6.5 Disaster recovery and business continuity planning and auditing

Rollback to version 2

0:03 - 0:05

So today, we are from Group 10.
0:05 - 0:08

We will continue to present on Chapter 6
0:08 - 0:10

under Subtopic 6.5:
0:10 - 0:12

Disaster Recovery and Business
0:12 - 0:15

Continuity Planning and Auditing.
0:15 - 0:17

Assalamu Alaikum,
0:18 - 0:19

and hi, everyone.
0:19 - 0:20

We are from BlueTech.
0:20 - 0:22

In this video, we will present about
0:22 - 0:24

disaster
0:24 - 0:26

recovery and business continuity
0:26 - 0:27

planning and auditing.
0:27 - 0:30

First, of course, my name is Intan Sanwa
0:30 - 0:31

Binti Mahasi,
0:31 - 0:34

matric number 268061, and
0:34 - 0:37

I'm the first presenter. I will present
0:37 - 0:38

the definition,
0:38 - 0:43

purpose, and the main aspects of BRP.
0:45 - 0:47

Alright, I will proceed for the
0:47 - 0:49

definition part.
0:49 - 0:53

Disaster. What is disaster? Disaster is
0:53 - 0:55

disruptions that cause critical
0:55 - 0:58

information resources to be inoperative
0:58 - 1:00

for a period of time.
1:00 - 1:02

Disaster can be caused because of
1:02 - 1:03

environmental conditions,
1:03 - 1:06

system failure, or equipment failure,
1:06 - 1:10

or disaster can also be man-made. Any
1:10 - 1:12

incident that can takes more than
1:12 - 1:14

a suitable amount of time
1:14 - 1:17

to recover, or if it has more than an
1:17 - 1:18

acceptable range
1:18 - 1:20

of consequences, can be called a
1:20 - 1:23

disaster.
1:23 - 1:26

The examples of disaster are weather,
1:26 - 1:29

terrorism, disruption in expected services,
1:29 - 1:33

human error, and so on.
1:34 - 1:37

Disaster can be short or may last for a
1:37 - 1:37

long time,
1:37 - 1:41

but when an organization is ready for
1:41 - 1:44

any adversity, it strives hard and survives.
1:44 - 1:47

Disruption can lead to lost revenue,
1:47 - 1:48

brain damage,
1:48 - 1:51

and dissatisfied customers. And the
1:51 - 1:53

longer the recovery time,
1:53 - 1:56

the greater the adverse business impact.
1:56 - 1:59

Therefore, a good disaster recovery plan
1:59 - 2:02

should enable rapid recovery from
2:02 - 2:03

disruptions,
2:03 - 2:05

regardless of the source of the
2:05 - 2:07

disruptions.
2:07 - 2:10

The business continuity plan includes,
2:10 - 2:13

first, the disaster recovery plan, that is
2:13 - 2:15

generally the plan to be followed
2:15 - 2:19

by the business units to recover a harmed
2:19 - 2:20

or demolished
2:20 - 2:23

facility, or business functionality,
2:23 - 2:26

or an operational facility. Then, the
2:26 - 2:27

operation
2:27 - 2:29

plan, that is to be followed by the
2:29 - 2:30

business units
2:30 - 2:35

to get by while recovery is taking place.
2:36 - 2:38

Everything is the same as in the case of
2:38 - 2:41

the business continuity planning
2:41 - 2:43

or disaster recovery plan, with the
2:43 - 2:44

exception
2:44 - 2:46

that the continuity of the information
2:46 - 2:49

system processing is threatened.
2:49 - 2:51

Information system processing is one
2:51 - 2:52

operation
2:52 - 2:55

of many that keeps the organization not
2:55 - 2:58

only alive but also successful,
2:58 - 3:01

thus it is of strategic importance.
3:01 - 3:04

Thus, the event to be controlled is such
3:04 - 3:06

a disruption, that the objective
3:06 - 3:09

of the control measure is to survive an
3:09 - 3:11

interruption of the information system
3:11 - 3:13

processing.
3:13 - 3:15

Throughout the planning process of
3:15 - 3:16

business continuity,
3:16 - 3:19

the overall plan of the organization
3:19 - 3:22

should be taken into consideration.
3:22 - 3:25

All its plans must be consistent with
3:25 - 3:27

and support the corporate business
3:27 - 3:28

continuity plan.
3:28 - 3:30

This means that, especially those
3:30 - 3:33

information processing systems,
3:33 - 3:35

must have them more elaborated and ready
3:35 - 3:38

to start reserve processing facilities
3:38 - 3:42

that support key operations.
3:43 - 3:47

Next, the purpose and main aspects of DRP.
3:47 - 3:50

The purpose of DRP is to enable a business
3:50 - 3:51

to continue
3:51 - 3:55

offering critical services in the event
3:55 - 3:56

of a disruption
3:56 - 3:58

and to survive even a disastrous
3:58 - 3:59

interruption of
3:59 - 4:03

its activities. Next is the main aspects
4:03 - 4:04

of BRP
4:04 - 4:07

that business continuity planning has to
4:07 - 4:09

take into consideration.
4:09 - 4:11

First, the market and strategic goals of
4:11 - 4:13

the corporation.
4:13 - 4:16

Second, the strategic business processes.
4:16 - 4:18

Third, those key operations that are most
4:18 - 4:20

necessary to the survival
