From the course: CompTIA Security+ (SY0-701) Cert Prep

Testing BC/DR plans

From the course: CompTIA Security+ (SY0-701) Cert Prep

Start my 1-month free trial

Testing BC/DR plans

- [Instructor] Disaster recovery plans are critical to ensuring the continuity of business operations. Like any security control, they should be tested to ensure that they function properly, and will be ready to restore business operations in the event of a disruption. Each test of a disaster recovery plan has two goals. First, it validates that the plan functions correctly, and the technology will work in the event of a disaster. Second, it provides an opportunity to identify necessary updates to the plan due to technology or business process changes. Let's talk about four types of disaster recovery testing, tabletop exercises, simulations, parallel processing tests, and failover tests. Tabletop exercises involve getting everyone together around the same table to review the plan together. They're simple but effective, because they give the team the opportunity to discuss the plan together. The next level of disaster recovery testing is the simulation. As with the tabletop exercise, the simulation pulls the Disaster Recovery Team together. The difference is that in the simulation, they're not just talking about the plan, they're discussing how they would respond in a specific scenario. The test planners design a simulation of an emergency situation,, and then the Disaster Recovery Team describes how they would react in that situation. Tabletop exercises and simulations are theoretical exercises. They talk about disaster recovery, but they don't actually use any disaster recovery technology. The parallel processing test goes beyond this and actually activates the DR plan, including activating an alternate cloud or physical operating environment in response to a simulated disaster. The company doesn't actually switch operations to the backup environment, but the DR environment runs in parallel to the primary site. The final test, the failover test, is the most effective type of DR test, but it's also the most disruptive to normal operations. The business simulates a disaster, by actually shutting down the primary operating environment and attempting to operate out of the DR environment. This test type will highlight any deficiencies in the plan, but it may also have an adverse effect on the business. For this reason, failover tests are rare in practice. Disaster recovery testing strategies often use a combination of different test types. Organizations might conduct regular tabletop exercises and simulations, and supplement those with periodic parallel processing tests and the occasional failover test. Each test type brings different advantages, and helps the organization prepare for an actual disaster.

Contents