You are developing a contingency plan for an information system and considering system availability and product life and support. Which of the following is true?
A. Hard drives should be evaluated in terms of mean time to repair (MTTR).
B. A product is not available on the market if it is at the end of support
C. Product support is not available after the product is announced end-of-life.
D. Implementing a redundant site to meet the recovery time objective (RTO) is mandatory.
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is B. A product is not available on the market if it is at the end of support.
The definitions of end-of-life (EOL) and end-of-support (EOS) can vary across vendors. Product support may or may not be available after the product is announced end-of-life. It depends on how the vendor’s EOL policy defines them. However, it’s common that a product is not available on the market if it is at the end of support.
End-Of-Life (EOL) and Due Diligence
A security professional should exercise due diligence to review a vendor’s EOL policy, which typically defines the product life cycle and terminologies. EOL and End-of-Support (EOS) can be defined inconsistently. Some may treat EOS as a phase of the product life cycle (e.g., Wikipedia), while others may refer to EOL as end-of-sales (e.g., HP).
According to Wikipedia, if a product is declared as EOL, it’s typically not available on the market. However, the vendor may keep providing support to current customers, e.g., spare parts, patches, or services.
“End-of-life” (“EOL”) is a term used with respect to a product supplied to customers, indicating that the product is in the end of its useful life (from the vendor’s point of view), and a vendor stops marketing, selling, or rework sustaining it. (The vendor may simply intend to limit or end support for the product.) In the specific case of product sales, a vendor may employ the more specific term “end-of-sale” (“EOS”).
MTTF and Preventive Maintenance
Malfunctioning hard drives are typically replaced with new ones, so MTTF is a more suitable metric for preventive maintenance.
Mean Time To Repair (MTTR)
- Mean time to repair (MTTR) is a basic measure of the maintainability of repairable items.
- It represents the average time required to repair a failed component or device.
Mean Time Between Failures (MTBF)
- Mean time between failures (MTBF) is the predicted elapsed time between inherent failures of a mechanical or electronic system, during normal system operation.
- The term is used for repairable systems, while mean time to failure (MTTF) denotes the expected time to failure for a non-repairable system.
Not every information system is as critical such that a redundant site is required. For example, an information system categorized with a low-availability security objective does not require alternate storage or a processing site (CP-6 and CP-7, respectively) per the FIPS 199 and NIST SP800-53.
- Mean Time Between Failures (MTBF)
- Mean Time To Repair (MTTR)
- What is preventive maintenance?
- End-of-life (product)
- NETADMIN PRODUCT LIFECYCLE POLICY
- Egain Product Lifecycle Policy
- End-of-Life Policy (Cisco)
- ArticlesProduct Support and End of Life Policy (EOL)
- End-of-Life Trend Micro Products/Versions
- Search Product and Services Lifecycle Information
- Lifecycle FAQ – Windows
A BLUEPRINT FOR YOUR SUCCESS IN CISSP
My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.