4:20 - 4:23

of the organization and the human or
4:23 - 4:27

material resources supporting them.
4:27 - 4:29

In the business continuity plan, it
4:29 - 4:30

includes
4:30 - 4:33

the disaster recovery plan to recover a
4:33 - 4:34

facility rendered
4:34 - 4:37

inoperable, including relocating
4:37 - 4:38

operations
4:38 - 4:41

to a new location, and the restoration
4:41 - 4:44

plan that is used to return operations
4:44 - 4:47

to normal, whether in a restored or
4:47 - 4:50

new facility, which is only after
4:50 - 4:53

mitigating the effect of your disruption
4:53 - 4:55

by restarting the business applications
4:55 - 4:57

involved.
4:57 - 4:59

That's all for my part. I will pause for
4:59 - 5:00

the next presenter.
5:00 - 5:02

Thank you.
5:04 - 5:09

Assalamu Alaikum, my name is Nur Athirah Haziqah Binti Mohd Said
5:09 - 5:12

and my matric is number is 264828. And I will
5:12 - 5:14

continue to present the objective of
5:14 - 5:16

Disaster Recovery Planning.
5:16 - 5:19

So, the first objective is to minimize
5:19 - 5:21

interruptions to the normal operations.
5:21 - 5:23

Which means by having this disaster
5:23 - 5:24

recovery planning,
5:24 - 5:26

we can minimize any problems of
5:26 - 5:28

disruptions that might be happen
5:28 - 5:31

later on to the normal operations. The
5:31 - 5:33

second objective is to limit the extent
5:33 - 5:36

of disruptions and damage.
5:36 - 5:40

Why limit the extent of disruptions and
5:40 - 5:42

damage? Because by having this DRP,
5:42 - 5:44

we can ensure that the disruptions does
5:44 - 5:47

not spread to any unrelated things,
5:47 - 5:50

so we can limit it. The third objective
5:50 - 5:52

is to minimize the economic impact of
5:52 - 5:53

the interruption.
5:53 - 5:55

For example, as nowadays, during this
5:55 - 5:56

COVID-19 pandemic,
5:56 - 5:58

when a company has this disaster
5:58 - 6:00

recovery planning, so the company has a
6:00 - 6:02

backup plan on how the company will
6:02 - 6:04

operate normally as usual.
6:04 - 6:07

Maybe in terms of meeting, they can do an
6:07 - 6:08

online meeting
6:08 - 6:11

so it can minimize the
6:11 - 6:13

economic impact due to the interruptions.
6:13 - 6:15

This is because they can continue
6:15 - 6:17

operate the company as usual
6:17 - 6:18

and the economic growth will not be
6:18 - 6:21

affected. The fourth objective is to
6:21 - 6:23

establish alternative means of operation
6:23 - 6:24

in advance.
6:24 - 6:27

Which means by having this DRP, it can
6:27 - 6:29

provide a planning with effective medium
6:29 - 6:31

of solutions globally,
6:31 - 6:34

if anything happens later on. The fifth
6:34 - 6:34

one
6:34 - 6:36

is to train personnel with emergency
6:36 - 6:39

procedures for example
6:39 - 6:41

when cyber attacks suddenly happen so
6:41 - 6:43

when a company applying this drp
6:43 - 6:46

the personnel know the action to be
6:46 - 6:48

taken after the cyber attacks happen
6:48 - 6:51

it's something like early preparation
6:51 - 6:52

the management also
6:52 - 6:54

should regularly train the employees
6:54 - 6:55

about how to prepare
6:55 - 6:57

for a data breach or to avoid a data
6:57 - 6:59

bridge in the first place
6:59 - 7:01

the last one is to provide for smooth
7:01 - 7:03

and rapid restoration of service
7:03 - 7:05

so when having this disaster recovery
7:05 - 7:07

planning it can provide a smooth and rev
7:07 - 7:10

restoration because this drp continue
7:10 - 7:13

offering critical services in the event
7:13 - 7:13

of the
7:13 - 7:16

offer disruptions and to survive uh
7:16 - 7:19

even these risers disastrous
7:19 - 7:20

interruptions
7:20 - 7:23

uh to its activities so the next one is
7:23 - 7:25

the components of disaster recovery
7:25 - 7:26

planning
7:26 - 7:28

so the next one is the components of
7:28 - 7:31

disaster recovery planning the first one
7:31 - 7:31

is
7:31 - 7:34

create a disaster recovery team this
7:34 - 7:36

team will be responsible for developing
7:36 - 7:39

implementing and maintaining the drp all
7:39 - 7:41

employees should be informed of and
7:41 - 7:42

understand the
7:42 - 7:44

disaster recovery planning and their
7:44 - 7:46

responsibility
7:46 - 7:49

if any disaster occurs when having
7:49 - 7:52

this drp team the management will refer
7:52 - 7:53

straight to this team
7:53 - 7:56

easily when any disaster occurs as this
7:56 - 7:58

team will be responsible
7:58 - 8:01

to inform and give understanding to all
8:01 - 8:01

employees
8:01 - 8:03

what action they should be taken when
8:03 - 8:04

any disasters
8:04 - 8:07

occurs so the second one identify and
8:07 - 8:09

access disaster risk
8:09 - 8:11

the disaster recovery team should
