[CCCure CISSP] BCP and DRP

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

[CCCure CISSP] BCP and DRP

kiru cissp
Hi,
 
In real tme situations, is it appropriate to say that DRP can be invoked only when BCP is not successful?
 
Regards

_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
Reply | Threaded
Open this post in threaded view
|

Re: [CCCure CISSP] BCP and DRP

Jim White

No.

 

BCP gets you through the disaster, that is, it keeps you in business through the disruption. Thus, it is business continuity.

 

DRP is the plan that you invoke to get back to “normal” once the disaster/disruption has passed. Thus, it is recovery.

 

Example: There’s a hurricane bearing down on your installation. You invoke the BCP to keep essential business operations functioning through the disaster.

 

Once the disaster has passed, you invoke the DRP to return to pre-disaster normal.

 

Two separate processes that typically happen sequentially. In fact, if your BCP fails, there may be no point in invoking your DRP, as you may be out of business.

 

Jim

 

 

From: CISSPstudy [mailto:[hidden email]] On Behalf Of kiru cissp
Sent: Monday, December 24, 2012 9:13 PM
To: The CISSP Study Mailing list
Subject: [CCCure CISSP] BCP and DRP

 

Hi,

 

In real tme situations, is it appropriate to say that DRP can be invoked only when BCP is not successful?

 

Regards


_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
Reply | Threaded
Open this post in threaded view
|

Re: [CCCure CISSP] BCP and DRP

clementdupuis
Administrator
Good day Jim and Kiru,

DRP is focused on systems,  DRP ensures the critical systems you need to support your most critical business function are available throughout a disaster.

BCP is the higher level umbrella,  it includes DRP and many other plans as well.  

The CISSP CBK focused very heavily on BCP and DRP and not the other plans.

NIST SP 800-34 is a must look at for the purpose of the exam.

Best regards

Clement


Clement Dupuis, CD

Chief Learning Officer (CLO) and Security Evangelist
GCFW, GCIA, Security+ 301, CEH V7, CCSA, CCSE,  + 12 others

SecureNinja
Office : +703 535 8600
Mobile: +1 407 433 6444

Email: [hidden email]

Web: www.secureninja.com

Connect with me on LinkedIn | Follow me on Twitter


Description: Secure Ninja @ LinkedinDescription: See Us @ YoutubeDescription: Like us on FacebookDescription: Fallow us Twitter

901 N. Pitt Street, Suite 105
Alexandria, VA  22314

Description: Description: sn_logo

In Cyberspace:

[hidden email]
Clement Dupuis, CD
President/Founder/Chief Security Evangelist
The CCCure Family of Portals
----------------------------------------------------------------------------------------------
Maintainer of :

The CCCure Quiz Engine
https://www.freepracticetests.org/quiz/index.php?page=home

The CCCure Family of Portals
http://www.cccure.org

The Professional Security Testers Warehouse
http://www.professionalsecuritytesters.org/

Knowledge sharing and giving back to the community

-------------------------------------------------------------------------------------------------------
>>  Call me to get the best CISSP, Security+, or other Security related training  <<
-------------------------------------------------------------------------------------------------------


On Mon, Dec 24, 2012 at 10:41 PM, Jim White <[hidden email]> wrote:

No.

 

BCP gets you through the disaster, that is, it keeps you in business through the disruption. Thus, it is business continuity.

 

DRP is the plan that you invoke to get back to “normal” once the disaster/disruption has passed. Thus, it is recovery.

 

Example: There’s a hurricane bearing down on your installation. You invoke the BCP to keep essential business operations functioning through the disaster.

 

Once the disaster has passed, you invoke the DRP to return to pre-disaster normal.

 

Two separate processes that typically happen sequentially. In fact, if your BCP fails, there may be no point in invoking your DRP, as you may be out of business.

 

Jim

 

 

From: CISSPstudy [mailto:[hidden email]] On Behalf Of kiru cissp
Sent: Monday, December 24, 2012 9:13 PM
To: The CISSP Study Mailing list
Subject: [CCCure CISSP] BCP and DRP

 

Hi,

 

In real tme situations, is it appropriate to say that DRP can be invoked only when BCP is not successful?

