Copyright (c) 2026 MindMesh Academy. All rights reserved. This content is proprietary and may not be reproduced or distributed without permission.

8.2. Logging, Monitoring, and SIEM

💡 First Principle: The question is not whether a significant disruption will occur — it is whether the organization has planned adequately for when it does. Business Continuity Planning (BCP) and Disaster Recovery (DR) are not about preventing disasters; they are about ensuring that critical business functions can survive and recover from disruptions regardless of cause.

BCP and DR are distinct but interdependent:

  • BCP answers: "How do we keep the business running during a disruption?" — people, processes, alternate sites, manual workarounds
  • DR answers: "How do we restore our IT systems after a disruption?" — technical recovery procedures, backup restoration, failover

BCP without DR leaves the business with a plan but no IT infrastructure to execute it. DR without BCP leaves IT systems recovered but business processes paralyzed by lack of planning.

Why this matters: BCP/DR metrics (MTD, RTO, RPO, MTTR, MTBF) are frequently tested — especially the relationships between them. RTO must be less than MTD. RPO determines backup frequency. These are not just definitions; exam questions require applying them to scenarios.

⚠️ Common Misconception: "DR is just about backup restoration." DR encompasses the full process of recovering IT services: failover to alternate sites, restoring from backup, rebuilding systems from scratch if necessary, and validating that recovered systems operate correctly. Backup restoration is one component. The DR plan must be tested — an untested backup that cannot be restored is not a backup; it is a false confidence generator.

Start with 40 free practice questions
Alvin Varughese
Written byAlvin Varughese
Founder15 professional certifications