8:11 - 8:12

identify and assess
8:12 - 8:16

the risk to organization also assist the
8:16 - 8:17

team in identifying the recovery
8:17 - 8:19

strategies and resources
8:19 - 8:21

required to recover from disasters
8:21 - 8:24

within a predetermined and acceptable
8:24 - 8:25

time frame
8:25 - 8:27

which means after the drp team
8:27 - 8:29

identified as a series
8:29 - 8:31

then they will provide a planning with
8:31 - 8:33

effective medium of solution
8:33 - 8:37

globally if anything happen later on
8:37 - 8:39

so the third one is determine critical
8:39 - 8:40

applications
8:40 - 8:43

documents and resources the plan should
8:43 - 8:44

focus on
8:44 - 8:46

short-term survivability such as
8:46 - 8:48

generating cash flows and revenues
8:48 - 8:50

rather than on a long-term solution of
8:50 - 8:52

restoring the organization's
8:52 - 8:54

full functioning capacity the
8:54 - 8:56

organization must recognize
8:56 - 8:58

some processes that should not be
8:58 - 9:00

delayed if possible for example like
9:00 - 9:01

processing of payroll
9:01 - 9:03

in simple word i can say that when they
9:03 - 9:05

want to build a grp
9:05 - 9:07

so it should focus on short-term
9:07 - 9:09

planning to ensure that the company
9:09 - 9:14

survive rather than planning a long-term
9:14 - 9:17

long-term planning all the docu all the
9:17 - 9:19

important documents must not be delayed
9:19 - 9:21

such as the processing of payroll
9:21 - 9:23

the fourth one is specified bake-up and
9:23 - 9:25

off-site storage procedures
9:25 - 9:28

all critical equipment applications and
9:28 - 9:29

documents
9:29 - 9:31

should not be baked should be backup
9:31 - 9:33

what need what need to be backup
9:33 - 9:35

such documents like the latest
9:35 - 9:36

punishment statements
9:36 - 9:39

tax returns inventory records customer
9:39 - 9:40

and vendor listings
9:40 - 9:42

critical supplies required for daily
9:42 - 9:44

operations like checks and also the
9:44 - 9:46

purchase order
9:46 - 9:48

all critical supplies and a copy of the
9:48 - 9:50

drp should be stored at
9:50 - 9:53

at an off-site location which means
9:53 - 9:53

which
9:53 - 9:56

locate all the backup data away from the
9:56 - 10:00

client's main premises
10:00 - 10:03

so the last one is test and maintain the
10:03 - 10:04

drp
10:04 - 10:07

the organization routinely test the drp
10:07 - 10:08

to evaluate
10:08 - 10:11

the procedures documented in the plan
10:11 - 10:14

for effectiveness and appropriateness
10:14 - 10:15

the recovery team should regularly
10:15 - 10:17

update the grp
10:17 - 10:19

to accommodate for changes in business
10:19 - 10:20

processes
10:20 - 10:23

technology and evolving disaster risk so
10:23 - 10:24

basically
10:24 - 10:27

test of drp is important to establish if
10:27 - 10:29

the recovery objectives are achievable
10:29 - 10:33

maybe to improve any recovery processes
10:33 - 10:34

and to familiarize
10:34 - 10:37

start with the recovery processes this
10:37 - 10:39

test will be explained more details by
10:39 - 10:41

the next presenter
10:41 - 10:43

assalamualaikum and hi everyone my name
10:43 - 10:44

is
10:44 - 10:47

number 259065 so i will continue the
10:47 - 10:49

presentation regarding the disaster
10:49 - 10:52

regarding disaster recovery testing okay
10:52 - 10:54

so the purpose of it disaster
10:54 - 10:56

recovery testing is to discover flaws in
10:56 - 10:58

your disaster recovery plan
10:58 - 10:59

so you can resolve them before they
10:59 - 11:01

impact your ability to restore
11:01 - 11:04

operations in other words disaster
11:04 - 11:05

recovery testing
11:05 - 11:08

allows you to identify potential errors
11:08 - 11:09

and issues
11:09 - 11:12

and develop solutions so that in a real
11:12 - 11:12

disaster
11:12 - 11:14

your business will be able to
11:14 - 11:18

re-establish critical operations
11:18 - 11:21

okay there are about five types of
11:21 - 11:23

disaster recovery testing
11:23 - 11:25

including walk-through test cut of a
11:25 - 11:26

test paper test
11:26 - 11:29

simulation and parallel tests let us
11:29 - 11:31

start with the first one walkthrough
11:31 - 11:33

test
11:33 - 11:36

in this test several business and
11:36 - 11:37

technology experts
11:37 - 11:40

in the organization will gather to walk
11:40 - 11:42

through the drp
11:42 - 11:45

to discuss each step in the drp so that
11:45 - 11:45

they can
11:45 - 11:48

identify issues and opportunities for
11:48 - 11:49

making the
11:49 - 11:52

drp more accurate and complete
11:52 - 11:55

next kind of a test a kind of a test is
11:55 - 11:58

to test fail over recovery systems built
