Chapter 61 Β· Concepts

Infrastructure Considerations β€” Quick Reference

Availability tiers, resilience metrics, cost breakdown, recovery comparison, patching workflow, power tiers, and the twelve-consideration summary.

Availability SLA Tiers

SLA LevelUptime %Max Downtime/YearMax Downtime/MonthTypical Use Case
Two nines99%3.65 days7.3 hoursDevelopment/test environments, non-critical internal tools
Three nines99.9%8.77 hours43.8 minutesGeneral business applications, non-revenue-critical systems
Four nines99.99%52.6 minutes4.4 minutesBusiness-critical applications, e-commerce platforms
Five nines99.999%5.26 minutes26.3 secondsMission-critical: financial trading, emergency services, hospitals

Resilience Metrics β€” MTTR, MTTF, MTBF

MetricFull NameWhat It MeasuresBetter WhenRelationship
MTTFMean Time to FailureExpected operational lifetime before a component fails β€” a reliability measure for non-repairable componentsHigher = more reliable hardwareMTBF = MTTF + MTTR
MTTRMean Time to RepairAverage time from failure detection to full restoration β€” the primary resilience metricLower = faster recovery
MTBFMean Time Between FailuresAverage time between end of one failure and start of next β€” overall system reliabilityHigher = more reliable system

Infrastructure Cost Components

Cost TypeDescriptionOn-PremisesCloudAccounting Treatment
Initial installationHardware, software licenses, deployment laborHigh β€” hardware purchase + data center buildoutLow β€” no hardware; setup labor onlyCapital expenditure (CapEx) β€” depreciated over time
Ongoing maintenanceAnnual licensing, support contracts, staff time, monitoringMedium-High β€” staff, hardware maintenanceMedium β€” subscription fees, managed servicesOperational expenditure (OpEx) β€” expensed as incurred
Repair and replacementFailed hardware replacement, emergency patches, redundant component costsHigh β€” physical hardware replacementLow β€” provider handles hardware; pay for capacityMixed: emergency CapEx or OpEx depending on classification
Indirect costsPower, cooling, physical space, insurancePresent β€” data center costsIncluded in provider pricingOpEx β€” facility costs

Recovery Method Comparison

MethodProcessTime (Single System)Time (50 Systems)Requirements
Manual rebuild from original mediaBoot from OS media β†’ install OS β†’ apply all patches β†’ install applications β†’ restore data~90 minutes~75 hoursInstallation media only β€” no upfront investment
Corporate image deploymentBoot from network/USB image β†’ image deploys pre-configured baseline β†’ restore data~15 minutes~12.5 hoursMaintained image library β€” upfront investment, ongoing maintenance
Cloud instance restore from snapshotProvision new instance from saved snapshot β†’ data already included~5 minutes~4 hours (parallel)Regular snapshot schedule, cloud infrastructure
Containerized application restartContainer orchestrator automatically restarts failed container from image<1 minute (automated)<5 minutes (parallel)Containerized architecture, orchestration platform

Patch Management Workflow

StepActionWhoSecurity Consideration
1Vendor releases patch (e.g., Patch Tuesday)VendorSubscribe to vendor security advisories; evaluate CVSS severity score
2Evaluate severity and applicabilityIT Security teamCritical/High CVEs should enter emergency track; Medium/Low follow standard cycle
3Test patch in non-production environmentIT/QA teamVerify patch does not break critical business applications; test for compatibility
4Validate and approve for productionChange control boardChange management approval; rollback plan documented before deployment
5Deploy to productionIT OperationsDeploy in waves (pilot group β†’ broader rollout); monitor for issues
6Verify and documentIT Security teamConfirm patch applied on all in-scope systems; update vulnerability scan baseline

Inability to Patch β€” Compensating Controls

Device TypeWhy It Cannot Be PatchedCompensating ControlNotes
HVAC / building automation controllersEmbedded firmware, no update mechanism, proprietary hardwareDedicated VLAN; firewall permitting only required protocols; no internet accessPhysical access should also be restricted
Time clocks / access control panelsPurpose-built, closed firmware, vendor may no longer supportIsolated network segment; monitor for anomalous traffic at network boundaryReplace at end of vendor support lifecycle
Legacy medical devices (FDA-regulated)Firmware updates require FDA re-approval; update process requires field engineerIsolate on medical device VLAN; restrict communication to approved systems only; compensating controls documented for complianceWork with vendor on update schedule; plan lifecycle replacement
Legacy industrial equipment (Windows XP/CE)Application software incompatible with modern OS; vendor no longer supportsAir gap from corporate network; allow only required communications through strictly controlled interfaceBudgeting for replacement is the long-term solution
End-of-support softwareVendor discontinued support; no patches will ever be releasedMaximize other controls; isolate from internet and untrusted networks; plan replacementRunning end-of-support software is an accepted risk that must be explicitly documented

Power Infrastructure Tiers

Power ComponentFunctionProtection AgainstCoverage Duration
Primary utility feedMain electrical power from utility providerN/A β€” this is what failsContinuous when available
Dual utility feedsTwo independent power feeds from separate substationsSingle substation failure; line fault on one feedContinuous (one feed remains if other fails)
UPSBattery-backed immediate power bridgeMomentary outages; power quality issues (sags, surges, noise); time to start generatorMinutes (5–30 min typical)
GeneratorDiesel/natural gas backup power generationExtended utility outages; sustained power failureHours to days (fuel-dependent)
UPS + GeneratorCombined: UPS provides immediate power while generator startsAny utility power failure of any durationIndefinite (while fuel available)

Scalability Security Requirement

Infrastructure StateSecurity Coverage RequiredFailure Mode if Not Addressed
Baseline (4 instances)All 4 instances: SIEM logging, IDS, endpoint monitoring, firewall policyN/A β€” baseline
Scale-out event (+12 instances = 16 total)All 16 instances must be covered β€” auto-scaling must include security tool provisioning12 new instances invisible to SIEM; attackers can operate on new instances with no detection
Scale-in event (16 β†’ 4 instances)Terminated instances decommissioned from monitoring; no orphaned monitoring entriesMonitoring artifacts for decommissioned instances create alert noise; security tool licenses wasted
Orchestrated deployment (IaC)Security tool installation and configuration included in the IaC templateManually added security tools are not repeatable; some deployments will be missing controls

The Twelve Infrastructure Considerations β€” Summary

#ConsiderationOne-Line DefinitionPrimary Metric
1AvailabilitySystems accessible when needed, by authorized users onlyUptime % / SLA
2ResilienceAbility to maintain and restore availability after failureMTTR
3CostTotal financial impact including CapEx, OpEx, maintenance, and taxTotal Cost of Ownership (TCO)
4ResponsivenessSpeed of request-to-response; limited by the weakest componentLatency (ms)
5ScalabilityAbility to grow or shrink capacity to match demandScale time; max capacity
6ElasticityAutomatic, real-time scaling in response to demandTime to scale; cost efficiency
7Ease of DeploymentHow simply and reliably all components can be provisioned and configuredDeployment time; error rate
8Risk TransferenceShifting financial consequences of security incidents to a third partyInsurance coverage limit
9Ease of RecoverySpeed and simplicity of restoring systems after an incidentRTO (Recovery Time Objective)
10Patch AvailabilityVendor's ongoing release of security and bug-fix updatesPatch cycle frequency; time to remediate
11PowerReliable electrical supply including backup (UPS + generator)Power uptime; UPS runtime
12ComputeProcessing capacity β€” single server to distributed multi-cloudCPU/memory capacity; latency