CISSP frustrations

Just a minor thing, but I did want to vent about some parts of the CISSP, in particular the conceptual parts where it talks about BCP and DRPs. So much of it seems overly complex and wordy. There also appears to be a lot of different views on the same material and conflicting or slightly varying descriptions.

For example, the Eric Conrad book (the 600 page one) states:

Recovery Time Objective (RTO) is the maximum time allowed to recovery business or IT systems
Mean Time To Repair (MTTR) describes how long it will take to recover a failed system

Surely they are pretty much the same and if there is a difference, it doesn't seem worth the two different categories.

Also:

The Eric Conrad book (the 600 page one) states:

Maximum Tolerable Downtime (MTD)
Recovery Point Objective (RPO)
Recovery Time Objective (RTO)
Work Recovery Time (WRT)
Mean Time Between Failures (MTBF)
Mean Time to Repair (MTTR)
Minimum Operating Requirements (MOR)

Where as the Sybex book doesn't cover half of this, it simply goes over:

Recovery Time Objective (RTO)
Maximum Tolerable Outage (MTO) ... which is the same as Maximum Tolerable Downtime

Very bad for the head and just is overly confusing. I think this is a prime example of where you have to properly understand the topic ... not necessarily the terms, the definitions, the language. If you understand properly, then it doesn't matter I guess what they call it, it makes sense.

Find more posts tagged with

Comments

CyberCop123

Oh and one last thing, the test questions at the end of the chapter in the Conrad book...

Q: What is the primary goal of disaster recovery planning (DRP)

A) Integrity of Data

Preservation of Business Capital
C) Restoration of Business Processes
D) Safety of Personnel

..................................... what do you think?

My initial answer wasn't there, I thought it was focussed on specific, technical parts of the IT system. However, the answer is D - safety of personnel. The book doesn't really mention that anywhere though - I searched the PDF for it.

Just silly things like this are frustrating... but anyway, less of my moaning, got some reading to do!

Rinzler

Human life and safety are without question the top concerns in security...

tedjames

Rinzler wrote: »

Human life and safety are without question the top concerns in security...

Yes! And if you see a question like that on the exam, ALWAY choose the answer regarding the safety of human life.

PC509

I believe Kelly Handerhan goes over the RTO & MTTR and others. I know that there was a resource I used that was really lacking, and I think (not 100%) that it was Kelly's material that went into the detail and explained it to where I understood exactly what each was, and the differences.

CyberCop123

Good tips - thanks! Nice and easy to remember human life is the top priority... unless it's someone you really don't like

I'm listening to Kelly's MP3s everyday in the car, and about to start Domain 7 so I will listen out for that bit

Tekn0logy

You must fill gaps with other sources. Shon Harris audio book, albeit old, drives the point home about personnel safety being paramount. Also, industry knowledge would key on the differences between RTO and MTD.

luisbee

Tips for any CISSP & Golden Rules for any CISSP takers out there...

1. People Safety First
2. Management Buy-in is Critical
3. Everyone is Responsible for Security
4. Training is Essential
5. Policy is the Key to (nearly) everything

If you remember these Golden Rules, then you are Good to GO!!!

NotHackingYou

For example, the Eric Conrad book (the 600 page one) states:
Recovery Time Objective (RTO) is the maximum time allowed to recovery business or IT systems

Mean Time To Repair (MTTR) describes how long it will take to recover a failed system

Surely they are pretty much the same and if there is a difference, it doesn't seem worth the two different categories.

These seem similar, but consider how they are used and what they really mean.

RTO relates to how long you've got to restore your critical systems. This relates to operations as a whole and is a standard for planning recovery operations.

MTTR generally relates to a specific system or even a specific piece of hardware. This is usually coupled with the mean time to failure. If we say that a hard disk of a specific make has a mean time to failure of, say, 7 years, we'll also want to know the mean time to repair that failure.