11:58 - 12:00

to take over the full production
12:00 - 12:04

workload in case of disaster
12:04 - 12:07

primary systems are
12:07 - 12:11

disconnected during the test next paper
12:11 - 12:12

test
12:12 - 12:14

in a paper test members of the dr team
12:14 - 12:15

read
12:15 - 12:17

and testify recovery plan documents such
12:17 - 12:18

as
12:18 - 12:21

vr policies procedures timelines
12:21 - 12:24

benchmark and checklist a hard copy of
12:24 - 12:25

documents should
12:25 - 12:28

be stored in a secure offline
12:28 - 12:30

environment and a digital copy in the
12:30 - 12:31

cloud
12:31 - 12:34

simulation is a simulated disaster in
12:34 - 12:35

which teams
12:35 - 12:39

must go through their documented
12:39 - 12:41

recovery plans to identify where the
12:41 - 12:43

emergency response
12:43 - 12:46

plans are educated another idea is to
12:46 - 12:47

hold the simulation
12:47 - 12:50

on a day that is not
12:50 - 12:52

announced ahead of time so that
12:52 - 12:53

respondents
12:53 - 12:57

uh possibly be less prepared to respond
12:57 - 12:59

this is a very real simulation uh
12:59 - 13:00

because in fact
13:00 - 13:03

anyone do not know when the catastrophe
13:03 - 13:03

may
13:03 - 13:06

occur this is very important actually
13:06 - 13:07

for the teams
13:07 - 13:10

to practice the drp in real life to make
13:10 - 13:12

sure that it's sufficient for it
13:12 - 13:14

disaster recovery like fire drill
13:14 - 13:17

for example parallel test in apparel
13:17 - 13:19

test
13:19 - 13:21

fall over recovery systems are tested to
13:21 - 13:24

make sure that in case of disaster they
13:24 - 13:25

can perform
13:25 - 13:28

real business transactions supporting
13:28 - 13:30

key processes and applications
13:30 - 13:33

meanwhile primary systems continue to
13:33 - 13:34

run the
13:34 - 13:38

full production would load
13:39 - 13:41

okay so next why does a drp require
13:41 - 13:42

testing
13:42 - 13:45

the reason is because to exercise the
13:45 - 13:47

recovery processes and procedures
13:47 - 13:50

next to familiarize staff with the
13:50 - 13:51

recovery process
13:51 - 13:54

and the end documentation verify the
13:54 - 13:56

effectiveness of the recovery
13:56 - 13:57

documentation
13:57 - 14:00

verify the effectiveness of the recovery
14:00 - 14:00

site
14:00 - 14:02

establish if the recovery objectives are
14:02 - 14:04

achievable
14:04 - 14:06

identify improvements required to the dr
14:06 - 14:07

strategy
14:07 - 14:11

infrastructure and recovery processes
14:11 - 14:13

hi yes america my name is nisha raventi
14:13 - 14:17

mohammed shui my metric number is 26105
14:17 - 14:18

i will continue within its sub topics
14:18 - 14:21

which are recovery time objective
14:21 - 14:24

rto and recovery point objective rpo
14:24 - 14:26

i will also explain the differences
14:26 - 14:28

between these two recovery objectives
14:28 - 14:32

now let's start with rto
14:34 - 14:36

so what is recovery time objective
14:36 - 14:38

recovery time objective
14:38 - 14:40

rto is the duration of time and a
14:40 - 14:41

service level
14:41 - 14:44

within which a business process must be
14:44 - 14:44

restored
14:44 - 14:47

after a disaster in order to avoid any
14:47 - 14:49

unacceptable consequences
14:49 - 14:52

associated with a break in continuity in
14:52 - 14:54

other words the rto is the answer to the
14:54 - 14:55

question
14:55 - 14:57

how much time did it take to recover
14:57 - 15:00

after notification of business process
15:00 - 15:03

disruption in addition rto designates
15:03 - 15:05

the variable amount of data that will be
15:05 - 15:06

lost
15:06 - 15:08

or will have to be re-entered during
15:08 - 15:09

network downtime
15:09 - 15:12

rto also decides the amount of real time
15:12 - 15:12

that
15:12 - 15:15

can pass before the disruption begins to
15:15 - 15:16

seriously and
15:16 - 15:19

acceptably impede the flow of normal
15:19 - 15:20

business
15:20 - 15:22

operation
15:24 - 15:27

for example if rto is 24 hours it means
15:27 - 15:29

the organization determined that
15:29 - 15:31

the business can maintain operations for
15:31 - 15:33

the amount of the time
15:33 - 15:35

without having its normal data and
15:35 - 15:37

infrastructure available
15:37 - 15:39

so if the data and infrastructure are
15:39 - 15:41

not recovered within 24 hours
15:41 - 15:43

the business could suffer irreparable
15:43 - 15:46

harm
15:47 - 15:50

now let's move to the next recovery
15:50 - 15:50

objective
15:50 - 15:53

the next recovery objective is recovery
15:53 - 15:55

point objective
15:55 - 15:58

or rpo i will discuss briefly about rpo
