The CISSP exam covers 10 domains, one of which is business continuity and disaster recovery. This domain pertains to creating a business continuity/disaster recovery plan, dealing with systems failures and other catastrophic service interruptions. Those preparing for the exam will need to know about backups, impact analysis, off-site data recovery and emergency response.
In this section of the CISSP Study Guide, you can ensure your knowledge of business continuity and disaster recovery by referring to our resources, and then test your knowledge with our business continuity quiz, written by CISSP All-in-one Exam Guide author Shon Harris. Visit our library of study guides to see the other domains.
Business continuity, disaster recovery planning basics
In this video, which is part one of a six-part series, Andre Gold, head of technology operations and security for AutoTrader.com, will discuss the basics of disaster recovery and business continuity planning, and define several general terms associated with disaster recovery and business continuity planning in order to help organizations develop a more accurate understanding of the technologies.
The availability, business continuity and disaster recovery relationship
In part two of this video series, Andre Gold explains why he sees the relationship between business continuity and disaster recovery as a continuum, and also discusses the direct relationship with the cost of protecting against failure as well as the time associated with recovery. This video will help you gain a better understanding of the relationship between availability, business continuity planning and disaster recovery.
Business continuity: Defining internal risk management policies
In many organizations, the head of disaster recovery and business continuity planning, who is often the chief risk officer, is tasked with the responsibility of building the firm's business continuity planning (BCP) and disaster recovery (DR) efforts.
In this third installment of Andre Gold's video series, learn how organizations should define their own internal risk management policies and standards to ensure a solid development to your disaster recovery and business continuity efforts.
Key elements of business continuity, disaster recovery planning
This fourth installment of Andre Gold's video series focuses specifically on disaster recovery, covering several key aspects of a disaster recovery plan, one being location -- where to restore the technology, the people, the processes, etc. -- technology, crisis management and communications.
Business continuity, disaster recovery planning: Problems and issues
In this fifth segment of Andre Gold's disaster recovery and business continuity planning video series, learn the most common problems and pitfalls organizations can be expected to face in their business continuity and disaster recovery planning efforts and how to avoid these problems.
Core elements to prevent business continuity, disaster recovery problems
In this sixth and final installment of Andre Gold's BCR and DR video series, he discusses the importance of money, support and communication for building effective BCP and DR operations and avoiding business continuity and disaster recovery planning problems, and defines the core elements needed for a successful BCP and DR efforts.
Is there a way to integrate business continuity planning and operational risk management?
Organizations continually face the challenge of integrating business continuity planning and operational risk management, and sometime struggle to present a meaningful comparative analysis between risk assessment and business impact analysis to management.
In this Q&A, security management expert Mike Rothman of Securosis discusses the differences between business continuity planning and operational risk management and offers advice on how to effectively integrate the two.
Ten steps to a successful business impact analysis
Security managers are increasingly being required to ensure their organizations' information systems and data can survive a disaster. In order to accomplish this, security managers often conduct disaster-recovery preparation projects that identify critical information systems, tasks and processes, and define in what order and how quickly they must be recover after a disaster.
In this tip, learn what exactly a business impact analysis is, the benefits of creating and conducting a business impact analysis, and 10 steps for performing a successful business impact analysis
Disaster recovery and business continuity tabletop exercises
When disaster strikes, will your enterprise be ready? Tabletop exercises, which are informal simulations of an emergency or disaster scenario, can help organization better prepare in the event of a security catastrophe.
In this security management expert response, David Mortman explains how disaster recovery and business continuity tabletop exercises can prepare an organization for handling a security malfunction and unveils what questions to ask during tabletop exercises.
Disaster recovery risk assessment for cyberterrorism attacks
The threat of cyberterrorism attacks are seemingly becoming more sophisticated and clever, increasing the chances that savvy cyberterrorists could infiltrate your organization. While most enterprise have extensive security controls in place, they should also have a disaster recovery plan at the ready in case they become a victim of attack.
In this expert response, security management expert David Mortman explains why cyberterrorism threats should be feared and how an organization can prepare for them with a disaster recovery risk assessment.
Return to the CISSP Study Guide.
About the author
Shon Harris, CISSP, MCSE, is the president of Logical Security, an IT security consulting and training company. She is a former engineer in the Air Force's Information Warfare unit, an instructor and the best-selling author of the previous three editions of this book. Shon has taught computer and information security to a wide range of clients, including RSA, the Department of Defense, the Department of Energy, the National Security Agency and many more.