Implementing Controls to Protect Assets

Comparing Physical Security Controls

Physical security controls are tangible measures designed to protect assets and facilities from
unauthorized access or damage. They are implemented at various levels and boundaries within
an organization to ensure comprehensive security.

Control Description Examples

Category

Perimeter Controls surrounding the entire area of Fences, security guards,

an organization to prevent barricades.
unauthorized access.

Buildings Measures to control access to and Locked doors, security guards,

within buildings for safety and security. lighting, video cameras.

Secure Work Restricted areas within a building Access control systems, escorts
Areas where sensitive or classified tasks are for visitors, restricted access
performed. zones.

Server Areas specifically designated to house Locked server rooms, restricted

Rooms IT equipment and network devices, access to wiring closets, secure
accessible only to authorized server cabinets.
personnel.

Hardware Physical protections for individual Locking cabinets for servers, cable
pieces of equipment and devices. locks for laptops, safes for smaller
devices.

Camouflage Techniques used to conceal or disguise Landscaping to hide fences,

security features and facilities. camouflage materials to blend
security features with
surroundings.

Camouflage Techniques

● Landscaping: Using plants and other greenery to hide security features like fences or
buildings.
○ Example: Tall bushes or ornamental grasses that obscure a security fence,
blending it into the environment.

1
Summary

● Perimeter Controls: Aim to prevent unauthorized access to the entire property.

● Building Controls: Focus on entry points and internal areas within buildings.
● Secure Work Areas: Restrict access to sensitive areas within buildings.
● Server Rooms: Protect critical IT infrastructure with restricted access.
● Hardware Controls: Safeguard individual devices and equipment.
● Camouflage: Conceal or disguise security features to make them less obvious.

Access Badges

Access badges, including proximity cards and smart cards, are used to secure entry points by
allowing or restricting access to physical spaces. Here’s an overview of how these access
badges work and their common uses:

Access Badge Description Common Uses

Type

Proximity Small credit card-sized cards that Used for entry to buildings,
Cards activate when near a proximity card controlled areas within buildings,
reader. They use radio frequency to and various self-serve systems.
transmit data.

Smart Cards Similar to proximity cards but may Can be used for door access and
include additional functionalities and might include proximity card
require insertion into a reader. electronics.

Physical Includes access tokens or devices that Used in various physical access
Tokens function similarly to smart cards and control systems.
proximity cards.

Combination Integrate proximity cards with keypads Enhances security by requiring

Systems for multifactor authentication (e.g., something the user has (the
PINs). card) and something the user
knows (PIN).

How Proximity Cards Work

● Functionality:
○ Capacitor and Coil: Proximity cards have a capacitor and a coil that are charged
by the proximity card reader.
○ Radio Frequency: Once charged, the card transmits information to the reader
using radio frequency.
○ Power Source: The card does not require its own power source; it relies on
energy from the reader.

2
● Integration with Other Systems:
○ Turnstiles: Used with turnstiles for controlled access one person at a time,
similar to subway or amusement park entry gates.
○ Multifactor Authentication: Combined with keypads for additional security,
requiring both the card and a PIN for access.

3
Common Applications

● Building Entry: For secure entry points such as main entrances or restricted areas
within buildings.
● Self-Serve Systems: Common in retail and hospitality settings, like gasoline stations or
hotel properties, where users can complete transactions by waving their card or bracelet
in front of a reader.

Remember This!

● Proximity Cards: These are credit card-sized and work by being passed near a reader
to transmit data. Some systems use them in combination with PINs for added security.

Role Responsibilities Benefits

Security - Verify Access Badges: Check access - Enhanced Security: Ensures

Guards badges before granting entry. only authorized personnel gain
- Identity Verification: Confirm identities access.
even without badges. - Incident Deterrence:
- Restrict Access: Compare against Prevents unauthorized entry
preapproved access control lists. and observes suspicious
- Deterrence: Observe and deter potential behavior.
security incidents, such as tailgating. - Audit Trail: Provides records
- Record Keeping: Maintain visitor logs for for security audits and
tracking and accountability. investigations.

4
 Receptionist - Visitor Check-In: Manage and verify - Controlled Entry: Ensures
s visitor entry by checking them in. visitors are properly checked
- Access Control: Facilitate visitor entry to before accessing secure areas.
secure areas with appropriate checks. - Ease of Access: Provides a
- Communication: Quickly contact central point for managing
security personnel if necessary. visitor access.
- Immediate Coordination:
Allows for quick contact with
security if issues arise.

Key Points

● Security Guards: Play an active role in managing access, preventing security breaches,
and maintaining records. They also serve as a visible deterrent against unauthorized
access.
● Receptionists: Act as the first line of control for visitor management, ensuring proper
check-in and communication with security when needed.

Remember This!

● Security Guards: Focus on verifying credentials, deterring security incidents, and

maintaining access logs.
● Receptionists: Manage visitor entry, perform initial identity checks, and facilitate
communication with security personnel.

Monitoring Areas with Video Surveillance

Video Surveillance: Security cameras are increasingly used in workplaces to monitor various
areas for security and safety purposes. Here’s a breakdown of how video surveillance enhances
security:

Aspect Details Benefits

Areas - Outside Areas: Parking lots and - Comprehensive Coverage:

Monitored building entrances/exits. Ensures all critical areas are
- High-Security Areas: Data centers, monitored, enhancing overall
server rooms, etc. security.

Closed-Circuit - Signal Transmission: Transmits - Deterrence: Deters potential

TV (CCTV) signals from cameras to monitors threats.
(similar to TVs). - Evidence: Provides video
evidence for investigations and
legal actions.

5
 - Live Monitoring and Recording:
Provides real-time surveillance and
recording for later playback.

Proof of - Reliable Evidence: Video - Accurate Tracking: Confirms

Activity surveillance captures and verifies who accessed specific areas and
location and activity, reducing the risk when.
of circumvention compared to digital - Dispute Resolution: Difficult for
access logs. individuals to refute video
evidence.

Compensating - Temporary Solution: Used to - Immediate Security: Provides

Control record access until more permanent a temporary security solution
solutions like smart card access while waiting for a full access
systems are implemented. control system.

Motion - Activated Recording: Cameras turn - Efficient Monitoring: Reduces

Detection on and record only when motion is unnecessary recording and
detected. storage.

Object - Predictive Analysis: Analyzes - Enhanced Detection: Identifies

Detection frames to detect common objects and specific objects and movements,
their movements, such as pedestrians which can be useful for security
or vehicles. and safety applications.

Remember This!

● Video Surveillance: Provides reliable evidence of activities and locations, helps in

identifying who enters or exits secure areas, and records theft or other incidents.
● CCTV Systems: Useful as a compensating control and includes features like motion
detection and object detection for enhanced security.

Sensors for Physical Security

Sensors play a crucial role in physical security systems by detecting changes in the
environment. Here’s a summary of common sensor types and their uses:

Sensor Description Common Uses

Type

Motion Detects movement in an - Lighting Control: Lights turn on at full

Detection area. Often combined with capacity when motion is detected.
automation for lighting - Alarm Triggering: Activates alarms when
control. movement is detected in secure areas.

6
 Noise Detects noise levels or - Party Detection: Used by Airbnb hosts to
Detection specific sounds. Can alert on monitor noise levels.
any sound or exceedance of - Sound Specific Detection: Identifies
a noise threshold. specific sounds like smoke alarms or breaking
glass.

Infrared Detects heat signatures - Night Security: Detects presence in

(infrared radiation) emitted by complete darkness.
people, animals, or objects. - Enhanced Detection: Often integrated with
security cameras and alarm systems.

Pressure Detects changes in pressure - Floor Monitoring: Detects footsteps or

on a surface or in a specific pressure on mats.
area. - Entry Monitoring: Monitors doors and
windows for forced entry attempts.
- Access Control: Ensures authorized access
to restricted areas.

Microwave Uses microwave technology - Movement Detection: Detects changes in

to detect movement by the environment within a specific area.
measuring reflected - Enhanced Security: Often combined with
microwave signals. other sensors to improve detection accuracy
and reduce false alarms.

Ultrasonic Emits high-frequency sound - Distance Measurement: Used in parking

waves and measures the assistance systems and robotic navigation.
time it takes for the waves to - Intrusion Detection: Detects the presence
return after hitting an object of objects or people.
or surface.

Remember This!

● Sensors: Essential for monitoring environments and detecting changes.

