CompTIA Security+: Business Continuity Plan

CompTIA Security+ logo

Module 11:

The Business Continuity Plan (BCP) is an integral part of an organization’s overall strategy, ensuring that it can continue its essential operations in the face of various disruptions. In this post, we will explore the key principles, strategies, and best practices associated with BCP, a vital topic for cybersecurity and your CompTIA Security+ certification.

Ensuring Business Continuity

  • Select Business Continuity and Disaster Recovery Processes
  • Develop a Business Continuity Plan

Business Continuity and Disaster Recovery

Business continuity – A collection of processes enabling an organization to maintain normal business operations after an adverse event.

Numerous types of events may instigate business continuity:

  • Brought about by malice.
  • Brought about by carelessness or negligence.

Effects can include:

  • Loss or leakage of data.
  • Damage to property.
  • Breakdown of communications.
  • Harm to personnel.
  • And more.

Disaster recovery – A major component of business continuity that focuses on recovering assets after a disaster.

  • Ensures IT environment is brought back to a working baseline level.
  • One of the most important steps in ensuring business continuity.

The Disaster Recovery Process

Disaster Recovery Step Description
Notify stakeholders Stakeholders should be informed of a disaster. Senior management, board members, investors, clients, etc. Timing and detail of notification depends on the type of stakeholder.
Begin emergency operations Detailed steps regard specific emergency services. Incident manager can assume control of situation.
Assess the damage Determine extent of damage to property. Determine cause if unclear. Estimate amount of downtime. Determine appropriate response strategy.
Assess the facility Determine if facility should still be primary center of operations. May need to relocate operations to an alternate site.
Begin recovery process All prior steps are completed or are in motion. Recovery process starts in earnest.

Recovery Team

  • Group of designated individuals who implement recovery procedures.
  • Immediately responds in an emergency.
  • Restores critical business processes to normal operating capacity.

Can Include:

  • Systems managers
  • Systems admins
  • Security admins
  • Facility specialists
  • Communications specialists
  • HR staff Legal representatives

Order of Restoration

A process dictating what types of systems to prioritize during disaster recovery.

  • Not all systems are equal to the organization.
  • One component may be more crucial to the business than another.
  • You must triage the damage done.
  • You can customize the order to fit your business needs.

Example: Cloud storage company whose datacenter and office areas were flooded.

  • Restore clean, dry conditions to datacenter.
  • Restore power to the datacenter.
  • Restore internal datacenter networking.
  • Restore datacenter storage and processing servers.
  • Restore inbound and outbound network connectivity to datacenter.
  • Restore clean, dry conditions to general office area.
  • Restore workstation functionality.
  • Restore desk/cubicle environments.

Recovery Sites

Can be used as alternate sites to restore system functions.

Hot Site:

  • A fully configured alternate network that can be quickly online after a disaster.
  • Example: Operations center that can be fully staffed within hours of a disaster.

Warm Site:

  • A location that is dormant or performs non-critical functions and can be rapidly converted to a key operations site.
  • Example: Customer service center converted to a network maintenance facility.

Cold Site:

  • A predetermined alternate location where a network can be rebuilt after a disaster.
  • Example: A rented warehouse with power and network hookups.

Secure Recovery

  • Must include processes for securely recovering sensitive resources.

Processes may include:

  • Designate trusted admin to supervise recovery.
  • Document steps used to restore processes, systems, and data.
  • Instructions for continuing operations at alternate recovery site.
  • Review and test the recovery process regularly.

System Backups

Backup Types

Full:

  • All files backed up.
  • High storage space and slow backup.
  • Quick to recover.

Differential vs. Incremental

Differential:

  • All files that have changed since last full backup.
  • Less storage space and backup time than full.
  • Slower to recover.

Incremental:

  • All files that have changed since last backup (any).
  • Less time to perform than differential.
  • Slowest to recover.

Secure Backups

Backups also need to be secured.

