Page 1312 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1312

Cold Site Setup



                  A cold site setup is well depicted in the 2000 film Boiler Room,
                  which involves a chop-shop investment firm telemarketing bogus
                  pharmaceutical investment deals to prospective clients. In this
                  fictional case, the “disaster” is man-made, but the concept is much
                  the same, even if the timing is quite different.


                  Under threat of exposure and a pending law enforcement raid, the
                  firm establishes a nearby building that is empty, save for a few
                  banks of phones on dusty concrete floors in a mock-up of a cold
                  recovery site. Granted, this work is both fictional and illegal, but it
                  illustrates a very real and legitimate reason for maintaining a
                  redundant failover recovery site for the purpose of business
                  continuity.


                  Research the various forms of recovery sites, and then consider
                  which among them is best suited for your particular business needs
                  and budget. A cold site is the least expensive option and perhaps
                  the most practical. A warm site contains the data links and
                  preconfigured equipment necessary to begin restoring operations
                  but no usable data or information. The most expensive option is a
                  hot site, which fully replicates your existing business infrastructure

                  and is ready to take over for the primary site on short notice.



               The major advantage of a cold site is its relatively low cost—there’s no
               computing base to maintain and no monthly telecommunications bill
               when the site is idle. However, the drawbacks of such a site are
               obvious—there is a tremendous lag between the time the decision is
               made to activate the site and the time when that site is ready to
               support business operations. Servers and workstations must be
               brought in and configured. Data must be restored from backup tapes.

               Communications links must be activated or established. The time to
               activate a cold site is often measured in weeks, making timely recovery
               close to impossible and often yielding a false sense of security. It’s also
               worth observing that the substantial time, effort, and expense required
               to activate and transfer operations to a cold site make this approach
               the most difficult to test.
   1307   1308   1309   1310   1311   1312   1313   1314   1315   1316   1317