15:58 - 16:01

in the next slides
16:03 - 16:06

what is rpo rpo is a measurement of the
16:06 - 16:09

maximum tolerable amount of data to lose
16:09 - 16:12

in other words rpo measures how much
16:12 - 16:14

data you can afford to lose
16:14 - 16:17

as the result of a disaster rpo can help
16:17 - 16:18

the organization to measure how much
16:18 - 16:19

time
16:19 - 16:21

can occur between last data backup and a
16:21 - 16:23

disaster without
16:23 - 16:25

causing serious damage to the business
16:25 - 16:26

on top of that
16:26 - 16:29

rpo is very useful for an organization
16:29 - 16:31

to determine how often to perform data
16:31 - 16:34

backups
16:36 - 16:38

so most businesses back up data at fixed
16:38 - 16:40

intervals of time such as
16:40 - 16:43

once every hour once every day or
16:43 - 16:44

infrequently as once every week
16:44 - 16:48

example of rpo is if the last available
16:48 - 16:50

good copy of data open and out age
16:50 - 16:54

is from 80 hours ago and the rpo for the
16:54 - 16:56

business is 20 hours
16:56 - 16:58

then the organization is still within
16:58 - 16:59

the parameters of the business
16:59 - 17:01

continuity plans
17:01 - 17:04

rpo in other words it answers the
17:04 - 17:04

question
17:04 - 17:06

of up to what point in time could a
17:06 - 17:07

business process
17:07 - 17:10

recovery proceed tolerably given the
17:10 - 17:11

volume
17:11 - 17:15

of data loss during the interval
17:16 - 17:18

so recovery time objective rto and
17:18 - 17:20

recovery point objective rpo
17:20 - 17:23

are two of the most important parameters
17:23 - 17:25

of a disaster recovery or data
17:25 - 17:26

protection plan
17:26 - 17:29

these are objectives that can guide
17:29 - 17:31

enterprises to choose an optimal cloud
17:31 - 17:32

backup and disaster
17:32 - 17:35

recovery plan the rpo or rto along with
17:35 - 17:37

the business impact analysis
17:37 - 17:39

provides the basis for identifying and
17:39 - 17:41

analyzing viable strategies
17:41 - 17:43

for inclusion in the business continuity
17:43 - 17:46

plan viable strategy options include any
17:46 - 17:47

which
17:47 - 17:49

would enable resumption of a business
17:49 - 17:50

process
17:50 - 17:52

in a time frame at or near the rpo or
17:52 - 17:53

rto
17:53 - 17:55

at first glance these two terms appear
17:55 - 17:57

to be quite similar
17:57 - 17:59

however there are some differences
17:59 - 18:01

between these two recovery objectives
18:01 - 18:03

now let's differentiate these two
18:03 - 18:07

recovery objectives in the next slide
18:08 - 18:11

the first difference between rto and rpo
18:11 - 18:11

is
18:11 - 18:14

rto has a broader purpose as it focuses
18:14 - 18:16

more on downtime
18:16 - 18:19

of services applications and process
18:19 - 18:22

this is because rto sets the boundaries
18:22 - 18:23

for the whole business
18:23 - 18:26

continuity management while rpo focuses
18:26 - 18:27

only on the issue of
18:27 - 18:30

backup frequency other than that rto
18:30 - 18:33

concern with applications and systems
18:33 - 18:35

the measurement includes data recovery
18:35 - 18:36

but primarily
18:36 - 18:38

describes time limitations on
18:38 - 18:40

application downtime
18:40 - 18:42

on the other hand rpo only corresponds
18:42 - 18:45

with the amount of data that is lost
18:45 - 18:48

following a failure event furthermore
18:48 - 18:50

rto looks forward in time where it
18:50 - 18:52

focuses on the amount of time the
18:52 - 18:53

organization need
18:53 - 18:56

in order to resume the operations while
18:56 - 18:57

rpo
18:57 - 19:00

looks back in time where it focuses on
19:00 - 19:02

the amount of time or data that the
19:02 - 19:05

organization are willing to lose that's
19:05 - 19:07

all from me i will pass to the next
19:07 - 19:09

presenter
19:09 - 19:11

okay next i'm going to explain on the
19:11 - 19:13

types of disaster recovery plan
19:13 - 19:15

they are a variety of disaster recovery
19:15 - 19:17

plans actually
19:17 - 19:19

but i'm going to focus on the two types
19:19 - 19:20

while the other types
19:20 - 19:22

will be covered by my other teammates
19:22 - 19:24

letter and the it recovery plan
19:24 - 19:26

okay the first type that i'm going to
19:26 - 19:29

cover is called virtualization disaster
19:29 - 19:30

recovery
19:30 - 19:32

it is actually a way to decrease the
19:32 - 19:33

amount of time
19:33 - 19:36

or reduce the time needed to perform a
19:36 - 19:36

full
19:36 - 19:39

restoration after they have been hit by
19:39 - 19:41

a disaster
19:41 - 19:44

so what does it mean by virtualization
19:44 - 19:47

virtualization by definition is the
