How To Set Up An Domain_4 System In Office

This commodity covers –

Overall understanding of the domain
Of import concepts to focus on from exam point of view

The article is split up into 10 parts every bit below:

Part 1 – Information Systems operations, Direction of IS operations, ITSM
Function two – Service Level Agreements, Operational Level Agreements, Incident and problem Management process
Role 3 – Roles and responsibilities of support/help desk-bound, Change management, Patch management and release management.
Role four – Quality Assurance (QA) and Overview of DBMS and DBMS architecture
Office v – Data dictionary/Directory organisation, Database structure, OSI Architecture
Part vi – Application of OSI Model in Network Architecture, LAN topology, LAN components
Part vii – WAN components, WAN topology, Network performance metrics
Part 8 – Network Management issues, Network Management tool and Overview of Disaster Recovery Planning (DRP)
Part ix – Overview of Recovery Point Objective (RPO) and Recovery Time Objective (RTO), boosted parameters in defining recovery strategies and various types of recovery strategies
Part 10 – Different recovery/Continuity/response teams and their responsibilities, overview on redundancy and restoration and the various disaster recovery testing methods

PART 1 – CISA Domain 4 – Information Systems operations, Maintenance and Service Management

Overall understanding of Domain iv
What is data Systems operations?
What are the ways of managing IS operations?
What is It service Management Framework (ITSM)?

Overall understanding of the domain:

Weightage – This domain constitutes twenty percent of the CISA exam (approximately 30 questions)

Covers 23 Knowledge statements covering the process of auditing information systems:-

Knowledge of service direction frameworks
Noesis of service direction practices and service level management
Knowledge of techniques for monitoring 3rd-political party operation and compliance with service agreements and regulatory requirements
Knowledge of enterprise architecture (EA)
Knowledge of the functionality of central technology (e.thousand., hardware and network components, system software, middleware, database management systems)
Noesis of organisation resiliency tools and techniques (due east.grand., error tolerant hardware, elimination of unmarried point of failure, clustering)
Cognition of IT asset management, software licensing, source code direction and inventory practices
Knowledge of job scheduling practices, including exception handling
Knowledge of control techniques that ensure the integrity of organisation interfaces
Knowledge of capacity planning and related monitoring tools and techniques
Knowledge of systems performance monitoring processes, tools and techniques (due east.grand., network analyzers, system utilization reports, load balancing)
Knowledge of information backup, storage, maintenance and restoration practices
Knowledge of database management and optimization practices
Knowledge of data quality (completeness, accurateness, integrity) and life bicycle direction (aging, memory)
Noesis of problem and incident direction practices
Noesis of change direction, configuration management, release direction and patch management practices
Cognition of operational risks and controls related to end-user calculating
Noesis of regulatory, legal, contractual and insurance problems related to disaster recovery
Knowledge of business affect analysis (BIA) related to disaster recovery planning
Cognition of the development and maintenance of disaster recovery plans (DRPs)
Knowledge of benefits and drawbacks of alternate processing sites (eastward.g., hot sites, warm sites, common cold sites)
Knowledge of disaster recovery testing methods.
Knowledge of processes used to invoke the disaster recovery plans (DRPs)

Important concepts from exam point of view:

1.Information Systems operations:

Responsible for ongoing support for an organizations computer and IS environment
plays a disquisitional role in ensuring that figurer operations processing requirements are met, cease users are satisfied and information is processed securely

2.Management of IS operations:

COBIT 5 framework makes clear distinction between governance and management, which are every bit follows:

Governance:
1. Ensures that stakeholder needs, conditions and options are evaluated to decide balanced, agreed-on enterprise objectives to be achieved;
1. Setting direction through prioritization and decision making; and monitoring performance and compliance confronting agreed-on management and objectives.
2. Overall governance is the responsibility of the board of directors under the leadership of the chairperson.
3. Specific governance responsibilities may be delegated to special organizational structures at an appropriate level, peculiarly in larger, complex enterprises.
Management:
1. Management plans, builds, runs and monitors activities in alignment with the management set past the governance torso to achieve the enterprise objectives
2. Management is the responsibility of the executive direction nether the leadership of the chief executive officeholder (CEO).
3. IS management has the overall responsibility for all operations within the Information technology section

3.It Service Management framework (ITSM):

Refers to the implementation and management of IT services (people, process and it) to meet business organisation needs
Two frameworks for ITSM:

It Infrastructure Library (ITIL):
- a reference torso of cognition for service commitment good practices
- a comprehensive framework detailed over five volumes – Service strategy, Service design, Service transition, services operations, Continual service improvement
- The main objective of ITIL is to better service quality to the business.
ISO 20000-1:2011 Information engineering science – Service direction
- Requires service providers to implement the plan-do-check-act (PDCA) methodology
- The master objective is to ameliorate service quality, achievement of the standard certifies organizations as having passed auditable practices and processes in ITSM.