 

Regards


_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org



_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
Clement Dupuis, CD
CCCure Founder and Owner
CLO @ SecureNinja.Com
Reply | Threaded
Open this post in threaded view
|

Re: [CCCure CISSP] BCP and DRP

kiru cissp
Hi,
 
I came across the following words on page number 61 of one of the books on CISSP by James Stewart.
He mentions that
"One easy way to remember the difference is that BCP comes first, and if BCP efforts fail, DRP steps in to fill the gaps".
 
Not sure how to relate this with your answers..
 
Regards

On Tue, Dec 25, 2012 at 9:24 AM, Clement Dupuis <[hidden email]> wrote:
Good day Jim and Kiru,

DRP is focused on systems,  DRP ensures the critical systems you need to support your most critical business function are available throughout a disaster.

BCP is the higher level umbrella,  it includes DRP and many other plans as well.  

The CISSP CBK focused very heavily on BCP and DRP and not the other plans.

NIST SP 800-34 is a must look at for the purpose of the exam.

Best regards

Clement


Clement Dupuis, CD

Chief Learning Officer (CLO) and Security Evangelist
GCFW, GCIA, Security+ 301, CEH V7, CCSA, CCSE,  + 12 others

SecureNinja
Office : +703 535 8600
Mobile: +1 407 433 6444<img style="BORDER-BOTTOM: medium none; POSITION: static !important; BORDER-LEFT: medium none; MARGIN: 0px; WIDTH: 16px; BOTTOM: 0px; DISPLAY: inline; WHITE-SPACE: nowrap; FLOAT: none; HEIGHT: 16px; VERTICAL-ALIGN: middle; OVERFLOW: hidden; BORDER-TOP: medium none; TOP: 0px; CURSOR: hand; RIGHT: 0px; BORDER-RIGHT: medium none; LEFT: 0px" title="Call: +1 407 433 6444" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAAIGNIUk0AAHolAACAgwAA+f8AAIDpAAB1MAAA6mAAADqYAAAXb5JfxUYAAAKLSURBVHjadJPfS5NhFMe/21xvuhXRyJAZroiSrJnbRdT7vrAf5HBaK5RABmEEwQIvkpZ/QRcWXdSFw5soKaF0F7qZeLO13mGBDpQsf5CoxVKHOt0Pctp2uvEdrzG/V+c553w/54HnPDIiQiGpPMETABoB2AAYd9MRAMMAvGmX+RcAyAoBVJ7gZQDtABworH4AHWmX+bOMZdkjCoXiUzabvcAwzPSsob5p/VTNY9GcdpnxdmYZ9wJThSCtCr1e/4XjuNPd3d1KjUZzaGbI27ysqzGQoggAsLa1A7ehArrDxfDNr0oBlQB+wmKxbJFEL968SxoamsjkHaPU9l9piUo6A0RE1DG2QCWdASrpDAzJM5kMI8XecdjVxfEl+K9dxFgsgUvvR6HyBKHyBAEATyKLeGSsENuNcqk5kUjEGm7fzcYqr0ClVODl99+YXEvl6+c1amjVe+ahiGGYaUEQKnmeh91uL43rqheixjpdmzCL11er0PcjhrTLvMfUJsyKYUSeyWQ6enp6tgCgrKxsfbP8bB8AdE1G89cOReMAgOv+Cag8QXRNRkXAsDwcDr+am5tLCYKA3t7eo2dG+1vVK/MfpRPtA+MIReMYaKj+/xm9MiICx3EmpVL5wefzFavValis1u1vvHMkdfykCQC0kSGUTo+Ajmnx1dSC7IGD+UUCEYGIwLKsyWazrSeTSSIiMpnNf7Ttz5+ec96fr7/VnE0mk+QfHMzV3WjcKH/4rEr05QGFIA6HY4llWRLPRER+v3/HYrFMFQSIkNra2tVQKJSlfcSyLO0LECFWq3XF6XRGA4HAptTsdrsXeZ6fEHtl+31nAOA4rkUulz/I5XL63dQGgHEAN8Ph8AYA/BsAt4ube4GblQIAAAAASUVORK5CYII=">

Email: [hidden email]

Web: www.secureninja.com

Connect with me on LinkedIn | Follow me on Twitter


Description: Secure Ninja @ LinkedinDescription: See Us @ YoutubeDescription: Like us on FacebookDescription: Fallow us Twitter