19:47 - 19:48

process
19:48 - 19:50

of creating a virtual version of a
19:50 - 19:51

system
19:51 - 19:53

or a software or even an entire working
19:53 - 19:55

environment rather than creating a
19:55 - 19:57

physical
19:57 - 20:00

replica it can eliminate the need to
20:00 - 20:01

recreate a physical server when
20:01 - 20:03

something goes wrong
20:03 - 20:06

how by creating a multiple simulated
20:06 - 20:07

environments
20:07 - 20:09

or dedicated resources using a single
20:09 - 20:11

hardware system
20:11 - 20:14

it also helps you split a single system
20:14 - 20:16

into multiple distinct environments
20:16 - 20:18

called virtual machines
20:18 - 20:22

the physical system on which the various
20:22 - 20:25

virtual virtual machines are created is
20:25 - 20:26

called the host
20:26 - 20:30

and the virtual machines are called gas
20:30 - 20:34

okay next is network disaster recovery
20:34 - 20:36

a network disaster recovery plan is a
20:36 - 20:39

set of policies and procedures that
20:39 - 20:42

ensure a network is reinstated to
20:42 - 20:44

its normal working operations after it
20:44 - 20:45

goes offline
20:45 - 20:48

or is disrupted after it after a
20:48 - 20:50

disastrous event
20:50 - 20:54

it is a type of a disaster recovery plan
20:54 - 20:56

that is specifically designed for
20:56 - 20:57

internet
20:57 - 20:59

and external natural infrastructure of
20:59 - 21:01

an organization
21:01 - 21:04

network disaster recovery plan generally
21:04 - 21:05

requires
21:05 - 21:07

listing this tab which should be
21:07 - 21:09

undertaken in order to restock network
21:09 - 21:10

connectivity
21:10 - 21:13

identifying people responsible for
21:13 - 21:16

conducting natural disaster recovery
21:16 - 21:18

assessing possible consequences of a
21:18 - 21:19

natural failure
21:19 - 21:21

last but not least determining the best
21:21 - 21:24

strategies to mitigate them
21:24 - 21:26

the main purpose of network disaster
21:26 - 21:28

recovery is to ensure that
21:28 - 21:30

business services can be delivered to
21:30 - 21:31

customers
21:31 - 21:33

despite a disruption in network
21:33 - 21:34

connectivity
21:34 - 21:37

however disasters come in different
21:37 - 21:38

forms and sizes
21:38 - 21:42

which makes it which makes it hard
21:42 - 21:44

to predict what their impact would be
21:44 - 21:46

which network
21:46 - 21:49

components would be affected and how
21:49 - 21:50

many resources
21:50 - 21:52

would be required to restore network
21:52 - 21:54

connectivity
21:54 - 21:57

therefore the best strategy for ensuring
21:57 - 21:58

a successful
21:58 - 22:00

natural disaster recovery is by
22:00 - 22:03

preparing for the worst case scenarios
22:03 - 22:05

in advance and finding the ways to
22:05 - 22:08

mitigate their impact
22:08 - 22:12

uh possible causes of nature failures
22:12 - 22:16

include human errors
22:16 - 22:19

and network attacks human errors we can
22:19 - 22:19

say that
22:19 - 22:22

sometimes network connectivity problems
22:22 - 22:26

might be the result of mistakes made by
22:26 - 22:29

employees when working with network
22:29 - 22:30

equipment
22:30 - 22:32

or manually configuring network
22:32 - 22:35

components without an educated graph
22:35 - 22:38

of knowledge while natural attacks
22:38 - 22:40

is a network services that can get
22:40 - 22:41

disrupted
22:41 - 22:44

after a cyber attack whose aim is to
22:44 - 22:46

prevent the organization
22:46 - 22:48

to deliver its services by forcing it to
22:48 - 22:50

shut down
22:50 - 22:52

the next one is i.t disaster recovery
22:52 - 22:53

plan
22:53 - 22:56

so the next one is i.t disaster recovery
22:56 - 22:57

plan
22:57 - 22:58

an information technology disaster
22:58 - 23:00

recovery plan should be developed in
23:00 - 23:02

conjunction with the business continuity
23:02 - 23:03

plan
23:03 - 23:06

business continuity plan is a process a
23:06 - 23:09

company undergoes to create a prevention
23:09 - 23:11

and recovery system from potential
23:11 - 23:13

threats such as natural disasters or
23:13 - 23:14

cyber attacks
23:14 - 23:17

bcp is designed to protect personnel and
23:17 - 23:18

assets
23:18 - 23:22

and make sure that they function quickly
23:22 - 23:24

when disaster occurs priorities and
23:24 - 23:26

recovery time objectives
23:26 - 23:28

for information technology should be
23:28 - 23:30

developed during the business impact
23:30 - 23:31

analysis
23:31 - 23:34

which means the company must know the
23:34 - 23:35

reason
23:35 - 23:38

why they want to develop the disaster
23:38 - 23:39

recovery plan
23:39 - 23:42

