Re: CISSP question

Map · ‎10-20-2020

Hi Everyone,

I am studying to take the CISSP test and I came across a discrepancy in material on BIA. is the MTD = RTO + WRT or is the MTD > RTO + WRT?

appreciate the guidance

MAP

ericgeater · ‎10-21-2020

Equals. You must recover the systems, then you must recover the work the systems perform.

---
I've always said, "There's nothing an agnostic can't do if he really doesn't know whether he believes in anything or not."

Map · ‎10-21-2020

Thank you!

ericgeater · ‎10-21-2020

My response may be an oversimplification of the process, but yes, you add the recovery time objective to the work recovery time to get your MTD.

Just keep in mind that the MTD itself is the maximum length of time a business can survive without access to critical resources. Ideally, you do want the RTO and WRT to be less than your maximum tolerable downtime... but you have to budget for both elements in your planning.

---
I've always said, "There's nothing an agnostic can't do if he really doesn't know whether he believes in anything or not."

JKWiniger · ‎10-21-2020

@Map

Did a little searching and found this: https://defaultreasoning.com/2013/12/10/rpo-rto-wrt-mtdwth/

It seems to be a good graphical explanation.

John-

ericgeater · ‎10-21-2020

Great find! Bookmarking that for later.

---
I've always said, "There's nothing an agnostic can't do if he really doesn't know whether he believes in anything or not."