5.2 Summarize business impact analysis concepts

Question 1

RTO/RPO

Answer 1

(recovery time objective) The length of time it takes after an event to resume normal business operations and activities.

Question 2

MTBF

Answer 2

(Mean Time Between Failures) The rating on a device or component that predicts the expected time between failures.

Question 3

MTTR

Answer 3

(Mean Time to Repair/Replace/Recover) The average time taken for a device or component to be repaired, replaced, or otherwise recover from a failure.

Question 4

Mission-essential functions

Answer 4

The organization must be able to perform this function as close to continually as possible, and if there is any service disruption, the mission essential functions must be restored first.

Question 5

Identification of critical systems

Answer 5

Means compiling an inventory of its business processes and its tangible and intangible assets and resources.

Question 6

Privacy impact assessment

Answer 6

A detailed study to assess the risks associated with storing, processing, and disclosing PII. The study should identify vulnerabilities that may lead to data breach and evaluate controls mitigating those risks.

Question 7

Privacy threshold assessment

Answer 7

An initial audit to determine whether a computer system or workflow collects, stores, or processes PII to a degree where a PIA must be performed. PTAs must be repeated every three years.