901 N. Pitt Street, Suite 105
Alexandria, VA  22314

Description: Description: sn_logo

In Cyberspace:

[hidden email]
Clement Dupuis, CD
President/Founder/Chief Security Evangelist
The CCCure Family of Portals
----------------------------------------------------------------------------------------------
Maintainer of :

The CCCure Quiz Engine
https://www.freepracticetests.org/quiz/index.php?page=home

The CCCure Family of Portals
http://www.cccure.org

The Professional Security Testers Warehouse
http://www.professionalsecuritytesters.org/

Knowledge sharing and giving back to the community

-------------------------------------------------------------------------------------------------------
>>  Call me to get the best CISSP, Security+, or other Security related training  <<
-------------------------------------------------------------------------------------------------------


On Mon, Dec 24, 2012 at 10:41 PM, Jim White <[hidden email]> wrote:

No.

 

BCP gets you through the disaster, that is, it keeps you in business through the disruption. Thus, it is business continuity.

 

DRP is the plan that you invoke to get back to “normal” once the disaster/disruption has passed. Thus, it is recovery.

 

Example: There’s a hurricane bearing down on your installation. You invoke the BCP to keep essential business operations functioning through the disaster.

 

Once the disaster has passed, you invoke the DRP to return to pre-disaster normal.

 

Two separate processes that typically happen sequentially. In fact, if your BCP fails, there may be no point in invoking your DRP, as you may be out of business.

 

Jim

 

 

From: CISSPstudy [mailto:[hidden email]] On Behalf Of kiru cissp
Sent: Monday, December 24, 2012 9:13 PM
To: The CISSP Study Mailing list
Subject: [CCCure CISSP] BCP and DRP

 

Hi,

 

In real tme situations, is it appropriate to say that DRP can be invoked only when BCP is not successful?

 

Regards


_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org



_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org



_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
Reply | Threaded
Open this post in threaded view
|

Re: [CCCure CISSP] BCP and DRP

clementdupuis
Administrator
Good day Kiru,

I highly respect James Micheal Stewart for his contribution to the security community and the many books he wrote.

However, James is just a human being and as such he is allowed to do mistakes :-)  This is one of them it seems.

It is hard to judge the statement out of content but as you wrote it below I would totally disagree with the statement.  I would have to see what was before and what is after to really judge the overall accuracy.  One sentence out of context does not provide enough data to judge.

Myself I love to refer to NIST SP 800-34 Rev 1 for BCP, DRP, COOP, and other emergency plans.   Remember the focus on the exam is mostly on BCP and DRP.

Here is the definition of BCP within SP 800-34 Rev 1 from NIST:

The BCP focuses on sustaining an organization’s mission/business processes during and after a disruption. An example of a mission/business process may be an organization’s payroll process or customer service process. A BCP may be written for mission/business processes within a single business unit or may address the entire organization’s processes. The BCP may also be scoped to address only the functions deemed to be priorities. A BCP may be used for long-term recovery in conjunction with the COOP plan, allowing for additional functions to come online as resources or time allow. Because mission/business processes use information systems (ISs), the business continuity planner must coordinate with information system owners to ensure that the BCP expectations and IS capabilities are matched.

Here is the definition of DRP from the same document:

The DRP applies to major, usually physical disruptions to service that deny access to the primary facility infrastructure for an extended period. A DRP is an information system-focused plan designed to restore operability of the target system, application, or computer facility infrastructure at an alternate site after an emergency. The DRP may be supported by multiple information system contingency plans to address recovery of impacted individual systems once the alternate facility has been established. A DRP may support a BCP or COOP plan by recovering supporting systems for mission/business processes or mission essential functions at an alternate location. The DRP only addresses information system disruptions that require relocation.

The NIST Special Publication 800-34 is one of the document I recommend you read for BCP and DRP. 

