05. Incident Classification, Management Training, Testing, and Evaluation (448)

Question 1

Incident Response

Security incidents require mobilization, response, communication with key parties, containment, and closure

449

Question 2

BCP and DR Training

Response and continuity procecures greatly diminished if those responsible for their execution are unfamiliar with them
Training, walk throughs and validating procedures helps
Other activities include;
Document Review
Participation in Walk Through
Simulations
Paralle and Cutover testing

450

Question 3

BCP and DR testing

Without testing recovery and continuity plans, an organisation has no means to know if they are effective

452

Question 4

BCP and DR testing

Parallel Testing
An actual test of disaster recovery and business continuity response plans running in parallel to live systems
Cut Over Testing
The most intrusive means of testing, provides the most reliable results in terms of capability, capacity, backup reliability and processes

456

Question 5

BCP Evaluation

Evaluation of BCP should be a top down analysis of key business objectives
Does strateg and program support those key business objectives

457

Question 6

Evaluating Business Continuity Planning

Evaluating Business Continuity Planning should involve the following;

• Examining Business Continuity Documentatiomn
• Reviewing prior to test Results and action plans
• Interviewing Key Personnel
• Reviewing Service Provider Contracts
• Reviewing Insurance Coverage

457-460

Question 7

Evaluating Disaster Recovery Planning

Evaluation of the DR plan should focus on alignment with organisation business continuity plans. Activities should involve;

• Evaluate Disaster Recovery Plans
• Review DR test results and action plans
• Evluate offsite storage
• Evaluate alternate processing facilities

461