PART two – CISA Domain 4 – Information Systems operations, Maintenance and Service Management

What are Service Level Agreements (SLAs) and Operational Level Agreements (OLAs)?
What are the tools to monitor efficiency and effectiveness of services provided?
1. Exception reports
2. Operator problem reports
3. System and awarding logs
4. Operator work schedule
·What is incident management and problem management?

4.Service Level Agreement and Operational Level Understanding:

Service Level Agreement:
- The Service Level agreement is a contract between service provider and customer
- SLAs can as well be supported by operational level agreements (OLAs)
Operational Level Agreement:
- OLA is an agreement between the internal support groups of an institution that supports SLA
- The OLA conspicuously depicts the performance and relationship of the internal service groups.
- The primary objective of OLA is to ensure that all the support groups provide the intended Service Level Agreement

5.Tools to monitor efficiency and effectiveness of services provided:

Exception reports:
- These automated reports identify all applications that did not successfully complete or otherwise malfunctioned.
- An excessive number of exceptions may betoken:
  - Poor understanding of concern requirements
  - Poor application design, development or testing
  - Inadequate performance instructions
  - Inadequate operations support
  - Inadequate operator training or operation monitoring
  - Inadequate sequencing of tasks
  - Inadequate organisation configuration
  - Inadequate capacity management
Arrangement and awarding logs:
- Refers to logs generated from various systems and applications
- Using this software, the accountant can bear out tests to ensure that:
  - Just approved programs admission sensitive data
  - Merely authorized Information technology personnel access sensitive data
  - Software utilities that can alter data files and program libraries are used only for authorized purposes
  - Approved programs are run merely when scheduled and, conversely, that unauthorized runs do non take identify
  - The right data file generation is accessed for production purposes
  - Data files are fairly protected
Operator problem reports – Manual report used past helpdesk to log computer operations issues & resolutions
Operator piece of work schedules – Report maintained manually by IS direction to assist in human resource planning to ensure proper staffing of operation support

Points to call back:

o Availability reports – The report that IS auditor use to check compliance with service level agreements (SLA) requirement for uptime

6.Incident management and problem management:

Incident management:
- An Incident is an event that could pb to loss of, or disruption to, an organization's operations, services or functions.
- Incident management is a term describing the activities of an arrangement to identify, analyze, and correct hazards to preclude a time to come re-occurrence.
- These incidents within a structured organization are normally dealt with past either an (IRT) or an incident management team (IMT)
- Incident management is reactive and its objective is to respond to and resolve issues restoring normal service (as divers by the SLA) as quickly as possible.
Problem management:
- Problem management is the procedure responsible for managing the lifecycle of all problems that happen or could happen in an IT service.
- The primary objectives of problem direction are to forbid problems and resulting incidents from happening, to eliminate recurring incidents, and to minimize the impact of incidents that cannot exist prevented.

Office three – CISA Domain 4 – Information Systems operations, Maintenance and Service Management

· What are the roles and responsibilities of Support/assistance desk-bound?

· What is change management and patch management process?

· What is release management – Major, Minor and emergency releases?

7.Support/Help desk – Roles and responsibilities:

The responsibleness of the technical support function is to provide specialist knowledge of product systems to identify and help in organisation change/development and problem resolution.