Best regards

Clement



Clement Dupuis, CD

Chief Learning Officer (CLO) and Security Evangelist
GCFW, GCIA, Security+ 301, CEH V7, CCSA, CCSE,  + 12 others

SecureNinja
Office : +703 535 8600
Mobile: +1 407 433 6444

Email: [hidden email]

Web: www.secureninja.com

Connect with me on LinkedIn | Follow me on Twitter


Description: Secure Ninja @ LinkedinDescription: See Us @ YoutubeDescription: Like us on FacebookDescription: Fallow us Twitter

901 N. Pitt Street, Suite 105
Alexandria, VA  22314

Description: Description: sn_logo

In Cyberspace:

[hidden email]
Clement Dupuis, CD
President/Founder/Chief Security Evangelist
The CCCure Family of Portals
----------------------------------------------------------------------------------------------
Maintainer of :

The CCCure Quiz Engine
https://www.freepracticetests.org/quiz/index.php?page=home

The CCCure Family of Portals
http://www.cccure.org

The Professional Security Testers Warehouse
http://www.professionalsecuritytesters.org/

Knowledge sharing and giving back to the community

-------------------------------------------------------------------------------------------------------
>>  Call me to get the best CISSP, Security+, or other Security related training  <<
-------------------------------------------------------------------------------------------------------


On Wed, Dec 26, 2012 at 10:13 PM, kiru cissp <[hidden email]> wrote:
Hi,
 
I came across the following words on page number 61 of one of the books on CISSP by James Stewart.
He mentions that
"One easy way to remember the difference is that BCP comes first, and if BCP efforts fail, DRP steps in to fill the gaps".
 
Not sure how to relate this with your answers..
 
Regards

On Tue, Dec 25, 2012 at 9:24 AM, Clement Dupuis <[hidden email]> wrote:
Good day Jim and Kiru,

DRP is focused on systems,  DRP ensures the critical systems you need to support your most critical business function are available throughout a disaster.

BCP is the higher level umbrella,  it includes DRP and many other plans as well.  

The CISSP CBK focused very heavily on BCP and DRP and not the other plans.

NIST SP 800-34 is a must look at for the purpose of the exam.

Best regards

Clement


Clement Dupuis, CD

Chief Learning Officer (CLO) and Security Evangelist
GCFW, GCIA, Security+ 301, CEH V7, CCSA, CCSE,  + 12 others

SecureNinja
Office : +<a href="tel:703%20535%208600" value="+17035358600" target="_blank">703 535 8600
Mobile: <a href="tel:%2B1%20407%20433%206444" value="+14074336444" target="_blank">+1 407 433 6444


Email: [hidden email]

Web: www.secureninja.com

Connect with me on LinkedIn | Follow me on Twitter


Description: Secure Ninja @ LinkedinDescription: See Us @ YoutubeDescription: Like us on FacebookDescription: Fallow us Twitter

901 N. Pitt Street, Suite 105
Alexandria, VA  22314

Description: Description: sn_logo

In Cyberspace:

[hidden email]
Clement Dupuis, CD
President/Founder/Chief Security Evangelist
The CCCure Family of Portals
----------------------------------------------------------------------------------------------
Maintainer of :

The CCCure Quiz Engine
https://www.freepracticetests.org/quiz/index.php?page=home

The CCCure Family of Portals
http://www.cccure.org

The Professional Security Testers Warehouse
http://www.professionalsecuritytesters.org/

Knowledge sharing and giving back to the community

-------------------------------------------------------------------------------------------------------
>>  Call me to get the best CISSP, Security+, or other Security related training  <<
-------------------------------------------------------------------------------------------------------


On Mon, Dec 24, 2012 at 10:41 PM, Jim White <[hidden email]> wrote:

No.

 

BCP gets you through the disaster, that is, it keeps you in business through the disruption. Thus, it is business continuity.

 

DRP is the plan that you invoke to get back to “normal” once the disaster/disruption has passed. Thus, it is recovery.

 

Example: There’s a hurricane bearing down on your installation. You invoke the BCP to keep essential business operations functioning through the disaster.

 

Once the disaster has passed, you invoke the DRP to return to pre-disaster normal.

 

Two separate processes that typically happen sequentially. In fact, if your BCP fails, there may be no point in invoking your DRP, as you may be out of business.

 

Jim

 

 

From: CISSPstudy [mailto:[hidden email]] On Behalf Of kiru cissp
Sent: Monday, December 24, 2012 9:13 PM
To: The CISSP Study Mailing list
Subject: [CCCure CISSP] BCP and DRP

 

Hi,

 

In real tme situations, is it appropriate to say that DRP can be invoked only when BCP is not successful?

 

Regards


_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org



_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org



_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org



_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
Clement Dupuis, CD
CCCure Founder and Owner
CLO @ SecureNinja.Com