● Common Sensor Types: Include motion detection, noise detection, infrared, pressure,
microwave, and ultrasonic sensors, each serving different security and monitoring
purposes.

Fencing, Lighting, and Alarms

Fencing, lighting, and alarms are fundamental elements of physical security that help to
create barriers, deter unauthorized access, and protect property. Here’s a detailed look at each
component:

7
 Componen Description Common Uses
t

Fencing Provides a physical barrier - Perimeter Security: Fences create

around a property to deter boundaries to prevent unauthorized access.
unauthorized entry. Gates - Controlled Access: Dual gates can be
often control access, and used to check credentials before granting full
guards monitor these gates to access.
ensure security. - Escape Prevention: Fences prevent
unauthorized exit.

Lighting Illuminates entrances and - Deterrence: Well-lit areas deter potential

restricted areas to deter intruders.
attacks and improve visibility. - Automation: Lights can turn on at dusk and
Lights can be automated and increase to full brightness when motion is
combined with motion sensors. detected.
- Protection: Lights should be placed high or
protected with cages to prevent tampering.

Alarms Provide alerts for various - Fire Alarms: Detect smoke and/or heat,
threats including fire and triggering fire suppression systems.
unauthorized access. Alarms - Burglary Prevention: Monitor entry points
can be integrated with motion like doors and windows for unauthorized
detection systems for access.
enhanced security. - Motion Detection: Combined with burglary
systems to detect movement.

Remember This!

● Fencing: Creates barriers and controls access.

● Lighting: Deters intruders and improves security with automation and motion sensors.
● Alarms: Detect and alert for threats such as fire and unauthorized access, often used in
combination with motion detection.

Securing Access with Barricades

Barricades are an essential component of physical security, especially in scenarios where

fences alone may not be sufficient to deter potential attackers. Here’s a look at different types of
barricades and their applications:

8
 Type Description Common Uses

Zigzag Strong barricades that create a zigzag - Military Bases: Used to prevent
Barricades pattern to slow down vehicles, making vehicles from breaching security
it difficult to ram through. perimeters.
- High-Security Areas: Effective in
areas where vehicle attacks are a
concern.

Bollards Short, vertical posts made from - Business Entrances: Installed to

reinforced concrete and/or steel. They prevent vehicles from driving through
are often placed a few feet apart and entrances.
can be painted to blend in with the - Public Spaces: Used to protect
environment. high-traffic areas from vehicle attacks.

Remember This!

● Zigzag Barricades: Used primarily in military and high-security areas to prevent vehicle
breaches.
● Bollards: Provide a less obtrusive, yet effective barrier for business entrances and
public spaces, deterring vehicle attacks and protecting against unauthorized access.

Access Control Vestibules

Access Control Vestibules are essential for enhancing physical security, particularly in data
centers and other high-security areas. They act as a controlled barrier to prevent unauthorized
access and ensure that only authorized personnel can enter secure areas.

9
 Aspect Description

Purpose Serve as a first line of defense by providing a physical barrier between the
outside environment and the valuable assets inside a data center.

Design Consist of two sets of interlocking doors, creating a secure compartment

that allows only one person to enter at a time.

Security - Biometric Scanners: Verify identities based on physical characteristics.

Features - RFID Card Readers: Scan proximity cards for access.
- Facial Recognition Systems: Use facial data for verification.

Functionality - Prevents Tailgating: Ensures only one person can enter at a time,
trapping anyone attempting to bypass security between the two doors.

Advantages - Enhanced Security: Prevents unauthorized entry and potential

breaches.
- Controlled Access: Only authorized individuals gain access, reducing
the risk of insider threats.

Remember This!

● Access Control Vestibules: Provide a secure barrier with two sets of interlocking doors,
enhanced with biometric, RFID, or facial recognition systems, to prevent unauthorized
access and mitigate risks from both external intruders and insiders.

10
Asset Management

Asset management is crucial for tracking and securing valuable assets throughout their
lifecycle. This process encompasses hardware, software, and data assets to ensure they are
properly accounted for, secured, and managed. Here are the core activities of an asset
management program:

Core Activity Description

Acquisition/Procurement - Purpose: Establish consistent procedures for identifying

needs for new assets.
- Process: Evaluate options based on security, financial, and
business requirements.
- Onboarding: Manage new vendors effectively.

Assignment/Accounting - Purpose: Assign responsibility for each asset to a

designated owner.
- Classification: Categorize assets based on sensitivity and
criticality to the organization.

Monitoring and Asset - Purpose: Maintain an up-to-date inventory of all assets and
Tracking their locations.
- Process: Perform periodic enumeration of assets, with
auditors reviewing and updating the inventory.

Remember This!

● Asset Management: Involves acquiring, assigning, and tracking assets. Ensure that
assets are properly classified, monitored, and managed to maintain security and
efficiency.

Hardware Asset Management

Hardware asset management is essential for tracking and managing physical hardware
assets, such as servers, desktops, laptops, routers, and switches. An effective hardware asset
management system helps mitigate various vulnerabilities and operational issues.

Aspect Description

Architecture and - Purpose: Ensure that hardware purchases fit within the network
Design Weaknesses architecture.
- Process: Implement an approval process to evaluate purchases
beyond just cost, ensuring alignment with overall network design.

11
 System Sprawl and - Purpose: Prevent system sprawl and ensure assets are
Undocumented documented and managed.
Assets - Process: Asset management begins before purchase, evaluating
needs, and continues through tracking hardware from acquisition
to disposal.

Automated Inventory - Methods: Use technologies such as RFID for tracking.

Control - Example: RFID tags on equipment help track movement, similar
to anti-theft systems in retail.

Mobile Device - Purpose: Reduce the risk of losing track of mobile devices.
Tracking - Process: Record mobile devices when issued and ensure return
upon employee departure to prevent loss.

Remember This!

● Hardware Asset Management: Focuses on tracking, managing, and securing physical

assets. Implement approval processes, prevent system sprawl, utilize automated
tracking methods, and ensure proper management of mobile devices.

Software Asset Management

Software asset management (SAM) is crucial for tracking and managing software licenses,
installations, and usage within an organization. Proper SAM helps ensure compliance with
licensing agreements, optimizes software usage, and minimizes security risks associated with
unpatched or unauthorized software.

Aspect Description

Acquisition and - Purpose: Ensure that software is acquired in compliance with

Procurement licensing agreements and organizational needs.
- Process: Follow consistent procedures for evaluating options and
onboarding new software vendors.

Cataloging and - Purpose: Maintain an up-to-date inventory of all software assets.

Inventory - Process: Record all software installations, including version
numbers, installation dates, and license details.

Updating and - Purpose: Ensure software is up-to-date and secure.

Patch - Process: Regularly apply updates and patches to address security
Management vulnerabilities and improve functionality.

Monitoring Usage - Purpose: Optimize software usage and ensure compliance.

12
 - Process: Monitor software usage to prevent overuse or underuse
and ensure that usage aligns with licensing agreements.

License - Purpose: Maintain and renew software licenses as required.

Management - Process: Track expiration dates and renewal deadlines to ensure
continued compliance and avoid disruptions.

Remember This!

● Software Asset Management: Focuses on managing software licenses, installations,

and usage. Key processes include acquiring software, cataloging and updating it,
monitoring usage, and managing licenses to ensure compliance and security.

Data Asset Management

Data asset management is essential for managing an organization's data assets, including
databases, files, and other information repositories. It involves defining data ownership,
classification, and access controls while ensuring the integrity, availability, and confidentiality of
data.

Aspect Description

Data Governance - Purpose: Establish policies and procedures for managing data.
- Process: Define data ownership, stewardship, and accountability to
ensure effective management and compliance.

Data Quality - Purpose: Maintain high-quality data.

Management - Process: Implement processes to ensure data accuracy,
completeness, and consistency throughout its lifecycle.

Data Lifecycle - Purpose: Manage data from creation to disposal.

Management - Process: Oversee data collection, storage, use, and deletion to
ensure data remains relevant and secure.

Data - Purpose: Categorize data based on its sensitivity and importance.

Classification - Process: Assign classification levels (e.g., confidential, public) to
determine appropriate access controls and handling procedures.

Access Controls - Purpose: Protect data from unauthorized access.

- Process: Implement access controls based on data classification,
ensuring only authorized individuals can access sensitive data.

Data Integrity - Purpose: Ensure data remains accurate and unaltered.