The basic role of the help desk-bound is to exist the first, unmarried and central point of contact for users and to follow the incident management process
The help desk personnel must ensure that all hardware and software incidents that arise are fully documented and escalated based on the priorities established by management

8.Change management and patch management process:

Change management:

used when changing hardware, installing or upgrading to new releases of off-the-shelf applications, installing a software patch and configuring diverse network devices
Changes are classified into iii types:

Emergency changes
Major changes
Minor changes

Patch Management:

an area of systems direction that involves acquiring, testing and installing multiple patches (lawmaking changes) to an administered estimator organisation in club to maintain up-to-date software and often to address security take chances
Patch management tasks include the following:

Maintaining current knowledge of available patches
Deciding what patches are appropriate for item systems
Ensuring that patches are installed properly; testing systems subsequently installation
Documenting all associated procedures, such as specific configurations required

Points to remember:

o Patch Management – The BEST method for preventing exploitation of system vulnerabilities

Software release management is the procedure through which software is fabricated available to users.
The term "release" is used to depict a collection of authorized changes.
The release volition typically consist of a number of problem fixes and enhancements to the service.
The release can be of 3 types:

Major releases: Ordinarily contain a significant alter or add-on to new functionality. A major upgrade or release normally supersedes all preceding minor upgrades.
Minor releases: Upgrades, ordinarily containing modest enhancements and fixes. A pocket-sized upgrade or release usually supersedes all preceding emergency fixes. Minor releases are by and large used to fix pocket-sized reliability or functionality problems that cannot wait until the side by side major release.
Emergency releases: Normally containing the corrections to a minor number of known problems. Emergency releases are fixes that require implementation as quickly as possible to prevent significant user downtime to business-critical functions

While alter management is the process whereby all changes go through a robust testing and approving process, release management is the process of really putting the software changes into product.

Function 4 – CISA Domain 4 – Information Systems operations, Maintenance and Service Direction

What is Quality Assurance (QA)?
What is Database Management Systems (DBMS)?
What is DBMS Architecture?

QA personnel verify that organisation changes are authorized, tested and implemented in a controlled mode prior to being introduced into the production environment according to a visitor's change and release management policies

xi. Database management systems (DBMS):

aids in organizing, controlling and using the data needed by application programs.
A DBMS provides the facility to create and maintain a well-organized database.
Master functions include:

Reduced data redundancy,
Decreased access time and
Basic security over sensitive data.

Database architecture focuses on the design, development, implementation and maintenance of computer programs that store and organize information for businesses, agencies and institutions.
A database architect develops and implements software to come across the needs of users. The design of a DBMS depends on its architecture
Metadata:

the data (details/schema) of any other information (i.eastward. data about data)
The word 'Meta' is the prefix that is generally the technical term for cocky-referential. In other words, we can say that Metadata is the summarized data for the contextual data.
In that location are three types of metadata:

Conceptual schema,
External schema and
Internal schema

Function five – CISA Domain 4 – Information Systems operations, Maintenance and Service Management

What is Data Lexicon / Directory system?
What is Database construction?
What are the database types?

Hierarchical database model
Network database model
Relational database model

What is OSI Architecture?

13.Information Systems operations:

Data Dictionary contains an index and descriptions all of the data stored in database. Directory describes the locations of the data and the access method
Some of the benefits of using DD/DS include:

Enhancing documentation
Providing mutual validation criteria
Facilitating programming by reducing the needs for data definition
Standardizing programming methods

The database structure is the collection of record type and field type definitions that comprise your database`.
At that place are three major types of database construction:

Hierarchical database model,
Network database model, and
Relational database model

Hierarchical database model:

In this model there is a hierarchy of parent and child information segments. To create links between them, this model uses parent-child relationships.
These are 1:N (one-to-many) mappings between record types represented by logical trees

Network database model:

In the network model, the basic data modeling construct is called a set.
A set is formed by an possessor record type, a member record type and a name.
A fellow member record type tin take that role in more than ane set, so a multi-owner human relationship is allowed.
An owner record type can too be a member or owner in another set. Usually, a set defines a i:North human relationship, although 1-to-one (1:i) is permitted
Disadvantages of Network database model:

Structures can be extremely complex and difficult to encompass, modify or reconstruct in case of failure.
This model is rarely used in current environments.
The hierarchical and network models do not back up high-level queries. The user programs have to navigate the data structures.

