Contingency Planning

CompTIA Security+ Certification (SY0-501) Chapter 10 - Dealing with Incidents
10 minutes
Share the link to this page
Copied
  Completed
You need to have access to the item to view this lesson.
One-time Fee
$99.99
List Price:  $139.99
You save:  $40
€91.73
List Price:  €128.43
You save:  €36.69
£78.50
List Price:  £109.90
You save:  £31.40
CA$135.42
List Price:  CA$189.60
You save:  CA$54.17
A$152.22
List Price:  A$213.12
You save:  A$60.89
S$133.77
List Price:  S$187.28
You save:  S$53.51
HK$781.89
List Price:  HK$1,094.68
You save:  HK$312.79
CHF 88.30
List Price:  CHF 123.63
You save:  CHF 35.32
NOK kr1,058
List Price:  NOK kr1,481.24
You save:  NOK kr423.24
DKK kr684.10
List Price:  DKK kr957.77
You save:  DKK kr273.66
NZ$164.15
List Price:  NZ$229.81
You save:  NZ$65.66
د.إ367.20
List Price:  د.إ514.09
You save:  د.إ146.89
৳10,978.23
List Price:  ৳15,369.96
You save:  ৳4,391.73
₹8,290.53
List Price:  ₹11,607.08
You save:  ₹3,316.54
RM471.80
List Price:  RM660.54
You save:  RM188.74
₦156,534.34
List Price:  ₦219,154.34
You save:  ₦62,620
₨27,950.66
List Price:  ₨39,132.05
You save:  ₨11,181.38
฿3,595.26
List Price:  ฿5,033.51
You save:  ฿1,438.25
₺3,229.78
List Price:  ₺4,521.83
You save:  ₺1,292.04
B$499.40
List Price:  B$699.18
You save:  B$199.78
R1,883.20
List Price:  R2,636.56
You save:  R753.35
Лв179.42
List Price:  Лв251.19
You save:  Лв71.77
₩133,286.20
List Price:  ₩186,606.01
You save:  ₩53,319.81
₪365.03
List Price:  ₪511.06
You save:  ₪146.02
₱5,561.09
List Price:  ₱7,785.75
You save:  ₱2,224.66
¥14,911.76
List Price:  ¥20,877.07
You save:  ¥5,965.30
MX$1,670.32
List Price:  MX$2,338.52
You save:  MX$668.19
QR364.82
List Price:  QR510.77
You save:  QR145.94
P1,359.04
List Price:  P1,902.71
You save:  P543.67
KSh13,398.66
List Price:  KSh18,758.66
You save:  KSh5,360
E£4,718.65
List Price:  E£6,606.31
You save:  E£1,887.65
ብር5,656.15
List Price:  ብር7,918.84
You save:  ብር2,262.68
Kz83,512.74
List Price:  Kz116,921.18
You save:  Kz33,408.44
CLP$93,810.03
List Price:  CLP$131,337.80
You save:  CLP$37,527.76
CN¥710.61
List Price:  CN¥994.89
You save:  CN¥284.27
RD$5,917.87
List Price:  RD$8,285.25
You save:  RD$2,367.38
DA13,435.55
List Price:  DA18,810.31
You save:  DA5,374.76
FJ$226.69
List Price:  FJ$317.37
You save:  FJ$90.68
Q780.94
List Price:  Q1,093.35
You save:  Q312.40
GY$20,949.18
List Price:  GY$29,329.69
You save:  GY$8,380.51
ISK kr13,659.63
List Price:  ISK kr19,124.03
You save:  ISK kr5,464.40
DH1,002.67
List Price:  DH1,403.78
You save:  DH401.11
L1,768.33
List Price:  L2,475.73
You save:  L707.40
ден5,652.42
List Price:  ден7,913.61
You save:  ден2,261.19
MOP$805.88
List Price:  MOP$1,128.27
You save:  MOP$322.38
N$1,866.55
List Price:  N$2,613.25
You save:  N$746.69
C$3,681.10
List Price:  C$5,153.70
You save:  C$1,472.59
रु13,266.49
List Price:  रु18,573.62
You save:  रु5,307.13
S/368.83
List Price:  S/516.39
You save:  S/147.55
K382.06
List Price:  K534.91
You save:  K152.84
SAR375
List Price:  SAR525.02
You save:  SAR150.01
ZK2,508.19
List Price:  ZK3,511.57
You save:  ZK1,003.37
L456.04
List Price:  L638.48
You save:  L182.43
Kč2,310.02
List Price:  Kč3,234.13
You save:  Kč924.10
Ft36,211.46
List Price:  Ft50,697.50
You save:  Ft14,486.03
SEK kr1,038.11
List Price:  SEK kr1,453.39
You save:  SEK kr415.28
ARS$85,066.49
List Price:  ARS$119,096.49
You save:  ARS$34,030
Bs691.23
List Price:  Bs967.75
You save:  Bs276.52
COP$389,029.38
List Price:  COP$544,656.70
You save:  COP$155,627.31
₡50,979.09
List Price:  ₡71,372.77
You save:  ₡20,393.67
L2,470.17
List Price:  L3,458.33
You save:  L988.16
₲730,160.41
List Price:  ₲1,022,253.79
You save:  ₲292,093.37
$U3,841.23
List Price:  $U5,377.88
You save:  $U1,536.64
zł395.31
List Price:  zł553.46
You save:  zł158.14
Already have an account? Log In

