Chapter 7. Disaster Recovery

The terms disaster recovery (DR) and business continuity planning (BCP) are often confused and treated as interchangeable. They are, however, two different (but related) practices. BCP pertains to the overall continuation of business via a number of contingencies and alternative plans. These plans can be executed based on the current situation and the tolerances of the business for outages and such. DR encompasses the set of processes and procedures that are used in order to reach the objectives of the business continuity plan.

BCP normally extends to the entire business, not just IT, including such areas as secondary offices and alternate banking systems, power sources, and utilities. DR is often more IT focused and looks at technologies such as backups and hot standbys.

Why are we talking about DR and BCP in a security book? The CIA triad (confidentiality, integrity, and availability) is considered key to nearly all aspects of information security, and BCP and DR are focused very heavily on preserving availability while maintaining confidentiality and integrity. For this reason, information security departments are often very involved in the BCP and DR planning stages.

In this chapter, we will discuss setting your objective criteria, strategies for achieving those objectives, and testing, recovery, and security considerations.

Setting Objectives

Objectives allow you to ensure that you are measurably meeting business requirements when creating a ...

Get Defensive Security Handbook, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.