Relational database model

In Relational database model, the data and relationships among these data are organized in tables.
A table is a drove of rows, as well known as tuples, and each tuple in a table contains the same columns. Columns, called domains or attributes, correspond to fields.
Relational database has the following properties:

Values are diminutive.
Each row is unique.
Column values are of the aforementioned kind.
The sequence of columns is insignificant.
The sequence of rows is insignificant.
Each column has a unique name

The relational model is independent from the physical implementation of the data construction, and has many advantages over the hierarchical and network database models. With relational databases, it is easier:

For users to empathize and implement a physical database system
To convert from other database structures
To implement projection and join operations
To create new relations for applications
To implement access command over sensitive data
To modify the database

A central characteristic of relational databases is the utilise of "normalization"
Normalization:

a technique of organizing the data in the database
a systematic approach of decomposing tables to eliminate data redundancy(repetition) and undesirable characteristics similar Insertion, Update and Deletion Anomalies

OSI model was adult past the International Arrangement for Standardization (ISO) in 1984, and it is now considered as an architectural model for the inter-computer communications
OSI model is a reference model that describes how information from a software application in one computer moves through a concrete medium to the software awarding in another computer.
The OSI (Open Systems Inter-connexion) is a proof-of-concept model composed of seven layers, each specifying particular specialized tasks or functions.
The OSI model was defined in ISO/IEC 7498, which has the following parts:

ISO/IEC 7498-1 The Bones Model
ISO/IEC 7498-2 Security Compages
ISO/IEC 7498-iii Naming and addressing
ISO/IEC 7498-iv Management framework

Each layer is self-independent and relatively contained of the other layers in terms of its particular function
There are seven OSI layers. Each layer has different functions. They are:

Physical Layer
Information-Link Layer
Network Layer
Ship Layer
Session Layer
Presentation Layer
Application Layer

Points to remember:

o The CISA candidate will not be tested on the specifics of this standard in the exam

The functions of each layer are as follows:
Concrete Layer – The concrete layer provides the hardware that transmits and receives the flake stream as electric, optical or radio signals over an appropriate medium or carrier.
Data-Link Layer – The data link layer is used for the encoding, decoding and logical organization of data bits. Data packets are framed and addressed past this layer, which has two sublayers
Network Layer – This layer of the assigned the IP addresses and is responsible for routing and forwarding. This layer prepares the packets for the data link layer
Transport Layer – The transport layer provides reliable and transparent transfer of data between end points, end-to-end fault recovery and menstruum command.
Session Layer – The session layer controls the dialogs (sessions) between computers. It establishes, manages and terminates the connections between the local and remote application layers
Presentation Layer – The presentation layer converts the outgoing data into a format adequate by the network standard and then passes the data to the session layer (It is responsible for translation, compression and encryption)
Application Layer – provides a standard interface for applications that must communicate with devices on the network (east.g., print files on a network-connected printer, send an email or store data on a file server)

Points to remember:

o The OSI layer that perform fault detection and encryption – Data Link layer

PART six – CISA Domain 4 – Data Systems operations, Maintenance and Service Direction

What is the awarding of OSI model in Network Compages?
What is LAN topology?
What are the LAN components?

Repeaters
Switches
Hubs
Routers
Gateways
Bridges

16.Application of the OSI model in Network Architectures:

The concepts of the OSI model are used in the design and development of organizations'
network architectures. This includes LANs, WANs, MANs and utilize of the public Transmission
Control Protocol/Internet Protocol (TCP/IP)-based global Internet.
The word will focus on:

LAN
WAN
Wireless networks
Public global internet infrastructure
Network administration and control
Applications in a networked environs
On-need computing

Local Area Network (LAN):

a computer network that interconnects computers within a limited expanse such every bit a residence, school, laboratory, university campus or office building
Media used in LAN:

Copper (twisted-pairs) circuit:

Twisted pairs are of ii types:
(ane) Shielded twisted pair – More than attenuation, More cantankerous talk and more interference
(two) unshielded twisted pair – More attenuation, More cross talk and more than interference
– 2 insulated wires are twisted around each other, with current flowing through them in opposite directions.
– Advantages:
a. This reduces the opportunity for cross talk
b. Cheap
c. Readily available
d. Simple to modify
– Disadvantages:
a. Piece of cake to tap
b. Easy to splice
c. Interference and Racket

Fiber-optics systems:

It refers to the technology and medium used in the transmission of data as pulses of light through a strand or fiber medium made of drinking glass or plastic flashes of light.
Fiber-optic systems accept a low manual loss as compared to twisted-pair circuits.
Optical cobweb is smaller and lighter than metallic cables of the same capacity.
Fiber is the preferred selection for loftier-volume, longer-distance runs

Radio systems (wireless):

Data are communicated betwixt devices using low-powered systems that broadcast (or radiate) and receive electromagnetic signals representing information

Points to think:

o The method of routing traffic through split-cablevision facilities or indistinguishable-cablevision facilities is called "Various routing"

o The blazon of line media that provides the All-time security for a telecommunication network is "Defended lines"

