《Ch6Business Continuity And Disaster RecoCISA》由会员分享,可在线阅读,更多相关《Ch6Business Continuity And Disaster RecoCISA(60页珍藏版)》请在金锄头文库上搜索。
1、ISACA The recognized globalleaders in IT governance,control, security and assuranceChapter 6Business Continuity And Disaster Recovery2009 CISA Review CourseCourse AgendaLearning ObjectivesDiscuss Task and Knowledge StatementsDiscuss specific topics within the chapter Case studySample questions Exam
2、RelevanceEnsure that the CISA candidate“Understands and can provide assurance that in the event of a disruption the business continuity and disaster recovery processes will ensure the timely resumption of IT services while minimizing the business impact.” The content area in this chapter will repres
3、ent approximately 14% of the CISA examination (approximately 28 questions).Chapter 6 Learning ObjectivesEvaluate the adequacy of backup and restore provisions to ensure the availability of information required to resume processingEvaluate the organizations disaster recovery plan to ensure that it en
4、ables the recovery of IT processing capabilities in the event of a disasterEvaluate the organizations business continuity plan to ensure the organizations ability to continue essential business operations during the period of an IT disruption6.2 Business Continuity / Disaster Recovery PlanningBusine
5、ss continuity planning (BCP) is a process designed to reduce the organizations business riskA BCP is much more than just a plan for the information systemsCorporate risks could cause an organization to sufferInability to maintain critical customer servicesDamage to market share, reputation or brandF
6、ailure to protect the company assets including intellectual properties and personnelBusiness control failureFailure to meet legal or regulatory requirements6.2 Business Continuity / Disaster Recovery Planning (continued)Practice Question6-1During an audit of a large bank, the IS auditor observes tha
7、t no formal risk assessment exercise has been carried out for the various business applications to arrive at their relative importance and recovery time requirements. The risk to which the bank is exposed is that the: A.business continuity plan may not have been calibrated to the relative risk that
8、disruption of each application poses to the organization.B.business continuity plan may not include all relevant applications and, therefore, may lack completeness in terms of its coverage.C.business impact of a disaster may not have been accurately understood by the management.D.business continuity
9、 plan may lack an effective ownership by the business owners of such applications.Practice Question6-2Which of the following is necessary to have FIRST in the development of a business continuity plan?A.Risk-based classification of systemsB.Inventory of all assetsC.Complete documentation of all disa
10、stersD.Availability of hardware and softwarePractice Question6-3An IS auditor should be involved in:A.observing tests of the disaster recovery plan.B.developing the disaster recovery plan.C.maintaining the disaster recovery plan.D.reviewing the disaster recovery requirements of supplier contracts.IS
11、 processing is of strategic importanceCritical component of overall BCPMost key business processes depend on the availability of key systems and infrastructure components6.2.1 IS Business Continuity / Disaster Recovery PlanningDisasters are disruptions that cause critical information resources to be
12、 inoperative for a period of timeGood BCP will take into account impacts on IS processing facilities6.2.2 Disasters and Other Disruptive EventsPhases of the business continuity planning processCreation of a business continuity and disaster recovery policyBusiness impact analysisClassification of ope
13、rations and criticality analysisDevelopment of a business continuity plan and disaster recovery procedures Training and awareness programTesting and implementation of planMonitoring 6.2.3 Business Continuity Planning ProcessAll types of incidents should be categorizedNegligibleMinorMajorCrisis6.2.5
14、Business Continuity Planning Incident ManagementCritical step in developing the business continuity planThree main questions to consider during BIA phase:1.What are the different business processes?2.What are the critical information resources related to an organizations critical business processes?
