Domain 7 of 8 · Chapter 11 of 15

Disaster Recovery

Unlock the complete study guide + 1,040 practice questions across 16 full exams.

Bundled into the existing Certified Information Systems Security Professional premium course — no separate purchase.

Included in this chapter:

  • What disaster recovery is, and how it differs from business continuity
  • Executing the DR process: the three phases in order
  • Teams, communications, and where DR hands off to its neighbors
  • Exam-pattern recognition

DRP vs BCP vs ISCP/system recovery procedures (NIST SP 800-34)

DimensionDisaster Recovery Plan (DRP)Business Continuity Plan (BCP)System recovery procedures (ISCP)
Primary focusRestore IT systems/facility infrastructureSustain mission/business processesRecover one specific information system
ScopeSite-specific; relocation to alternate siteWhole business or chosen priority functionsOne system, at current or alternate site
TriggerMajor disruption requiring relocationAny disruption to business processesA disruption affecting that system
RelationshipSupports the BCP by restoring its systemsMay use the DRP and per-system plansActivated after the DRP moves the site
Owner altitudeIT/technology recovery teamsBusiness continuity planners + leadershipSystem owner / recovery teams

Cheat sheet

  • DR restores the technology; the BCP keeps the business mission running
  • Disaster recovery is invoked only when the disruption forces relocation
  • DRP moves the site; each system's own contingency plan then rebuilds it
  • DR plan execution runs in three ordered phases
  • Plan activation is gated by predefined activation criteria
  • A single designated authority declares the disaster, with a named successor
  • Personnel safety always outranks system recovery
  • Damage/outage assessment determines how the plan is implemented
  • A call tree is the canonical manual notification method
  • Recover in BIA-priority order, most-critical systems first
  • Within a system, restore the operating system before the application and data
  • Recovery includes escalation triggers for more staff and resources
  • Reconstitution validates the recovered system, then deactivates the plan
  • The disaster is over at formal deactivation, not when systems power back on
  • Close the loop with an after-action report and lessons learned
  • Only designated, authorized spokespeople talk to the public
  • DR is run by pre-staffed teams under one decision authority
  • DR plans are checklists built in advance, not improvised in the crisis
  • Pre-establish alternate, out-of-band communication channels for use when primary comms fail or are compromised

Unlock with Premium — includes all practice exams and the complete study guide.

Also tested in

References

  1. NIST SP 800-34 Rev. 1: Contingency Planning Guide for Federal Information Systems Whitepaper