- Process: Implement checks and validations to prevent unauthorized
changes or corruption.

13
 Data Availability - Purpose: Ensure data is accessible when needed.
- Process: Implement redundancy, backups, and disaster recovery
plans to maintain data availability.

Data - Purpose: Protect data from unauthorized exposure.

Confidentiality - Process: Use encryption and other security measures to safeguard
sensitive data from breaches or leaks.

Remember This!

● Data Asset Management: Focuses on managing data assets with an emphasis on

governance, quality, and lifecycle. Key processes include data classification, access
controls, and ensuring data integrity, availability, and confidentiality.

Platform Diversity

Defense in Depth (also known as layered security) is a comprehensive security practice

involving multiple layers of protection. By employing various security measures at different
levels, you create a more resilient defense system. If one layer fails, others still provide
protection.

Platform Diversity involves applying this concept through different strategies:

Aspect Description Example

Vendor Using security products from different Implementing two firewalls from
Diversity vendors to reduce the risk of different vendors, e.g., Cisco and
simultaneous vulnerabilities. Check Point, in a screened subnet.

Technology Employing different technologies to Using a combination of biometric

Diversity safeguard an environment, ensuring locks, CCTV systems, and
that a single point of failure doesn’t restricted access points in a data
compromise overall security. server room.

Control Incorporating various categories of Technical controls (firewalls, IDS),

Diversity security controls: technical, physical, physical controls (locks, CCTV),
managerial, and operational, to and managerial controls
enhance overall protection. (vulnerability assessments).

Key Points:

1. Vendor Diversity:
○ Purpose: Reduce the risk that a single vendor’s vulnerability could compromise
the entire system.

14
 ○
Application: Use products from different vendors for critical components, such
as firewalls or antivirus software.
2. Technology Diversity:
○ Purpose: Implement different technologies to prevent a single technology’s
failure from impacting overall security.
○ Application: Combine various technologies like biometric authentication, CCTV,
and access control systems.
3. Control Diversity:
○ Purpose: Utilize different types of controls to provide comprehensive protection
across multiple security domains.
○ Application: Integrate technical controls (e.g., firewalls), physical controls (e.g.,
secure access points), and managerial/operational controls (e.g., regular security
assessments).

Remember This!

● Platform Diversity is crucial for effective defense in depth. It involves using different
vendors, technologies, and control categories to create a robust security framework. By
ensuring diversity across these aspects, you enhance overall security resilience and
reduce the likelihood of a single point of failure.

Physical Attacks

Physical security controls are essential to protect against various forms of physical attacks. Here
are some common types:

Card Skimming and Card Cloning

Attack Description Indicators Prevention
Type

Card Capturing credit card data Broken security seals, Regular inspection of
Skimming using a device called a loose card readers, card readers and ATMs,
skimmer at points of sale card readers extending using security stickers or
like ATMs or gas stations. past panels. tamper-evident seals.

Card Creating a copy of a credit Unauthorized or Use EMV chip cards,

Cloning card using captured data fraudulent charges on monitor statements
from the magnetic strip. statements. regularly, and report
Harder with chip cards. suspicious activity.

15
Brute Force and Environmental Attacks
Attack Type Description Indicators Prevention

Brute Force Forcibly breaching Physical damage to Use reinforced barriers,

Attacks physical security access points or strong access control
controls, e.g., ramming equipment, unusual systems, and active
vehicles through doors access attempts. security monitoring.
or trying all passcodes.

Environmental Disrupting normal Disruptions in Implement redundant

Attacks functioning by altering power or systems for power and
environmental environmental cooling, regularly test and
conditions, like cutting control systems, maintain systems, and use
power or causing tampering signs. physical barriers for critical
flooding. infrastructure.

Remember This!

● Card Skimming and Cloning: Skimmers capture data from magnetic strips; cloning
copies this data to another card. Using chip-based cards can reduce risk.
● Brute Force Attacks: These involve physically breaking through barriers or trying all
possible combinations. Reinforced barriers and strong access controls help mitigate
these attacks.
● Environmental Attacks: Disruptions to power, temperature, or other environmental
conditions can be highly damaging. Redundant systems and robust environmental
controls are crucial for protection.

Redundancy and Fault Tolerance

Redundancy Description Examples
Type

Disk Adds duplication to disk storage to RAID (Redundant Array of

Redundancy prevent data loss from a single disk Independent Disks)
failure.

NIC Uses multiple network interface cards NIC Teaming

Redundancy (NICs) to ensure network connectivity
if one NIC fails.

Server Distributes workloads across multiple Load Balancers

Redundancy servers to ensure service continuity if
one server fails.

16
Power Provides backup power sources to Dual Power Supplies, Generators,
Redundancy maintain operations during a power UPSs (Uninterruptible Power
outage. Supplies)

Site Implements backup sites to take over Hot, Cold, or Warm Sites
Redundancy if the primary site becomes
unavailable.

Single Points of Failure

Componen Description Mitigation
t

Disk A single hard drive failure can crash the Use RAID to provide fault
system if no redundancy is present. tolerance for hard drives.

Server A critical service can fail if the server providing Implement load balancing to
it fails without redundancy. distribute workloads.

Power A single power source failure can cause Use UPSs and generators for
system outages. backup power.

Personnel Tasks performed by a single individual can halt Cross-train staff and
operations if that person is unavailable. document procedures.

Remember This!

● Single Point of Failure: Any component whose failure results in the failure of an entire
system. Redundancy measures, like RAID, load balancing, and backup power sources,
can eliminate many single points of failure.
● Fault Tolerance: Increases system reliability by ensuring that failures in one component
do not lead to system outages.

RAID Configurations
RAID Description Fault Storage Minimum Example
Level Tolerance Efficiency Disks with 500
Required GB Disks

RAID-0 Striping: Distributes None High (All 2 1,500 GB

data across multiple disks' space (1.5 TB)
disks to increase used) total
performance. No

17
 redundancy or fault
tolerance.

RAID-1 Mirroring: Duplicates Can tolerate Low (Half of 2 500 GB

data on two disks. 1 disk failure total capacity) total
Provides redundancy (mirrored)
by keeping identical
copies.

RAID-5 Striped with Parity: Can tolerate Moderate 3 1,000 GB

Data and parity 1 disk failure (Storage of (2 x 500
information are striped one disk used GB) usable
across three or more for parity)
disks. Can tolerate 1
disk failure.

RAID-6 Striped with Double Can tolerate Moderate 4 1,500 GB

Parity: Similar to 2 disk (Storage of (3 x 500
RAID-5 but with failures two disks GB) usable
additional parity, used for
allowing it to tolerate 2 parity)
disk failures.

RAID-1 Mirrored and Striped: Can tolerate Moderate 4 1,000 GB

0 Combines RAID-1 1 disk failure (Half of total total (2 x
mirroring and RAID-0 per mirror capacity) 500 GB)
striping. Offers both set
redundancy and
performance.

Remember This!

● RAID-0 offers increased performance but no fault tolerance.

● RAID-1 provides redundancy by mirroring data but halves the available storage.
● RAID-5 offers a balance between redundancy and storage efficiency with single parity.
● RAID-6 extends RAID-5 by adding extra parity, allowing it to tolerate two disk failures.
● RAID-10 combines the benefits of mirroring and striping but requires a minimum of four
disks and provides the highest level of redundancy and performance.

18
19
.

High Availability and Load Balancing

Concept Description Advantages Disadvantages

High Ensures a system or - Reduces downtime - Can be expensive

Availability service remains - Increases reliability - Complexity in setup
operational with
minimal downtime.
Achieved through
redundancy and fault
tolerance.

20
Active/Active Distributes data loads - Optimizes resource - Complex configuration
Load across multiple servers usage - Requires careful
Balancers or networks. All servers - Increases scalability management
are active and share - High availability
the load. Clustering is
often used.

Active/Passive One server is active, - Simpler setup - Passive server remains

Load while the other is - Ensures service idle until needed
Balancers passive. The passive continuity - Can introduce a delay
server takes over if the during failover
active server fails.

Load Balancer Scheduling Methods

Scheduling Description Example Benefits
Method

Round-Robi Distributes requests Request 1 → Server 1 - Simple implementation

n evenly among all Request 2 → Server 2 - Balanced load
servers in a sequential Request 3 → Server
order. 3...

Source IP Directs requests from Homer’s requests - Maintains session

Address the same IP address to always go to Server 3. consistency
Affinity the same server, - Useful for stateful
providing session applications
persistence.