15、3.What is the critical recovery time period for information resources in which business processing must be resumed before significant or unacceptable losses are suffered?6.2.6 Business Impact Analysis6.2.6 Business Impact Analysis (continued)What is the systems risk ranking?CriticalVitalSensitiveNon
16、-sensitive6.2.6 Business Impact Analysis (continued)Practice Question6-4The window of time for recovery of information processing capabilities is based on the:A.criticality of the processes affected.B.quality of the data to be processed.C.nature of the disaster.D.applications that are mainframe-base
17、d.Recovery Point Objective (RPO)Based on acceptable data lossIndicates earliest point in time in which it is acceptable to recover the dataRecovery Time Objective (RTO)Based on acceptable downtimeIndicates earliest point in time at which the business operations must resume after a disaster6.2.7 Reco
18、very Point Objective and Recovery Time Objective6.2.7 Recovery Point Objective and Recovery Time Objective (continued)Additional parameters important in defining recovery strategiesInterruption windowService delivery objective (SDO)Maximum tolerable outages6.2.7 Recovery Point Objective and Recovery
19、 Time Objective (continued)Practice Question6-5Data mirroring should be implemented as a recovery strategy when:A.recovery point objective (RPO) is low.B.RPO is high.C.recovery time objective (RTO) is high.D.disaster tolerance is high.Practice Question6-6When preparing a business continuity plan, wh
20、ich of the following MUST be known to establish a recovery point objective (RPO)?A.The acceptable data loss in case of disruption of operationsB.The acceptable downtime in case of disruption of operationsC.Types of offsite backup facilities availableD.Types of IT platforms supporting critical busine
21、ss functionsA recovery strategy is a combination of preventive, detective and corrective measuresThe selection of a recovery strategy would depend upon:The criticality of the business process and the applications supporting the processesCostTime required to recoverSecurity6.2.8 Recovery StrategiesRe
22、covery strategies based on the risk level identified for recovery would include developing:Hot sitesWarm sitesCold sitesDuplicate information processing facilitiesMobile sitesReciprocal arrangements with other organizations6.2.8 Recovery Strategies(continued)Types of offsite backup facilitiesHot sit
23、es - Fully equipped facilityWarm sites - Partially equipped but lacking processing powerCold sites - Basic environmentDuplicate (redundant) information processing facilityMobile sitesReciprocal agreementContract with hot, warm or cold siteProcuring alternative hardware facilities6.2.9 Recovery Alter
24、natives6.2.9 Recovery Alternatives (continued)Types of offsite backup facilitiesHot sites - Fully equipped facilityWarm sites - Partially equipped but lacking processing powerCold sites - Basic environmentDuplicate (redundant) information processing facilityMobile sitesReciprocal agreementContract w
25、ith hot, warm or cold siteProcuring alternative hardware facilities6.2.9 Recovery Alternatives(continued)Provisions for use of third-party sites should cover:ConfigurationsDisasterSpeed of availabilitySubscribers per site and areaPreferenceInsuranceAudit ReliabilityProcuring alternative hardware fac
26、ilitiesVendor or third-partyOff-the-shelfCredit agreement or emergency credit cards 6.2.9 Recovery Alternatives(continued)Practice Question6-7An IS auditor discovers that an organizations business continuity plan provides for an alternate processing site that will accommodate 50 percent of the prima
27、ry processing capability. Based on this, which of the following actions should the IS auditor take? A.Do nothing, because generally, less than 25 percent of all processing is critical to an organizations survival and the backup capacity, therefore, is adequate.B.Identify applications that could be p
28、rocessed at the alternate site and develop manual procedures to back up other processing.C.Ensure that critical applications have been identified and that the alternate site could process all such applications.D.Recommend that the information processing facility arrange for an alternate processing s
29、ite with the capacity to handle at least 75 percent of normal processing.Factors to consider when developing the plansPre-disaster readinessEvacuation proceduresCircumstances under which a disaster should be declaredIdentification of plan responsibilitiesIdentification of contract informationRecover
30、y option explanationsIdentification of resources for recovery and continued operation of the organizationApplication of the constitution phase6.2.10 Development of Business Continuity and Disaster Recovery PlansThe emergency management team coordinates the activities of all other recovery teams. Thi
31、s team oversees:Retrieving critical and vital data from offsite storageInstalling and testing systems software and applications at the systems recoveryIdentifying, purchasing, and installing hardware at the system recovery siteOperating from the system recovery siteRerouting network communications t
32、raffic6.2.11 Organization and Assignment of ResponsibilitiesThe emergency management team coordinates the activities of all other recovery teams. This team oversees:Reestablishing the user/system networkTransporting users to the recovery facilityReconstructing databasesSupplying necessary office goo
33、ds, i.e., special forms, check stock, paperArranging and paying for employee relocation expenses at the recovery facilityCoordinating systems use and employee work schedules6.2.11 Organization and Assignment of Responsibilities (continued)Management and user involvement is vital to the success of BC
34、PEssential to the identification of critical systems, recovery times and resourcesInvolvement from support services, business operations and information processing supportEntire organization needs to be considered for BCP6.2.12 Other Issues inPlan DevelopmentA business continuity plan may consist of
35、 more than one plan documentContinuity of operations plan (COOP)Disaster recovery plan (DRP)Business resumption planContinuity of support plan / IT contingency planCrisis communications planIncident response planTransportation planOccupant emergency plan (OEP)6.2.13 Components of a Business Continui
36、ty PlanComponents of the plan Key decision-making personnelBackup of required supplies Telecommunication networks disaster recovery methodsRedundant array of inexpensive disks (RAID)Insurance6.2.13 Components of a Business Continuity Plan (continued)Practice Question6-8In a business continuity plan,
