CISSP考试指南笔记：7.12 实施灾难恢复

Recovering from a disaster begins way before the event occurs. It starts by anticipating threats and developing goals that support the business’s continuity of operations.

A goal must contain certain key information, such as the following:

• Responsibility Each individual involved with recovery and continuity should have their responsibilities spelled out in writing to ensure a clear understanding in a chaotic situation.
• Authority In times of crisis, it is important to know who is in charge.
• Priorities It is extremely important to know what is critical versus what is merely nice to have.
• Implementation and testing

The biggest effect of an incident, especially one that is poorly managed or that was preventable, is on an organization’s reputation or brand.

The DR plan should address in detail all of the topics we have covered so far.

Personnel

The DR coordinator needs to define several different teams that should be properly trained and available if a disaster hits.

The DR coordinator should have an understanding of the needs of the company and the types of teams that need to be developed and trained.

The restoration team should be responsible for getting the alternate site into a working and functioning environment, and the salvage team should be responsible for starting the recovery of the original site.

The BCP must outline the specific teams, their responsibilities, and notification procedures.

Assessment

A role, or a team, needs to be created to carry out a damage assessment once a disaster has taken place. The assessment procedures should be properly documented and include the following steps:

• Determine the cause of the disaster.
• Determine the potential for further damage.
• Identify the affected business functions and areas.
• Identify the level of functionality for the critical resources.
• Identify the resources that must be replaced immediately.
• Estimate how long it will take to bring critical functions back online.
• If it will take longer than the previously estimated MTD values to restore operations, then a disaster should be declared and the BCP should be put into action.

After this information is collected and assessed, it will indicate which teams need to be called to action and whether the BCP actually needs to be activated.

Restoration

Once the damage assessment is completed and the plan is activated, various teams must be deployed, which signals the company’s entry into the restoration phase.

The restoration process needs to be well organized to get the company up and running as soon as possible.

Templates should have been developed during the plan development stage.

The following lists a few of these issues:

• Ensuring the safety of employees
• Ensuring an adequate environment is provided (power, facility infrastructure, water, HVAC)
• Ensuring that the necessary equipment and supplies are present and in working order
• Ensuring proper communications and connectivity methods are working
• Properly testing the new environment

Once the coordinator, management, and salvage team sign off on the readiness of the facility, the salvage team should carry out the following steps:

• Back up data from the alternate site and restore it within the new facility.
• Carefully terminate contingency operations.
• Securely transport equipment and personnel to the new facility.

The least critical functions should be moved back first, so if there are issues in network configurations or connectivity, or important steps were not carried out, the critical operations of the company are not negatively affected.

Communications

The purpose of the emergency communications plan that is part of the overall DR plan is to ensure everyone knows what to do at all times and that the team remains synchronized and coordinated.

It is also critical that different formats of the plan be available to the team, including both electronic and paper versions.

One simple way to accomplish this is to publish a call tree on cards that can be affixed to personnel badges or kept in a wallet.

Primary, Alternate, Contingency, and Emergency (PACE) communications plans:

• Primary The normal or expected capability that is used to achieve the objective.
• Alternate A fully satisfactory capability that can be used to achieve the objective with minimal impact to the operation or exercise.
• Contingency A workable capability that can be used to achieve the objective.
• Emergency This is the last-resort capability and typically may involve significantly more time and effort than any of the other capabilities.

Training

Training your team on the execution of a DR plan is critical for at least three reasons. First, it allows you to validate that the plan will actually work.

Another reason to train is to ensure that everyone knows what they’re supposed to do, when, where, and how.

Lastly, training can help establish that you are exercising due care.