Disaster Recovery & Business Continuity
Resilience strategies designed to ensure an organization can survive significant disruptions—from natural disasters to cyberattacks. It's about minimizing downtime and ensuring survival.
1 The Concert Analogy
Imagine you're organizing a big concert in a park. Suddenly, it starts pouring rain or the power goes out. How do you keep the show going?
Disaster Recovery (DR)
The Umbrella & Generator. You cover the stage and switch on backup power immediately.
In Business
Restoring critical IT systems and data (servers, databases) to get tech running.
Business Continuity (BC)
Moving Indoors. A broader plan to move the venue or play acoustic if the sound system fails completely.
In Business
Maintaining operations overall (remote work, alternative offices) so the business survives.
2 Scope & Focus
Disaster Recovery
- Focuses on IT infrastructure & data.
- Reactive (happens after the event).
- Goal: Restore systems ASAP.
Business Continuity
- Focuses on overall business operations.
- Proactive & Reactive.
- Goal: Keep the business running.
3 Planning & Metrics
The BC Team
Led by a Business Continuity Manager. They work with IT and Ops to design strategies and conduct risk assessments.
RTO
Recovery Time Objective"How fast must we be back up?"
(e.g., 4 hours)
RPO
Recovery Point Objective"How much data can we lose?"
(e.g., 1 hour)
4 Testing the Plan
A plan that isn't tested is just a theory. Testing ensures staff know their roles.
Tabletop Exercises
Team members gather in a room and verbally walk through their responses to a simulated scenario (e.g., "What if the server room flooded?").
Full-Scale Simulation
Actually failing over to backup systems, shutting down main power, or moving staff to alternate sites to see if it works in reality.
The Pen Tester's Role
Penetration testers play a crucial part by simulating attacks that could trigger a disaster. They identify vulnerabilities in the DR/BC plans themselves—ensuring that if a real attacker strikes, the recovery procedures aren't compromised.