37、 which of the following notification directories is the MOST important?A.Equipment and supply vendorsB.Insurance company agentsC.Contract personnel servicesD.A prioritized contact listPractice Question6-9Which of the following components of a business continuity plan is PRIMARILY the responsibility
38、of an organizations IS department?A.Developing the business continuity planB.Selecting and approving the strategy for the business continuity planC.Declaring a disasterD.Restoring the IS systems and data after a disasterTelecommunication networks disaster recovery methodsRedundancyAlternative routin
39、gDiverse routingLong haul network diversityLast mile circuit protectionVoice recovery6.2.13 Components of a Business Continuity Plan (continued)Redundant array of inexpensive disks (RAID)Provide performance improvements and fault tolerant capabilities via hardware or software solutionsProvide the po
40、tential for cost-effective mirroring offsite for data back-up6.2.13 Components of a Business Continuity Plan (continued)InsuranceIS equipment and facilitiesMedia (software) reconstructionExtra expenseBusiness interruptionValuable papers and recordsErrors and omissionsFidelity coverageMedia transport
41、ation6.2.13 Components of a Business Continuity Plan (continued)Schedule testing at a time that will minimize disruptions to normal operationsTest must simulate actual processing conditionsTest execution:Documentation of resultsResults analysis Recovery / continuity plan maintenance 6.2.14 Plan Test
42、ingPractice Question6-10In an audit of a business continuity plan, which of the following findings is of MOST concern?A.There is no insurance for the addition of assets during the year.B.The business continuity plan manual is not updated on a regular basis.C.Testing of the backup data has not been d
43、one regularly.D.Records for maintenance of the access system have not been maintained.Offsite library controlsSecurity and control of offsite facilitiesMedia and documentation backupPeriodic backup proceduresFrequency of rotationTypes of media and documentation rotatedRecord keeping for offsite stor
44、ageBusiness continuity management best practices6.2.15 Backup and RestorationBusiness continuity plan must:Be based on the long-range IT planComply with the overall business continuity strategy6.2.16 Summary of Business Continuity and Disaster RecoveryProcess for developing and maintaining the BCP/D
45、RPBusiness impact analysisIdentify and prioritize systemsChoose appropriate strategiesDevelop the detailed plan for IS facilitiesDevelop the detailed BCPTest the plansMaintain the plans6.2.16 Summary of Business Continuity and Disaster Recovery (continued)Understand and evaluate business continuity
46、strategyEvaluate plans for accuracy and adequacyVerify plan effectivenessEvaluate offsite storageEvaluate ability of IS and user personnel to respond effectivelyEnsure plan maintenance is in place Evaluate readability of business continuity manuals and procedures6.3 Auditing Business ContinuityIS au
47、ditors should verify that basic elements of a well-developed plan are evident including:Currency of documentsEffectiveness of documentsInterview personnel for appropriateness and completeness6.3.1 Reviewing the BusinessContinuity PlanIS auditors must review the test results to:Determine whether corr
48、ective actions are in the planEvaluate thoroughness and accuracyDetermine problem trends and resolution of problems6.3.2 Evaluation of PriorTest ResultsAn IS auditor must:Evaluate presence, synchronization and currency of media and documentationPerform a detailed inventory reviewReview all documenta
49、tionEvaluate availability of facility6.3.3 Evaluation of Offsite StorageKey personnel must have an understanding of their responsibilitiesCurrent detailed documentation must be kept6.3.4 Interviewing Key PersonnelAn IS auditor must:Evaluate the physical and environmental access controlsExamine the e
50、quipment for current inspection and calibration tags6.3.5 Evaluation of Security atOffsite FacilityAn IS auditor should obtain a copy of the contract with the vendorThe contract should be reviewed against a number of guidelinesContract is clear and understandableOrganizations agreement with the rule
51、s6.3.6 Reviewing AlternativeProcessing ContractInsurance coverage must reflect actual cost of recoveryCoverage of the following must be reviewed for adequacyMedia damageBusiness interruptionEquipment replacementBusiness continuity processing6.3.7 Reviewing Insurance CoverageOrganization revising BCP
52、 and DRP for headquarters (750 employees) and 16 branches (each with 2035 employees and mail and file / print server)Current plans not updated in more than 8 yearsOrganization has grown by 300%Staff connect via LAN to more than 60 applications, databases and print servers in the corporate data centr
53、eStaff connect via a frame relay network to the branchesTraveling users connect over the Internet using VPNCritical applications have RTO of 35 daysCase Study ScenarioAll users in the headquarters and branches connect to the Internet through a firewall and proxy server located in the data centerBran
54、ch offices are located between 30 and 50 miles from one another, with none closer to the headquarters facility than 25 miles Backup media for the data center are stored at a third-party facility 35 miles awayBackups for servers located at the branch offices are stored at nearby branch offices using
55、reciprocal agreements between officesCase Study Scenario(continued)Current contract with third party hot site3 year term, with equipment upgrades occurring at renewal time25 serversWork area space with PCs for 100 employeesSeparate agreement to ship 2 servers and 10 PCs to any branch declaring a dis
56、asterHot site provider has multiple sites in case the primary site is in use by another customer or rendered unavailable by the disasterCase Study Scenario(continued)Case Study Question1.On the basis of the above information, which of the following should the IS auditor recommend concerning the hot
57、site?A.Desktops at the hot site should be increased to 750.B.An additional 35 servers should be added to the hot site contract.C.All backup media should be stored at the hot site to shorten the RTO.D.Desktop and server equipment requirements should be reviewed quarterly.Case Study Question2.On the b
58、asis of the above information, which of the following should the IS auditor recommend concerning branch office recovery?A.Add each of the branches to the existing hot site contract.B.Ensure branches have sufficient capacity to back each other up.C.Relocate all branch mail and file / print servers to the data center.D.Add additional capacity to the hot site contract equal to the largest branch.ConclusionQuick Reference ReviewPage 512 of the CISA Review Manual 2009