  • Secure backups are offline and offsite.
  • Secure backups are in a locked location protected against environmental damage.
  • Secure backups are accurately labeled to prevent accidental overwriting.

There are implications with having multiple backups.

  • Backups fail, so having more in other locations can save you problems.
  • Additional copies require additional security.
  • Strike a balance between the risks of having too many backups vs. not enough.

Also consider the integrity of the backup.

  • Backups may fail since you last checked on them.
  • Have processes in place for identifying file corruption and other issues.

Geographic Considerations

Backup media must be secure, but still accessible.

  • Onsite storage used for most recent backups.
  • Offsite storage used for long-term backups.

Implications of offsite backups:

  • Backups stored a short distance away make it quick and easy to restore operations.
  • May be susceptible to the same risks as primary site. •
  • Example: Entire geographic region may be susceptible to hurricane damage.
  • Offsite backups may need to be geographically dispersed.

Challenges involved in different municipalities:

  • States/countries/regions have their own laws and regulations.
  • May need to adjust data retention policies.

Data sovereignty is a nations sociopolitical outlook concerning information technology.

  • Nation may not respect data privacy.
  • Nation may disapprove of certain content.
  • Nation may be suspicious of security measures like encryption.

Guidelines for Selecting Business Continuity and Disaster Recovery Processes

  • Be aware of the different ways your business could be threatened.
  • Implement an overall business continuity process.
  • Implement disaster recovery to restore IT operations.
  • Follow a disaster recovery process.
  • Form a recovery team.
  • Determine an order of restoration.
  • Consider maintaining alternate recovery sites.
  • Choose between hot, warm, and cold recovery sites.
  • Ensure recovery processes are secure from compromise.
  • Choose an appropriate backup type.
  • Ensure that backups are stored in a secure location.
  • Consider the security implications of multiple backups.
  • Regularly test the integrity of backups.
  • Consider placing backups offsite.
  • Be aware of the pros and cons of close vs. distant backup sites.
  • Research the culture and laws of the region that hosts your backups.

Business Continuity Plans

A policy that describes and ratifies the organizations overall business continuity strategy.

  • Should identify critical systems and components.
  • Preserves key documents.
  • Establishes decision-making authority.
  • Facilitates communication among stakeholders. Maintains financial functions.

Should address infrastructure issues.

  • High availability and fault tolerance.
  • Creating and maintaining backups.

  • Should be reviewed and tested regularly.
  • Must be signed by an executive to be authoritative.

Disaster Recovery Plans

A policy that describes and ratifies the organizations disaster recovery strategy.

  • Help organization recover from an incident with minimal loss of time and money.
  • Focused on restoring IT operations to working capacity.
  • Also focused on ensuring the safety of personnel.

DRPs can include:

  • List of contact information for the recovery team.
  • Inventory of hardware and software.
  • Record of important business and customer information.
  • Record of procedure manuals and other critical information.
  • Specifications for alternate sites.
  • Information on backup items and procedures.

IT Contingency Plans

A component of the BCP that specifies alternate IT procedures to switch to in case of a disaster.

Possible interim measures:

  • Operating out of an alternate site.
  • Using alternate equipment or systems. Relocating the main systems.

Effectiveness depends on:

  • Key personnel understanding when and how plan should be initiated.
  • Reviewing the plan to see if its aspects are in place.
  • Training employees and management to exercise the plan.

Succession Plan

A plan that ensures key personnel have one or more backups who can perform critical functions if needed.

Identifies:

  • Key individuals used as replacements.
  • The people they replace.
  • What functions they can perform.
  • How they need to be trained.

Failover

A technique that ensures redundant assets can quickly and efficiently take over for failed assets.

Example: Load balancers often provide failover.

  • One or more servers is down or taking too long to respond.
  • Load balancer redirects traffic to other, healthy servers.
  • Redundant servers in the pool ensure there is no service interruption.

Important to include in BCPs to minimize impact and scope of disaster.

  • Take inventory of primary assets.
  • Take inventory of redundant assets.
  • Map primary assets to redundant assets.
  • Streamlines recovery process.