Star topology
Bus topology
Ring topology

Repeaters – concrete layer devices that extend the range of a network or connect two separate
network segments together
Hubs- physical layer devices that serve as the centre of a star-topology network or a network concentrator
Bridges – data link layer devices that were developed to connect LANs or create two divide
LAN or WAN network segments from a single segment to reduce standoff domains
Switches – information link level devices that can dissever and interconnect network segments
and help to reduce collision domains in Ethernet-based networks
Routers – operate at the OSI network layer past examining network addresses (i.eastward., routing information encoded in an IP bundle).
Gateways – are devices that are protocol converters. Typically, they connect and catechumen between
LANs and the mainframe, or between LANs and the Internet, at the application layer of the OSI

PART 7 – CISA Domain iv – Information Systems operations, Maintenance and Service Management

What are the WAN components?

WAN switches
Routers
Modems

What are WAN technologies?

Point-to-indicate protocol
Integrated services digital network (ISDN)
X.25
Asynchronous transfer mode
Frame Relay
Multiprotocol label switching
Digital subscriber lines/li>
Virtual Private Network

What are the network performance metrics?

Latency
Throughput

WAN switches – Data link layer devices used for implementing various WAN technologies such as ATM, betoken-to-betoken frame relay and ISDN
Routers – devices that operate at the network layer of the OSI reference model and provide an interface between dissimilar network segments on an internal network or connects the internal
network to an external network
Modems (modulator/demodulator)

Converts calculator digital signals into analog data signals and analog data back to digital.
A chief task of the modems at both ends is to maintain their synchronization and so the receiving device knows when each byte starts and ends. Two methods can exist used for this purpose:

Synchronous manual – a data transfer method in which a continuous stream of information signals is accompanied by timing signals (generated past an electronic clock) to ensure that the transmitter and the receiver are in step (synchronized) with one another. The data is sent in blocks (chosen frames or packets) spaced by fixed time intervals
Asynchronous transmission – The term asynchronous is used to describe the procedure where transmitted data is encoded with start and stop bits, specifying the start and cease of each character. Asynchronous manual works in spurts and must insert a showtime scrap earlier each data graphic symbol and a stop bit at its termination to inform the receiver where it begins and ends.

Point to point protocol – (PPP) is a data link layer communications protocol used to establish a directly connection between two nodes. PPP is a widely available remote access solution that supports asynchronous and synchronous links, and operates over a wide range of media.
10.25 – is a standard suite of protocols used for packet-switched communications over a wide expanse network
Frame Relay – Frame relay is a parcel-switching telecommunication service designed for cost-efficient data manual for intermittent traffic between LAN and betwixt endpoints in WAN
Integrated services digital network (ISDN) – It is a set of communication standards for simultaneous digital manual of voice, video, information, and other network services over the traditional circuits of the public switched telephone network
Asynchronous transfer mode – ATM is a dedicated-connection switching technology that organizes digital data into 53-byte cell units and transmits them over a physical medium using digital signal applied science
Multiprotocol label switching – Multiprotocol label switching (MPLS) is a machinery used within computer network infrastructures to speed upward the fourth dimension it takes a data packet to flow from one node to another. It enables computer networks to exist faster and easier to manage past using short path labels instead of long network addresses for routing network packets.
Digital subscriber lines – Digital subscriber line (DSL) is a applied science that transports high-bandwidth data over a simple telephone line that is directly connected to a modem. This allows for file-sharing, and the manual of pictures and graphics, multimedia data, sound and video conferencing and much more
Virtual Private Network (VPN):

extends a private network across a public network and enables users to send and receive data beyond shared or public networks as if their computing devices were straight connected to the private network. Applications running on an end system (PC, smartphone etc.) across a VPN may therefore benefit from the functionality, security, and management of the private network
VPN applied science was developed to allow remote users and co-operative offices to admission corporate applications and resource. To ensure security, the private network connection is established using an encrypted layered tunneling protocol, and VPN users use hallmark methods, including passwords or certificates, to gain admission to the VPN.
At that place are 3 types of VPNs:
1. Remote-access VPN – Used to connect telecommuters and mobile users to the enterprise WAN in a secure mode; information technology lowers the barrier to telecommuting by ensuring that information is reasonably protected on the open Internet.
ii. Intranet VPN – Used to connect branch offices inside an enterprise WAN
iii. Extranet VPN – Used to give business partners limited access to each other's corporate network; and case is an automotive manufacturer with its suppliers

21. Network Functioning Metrics:

Latency: The filibuster that a message or packet volition experience on its way from source to destination. A very easy way to measure latency in a TCP/IP network is to use the ping command.
Throughput: The quantity of useful piece of work fabricated past the organisation per unit of time. In telecommunication, it is the number of bytes per second that are passing through a channel.

