other plans might a BCP and all supporting documents include? 4. What is the main difference between a Disaster Recovery Plan (DRP) and a Business Continuity Plan (BCP)? 5. What is the purpose of a risk assessment and business impact analysis? Why is this an important first step in defining a BCP and DRP? 6. How does risk assessment (RA) relate to a business impact analysis for an organization? Copyright © 2013 Jones & Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com -59All Rights Reserved. Current Version Date:...
Words: 380 - Pages: 2
