cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Map
Viewer

CISSP question

Hi Everyone, 

 

I am studying to take the CISSP test and I came across a discrepancy in material on BIA. is the MTD = RTO + WRT or is  the MTD > RTO + WRT?

 

appreciate the guidance

MAP

Tags (2)
6 Replies
ericgeater
Community Champion

Equals.  You must recover the systems, then you must recover the work the systems perform.

 

---
Map
Viewer

Thank you!

ericgeater
Community Champion

My response may be an oversimplification of the process, but yes, you add the recovery time objective to the work recovery time to get your MTD.

 

Just keep in mind that the MTD itself is the maximum length of time a business can survive without access to critical resources.  Ideally, you do want the RTO and WRT to be less than your maximum tolerable downtime... but you have to budget for both elements in your planning.

---
JKWiniger
Community Champion

@Map 

 

Did a little searching and found this: https://defaultreasoning.com/2013/12/10/rpo-rto-wrt-mtdwth/ 

 

It seems to be a good graphical explanation.

 

John-

ericgeater
Community Champion

Great find!  Bookmarking that for later.

---
kdogar
Viewer

Yes,

MTD = WRT + RTO

 

At this stage all systems are recovered, integrity of the system or data is verified and all critical systems can resume normal operations. The Work Recovery Time (WRT) determines the maximum tolerable amount of time that is needed to verify the system and/or data integrity. This could be, for example, checking the databases and logs, making sure the applications or services are running and are available. In most cases those tasks are performed by application administrator, database administrator etc. When all systems affected by the disaster are verified and/or recovered, the environment is ready to resume the production again.

 

The sum of RTO and WRT is defined as the Maximum Tolerable Downtime (MTD) which defines the total amount of time that a business process can be disrupted without causing any unacceptable consequences. This value should be defined by the business management team or someone like CTO, CIO or IT manager.

 

Courtesy of ..

https://defaultreasoning.com/2013/12/10/rpo-rto-wrt-mtdwth/