BIA vs DRP

Posted by in Security+ | 2 comments

Do you know the difference between a BCP and a DRP?

I recently received the following email from a reader. Other people might like the answer, so here’s the question and the answer:

I was wondering if you could help me understand a security+ concept. I am really struggling with the difference between BCP, BIA, and DRP in terms of the security+ 401 examination. It seems like Business Impact Analysis (BIA) is a part of Business Continuity Planning and BIA is used to identify critical systems so you know which systems to restore first. If that is the case I am more confused on the difference between BCP and DRP. Is DRP similar but just more on the technical side instead of management? It seems like Business Continuity Planning is a plan to keep the business running. I am not sure where certain subjects fall under such as Hot and Cold sites, are those consider Business Continuity because they keep the business systems running or is it considered disaster recovery since it is a technical matter? Same with Recovery Point Objective and Recovery Time Objective.

I have read through the section in the book a couple times and tried to research online and this seems to be an area I am struggling with and I am planning to test in a couple of days and want to be fully prepared. Thank you for your time and for the great book you wrote on Security+.

You’re Ready

First, your level of understanding is probably good enough for the Security+ exam, but no problem helping you to clarify it. I recently completed a chapter on the updated SSCP: Systems Security Certified Practitioner Study Guide and this level of knowledge is needed for the SSCP. That said, after you complete the Security+ exam, you’ll be well prepared for the SSCP.

Here are some key points you have that are accurate:

  • It seems like Business Impact Analysis (BIA) is a part of Business Continuity Planning
    Yes.
  • A BIA is used to identify critical systems so you know which systems to restore first.
    Yes

Overview

Part of the challenge is that many people combine a business continuity plan (BCP) and a disaster recovery plan (DRP) as though they are a single document. However, they are different. Here are some key points:

  • In short, the BCP has a wide scope and helps an organization continue to operate even if disaster occurs.
  • The BIA is part of the BCP and identifies critical systems and services.
  • You then create DRPs to ensure you have methods/procedures/processes to restore these critical systems in the event of the disaster. Y

Start with a BCP

As an example, imagine an organization doesn’t have a BCP, BIA, or DRPs. They hire a business continuity expert to help them develop a BCP.

The BCP Requires a BIA

One of the first things the expert completes is the BIA to identify the critical systems and services.

Let’s say the BIA identifies an ecommerce web site as a critical system. The BIA then identifies the underlying functions and services for the web site. They might include a web server, a back-end database hosted on an internal database server, Internet access, and network infrastructure providing connectivity and including a DMZ.

Create DRPs for Critical Functions and Services

Now that you’ve identified a critical service and the underlying critical functions and systems, how do you plan for a critical outage of this ecommerce server?

You need to create one or more DRPs. Here’s one way.

  • Create a DRP that allows someone to restore the website server after a catastrophic failure of the server. It will include the detailed steps that a technician can use to restore it.
  • Create another DRP that allows someone to restore the database server after a catastrophic failure of that server. It will include the detailed steps that a technician can use to restore it.
  • Create another DRP that allows someone to restore the firewalls to recreate the DMZ after a catastrophic failure of the firewalls. It will include the detailed steps that a technician can use to restore them.

It’s also possible to create another overriding DRP that identifies how to restore the full functionality of the web server after a catastrophic failure took out all the components.

Could an organization create DRPs without a BCP? Yes, but they might be misguided. If the organization hasn’t taken the time to identify what services are critical, they might end up creating DRPs for non-critical systems. Worse, they might not create DRPs for critical systems.

Get Certified Get Ahead

RTO

What is an acceptable timeframe to restore these services? Ten minutes? Ten days?

The BIA identifies the maximum acceptable outage time. Imagine it is 60 minutes for the web site. If so, the recovery time objective (RTO) is 60 minutes. This means that the DRPs for these components must be able to restore these critical services and functions within 60 minutes.

The RTO also drives the implementation of other security controls to prevent an outage. For example, implementing RAID subsystems and server clusters can prevent an outage even if some individual components fail.

Does that mean you should automatically install RAIDs in all your systems? No. You would only install them on systems identified as critical in the BIA.

RPO

Recovery point objective (RPO) looks close to RTO, but it isn’t. It’s primarily focused on databases.

Consider the online webserver with the backend database. How much data can you afford to lose on the backend database? Ten minutes? Zero minutes? The BIA identifies this and this is your RPO. If the RPO is ten minutes, you can afford to lose up to ten minutes of data.

You then implement methods to ensure that you can recover the database within that timeframe. If the RPO is zero, you must be able to restore the data up to the moment of failure. This is expensive, but if the BIA determines the RPO is zero, the cost is justified.

Alternate Locations

The BCP also considers catastrophic events such as fires, floods, hurricanes, tornadoes, and earthquakes.

Is it acceptable to shut down all functions and services after one of these events?

If not, what are the critical functions that need to continue to operate? How much time can you take to restore these services at an alternate location? How much money are you willing to spend on the alternate location?

These decisions help you decide what type of alternate location to use such as a hot, warm, cold, or mobile site.

DRPs might come into play here, too. If you need to designate an alternate location, what services will be relocated there. What are the steps to get these services up and running. Documenting this data within a DRP to be used when activating an alternate location helps ensure that the process is as seamless as possible.

Security+ Practice Test Questions

SYO-501 Practice Test Questions Now Available

SYO-401 Practice Test Questions

Over 440 realistic Security+ practice test questions

All questions include explanations so you'll know why the correct answers are correct,

and why the incorrect answers are incorrect.