Transcript

Sometimes every once in a while really bad incidents take place. And when I say bad, I mean really bad like we're talking hurricanes or acts of war or some type of really bad thing that's going to take place that is going to massively disrupt your infrastructure. And that's what contingency planning is all about. So now, you really have two things to think about here. When you're talking about this. First of all, you're talking about what we call disaster recovery.

We have a hurricane. I live in Houston, Texas, we think about this stuff a lot. We have a hurricane coming in, we have a disaster, it's gonna put six feet of water in our offices. How do we recover from that type of a disaster, but on the same token, I have an obligation to the people I pay rent to, to make money. So what do I do to keep my business continuity going, what do I do to keep everything going? So these two do work very much together.

And it's important that we kind of talk about them at the same time. Under we'll just use the term contingency planning. So the big thing we're going to talk about first is the idea of a disaster coming in. Let's say a hurricane does knock on wood, come into the Houston, Texas area, I'm going to have to evacuate my offices. So what we talked about is the concept of a backup site. Now there are different levels of backup site.

We call them cold, warm and hot. Let me show you all three of those. The first type of backup or recovery site is a cold site. The way to remember a cold site is that it takes weeks to bring it up online. So this is going to be a basic office space. There'll be buildings with air conditioning and chairs and desks.

But there won't be any operational equipment. There may be some equipment on site, but it's basically not plugged in. The big benefit of a cold site is that it's the cheapest of all the different types of recovery sites. Second is a warm site. A warm site will take days to actually Bring online. In this case, it's a cold site, but it does have operational equipment.

So all the computers are there, they probably have their basic software running, but they have either very little of your functional data or no data whatsoever. The last one is a hot site, a hot site can take just hours to bring online, many hot sites will have real time synchronization. Literally everything happening on our main site is being mirrored over at our hot site. So almost all the data is ready to go. And usually just a quick update, get the people over there and we're up and running. The downside to hot sites is that they are very, very expensive.

Simply picking a backup or recovery site, just by going by the cold warm hot concept is good. But there's a lot of other things to consider when you're thinking about sites like this. For example, distance distance is a really big deal. In Texas, these hurricanes can be Really, really wide. So we want to make sure that whatever backup site we're using isn't going to be affected by the same event. Luckily for us in Houston, we've got Dallas, Texas, and that's where we go whenever the Hurricanes come along.

Secondly, when you're thinking about the location, you need to think about some really important stuff. For example, pretty much everybody's got power. And they pretty much everybody has internet. But do they have the level of internet connectivity you need? What internet tier? Are they connecting to?

Are you way down on some little terrible ISP? Are you in a big pipe? What are your requirements? You need to think about that? Other things come into play, for example, if you're going to be there for a while, what about housing? What about entertainment for employees?

You need to think about all of these things when you're putting all this together. Third, are going to be legal issues. For example, one big issue we have is different types of data are handled different ways depending on what country that In. So we need to make sure that wherever we are moving to, especially if it's a different country, that our legal issues are handled in terms of whatever we need to do with that data. This can be even more challenging. When you get into the cloud itself.