Active/Passive Configuration
Component Description Considerations

Active Node The server currently handling all client - Must be robust and
requests. properly configured

Passive Node The standby server that takes over if the - Must be ready to take over
active node fails. promptly

Shared Storage Storage accessible by both nodes to - Should be fault-tolerant,

ensure no data loss during failover. e.g., RAID-10

Heartbeat Monitoring connection between nodes to - Essential for failover

Connection detect failures. detection

21
Remember This!

● High Availability aims to minimize downtime and increase system reliability, often
achieved through various forms of redundancy.
● Active/Active Load Balancers distribute traffic across multiple servers to enhance
scalability and availability.
● Active/Passive Load Balancers have one active server and one standby server,
ensuring continuity in case of failure.
● Load Balancing Scheduling can use methods such as round-robin or source IP
address affinity to manage traffic efficiently.

22
Active/Passive Configuration

NIC Teaming Overview

Aspect Description Benefits Considerations

Definition NIC teaming combines two or - Increases bandwidth - Requires proper

more physical network - Provides redundancy configuration
adapters into a single virtual
network adapter.

Performance The NIC team aggregates the - Enhanced network - May require
bandwidth of all the physical performance adjustments for
NICs, allowing the virtual NIC - Improved throughput optimal
to handle more traffic as if it performance
were a single adapter.

Load Uses algorithms to distribute - Balanced network - Load-balancing

Balancing outgoing network traffic load algorithms may
evenly across all NICs in the - Reduced congestion need tuning
team.

Fault If one NIC fails, the team’s - Eliminates single - Some

Tolerance software detects the failure point of failure configurations may
- Increased reliability

23
 and removes the faulty NIC still be vulnerable
from the virtual adapter. to network failures

Types of NIC - Static Teaming: No specific - Switch Independent - Switch

Teaming protocol is used for managing is more flexible Dependent
the team. - Switch Dependent requires matching
- Switch Independent: can provide better switch
Allows for failover without a performance configurations
specific switch configuration.
- Switch Dependent:
Requires a switch
configuration for failover and
load balancing.

Load - Hyper-V Port: Distributes - Dynamic is versatile - Choice of

Balancing traffic based on virtual - Address Hash can be algorithm can
Algorithms machine traffic. useful for certain impact
- Dynamic: Distributes traffic network configurations performance
based on both incoming and
outgoing traffic.
- Address Hash: Uses the
source and destination
addresses to determine
distribution.

Remember This!

● NIC Teaming combines multiple physical network adapters into a single virtual adapter,
enhancing both performance and redundancy.
● Performance Improvement is achieved through increased bandwidth and load
balancing.
● Fault Tolerance is built in, with the ability to handle NIC failures without service
interruption.
● Load Balancing can be configured with various algorithms to optimize traffic
distribution.

Power Redundancies Overview

Component Description Benefits Considerations

24
Uninterruptible Provides short-term - Protects against - Limited power
Power Supply power during outages or power interruptions duration
(UPS) fluctuations. Allows - Gives time for proper - Maintenance
devices to perform a shutdown or backup required
controlled shutdown or power
bridge the gap until
generators are active.

Dual Power A secondary power - Continuous power - Requires

Supply supply that can take availability compatible
over if the primary - Reduces risk of hardware
supply fails. Often power supply failure - Increased
hot-swappable, allowing complexity
replacement without
shutting down the
system.

Generators Supplies power during - Provides long-term - Requires regular

long-term outages, such power maintenance
as those caused by - Essential for - Fuel management
natural disasters. Can extended outages
keep critical systems
operational for extended
periods.

Managed Power Distributes power to - Detailed monitoring of - Additional cost

Distribution devices within server power usage - Requires proper
Units (PDUs) racks and monitors - Centralized control of configuration
power quality (voltage, power in data centers
current, consumption).
Allows centralized
monitoring and
management.

Remember This!

● UPS provides immediate, short-term power and helps protect against power fluctuations.
● Dual Power Supply ensures continued operation by allowing one supply to take over if
the other fails.
● Generators offer a backup for extended power outages, keeping critical systems
running.
● Managed PDUs allow for detailed monitoring and management of power within data
centers, improving oversight and control.

25
Backup Media Overview
Backup Description Benefits Considerations
Media

Tape Traditional backup media - Cost-effective - Slower access

with high storage capacity - High capacity speeds
and lower cost. Suitable for - Suitable for - Prone to wear and
long-term storage and long-term storage degradation
archival purposes.

Disk Backup stored on disk - Faster data access - Higher cost

drives, including servers or - Better for frequent compared to tape
USB drives. Provides faster backups - Limited lifespan
access compared to tape. - Easier to manage

Network-Att Dedicated file storage - Easy network - Can be a single point

ached accessible over a network, access of failure
Storage often running a simplified - Scalable - Network-dependent
(NAS) OS. Provides centralized - Centralized storage
access and backup
management.

Storage Provides block-level storage - High-speed access - Complex and

Area over a high-speed network, - Scalable expensive
Network suitable for real-time data - Real-time replication - Requires specialized
(SAN) replication and skills
high-performance needs.

Cloud Backup stored in the cloud - Off-site storage - Dependent on

Storage using services from - Scalable internet connectivity
providers like AWS, - Accessible from - Ongoing costs
Microsoft Azure, or Google anywhere
Cloud.

Remember This!

26
 ● Backup Media vary in speed, cost, and capacity. Tape is cost-effective for long-term
storage but slow; Disk provides faster access but at a higher cost; NAS offers networked
storage and ease of access; SAN is ideal for high-speed needs and real-time replication;
and Cloud Storage provides off-site, scalable options but relies on internet connectivity
and incurs ongoing costs.
● RAID is not a substitute for backups. RAID protects against hardware failures but not
against data loss due to events like fires or ransomware attacks. Regular backups are
crucial for data recovery.

Online vs Offline Backups

Backup Description Advantages Disadvantages
Type

Offline Traditional backup - Easy access to backups - Media can fail

Backup methods using media - Better control over media - Media can be
like tapes, local disks, - Relatively fast destroyed or stolen
NAS drives, or SAN backup/restore
targets.

Online Backups stored in the - Off-site protection - Dependent on

Backup cloud, accessible via - Data remains available even internet connectivity
the Internet from if local backups are destroyed - Ongoing costs
anywhere. - Automatic encryption

Database Backups
Database Description Characteristics
Backup Type

Online Backup Backs up the database while it is - Database remains online

(Hot Backup) operational. Captures changes occurring - Captures live data
during the backup process.

Offline Backup Backs up the database when it is not - Database must be offline
(Cold Backup) operational. Data is static during the - Captures static data
backup.

Backup Types Supported by Backup Utilities

Backup Type Description Characteristics

Full Backup Backs up all selected data. - Comprehensive

- Takes more time and storage space

27
Differential Backs up all data changed - Faster than full backups
Backup since the last full backup. - Requires more storage over time

Incremental Backs up data changed since - Fast and efficient

Backup the last full or incremental - Requires less storage space
backup.

Snapshot/Image Captures the state of data at a - Quick recovery

Backup specific point in time. - Includes the entire state at a
moment in time

Remember This!

● Offline Backups offer control and quick access but are vulnerable to physical damage
or theft.
● Online Backups ensure data is accessible and protected off-site, with encryption, but
rely on internet connectivity and incur ongoing costs.
● Online (Hot) Backups keep databases operational but may be more complex, while
Offline (Cold) Backups are simpler but require database downtime.
● Backup types include Full (complete data backup), Differential (changes since last full
backup), Incremental (changes since last backup), and Snapshot/Image (point-in-time
capture).

Full Backups
Aspect Description

Definition A full backup copies all the data specified in the backup program. This
includes all selected files and folders.

Example If you select several folders on the D: drive for backup, a full backup will
include all the data from those folders.

Frequenc Although possible, full backups daily are rare due to time and cost constraints.
y Typically done weekly or monthly.

Benefits

● Complete Data Protection: Captures all data at the point of backup, ensuring no files
are missed.
● Simplifies Restore Process: Restoring from a full backup is straightforward since it
contains all necessary data in one set.

Limitations

28
 ● Time Consumption: Full backups can be time-consuming, potentially several hours,
affecting system performance and user operations.
● Storage Requirements: Requires a significant amount of storage media, leading to
higher costs and more management effort.

