Disaster Recovery (DR) focuses on restoring IT systems and data after a major disruption. While business continuity keeps the organization running, disaster recovery specifically addresses technology restoration—servers, networks, applications, and data. DR planning identifies critical systems, establishes recovery priorities, and defines procedures to restore operations.
DR strategies include hot sites (fully operational duplicate facilities), warm sites (partially equipped facilities), cold sites (empty facilities with basic infrastructure), and cloud-based recovery. The choice depends on recovery time objectives and budget constraints.
CISSP Relevance
Disaster recovery appears in Domain 1 (Security and Risk Management) and Domain 7 (Security Operations). Understand site types, recovery objectives (RTO and RPO), backup strategies, and testing requirements. Exam questions often present scenarios requiring selection of appropriate recovery strategies based on organizational requirements.
NIST provides comprehensive guidance in SP 800-34 Contingency Planning Guide.
Related terms: Business Continuity, Recovery Time Objective