Page 681 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 681

Equipment Failure


               No matter the quality of the equipment your organization chooses to
               purchase and install, eventually it will fail. Understanding and
               preparing for this eventuality helps ensure the ongoing availability of
               your IT infrastructure and should help you to protect the integrity and
               availability of your resources.

               Preparing for equipment failure can take many forms. In some non-

               mission-critical situations, simply knowing where you can purchase
               replacement parts for a 48-hour replacement timeline is sufficient. In
               other situations, maintaining onsite replacement parts is mandatory.
               Keep in mind that the response time in returning a system to a fully
               functioning state is directly proportional to the cost involved in
               maintaining such a solution. Costs include storage, transportation,

               pre-purchasing, and maintaining onsite installation and restoration
               expertise. In some cases, maintaining onsite replacements is not
               feasible. For those cases, establishing a service-level agreement (SLA)
               with the hardware vendor is essential. An SLA clearly defines the
               response time a vendor will provide in the event of an equipment
               failure emergency.

               Aging hardware should be scheduled for replacement and/or repair.

               The schedule for such operations should be based on the mean time to
               failure (MTTF) and mean time to repair (MTTR) estimates
               established for each device or on prevailing best organizational
               practices for managing the hardware lifecycle. MTTF is the expected
               typical functional lifetime of the device given a specific operating
               environment. MTTR is the average length of time required to perform
               a repair on the device. A device can often undergo numerous repairs

               before a catastrophic failure is expected. Be sure to schedule all
               devices to be replaced before their MTTF expires. An additional
               measurement is that of the mean time between failures (MTBF). This
               is an estimation of the time between the first and any subsequent
               failures. If the MTTF and MTBF values are the same or fairly similar,

               manufacturers often only list the MTTF to represent both values.
               When a device is sent out for repairs, you need to have an alternate

               solution or a backup device to fill in for the duration of the repair time.
   676   677   678   679   680   681   682   683   684   685   686