Backup Strategies Combining Full Backups

To mitigate the limitations of full backups, organizations often use a combination of full,
incremental, and differential backups:

Backup Type Description Usage

Incremental Backs up data changed since the last full or Often used after a full
Backup incremental backup. backup to save space
and time.

Differential Backs up data changed since the last full Provides a middle ground
Backup backup. between full and
incremental.

Combination Typically involves performing a full backup Balances backup time,

Strategy periodically (e.g., weekly) and incremental or storage, and data
differential backups in between. protection.

Remember This!

● Full Backups offer comprehensive protection but are time-consuming and require
significant storage.
● Incremental and Differential Backups are used alongside full backups to reduce
backup time and storage requirements.
● A typical backup strategy involves a regular full backup combined with more frequent
incremental or differential backups.

Recovering a Full Backup

● Ease of Restoration: A full backup is the simplest to restore because it contains all the
data needed. Restoring a full backup involves only retrieving and applying the single
backup set.
● Single Tape Recovery: If the backup is on tape, you only need to restore the single tape
containing the full backup.

Differential Backups

Strategy Overview

29
 ● Starts with Full Backup: The process begins with a full backup, and subsequent
differential backups capture changes made since that last full backup.
● Example Sequence:
○ Sunday: Full backup
○ Monday: Differential backup (changes since Sunday)
○ Tuesday: Differential backup (changes since Sunday)
○ Wednesday: Differential backup (changes since Sunday)
○ Repeat until the next full backup.

Order of Recovery

● Example Scenario: System crash on Wednesday morning.

● Tapes Required: 2
○ First Tape: Restore the full backup from Sunday.
○ Second Tape: Restore the differential backup from Tuesday to apply all changes
since the last full backup.

Incremental Backups

Strategy Overview

● Starts with Full Backup: The process begins with a full backup, and subsequent
incremental backups capture changes since the last full or incremental backup.
● Example Sequence:
○ Sunday: Full backup
○ Monday: Incremental backup (changes since Sunday)
○ Tuesday: Incremental backup (changes since Monday)
○ Wednesday: Incremental backup (changes since Tuesday)
○ Repeat until the next full backup.

Order of Recovery

● Example Scenario: System crash on Thursday morning.

● Tapes Required: 4
○ First Tape: Restore the full backup from Sunday.
○ Second Tape: Restore the incremental backup from Monday.
○ Third Tape: Restore the incremental backup from Tuesday.
○ Fourth Tape: Restore the incremental backup from Wednesday.

Considerations

● Full Backup: Provides the quickest restoration but can be time-consuming and costly if
performed frequently.
● Full/Differential Strategy: Balances backup and recovery time, as differential backups
grow in size over time but only require two tapes for restoration.

30
 ● Full/Incremental Strategy: Reduces backup time and storage requirements but
requires all incremental backups to be restored in sequence, which can be
time-consuming and complex.

Remember This!

● Full Backup: Fastest recovery if done alone but costly and time-consuming if performed
too frequently.
● Full/Differential Strategy: Reduces restore time compared to incremental backups but
might require larger storage.
● Full/Incremental Strategy: Reduces backup time and storage needs but requires
multiple tapes for recovery and a sequential restoration process.

Choosing Full/Incremental or Full/Differential

Factor Full/Incremental Full/Differential

Best For Limited time for backups Quick recovery needs

Backup Time Shorter daily backup times Longer daily backup times

Storage More efficient; only changes since Less efficient; includes all changes
Efficiency last backup since last full backup

Recovery Requires full backup + all Requires full backup + most recent
Complexity subsequent incrementals differential backup

Restoration Time Can be slower; needs to apply Faster; only needs two backups (full
multiple incrementals + latest differential)

Backup Size Incrementals remain relatively Differential backups grow larger

Over Time small over time

Storage Usage Generally less storage usage More storage needed due to larger
differential backups

Recovery More complex due to multiple Simpler and faster recovery process
Simplicity incremental backups

Summary

● Full/Incremental: Opt for this if you need to optimize backup time and storage, and can
handle a more complex recovery process.
● Full/Differential: Choose this if you prioritize fast recovery and can manage the larger
size of differential backups and associated storage costs.

31
Snapshot and Image Backups
Feature Snapshot Backup Image Backup

Definition Captures data at a specific point in Creates a full image of the

time data/system as a whole

Common Use Virtual machines, databases Entire systems, including operating

systems and applications

Advantages Quick restoration to a previous state, Complete system restoration,

minimal disruption including OS and applications

Disadvantage Only captures state at a single point in Larger size, longer backup times
s time, not a continuous backup

Restoration Revert to the snapshot taken at a Restores the entire system from
specific time the image

Replication
Feature Real-Time Replication Near-Real-Time Replication

Definition Continuous copying of data to a Data is copied with a slight delay from
secondary site the primary site

Common Use High-availability setups, disaster Data redundancy, backup solutions

recovery

Advantages Minimal data loss, high availability Reduced bandwidth usage compared to
real-time replication

Disadvantage High resource usage, potential Slight delay can result in some data
s network bandwidth impact loss in case of primary site failure

Restoration Immediate failover to the Slight delay in failover or data

secondary site consistency

Journaling
Feature Journaling Application

Definition Records changes to data sequentially in a Used to maintain data

log (journal) integrity and consistency

32
Common Use Databases, file systems, critical applications Database recovery, file
system recovery

Advantages Allows recovery to a specific point, maintains Efficient recovery from data
data integrity corruption or failure

Disadvantage Requires additional storage for the journal, Journal can grow large and
s can add overhead impact performance

Restoration Apply changes from the journal to a previous Recovery involves both the
backup to restore the most recent state backup and journal

Summary

● Snapshot and Image Backups: Useful for capturing and restoring the state of a system
or data at a specific point in time. Snapshots are typically faster for short-term
restoration, while image backups provide comprehensive system restoration.
● Replication: Ensures data availability by creating copies at secondary sites. Real-time
replication offers minimal data loss but may require significant resources, while
near-real-time replication is more resource-efficient but has a slight delay.
● Journaling: Records changes in a sequential log, allowing recovery to a specific state. It
is particularly effective for maintaining data integrity but can add overhead and require
additional storage.

Backup Frequency
Aspect Description

Importance Ensures data is captured as it changes; minimizes data loss.

Trade-offs More frequent backups reduce data loss but increase space and
time requirements.

Costs Increased storage space and time for backup processes.

Recovery Point Measures the maximum acceptable amount of data loss

Objective (RPO) measured in time. More frequent backups lead to a smaller RPO.

Testing Backups
Aspect Description

Purpose Validates that backups are functional and data can be restored.

33
Types of Tests - Full Restore: Verifies entire backup integrity.
- File Restore: Verifies individual file restorations.

Testing - Restore to a different location (if possible) to validate backup quality.

Process - Verify data integrity after restore.

Outcomes - Test Succeeds: Confirms backup process works, though not all backups
may be valid.
- Test Fails: Identifies issues to fix before a real crisis.

Additional Familiarizes administrators with the restore process, reducing stress

Benefits during actual recovery situations.

Summary

● Backup Frequency: Balances the need to minimize data loss with the practical
considerations of space and time. More frequent backups lead to smaller data loss but
increase costs.
● Testing Backups: Essential for ensuring backups are valid and can be restored.
Regular testing helps identify problems early and prepares administrators for actual
recovery situations.

Remember This!

● Test restores are the best way to ensure backup integrity.

● Backup media should be protected as carefully as the data itself.
● Consider geographic and legal factors for backup storage, including off-site storage
and data sovereignty.

Backups and Geographic Considerations

Aspect Description

Backup Policy A document detailing what data to back up, backup frequency, testing
methods, and retention periods.

Offsite vs Onsite - Offsite: Protects against local disasters (e.g., fire, flood).
Storage - Onsite: Provides quick access for recovery.

Distance - Proximity: Can be close for easy retrieval.

- Far Away: Ensures that disasters at the primary site do not affect the
backup.

Location Depends on environmental risks. For example, in earthquake-prone

Selection areas, choose a location far from fault lines.

34
 Legal Backups with PII or PHI must comply with relevant laws and
Implications regulations.

Data Sovereignty Legal implications of storing backups in different countries. Compliance

with local laws of the backup storage country is necessary.

Encryption Essential for protecting sensitive data in backups. Encrypt both in

transit and at rest using strong algorithms, and manage encryption
keys securely.

