Episode 37 — A.5.29–5.30 — Security during disruption; ICT readiness for BC

A.5.29 focuses on maintaining information security when normal operations are disrupted, such as during disasters, severe outages, or crisis events. For the exam, remember that protection objectives do not pause; confidentiality, integrity, and availability must be sustained with alternate procedures, predefined authorities, and risk-based exceptions documented and time-boxed. A.5.30 strengthens this resilience by requiring ICT readiness for business continuity, aligning technical capabilities with business impact analyses and recovery objectives. Candidates should articulate how these controls ensure that critical services can be restored within Recovery Time Objective (RTO) and data loss kept within Recovery Point Objective (RPO), with clear dependencies, roles, and communication paths.

Operationally, organizations pre-build failover architectures, tested runbooks, and degraded-mode procedures that preserve security even when capacity is constrained. Examples include using preapproved break-glass accounts protected by strict logging and rapid post-use review, enforcing encryption and key access in alternate sites, and ensuring backups are immutable, off-network, and routinely restored to verify integrity. Drills must test not only technology—like cross-region failover or restoring from object-locked backups—but also people and processes: who declares disaster, how to coordinate with suppliers, and how to manage customer communications. Pitfalls include untested assumptions about cloud provider guarantees, configuration drift between primary and recovery environments, and overlooked dependencies such as identity services, DNS, or licensing servers. Strong programs track exercise frequency, drill pass rates, mean time to recover, and data integrity validation, and integrate findings into architecture upgrades and supplier requirements. Candidates should be prepared to discuss how these controls align with incident management, change control, and management review to demonstrate a coherent, evidence-backed continuity capability. Produced by BareMetalCyber.com, where you’ll find more cyber audio courses, books, and information to strengthen your educational path. Also, if you want to stay up to date with the latest news, visit DailyCyber.News for a newsletter you can use, and a daily podcast you can commute with.