Many countries require, depending on your industry, what you're doing, that the data that you use on a given daily basis, must be within the same country that you're doing business. And you really do have to work very, very closely with cloud providers to make sure that that's taking place. So disasters happen, you've got backup sites, and everything's there and you've thought about it, you've established a site, you've made a decision on what type of site you want. Keep in mind that business continuity and data recovery go hand in hand. So the Hurricanes go away, and the power is back up and we've mopped the floors and we're ready to come back home. Now what we have to deal with something that we call The order of restoration.

So what I'm going to do is just give you a sample order of restoration. And this is the one we actually use here at total seminars. The first thing I'm going to check when we walk in the door is power, I want to make sure the power is restored. Now just because the power company says things are restored, I want to make sure my outlets are functional. And I'm going to be running around with a tester to make sure I've got good AC power where I need it. Second, I'm going to make sure my wired LAN is up and running.

Any switches that are interconnecting all my cable runs is up and good and everybody's happy. Number three, my internet service provider link here at total seminars, we can't get a lot of work done unless we're on the internet. So the third thing I'm going to do is make sure that the link is good and the routers are up and running and make sure we're in good shape there. Next, any active directory or DNS or DHCP servers. So I've got a couple of window boxes that tend to handle all that I make sure those are up and cooking. Next after that are accounts servers this way if people are calling in to buy things or to have questions or to place orders, we have the servers ready to deal with that stuff.

So along with that, all my sales folks and account folks are going to have to have their workstations up and running. Now once we've got the day to day stuff going, then I'm going to go looking back towards production. For example, you like my videos? Well, we need to make sure our video production servers that store all these videos are up and running. And on top of that, all my post production guys need their video post production workstations up and running. Now that's the core stuff, but from their little things that aren't quite so critical does for example, I'm going to get my wireless access points up and running at this point for the occasional times when people go wireless as they come into my office.

And then last on my personal list are what I call peripherals. So things like printers, cameras, scanners, faxes, making sure that these are all up and running. contingency planning without a little practice is just going to get You're in trouble. Don't let your first disaster be the first time you actually put all this in order. So the big thing that we do more than anything else is we have annual exercises. Now, these exercises can manifest in a lot of different ways.

You can do just a little tabletop exercise where your primary people are sitting around a table talking about how this goes, but they go through the order and understand it. Or you can do more aggressively than that and actually do a fire drill, where people go out and move servers and fire systems up and get in cars and go places expensive. But if your systems are that critical, it's not a bad investment. You need to think about a lot of different things here, for example, the concept of failover. It's always nice to talk about these recovery sites. But failover simply means the process of making that happen, and that's where people get in trouble with this type of stuff.

They spend zillions of dollars setting up a warm site, but they don't actually go through the failover process. As of making all of this happen, I think it's very important personally to at least one time in every person's career to at least feel that process. All my employees have to deal with actually getting in their cars and going places. I like to say I do it annually, but probably not quite that often. The other thing to think about his stuff, like, for example, alternative processing sites. Now, when we talk about processing sites, it's easy for me as a little company, like total seminars to just have this one warm site up in Dallas, Texas, where we do everything.

But with larger organizations, you might have to have different types of processing sites. For example, if you've got a big server farm, you might be able to have your salespeople back up and running, but what are you going to be doing about whatever type of data that you're dealing with with your infrastructure. So a lot of times we end up making cross agreements with sometimes even competitors and saying, I've got a farm, you've got a farm, if one of us it gets in trouble. We'll just go ahead and use each other's space and you work out a degree Payment like that. The other big issue that comes into play or alternative business practices. Now, little things for a company like me become very, very important.

For example, how do we take credit card information? If we're using different types of accounting software? How is that going to come into play? If we are suddenly working in another state here in the United States, even sales tax issues come into play, and we need to think about these alternative business practices before it happens. And the last big one, and this one's really important. We do this both was exercises and you certainly do it if the real McCoy ever happens, and that is after action reports, a clear and detailed documentation of everything that happened so that if it ever happens again, you'll be ready to handle any form of business contingency planning.

Sign Up

Share

Share with friends, get 20% off
Invite your friends to LearnDesk learning marketplace. For each purchase they make, you get 20% off (upto $10) on your next purchase.