Summary

● Backup Policy: Essential for defining backup procedures and requirements.

● Offsite vs Onsite Storage: Balances quick access with protection against local
disasters.
● Distance: Considerations for proximity or distance of backup sites.
● Location Selection: Account for environmental risks and specific regional threats.
● Legal Implications: Ensure compliance with laws related to data types stored in
backups.
● Data Sovereignty: Understand and comply with laws applicable to the backup storage
location.
● Encryption: Crucial for securing backup data and preventing unauthorized access.

Remember This!

● Backup Policy: Create a comprehensive backup policy covering all aspects of backup
management.
● Geographic Considerations: Always consider environmental, legal, and distance
factors when selecting backup storage locations.
● Encryption: Implement robust encryption practices to safeguard backup data

Comparing Business Continuity Elements

Business continuity planning ensures that critical business operations can continue and recover
effectively after an outage or disaster. Here's a comparison of the different elements and types
of disasters:

Aspect Description Examples

Business A comprehensive plan to ensure Detailed procedures and strategies

Continuity Plan that critical business functions for maintaining and restoring
(BCP) continue during and after a operations after various types of
disruptions.

35
 disaster. Includes disaster
recovery elements.

Disasters and Events that disrupt normal

Outages business operations and require
continuity planning.

Environmental Disasters resulting from natural - Hurricanes

phenomena or environmental - Floods
factors. - Tornadoes
- Earthquakes
- Fires caused by lightning
- Major environmental disasters (e.g.,
nuclear meltdowns)

Human-Made Disasters caused by human - Fires caused by human error

actions or negligence. - Train wrecks (e.g., Amtrak
derailment)
- Hardware and software failures due
to human error
- Cyberattacks

Internal vs Classification based on the

External origin of the disaster relative to
the organization.

Internal Disasters originating within the - Fire in a data center

organization. - Server failure
- Internal sabotage

External Disasters occurring outside the - Wildfires impacting power lines

organization but affecting it. - Flooding affecting utility services
- External cyberattacks impacting the
organization’s operations

Key Points

● Business Continuity Plan (BCP): Essential for maintaining and resuming operations
during and after disruptions. Includes disaster recovery steps.
● Types of Disasters:
○ Environmental: Often uncontrollable but predictable; requires planning for
natural events and their impacts.
○ Human-Made: Include both accidents and malicious actions; planning involves
risk mitigation and response strategies.

36
 ○ Internal: Address issues within the organization; includes infrastructure and
operational concerns.
○ External: Manage impacts from outside the organization; includes natural
disasters and external disruptions.

Remember This!

● BCP: Develop a comprehensive plan to ensure continuity and recovery of critical

business functions.
● Disaster Types: Understand and plan for both environmental and human-made
disasters, distinguishing between internal and external sources.
● Business Impact Analysis: Start with a thorough analysis to predict impacts and
develop effective recovery strategies.

Business Impact Analysis (BIA) Concepts

A Business Impact Analysis (BIA) is a crucial component of business continuity planning (BCP).
It helps organizations identify and prioritize mission-essential functions and critical systems to
ensure they can continue operations during and after a disaster. Here’s an overview of the key
concepts involved:

Concept Description Examples

Mission-Esse Activities that must continue or be For an e-commerce business: serving

ntial restored quickly after a disaster to webpages, processing purchases, and
Functions ensure organizational survival. sending email confirmations.

Vulnerable Processes that support For the same e-commerce business:

Business mission-essential functions and are the shopping cart path, which is crucial
Processes critical to protect. for completing transactions.

Critical Systems and components that Web servers, database servers, and
Systems support mission-essential network infrastructure in an
functions. e-commerce setup.

Maximum The maximum allowable time that For online sales, if the maximum
Downtime a system or function can be allowable outage is five hours, then all
Limit non-operational before it systems supporting online sales must
significantly impacts the be restored within that time frame.
organization.

Scenarios Potential situations that could Natural disasters (hurricanes, floods),

Impacting disrupt critical systems and cyberattacks, hardware failures.
Systems functions.

37
 Potential The financial or operational impact Example: An average loss of $5,000
Losses that could result from a disruption per hour due to halted online sales.
in critical systems.

Example Scenario

E-Commerce Business:

● Mission-Essential Functions:
○ Serving webpages
○ Processing purchases
○ Sending email confirmations
● Vulnerable Business Processes:
○ Shopping cart path
● Critical Systems:
○ Web servers
○ Database servers
○ Network infrastructure
● Maximum Downtime Limit:
○ Five hours for online sales
● Scenarios:
○ Hurricane impacts the data center
○ Cyberattack targeting the website
● Potential Losses:
○ $5,000 per hour if online sales are disrupted

Remember This!

● BIA Goals: Identify mission-essential functions, critical systems, maximum downtime

limits, impact scenarios, and potential losses.
● Pre-Crisis Planning: Conduct BIA in advance to ensure effective response and
recovery strategies are in place.
● Documentation: Collect and document information from across the organization to
focus on critical business functions and guide recovery objectives.

Site Risk Assessment

A site risk assessment evaluates specific risks associated with a particular location. Unlike
general risk assessments, which might cover broad categories, a site risk assessment focuses
on the unique risks and requirements of individual sites. Here’s how it differs based on location
and focus:

Aspect Description Examples

38
 Environmental Risks specific to the physical Florida sites: hurricanes, floods;
Risks environment of a site. San Francisco sites:
earthquakes.

Mission-Essentia Critical functions unique to each site. Online sales site: website
l Functions operations, transaction
processing; Warehousing site:
inventory management,
shipping.

Impact Evaluates the potential impact of Questions addressed include:

Assessment various disaster scenarios on the site. loss of life, property damage,
personnel safety, financial
losses, and reputation.

Examples of - Data breach costs: Average cost of a High costs of breaches could
Impact data breach was $4.35 million globally exceed millions, highlighting the
in 2022. U.S. average: $9.44 million; financial and reputational
healthcare industry: $10.10 million. impacts of data breaches.

Recovery Time Objective (RTO)

The RTO defines the maximum allowable time to restore a system or function after an outage.
It’s crucial for minimizing downtime and ensuring that the business can continue operations.

Concept Description Example

Definition Maximum time allowed for system Web server for online sales: RTO of
restoration after an outage. 5 minutes; Internal database
server: RTO of 24 hours.

Purpose Ensures that systems are restored within a An online sales website’s revenue
time frame that prevents unacceptable generation might necessitate a very
impact on the organization. short RTO.

Recovery Point Objective (RPO)

The RPO defines the maximum acceptable amount of data loss measured in time. It determines
how frequently backups should occur to ensure data can be restored to a point that meets the
organization's needs.

Concept Description Example

39
 Definition Amount of data that can be lost due to Weekly backups: RPO of one week;
an outage, measured from the most Online transaction database: RPO up
recent backup. to the minute of failure.

Purpose Ensures that data loss is minimized Ensures frequent backups for critical
according to the organization’s data to meet minimal data loss
tolerance and operational needs. requirements.

Remember This!

● RTO (Recovery Time Objective): Maximum allowable downtime before unacceptable

impact occurs. Derived from BIA.
● RPO (Recovery Point Objective): Maximum amount of data loss acceptable, dictating
backup frequency.

Comparing MTBF and MTTR

Understanding MTBF and MTTR is crucial for assessing and planning for system reliability and
maintenance. Here’s a breakdown of each term:

Term Description Purpose Example

40
Mean Time Measures the average Indicates the reliability If a hard disk has an
Between time between failures of of a system or MTBF of 100,000
Failures a system or component. component. Higher hours, it means, on
(MTBF) Typically expressed in MTBF means more average, one failure is
hours. reliable. expected every 100,000
hours.

Mean Time Measures the average Used to gauge the If the MTTR for a server
To Repair time taken to repair or efficiency of repair is 4 hours, it means, on
(MTTR) restore a failed system processes. It does not average, it takes 4
or component. guarantee repair times hours to fix and restore
for every instance. the server.

Remember This!

● MTBF (Mean Time Between Failures): Provides an estimate of how often a system or
component will fail. Higher MTBF indicates greater reliability.
● MTTR (Mean Time To Repair): Refers to the average time required to restore a system
or component after a failure. It is crucial for planning recovery and maintenance efforts.