Alternate Business Practices

BCP may need a plan for adjusting business practices.

Example: Customer service needs to move to a new facility.

  • New facility may be understaffed or less well-equipped.
  • Organization may relax its quotas and expectations.
  • May require a modification of SLAs.

Organization may offload services to a third party.

  • Requires new business arrangements.
  • Business processes need to adapt.

Testing Exercises

Exercise Type Description
Walkthroughs, workshops, and orientation seminars Provide basic awareness and training for recovery personnel. Describe contents of BCPS/DRPs and other plans. Describe roles and responsibilities of these plans.
Tabletop exercises Recovery team members discuss their roles in emergencies. Recovery team members discuss their responses in certain situations,
Functional exercises Action-based sessions where personnel validate plans. Personnel actively respond to simulated scenarios.
Full-scale exercises Action-based sessions that reflect real situations. Held onsite and use real personnel. Most often conducted by public agencies.

After Action Reports

An analysis of events that can provide insight into improving response time and processes in future.

  • Report on exactly what happened and how you responded.
  • You can identify if the organization followed the BCP.
  • You can identify if the BCP is adequate.
  • Learning from successes and failures leads to enhanced processes and refined plans.

Ask yourself:

  • What happened?
  • What did the organization do?
  • Did you follow the BCP?
  • What elements did you fail to implement?
  • Were these elements relevant?
  • Did the BCP address the situation?
  • Are there any gaps in the BCP?
  • Did the recovery team perform its job well?
  • Are any additional exercises needed?
  • In the same situation, would you respond differently?
  • Do you need to change the BCP?

Guidelines for Developing a BCP

  • Ensure the BCP is comprehensive.
  • Develop a supplemental DRP for restoring IT operations.
  • Ensure DRP includes backup procedures and other critical information.
  • Draft an IT contingency plan to ensure the continuity of IT procedures.
  • Ensure IT personnel are trained on this plan.
  • Draft a backout contingency plan to quickly revert mistakes.
  • Draft a succession plan for replacing key personnel.
  • Incorporate failover techniques in the BCP.
  • Inventory primary and redundant assets, and map them to each other.
  • Incorporate alternate business practices into the BCP.
  • Conduct testing exercises.
  • Draft AARs to learn from successes and mistakes.
  • Ask key questions to identify areas for improvement.
  • Modify the BCP as needed.

A well-crafted Business Continuity Plan (BCP) is essential for an organization’s resilience in the face of disruptions. As a CompTIA Security+ professional, understanding the principles of BCP development and implementation, organizations can ensure that they are prepared to continue essential operations and recover quickly in the event of unforeseen events.

You can find all of our CompTIA Sec+ guides here: CompTIA Sec+

We also have guides for the CompTIA A+ here: CompTIA A+

Recommendation:

Basic Security Testing with Kali Linux: https://amzn.to/3S0t7Vq

Luke Barber

Hello, fellow tech enthusiasts! I'm Luke, a passionate learner and explorer in the vast realms of technology. Welcome to my digital space where I share the insights and adventures gained from my journey into the fascinating worlds of Arduino, Python, Linux, Ethical Hacking, and beyond. Armed with qualifications including CompTIA A+, Sec+, Cisco CCNA, Unix/Linux and Bash Shell Scripting, JavaScript Application Programming, Python Programming and Ethical Hacking, I thrive in the ever-evolving landscape of coding, computers, and networks. As a tech enthusiast, I'm on a mission to simplify the complexities of technology through my blogs, offering a glimpse into the marvels of Arduino, Python, Linux, and Ethical Hacking techniques. Whether you're a fellow coder or a curious mind, I invite you to join me on this journey of continuous learning and discovery.

One thought on “CompTIA Security+: Business Continuity Plan

  1. Your article gave me a lot of inspiration, I hope you can explain your point of view in more detail, because I have some doubts, thank you.

Leave a Reply

Your email address will not be published. Required fields are marked *

Verified by MonsterInsights