Points to think:

o Ping command is used to mensurate the latency

Part 8 – CISA Domain four – Information Systems operations, Maintenance and Service Management

What are the Network Management issues?

Fault Management
Performance direction
Configuration management
Security management
Bookkeeping resources

What are the Network Direction tools?

Response time
Network monitors
Downtime reports
Simple Network Management Protocol (SNMP)
Online monitors
Help desk reports
Protocol analyzers

What is Disaster Recovery Planning (DRP)?

22.Network Direction Problems:

A WAN needs to exist monitored and managed similarly to a LAN. ISO, equally role of its communications modeling effort (ISO/IEC 10040), has defined v basic tasks related to network management:

Fault direction – Detects the devices that present some kind of technical fault
Configuration management – Allows users to know, define and change, remotely, the configuration of any device
Accounting resources – Holds the records of the resource usage in the WAN (who uses what)
Functioning direction – Monitors usage levels and sets alarms when a threshold has been surpassed
Security management – Detects suspicious traffic or users, and generates alarms accordingly

23.Network Management tools:

Response Time – Place the time necessary for a command entered by users at a terminal to be answered by the host system.
Reanimation Reports – Runway the availability of telecommunications line and circuits. Interruptions due to electric line failure, traffic, overload, operator error or other anomalous atmospheric condition are identified in a downtime reports
Online Monitors – Check data transmissions accurateness and errors. Monitoring can exist performed be echo checking and status checking all transmissions, ensuring that messages are not lost or transmitted more than than one.
Network Monitors – Real fourth dimension display of network nodes and status.
Protocol Analyzers – It is a diagnostic tool used for monitoring packets flowing within the network.
Simple Network Management Protocol (SNMP) – It is a TCP/IP-based protocol that monitors and controls dissimilar variables throughout the network, manages configurations, and collects statistics on performance and security
Assistance desk-bound reports – Information technology is prepared past the aid desk, which is staffed or supported by IT technicians trained to handle problems occurring during normal IS usage.

24.Disaster Recovery Planning (DRP):

DRP is an element of an internal control system established to manage availability and restore critical processes/Information technology services in the event of interruption.
The purpose of this continuous planning process is

to ensure that cost-constructive controls to preclude possible IT disruptions and
to recover the Information technology chapters of the organization in the effect of a disruption are in place

DRP is a continuous procedure. One time the criticality of business organisation processes and supporting IT services, systems and data are divers, they are periodically reviewed and revisited

The ultimate goal of the DRP procedure is
to respond to incidents that may impact people and
the ability of operations to deliver goods and services to the marketplace and to comply with regulatory requirements

The difference between BCP and DRP is as follows:

BCP is focused on keeping the business operations running, perhaps in a different location or by using different tools or processes, after the disaster has happened. DRP is focused on restoring business operations after the disaster has taken place.
BCP oft includes Not-Information technology aspects of the business. DRP often focuses on IT systems

Points to call back:

o The prerequisite for developing a disaster recovery planning is – to have a direction commitment.

o The Chief GOAL of Disaster Recovery planning and Business continuity planning should ever be – Safety of Personnel (Human safety first)

o Occupant Emergency Plan (OEP) provides the response procedures for occupants of a facility in the event a situation poses a threat to the heal and safety of personnel

o The disquisitional first footstep in disaster recovery and contingency planning is – to complete a business organization impact analysis

o The term "Disaster Recovery" refers to recovery of technological surround

o The BCP is ultimate responsibility of Board of Directors

o Minimizing single points of failure or vulnerabilities of a common disaster is mitigated by

geographically dispersing resources.

o Disaster Recovery planning addresses the technological aspect of business continuity planning

o A disaster recovery plan for an organization should focus on reducing the length of recovery time and the price of recovery.

o The results of tests and drills are the BEST testify of an organisation'south disaster recovery readiness.

o Error-tolerant hardware is the only engineering that provides continuous and uninterrupted support in the result of a disaster or disruption

PART 9 – CISA Domain four – Information Systems operations, Maintenance and Service Management

What is Recovery Indicate Objective (RPO) and Recovery Time Objective (RTO)?
What are the additional parameters in defining the recovery strategy?