technology recovery strategies should be
23:42 - 23:44

developed to restore hardware
23:44 - 23:46

applications and data in time to meet
23:46 - 23:47

the needs
23:47 - 23:49

of the business recovery in the simple
23:49 - 23:50

word
23:50 - 23:52

the management must provide a planning
23:52 - 23:55

with effective strategies or solutions
23:55 - 23:58

globally if anything happen later on to
23:58 - 23:59

ensure that the company can
23:59 - 24:03

run smoothly as normal
24:03 - 24:05

so the next part is the information
24:05 - 24:07

technology recovery strategies
24:07 - 24:10

basically these strategies should be
24:10 - 24:12

developed for iot systems
24:12 - 24:15

applications and data i.t resources
24:15 - 24:17

required to support time-sensitive
24:17 - 24:19

business functions
24:19 - 24:23

and processes should also be identified
24:23 - 24:25

the recovery time for an it resource
24:25 - 24:27

should match the recovery time
24:27 - 24:30

objective for the business functions or
24:30 - 24:31

process
24:31 - 24:36

that depends on the i.t resource
24:36 - 24:38

the next one is components what
24:38 - 24:40

components related to this idea of
24:40 - 24:42

disaster recovery planning
24:42 - 24:44

the first one is computer room
24:44 - 24:45

environment which is
24:45 - 24:47

secured computer room with climate
24:47 - 24:49

control if i'm not mistaken
24:49 - 24:52

climate control is a temperature control
24:52 - 24:54

which fitted the computer room
24:54 - 24:55

environment
24:55 - 24:57

maybe the temperature is not too low and
24:57 - 24:59

not too high
24:59 - 25:01

the second one is hardware for example
25:01 - 25:02

like networks
25:02 - 25:05

servers desktops laptop computers and
25:05 - 25:07

also the wireless devices
25:07 - 25:09

the third one is connectivity to a
25:09 - 25:12

service provider for example like fiber
25:12 - 25:15

cable wireless and etc the first one is
25:15 - 25:17

software applications for example like
25:17 - 25:20

electronic data interchange electronic
25:20 - 25:21

mail
25:21 - 25:24

enterprise resource management and also
25:24 - 25:26

office productivity
25:26 - 25:28

the next one is data and restorations
25:28 - 25:30

data restore is the process of
25:30 - 25:33

copying backup data from secondary
25:33 - 25:34

storage
25:34 - 25:38

and restoring it to its original
25:38 - 25:41

locations or a new locations so the next
25:41 - 25:43

part is developing an i.t disaster
25:43 - 25:45

recovery plan
25:45 - 25:47

the first one is compiling an inventory
25:47 - 25:48

of hardware
25:48 - 25:51

software applications and data which is
25:51 - 25:54

gathering the hardware like laptop or pc
25:54 - 25:56

which comes with wi-fi connectivity and
25:56 - 25:57

also
25:57 - 26:00

software needed like maybe cloud or any
26:00 - 26:02

other important software needed
26:02 - 26:04

the second one is ensure that all
26:04 - 26:06

critical information
26:06 - 26:09

is being backup critical information is
26:09 - 26:10

something like
26:10 - 26:13

latest financial statements tax returns
26:13 - 26:14

inventory records
26:14 - 26:16

customer and vendor listings and also
26:16 - 26:18

critical supplies that required for
26:18 - 26:20

daily operations like
26:20 - 26:22

checks and purchase orders is being
26:22 - 26:24

makeup by using this
26:24 - 26:28

i.t disaster recovery plan
26:28 - 26:30

the third one is identify critical
26:30 - 26:32

software applications and data
26:32 - 26:34

and the hardware required to run them
26:34 - 26:37

maybe in terms of software like
26:37 - 26:39

maybe in terms of software needed like
26:39 - 26:40

electronic mail network
26:40 - 26:43

servers or maybe like wi-fi to ensure
26:43 - 26:45

that it have connectivity to a service
26:45 - 26:47

provider
26:47 - 26:49

the fourth one is using standardized
26:49 - 26:52

hardware that will help to replicate and
26:52 - 26:52

re-image
26:52 - 26:56

new hardware the next one ensure that
26:56 - 26:58

copies of program software are available
26:58 - 26:59

to enable
26:59 - 27:02

re-installations on replacement
27:02 - 27:04

equipment
27:04 - 27:06

the next one document the i.t disaster
27:06 - 27:07

recovery plan
27:07 - 27:10

as part of the business continuity plan
27:10 - 27:11

because
27:11 - 27:13

business business continuity requires a
27:13 - 27:14

company
27:14 - 27:17

to keep operations functional during the
27:17 - 27:18

event
27:18 - 27:22

and immediately after and immediately
27:22 - 27:23

after
27:23 - 27:25

while disaster recovery focuses on how
27:25 - 27:26

you respond
27:26 - 27:29

after the event has completed and how a
27:29 - 27:30

company