41
Continuity of Operations Planning (COOP) and Site Resiliency

Continuity of Operations Planning (COOP) ensures that an organization can continue to

perform mission-essential functions at a recovery site if a critical outage occurs. This involves
the process of moving operations to an alternate location, called a recovery site, in case of a
primary site failure.

Types of Recovery Sites

1. Hot Site

● Description: A fully operational site that can take over immediately. It includes all the
necessary equipment, software, and data.
● Characteristics:
○ Operational 24/7.
○ Contains up-to-date data.
○ Can take over functionality quickly after a primary site failure.
● Recovery Time: Minimal, typically from a few minutes to an hour.
● Cost: High, due to constant maintenance and up-to-date data.
● Use Case: Best for high-availability requirements where minimal downtime is crucial.

Aspect Hot Site

42
 Operational Time 24/7

Data Status Up-to-date

Setup Time Minimal (a few minutes to an hour)

Cost High

Ideal For High-availability systems requiring instant recovery

2. Cold Site

● Description: A basic facility that requires power, connectivity, and physical space.
Equipment and data need to be brought to the site when needed.
● Characteristics:
○ Requires power and connectivity but lacks equipment and data.
○ Activation involves setting up hardware, software, and data.
● Recovery Time: Longer, as setup is needed.
● Cost: Low, due to minimal maintenance.
● Use Case: Suitable for organizations that can tolerate longer recovery times and have
budget constraints.

Aspect Cold Site

Operational Time Requires activation

Data Status Not up-to-date; needs to be brought in

Setup Time Longer (varies with setup time)

Cost Low

Ideal For Organizations with longer recovery windows and lower budgets

3. Warm Site

● Description: A compromise between hot and cold sites. Contains necessary hardware
but may not have up-to-date data.
● Characteristics:
○ Equipped with hardware and basic infrastructure.
○ Requires data and software to be copied or installed upon activation.
● Recovery Time: Intermediate, as data and software need to be transferred.
● Cost: Moderate, balancing between maintenance and setup requirements.
● Use Case: Suitable for organizations needing a balance between recovery speed and
cost.

43
 Aspect Warm Site

Operational Time Requires activation

Data Status Hardware present, data needs to be added

Setup Time Intermediate (depends on data transfer)

Cost Moderate

Ideal For Organizations needing a balance between speed and

cost

Other Types of Recovery Sites

● Mobile Site: A transportable recovery site that can be moved to different locations as
needed.
● Mirrored Site: An exact duplicate of the primary site that maintains real-time
synchronization.

Geographic Considerations

When selecting recovery sites, consider geographic dispersion to prevent both the primary and
recovery sites from being affected by the same disaster. Sites should be far enough apart to
minimize the risk of simultaneous outages due to similar events.

Remember This!

● Hot Site: Provides the quickest recovery with up-to-date data but is the most expensive.
● Cold Site: Least expensive, requires setup and data transfer, and has a longer recovery
time.
● Warm Site: Balances between hot and cold sites in terms of cost and recovery speed.

Restoration Order

● Least Critical Functions First: Return less critical functions to the primary site before
moving more critical ones. This allows you to identify and address any issues with the
site before affecting essential operations.
● Reason for Least Critical Functions First: Testing and resolving issues with
non-essential functions can prevent disruptions to mission-critical functions.

Recovery Sites Overview

44
 Type of Characteristics Cost Recovery Time
Recovery
Site

Hot Site Fully operational 24/7, includes all Expensiv Shortest (minutes
equipment, software, and up-to-date data. e to an hour)
Can take over quickly.

Cold Site Basic infrastructure (power, connectivity), Cheapest Longest (varies

requires setup and data transfer. widely)

Warm Site Contains necessary hardware, not Moderate Moderate (shorter

up-to-date data. Requires setup and data than cold sites)
transfer.

Mobile Site Temporary setup with equipment and Varies Depends on

infrastructure that can be deployed as deployment speed
needed.

Remember This!

● Cold Sites: Cheapest but hardest to test; minimal infrastructure.

● Warm Sites: Balanced solution between cost and recovery speed; hardware in place,
but data needs to be added.
● Hot Sites: Most effective for high-availability needs; includes full setup and up-to-date
data.
● Mobile Sites: Provide flexibility with temporary support; not fixed locations.

Disaster Recovery

Disaster Recovery Plan (DRP) Definition

Term Definition

Disaster A documented process and set of procedures designed to recover critical

Recovery systems and data after a disaster. It is a component of the broader business
Plan (DRP) continuity plan (BCP) and includes strategies for restoring mission-essential
functions, prioritizing the recovery of systems, and addressing various types
of disasters. The DRP ensures that an organization can continue operations
or quickly resume operations after a disruptive event.

1. DRP Components Overview

45
 Component Description Example

Hierarchical List of A prioritized list of systems and Restoring a revenue-generating

Critical Systems components that need to be web server before a
restored after a disaster. non-essential internal file server.

Activation The process of initiating the DRP Activating the plan immediately
based on the type and timing of after an earthquake versus before
the disaster. an expected hurricane.

Implementation of Steps taken to move critical Switching operations to a hot site

Contingencies functions to an alternate site and or retrieving backup data from an
retrieve off-site backups if on-site off-site location.
backups are lost.

Recovery of Critical The process of restoring systems Restoring and testing the
Systems based on their priority and functionality of key servers as per
verifying that approved changes the DRP prioritization.
are included.

Testing The phase where recovered Running performance tests on a

systems are validated to ensure restored web server to ensure it
they function as required before meets operational standards.
going live.

After-Action Report A review process to analyze the Conducting a review meeting to

response to the disaster, capture discuss what went well and what
lessons learned, and update the could be improved, and updating
DRP as necessary. the DRP.

2. Disaster Recovery Phases

Phase Description Activities

Activate the Initiate the DRP in response to a Notify relevant personnel,

Disaster Recovery disaster, either immediately or when implement initial response steps,
Plan imminent based on the disaster and activate recovery protocols.
type.

Implement Move critical functions to an Transfer operations to a hot or

Contingencies alternate site and retrieve off-site warm site, and retrieve and
backups if necessary. restore data from off-site
backups.

46
Recover Critical Begin the process of restoring Follow the hierarchical list to
Systems systems based on their prioritization. restore systems, review change
management documentation.

Test Recovered Verify that restored systems function Conduct tests to ensure systems
Systems correctly and meet performance are operational and meet
standards. required performance metrics.

After-Action Review the disaster response, Prepare a report on the disaster

Report analyze what went right and what response, hold a
went wrong, and update the DRP lessons-learned session, and
based on findings. revise the DRP.

3. Types of Disaster Recovery Plans

Type of Description Example
DRP

Single A comprehensive plan that outlines A single document covering

DRP recovery steps for all critical systems and recovery procedures for both
types of disruptions in one document. servers and various types of
disasters.

Multiple Separate plans for different types of Individual plans for hurricanes,
DRPs disasters or specific systems. tornadoes, and separate plans for
servers and databases.

4. Importance of Prioritization
Aspect Description Example

System The order in which systems are Restoring a system that generates
Prioritization restored based on their criticality and significant revenue before less
impact on business operations. critical internal systems.

Service Prioritizing the restoration of critical Restoring security systems and

Prioritization business functions and security essential business functions before
services before support services. IT support and admin services.

Testing Types for Business Continuity and Disaster Recovery Plans

Testing Type Description Purpose

47
Tabletop Discussion-based exercises where To discuss and evaluate responses,
Exercises participants review hypothetical roles, and decision-making
scenarios in a classroom or processes; to identify flaws in the
conference setting. plan and make necessary updates.

Simulations Functional exercises conducted in a To test and verify the steps of the
simulated environment to test the plan, assess how well the plan
operational aspects of the plan works, and measure the time
without impacting real systems. required to execute the plan.

Parallel Involves running the disaster To confirm that the recovery site can
Processing recovery site alongside the primary operate effectively in parallel with the
site to ensure both sites are main site without disrupting
functioning properly. operations.

Failover Tests that involve shutting down the To test the full functionality and
Tests primary site and evaluating whether effectiveness of the failover site
the recovery site can handle the load. under real conditions, ensuring it can
handle the operational load.

Tabletop Exercise Details

Feature Description

Format Discussion-based, typically in a classroom or conference room setting.

Scenario Hypothetical situations such as cyberattacks or natural disasters.

Coordinator Guides participants through scenarios, injects additional information to

Role simulate real-life complications.

Outcome Validates the adequacy of the plan, identifies flaws, and prompts
revisions if necessary.