Suspension window
Service delivery objective (SDO)
Maximum tolerable outages

What are the recovery strategies?

Hot site
Cold site
Warm site
Reciprocal arrangements

25.Recovery Signal Objective (RPO) and Recovery Time Objective (RTO):

Points to think:

o The CISA candidate should be familiar with which recovery strategies would be all-time with dissimilar RTO and RPO parameters.

o with unlike RTO and RPO parameters.

Recovery Point objective:

RPO is determined based on the acceptable data loss in example of disruption of operations.
RPO indicates the earliest point in time in which information technology is acceptable to recover the data. For example, if the process tin can afford to lose the information up to four hours before disaster, then the latest backup available should be up to four hours before disaster or interruption and the transactions that occurred during the RPO period and suspension demand to be entered after recovery (known equally grab-up data)
RPO effectively quantifies the permissible corporeality of information loss in instance of disruption.

Recovery Fourth dimension Objective:

The RTO is determined based on the adequate downtime in case of a disruption of operations.
It indicates the earliest point in time at which the business operations (and supporting It systems) must resume afterward disaster

Both of these concepts are based on time parameters.
The nearer the fourth dimension requirements are to the eye (0-1 hours), the higher the cost of the recovery strategies.
If the RPO is in minutes (lowest possible acceptable data loss), then data mirroring or real-fourth dimension replication should be implemented as the recovery strategy.
If the RTO is in minutes (lowest acceptable time downwardly), and so a hot site, defended spare servers (and other equipment) and clustering must be used.
The below table represents the relationship between RPO and RTO:

Disruption hours	Recovery Time Objective	Recovery Indicate objective
0 to 1 hour	Active-Active clustering	Mirroring (Real-time replication)
1 to 4 hours	Active-passive clustering (Hot Standby)	Disk-based back-ups, snapshots, delayed replication, log shipping
4 – 24 hours	Common cold Standby	Tape backups, log shipping

Points to remember:

o Recovery Signal Objective (RPO) will be accounted critical if it is pocket-sized

o If the Recovery betoken objective (RPO) is shut to nothing, so it means that the action is critical and hence the cost of maintaining the environment would be college

o The Lowest expenditure in terms of recovery arrangement can be through Reciprocal agreement

o A hot site is maintained and data mirroring is implemented, where Recovery Point Objective (RPO) is depression

o The BEST option to support 24/vii availability is – Data Mirroring

o The metric that describes how long it volition take to recover a failed system is – Hateful time to Repair (MTTR)

26.Additional parameters in defining recovery strategy:

Interruption window – The maximum period of time the organization tin can expect from the betoken of failure to the critical services/applications restoration. Subsequently this fourth dimension, the progressive losses caused by the break are unaffordable.
Service delivery objective (SDO) – Level of services to be reached during the alternating process mode until the normal situation is restored. This is directly related to the business needs.
Maximum tolerable outages – Maximum time the organization can back up processing in alternate mode. After this point, different problems may ascend, specially if the alternate SDO is lower than the usual SDO, and the information pending to be updated tin go unmanageable.

A recovery strategy identifies the best style to recover a system (1 or many) in case of interruption, including disaster, and provides guidance based on which detailed recovery procedures can be developed
The selection of a recovery strategy would depend on:

The criticality of the business organization procedure and the applications supporting the processes
Toll
Time required to recover
Security

Recovery strategies based on the risk level identified for recovery are every bit follows:

Hot sites – facilities with space and basic infrastructure and all of the IT and communications equipment required to support the critical applications, along with function furniture and equipment for use by the staff.
Warm sites – are complete infrastructures just are partially configured in terms of Information technology, normally with network connections and essential peripheral equipment such as disk drives, tape drives and controllers.
Common cold sites – are facilities with the space and basic infrastructure adequate to support resumption of operations, but lacking whatever It or communications equipment, programs, data or function support.
Duplicate information processing facilities
Mobile sites – are packaged, modular processing facilities mounted on transportable vehicles and kept fix to be delivered and prepare at a location that may be specified upon activation
Reciprocal agreements – are agreements between separate, merely similar, companies to temporarily share their It facilities in the event that one company loses processing capability. Reciprocal agreements are not considered a viable option due to the
constraining burden of maintaining hardware and software compatibility between the companies, the complications of maintaining security and privacy compliance during shared operations, and the difficulty of enforcing the agreements should a disagreement arise at the time the plan is activated.
Reciprocal arrangements with other organisations – are agreements betwixt two or
more organizations with unique equipment or applications. Under the typical understanding, participants promise to provide aid to each other when an emergency arises.