27:30 - 27:33

would return to normal operation
27:33 - 27:35

the next one test the planet
27:35 - 27:38

periodically to make sure that it works
27:38 - 27:41

this test is also to ensure that it work
27:41 - 27:44

and to identify improvements required
27:44 - 27:48

to the itdrp strategy infrastructure and
27:48 - 27:51

recovery processes okay last but not
27:51 - 27:53

least we're going to talk about iodine
27:53 - 27:54

program for the rp
27:54 - 27:57

the objective is to evaluate documented
27:57 - 27:59

processes and procedures
27:59 - 28:02

for ic for is disaster preparedness
28:02 - 28:03

compliance
28:03 - 28:05

and to ensure the continuance of key
28:05 - 28:07

business functions in the event of a
28:07 - 28:09

disruption
28:09 - 28:11

the scope of this audit included to
28:11 - 28:13

ascertain the existence and
28:13 - 28:16

effectiveness of the current is disaster
28:16 - 28:16

recovery
28:16 - 28:18

plan and its alignment with the
28:18 - 28:21

enterprise business continuity plan
28:21 - 28:24

policies and procedures next to evaluate
28:24 - 28:26

ies functions preparedness in the event
28:26 - 28:28

of a process disruption
28:28 - 28:29

last but not least to determine
28:29 - 28:32

compliance with applicable federal laws
28:32 - 28:34

and regulations
28:36 - 28:38

there are many audit programs for the rp
28:38 - 28:39

actually but
28:39 - 28:42

i only listed about five audit programs
28:42 - 28:43

including audit
28:43 - 28:45

and validate the adequacy of the backup
28:45 - 28:46

data
28:46 - 28:47

well actually it does not matter how
28:47 - 28:51

good your disaster recovery plan
28:51 - 28:54

is if your data is out of date if in a
28:54 - 28:55

location
28:55 - 28:57

also affected by the disaster or has
28:57 - 28:59

become corrupted
28:59 - 29:01

next audit and validate the testing of
29:01 - 29:03

the disaster recovery plan
29:03 - 29:05

companies need to make sure the recovery
29:05 - 29:06

plan actually works
29:06 - 29:10

in an emergency regularly conduct data
29:10 - 29:11

fight drills to test
29:11 - 29:14

every possible scenario from basic power
29:14 - 29:14

failures
29:14 - 29:17

to catastrophic events that could result
29:17 - 29:20

in multiple months of devastation
29:20 - 29:23

next audit and validate passwords are
29:23 - 29:24

available to the disaster
29:24 - 29:28

recovery plan team password protection
29:28 - 29:30

is a key goal for data security
29:30 - 29:32

companies need to store
29:32 - 29:34

system passwords in at least two
29:34 - 29:35

geographically separate
29:35 - 29:38

secure locations make sure that more
29:38 - 29:39

than i.t
29:39 - 29:41

staff more than one active staff person
29:41 - 29:44

has access to all password encode
29:44 - 29:46

change this password promptly if key
29:46 - 29:48

president leave the company
29:48 - 29:51

next audit and validate the disaster
29:51 - 29:53

recovery plan is up to date
29:53 - 29:56

once a plane once a plan is created it
29:56 - 29:57

needs to be
29:57 - 30:01

revised at least
30:01 - 30:04

on a quarterly basis last but not least
30:04 - 30:06

audit and validate there is physical
30:06 - 30:08

documentation of the disaster
30:08 - 30:11

recovery plan after creating a plan
30:11 - 30:13

ensure that every process is well
30:13 - 30:14

documented
30:14 - 30:16

describe the location of all system
30:16 - 30:17

resources needed to accomplish the
30:17 - 30:18

recovery
30:18 - 30:21

store the documentation at multiple
30:21 - 30:22

locations
30:22 - 30:25

paper and electronic and verify that all
30:25 - 30:27

key personnel have easy access to the
30:27 - 30:29

manuals
30:29 - 30:34

so that's all from us thank you

Title:: 6.5 Disaster recovery and business continuity planning and auditing
Description:: more » « less
Video Language:: English
Duration:: 30:32

	OEVIDEOS edited English subtitles for 6.5 Disaster recovery and business continuity planning and auditing
	OEVIDEOS edited English subtitles for 6.5 Disaster recovery and business continuity planning and auditing
	OEVIDEOS edited English subtitles for 6.5 Disaster recovery and business continuity planning and auditing
	OEVIDEOS edited English subtitles for 6.5 Disaster recovery and business continuity planning and auditing

English subtitles

Revisions Compare revisions

Revision 4 Edited

OEVIDEOS
Revision 3 Edited

OEVIDEOS
Revision 2 Edited

OEVIDEOS
Revision 1 Uploaded

OEVIDEOS

	Revision Number	Author	Created
	4	OEVIDEOS
	3	OEVIDEOS
	2	OEVIDEOS
	1	OEVIDEOS

6.5 Disaster recovery and business continuity planning and auditing

Revisions Compare revisions

Our website uses cookies

Operating cookies (Required)