Pass the Security+ Exam

the First Time You Take It

Multiple quiz formats to let you use these questions based on the way you learn.
  • Learn mode - randomized. View each of the questions in random order. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Learn mode - not randomized. View each of the questions in the same order. Use this if you want to make sure that you see all of the questions. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Test mode - randomized. View each of the questions in random order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - not randomized. View each of the questions in the same order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - 100 random questions. View 100 random questions from the full test bank similar to how the Security+ exam has a potential maximum of 100 multiple choice questions. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.

Get the full bank of Security+ (SYO-401) Practice Test Questions Here

 SYO-401 Practice Test Questions


INCLUDES QUESTIONS TO HELP YOU PREPARE

FOR THE NEW PERFORMANCE BASED QUESTIONS 

Bonus - Performance Based Questions

Additional Security+ questions to help you prepare for the new performance based questions. These are included with the full bank of Security+ practice test questions and are divided into different sections. For example, you'll have access to the following links:

- Performance Based Question - Set 1

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of security to mobile devices and servers in a data center. You'll then have two questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 2

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of attacks with the name of the attack type. You'll then have five questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 3

You'll see a graphic showing a network with computers and servers separated by a firewall. The firewall is used to control traffic between the computers and users using rules within an access control list (ACL).  You'll have three questions that test your knowledge and ability to correctly identify the relevant components of the rule. The incorrect answers and explanation provide you with insight into how to correctly answer this type of question on the actual exam.

- Performance Based Question - Set 4

You'll see a graphic explaining what you might be required to do on the actual exam related to what a forensic analyst would do during an investigation. You'll then have two questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 5

You'll see a graphic explaining what you might be required to do on the actual exam to match protocols and ports. You'll then have seven questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 6

You'll see a list of security controls along with a graphic showing devices and locations within an organization, along with instructions on what you might be required to do on the actual exam to match the controls with the devices and locations. You'll then have four questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 7

You'll see a list of authentication methods and authentication factors along with instructions on what you might be required to do on the actual exam to match the authentication methods with the authentication factors. You'll then have six questions that test your knowledge and ability to correctly answer the questions. This set also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 8

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of attacks with the name of the attack type. You'll then have five questions that test your knowledge and ability to correctly answer the questions. This is similar to Set 2 but expands on the possibilities. The set also includes a link to a page showing the end solution for the overall performance based question simulation.

New - Performance Based Question - Set 9

New questions recently added using a different testing engine. See a demo here. This set includes drag and drop and matching questions on ports.

New - Performance Based Question - Set 10

A random set of 20 performance-based questions using drag and drop, matching, sorting, and fill in-the blank. This set includes performance-based questions on RAID.

Get the full bank of Security+ (SYO-401) Practice Test Questions Here

Get the full bank of Security+ Practice Test Questions

Click here if you're looking for SYO-501 Practice Test Questions

Simulated Performance-based Questions

Bonus - Performance Based Questions

Simulated performance-based questions included with all

packages that include practice test questions.

Additional Security+ questions to help you prepare for the new performance based questions. These are included with the full bank of Security+ practice test questions and are divided into different sections. For example, you'll have access to the following links:

- Performance Based Question - Set 1

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of security to mobile devices and servers in a data center. You'll then have two questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 2

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of attacks with the name of the attack type. You'll then have five questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 3

You'll see a graphic showing a network with computers and servers separated by a firewall. The firewall is used to control traffic between the computers and users using rules within an access control list (ACL).  You'll have three questions that test your knowledge and ability to correctly identify the relevant components of the rule. The incorrect answers and explanation provide you with insight into how to correctly answer this type of question on the actual exam.

- Performance Based Question - Set 4

You'll see a graphic explaining what you might be required to do on the actual exam related to what a forensic analyst would do during an investigation. You'll then have two questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 5

You'll see a graphic explaining what you might be required to do on the actual exam to match protocols and ports. You'll then have seven questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 6

You'll see a list of security controls along with a graphic showing devices and locations within an organization, along with instructions on what you might be required to do on the actual exam to match the controls with the devices and locations. You'll then have four questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 7

You'll see a list of authentication methods and authentication factors along with instructions on what you might be required to do on the actual exam to match the authentication methods with the authentication factors. You'll then have six questions that test your knowledge and ability to correctly answer the questions. This set also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 8

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of attacks with the name of the attack type. You'll then have five questions that test your knowledge and ability to correctly answer the questions. This is similar to Set 2 but expands on the possibilities. The set also includes a link to a page showing the end solution for the overall performance based question simulation.

New - Performance Based Question - Set 9

New questions recently added using a different testing engine. See a demo here. This set includes drag and drop and matching questions on ports.

New - Performance Based Question - Set 10

A random set of 20 performance-based questions using drag and drop, matching, sorting, and fill in-the blank. This set includes performance-based questions on RAID.

Get the full bank of Security+ Practice Test Questions Here

Simulated performance-based questions included with

all packages that include practice test questions.

2 Comments

  1. RTO and RPO are mixed up in this article.

    RTO is maximum time allowed to restore the system (if the system must be restored within 1 hour after failure, RTO is 1h)

    RPO is point to which system must be restored. If RPO for database server is 1 day, than database server must make (at least) daily backups, so that if the server fails, we do not lose more than 1 day of data.

    • Thanks. You’re correct. I must have typed that part of the post from memory without verifying it

      I pulled up my source document and verified that I swapped them in this post. The study guide is accurate and I just fixed this post.

      Thanks again.

Leave a Comment

CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide

Subscribe To Our Newsletter

Join our mailing list and get a free excerpt of the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide.  This excerpt includes the introduction and Chapter 1. 

You have Successfully Subscribed!

Get Certified Get Ahead is a participant in the Amazon Services LLC Associates Program,
an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to amazon.com.

Copyright © 2015 Get Certified Get Ahead. All Rights Reserved.