Points to retrieve:

The CISA candidate should know these recovery strategies and when to utilize them

An offsite information processing facility having electrical wiring, air workout and floor, but no reckoner or communications equipment is a Cold site

The type of offsite information processing facility is often an adequate solution for preparing for recovery of non-critical systems and information is a cold site
Data mirroring and parallel processing are both used to provide near-immediate recoverability for time-sensitive systems and transaction processing
Organizations should use off-site storage facilities to maintain redundancy of electric current and critical data within fill-in files.
An off-site processing facility should not be hands identifiable externally considering piece of cake identification would create an boosted vulnerability for sabotage
The GREATEST concern when an arrangement's backup facility is at a warm site is – Timely availability of hardware.
The GREATEST run a risk created by a reciprocal agreement for disaster recovery fabricated betwixt two companies is – Developments may result in hardware and software incompatibility.

Function 10 – CISA Domain four – Information Systems operations, Maintenance and Service Management

What are the different Recovery/Continuity/response teams and their responsibilities?
What is back-up and restoration?

Full back-up
Incremental back-up
Differential back-up

What are the disaster recovery testing methods?

Checklist review
Parallel test
Structured walk-through
Full interruption test
Simulation test

28. Different Recovery/continuity/response teams and their responsibilities :

Incident response squad
Emergency action squad
Information security team
Harm assessment team
Offsite storage team
Software squad
Applications team
Authoritative back up team
Salvage team
Emergency operations team
Network recovery squad
Communications squad
Transportation team
User hardware squad
Relocation team
Legal affairs team
Recovery test team
Training team

Points to recollect:

o The responsibility of disaster recovery relocation team is to co-ordinate the process of moving from hot site to a new location or to the restored original location.

o The responsibleness of offsite storage team is to obtain, pack and ship media and records to the recovery facilities, as well as establishing and overseeing an offsite storage schedule.

o The responsibility of transportation squad is to locate a recovery site, if one has not been predetermined, and analogous the transport of company employees to the recovery site.

o The responsibility of relieve team is managing the relocation projection and conducting a more detailed assessment of the impairment to the facilities and equipment.

29.Back-up and restoration:

Back-up schemes:
In that location are three principal schemes for fill-in:

Full back-up – This type of backup scheme copies all files and folders to the backup media, creating 1 backup set (with ane or more media, depending on media capacity)
Incremental dorsum-up – An incremental fill-in copies the files and folders that changed or are new since the terminal incremental or full backup
Differential back-up – A differential fill-in will copy all files and folders that have been added or changed since a full backup was performed. This type of backup is faster and requires less media chapters than a full backup and requires only the last full and differential backup sets to make a total restoration

Points to call up:

o The BEST backup strategy for a large database with data supporting online sales is – Weekly total back-up with daily incremental dorsum-upwardly

xxx.Disaster Recovery testing methods:

Checklist review – This is a preliminary stride to a real test. Recovery checklists are distributed to all members of a recovery team to review and ensure that the checklist is current.
Structured walk-through – Squad members physically implement the plans on paper and review each footstep to assess its effectiveness, place enhancements, constraints and deficiencies.
Simulation test – The recovery team function plays a prepared disaster scenario without activating processing at the recovery site.
Parallel test – The recovery site is brought to a country of operational readiness, but operations at the primary site continue ordinarily.
Full interruption test – Operations are shut down at the primary site and shifted to the recovery site in accord with the recovery plan; this is the about rigorous form of testing just is expensive and potentially disruptive.

Points to recollect:

o A continuity program test that uses bodily resource to simulate a organisation crash to price-finer obtain prove about the plan's effectiveness is preparedness test

o The nearly constructive examination of DRP for organisations having number of offices across a wide geographical area is preparedness test

o The type of BCP test that requires just representatives from each operational area to meet to review the plan is Walk-through test

Full suspension test – Operations are shut down at the primary site and shifted to the recovery site in accord with the recovery plan; this is the almost rigorous form of testing but is expensive and potentially