Page 1324 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1324
other personal information in the checklist.
The notification checklist should be supplied to all personnel who
might respond to a disaster. This enables prompt notification of
key personnel. Many firms organize their notification checklists in
a “telephone tree” style: Each member of the tree contacts the
person below them, spreading the notification burden among
members of the team instead of relying on one person to make lots
of telephone calls.
If you choose to implement a telephone tree notification scheme,
be sure to add a safety net. Have the last person in each chain
contact the originator to confirm that their entire chain has been
notified. This lets you rest assured that the disaster recovery team
activation is smoothly underway.
Assessment
When the disaster recovery team arrives on site, one of their first tasks
is to assess the situation. This normally occurs in a rolling fashion,
with the first responders performing a very simple assessment to
triage activity and get the disaster response underway. As the incident
progresses, more detailed assessments will take place to gauge the
effectiveness of disaster recovery efforts and prioritize the assignment
of resources.
Backups and Offsite Storage
Your disaster recovery plan (especially the technical guide) should
fully address the backup strategy pursued by your organization.
Indeed, this is one of the most important elements of any business
continuity plan and disaster recovery plan.
Many system administrators are already familiar with various types of
backups, so you’ll benefit by bringing one or more individuals with
specific technical expertise in this area onto the BCP/DRP team to
provide expert guidance. There are three main types of backups:
Full Backups As the name implies, full backups store a complete
copy of the data contained on the protected device. Full backups