Simulation Details
Feature Description

Format Hands-on exercises in a controlled, simulated environment.

Scenario Testing involves simulating system failures and recovery procedures without
affecting actual systems.

Outcom Verifies that the plan works as intended and measures the execution time.
e

48
Parallel Processing Details
Feature Description

Format Operates the recovery site concurrently with the primary site.

Scenario Ensures that the recovery site is functioning properly alongside the main site.

Outcom Confirms operational effectiveness of the recovery site without disrupting normal
e operations.

Failover Test Details

Feature Description

Format Shuts down the primary site and tests whether the recovery site can assume its
operations effectively.

Scenario Evaluates the recovery site under real conditions and load.

Outcom Determines if the failover site is capable of handling the load and restores
e operations as planned.

Summary of Testing Types

Testing Type Key Characteristics

Tabletop Discussion-based, scenario-driven, helps in identifying plan deficiencies.

Exercises

Simulations Hands-on, in a controlled environment, verifies plan steps and timing.

Parallel Operates recovery site alongside the primary site, tests functional
Processing capabilities in parallel.

Failover Tests Shuts down the primary site, tests the full capability and performance of
the recovery site under real conditions.

Capacity Planning Overview

Aspect Description Purpose

People Assessing the human resources To ensure the organization has the
needed, including skills, hiring, expertise and staffing levels needed
training, and retaining talent. to support operations and growth.

49
Technology Determining the hardware, software, To avoid bottlenecks, ensure high
and network resources needed to availability, and maintain optimal
support operations and future performance levels.
demand.

Infrastructure Evaluating physical facilities and To ensure adequate space, power,

assets such as data centers and cooling, and other resources to
office spaces. support operations and future
growth.

People Capacity Planning

Component Description Purpose

Workforce Analyzing current workforce skills To determine the skills and staffing
Analysis and identifying gaps. levels required to meet current and
future needs.

Forecasting Estimating future human resource To plan for hiring, training, and
requirements based on growth, retaining the right talent to support
new projects, or changes. organizational objectives.

Talent Hiring, training, and retaining the To ensure the organization has the
Management right talent. necessary expertise to achieve its
goals and manage growth effectively.

Technology Capacity Planning

Component Description Purpose

Hardware Estimating the computing power To ensure the physical resources can
and storage needed. handle current and future workloads.

Software Determining software To support operational needs and

requirements and licensing needs. future demands.

Network Estimating bandwidth and network To prevent network bottlenecks and

Resources capacity needed. ensure reliable connectivity.

Regular Periodically reviewing and To maintain optimal performance and

Reviews updating technology infrastructure. adapt to changing demands.

Infrastructure Capacity Planning

50
 Component Description Purpose

Physical Evaluating data centers, office To ensure there is sufficient space to

Facilities spaces, and other critical assets. support operations and growth.

Capacity Analyzing current infrastructure To address and plan for future capacity
Analysis capacity and identifying potential needs and prevent limitations.
constraints.

Future Planning for future infrastructure To ensure the organization has

Requirements needs based on projected adequate resources such as power
growth. and cooling to support expansion.

Summary of Capacity Planning Areas

Area Key Focus Objective

People Workforce skills, hiring, training, Ensure adequate human resources to

and talent retention. support operations and growth.

Technology Hardware, software, network Optimize performance, prevent

resources, and regular reviews. bottlenecks, and support future needs.

Infrastructure Physical facilities, capacity Provide necessary space and

analysis, and future requirements. resources to support operations and
growth.

Summary of Chapter 9

Comparing Physical Security Controls

Control Description Purpose Benefits

Cable Locks Secure mobile devices like Prevent theft of Easy to implement
laptops. portable devices. and cost-effective.

Access Badges Electronic cards for Prevent unauthorized Can be combined

unlocking doors, often access to secure with PINs for
areas. improved security.

51
 combined with PINs for
enhanced security.

Security Guards Human presence to Prevent unauthorized Can recognize

monitor and control personnel from individuals and
access. entering secure areas. verify identities.

Cameras/CCTV Provide video Monitor activities and Reliable proof of

Systems surveillance, including provide evidence of identity and activity.
motion and object incidents.
detection.

Sensors Detect environmental Monitor and alert on Can detect unusual

changes like motion, changes that could activity and provide
noise, and temperature. indicate security alerts.
breaches.

Fencing Physical barriers to restrict Deter unauthorized Basic physical

access. entry and protect the deterrent, often
perimeter. used with other
controls.

Barricades Stronger barriers than Block vehicles and Effective for

fences, such as bollards. deter potential high-security
attackers. areas.

Access Control Two sets of interlocking Ensure controlled Enhances security

Vestibules doors allowing one person access to secure by controlling entry.
to enter at a time. areas.

Asset Tracks and manages Ensure proper Helps in

Management hardware, software, and accounting and maintaining
data assets. monitoring of assets. security and
compliance.

Diversity Using different vendors, Increase overall Provides multiple

Methods technologies, and control security effectiveness. layers of
types for layered security. protection.

Adding Redundancy and Fault Tolerance

Component Description Purpose Benefits

52
RAID (Redundant Disk subsystems that Improve data Protects against
Array of provide fault tolerance. availability and fault disk failures and
Independent RAID-1 mirrors data, tolerance. enhances data
Disks) RAID-5 and RAID-6 use reliability.
parity.

Load Balancers Distribute processing load Ensure even Enhances

across multiple servers. distribution of performance and
requests and fault tolerance.
prevent server
overload.

NIC Teaming Combines multiple Provides load Improves network

network adapters into one balancing and fault reliability and
virtual adapter. tolerance for performance.
network traffic.

Power Includes UPS, dual power Ensure continuous Protects against

Redundancies supplies, and generators. power supply and power failures and
avoid outages. disruptions.

Protecting Data with Backups

Backup Type Description Purpose Benefits

Offline Uses tapes, local disks, Store backups for data Reliable and often used
Backups or drives in a NAS/SAN. recovery. for traditional backup
methods.

Online Stored in the cloud. Provide off-site data Facilitates remote

Backups storage and easy access and off-site
accessibility. protection.

Full Backup Complete backup of all Quickest recovery Simplifies data

data. time. restoration.

Incremental Backs up only changes Minimizes backup time Efficient for daily
Backup since the last backup. and storage needs. backups.

Differential Backs up changes since Reduces restore time Balances backup time
Backup the last full backup. compared to and recovery time.
incremental backups.

53
Off-Site Stored at a remote Protects against Ensures backup safety
Backup location to avoid impact site-specific disasters. from local incidents.
from local disasters.

Encryption Protects backup data Secure sensitive data. Protects data integrity
from unauthorized and confidentiality.
access.

Comparing Business Continuity Elements

Element Description Purpose Benefits

Business Identifies mission-essential Determine the Helps prioritize

Impact Analysis functions, critical systems, impact of disruptions recovery efforts and
(BIA) and vulnerabilities. on business resources.
operations.

Recovery Time Maximum acceptable time Define the Guides recovery

Objective (RTO) to restore a system after acceptable strategies and
an outage. downtime for each priorities.
system.

Recovery Point Maximum acceptable Define the Helps in setting

Objective (RPO) amount of data loss acceptable amount backup frequencies
measured in time. of data loss. and strategies.

Mean Time Average time between Measure system Helps in

Between system failures. reliability. maintenance
Failures (MTBF) planning and
reliability
assessment.

Mean Time to Average time taken to Measure repair Guides maintenance

Repair (MTTR) restore a failed system. efficiency. and repair strategies.

Continuity of Identifies alternate Ensure operational Provides strategies

Operations processing sites and continuity during for maintaining
Planning business practices. major disruptions. business functions.

Hot Site Fully equipped site that Minimize downtime Most effective but
can be operational within and ensure rapid costly solution.
60 minutes. recovery.

54
Warm Site Partially equipped site with Balance between Offers a compromise
infrastructure and some cost and recovery between hot and
hardware. time. cold sites.

Cold Site Basic site with power and Lowest cost Requires setup time
connectivity but no recovery solution. but is the least
pre-installed equipment. expensive.

Disaster Plan detailing how to Provide structured Ensures organized

Recovery Plan recover critical systems recovery and efficient
(DRP) after a disaster. procedures. recovery operations.

Testing Types Includes tabletop Validate and refine Ensures plans are
exercises, simulations, disaster recovery effective and
parallel processing, and plans. functional
failover tests.

55