Business Continuity Planning Flashcards
What are the four main steps in Business Continuity Planning? (PBCA)
- Project scope and planning
- Business impact assessment
- Continuity planning
- Approval for implementation
One of the first steps in business continuity planning is to_________________.
Identify all departments, individuals who need to participate- who is critical to the process.
What is a BIA and when do you perform one and name three critical activities?
Business Impact Analysis
You complete a BIA is completed once the Business Continutiy Plan has been completed.
- Critical resources
- Threat identification
- Qualitative and quantitative analysis
Identifies the critical resources to an organization’s ongoing viability and the threats posed to those resources. Quantitative and Qualitative measures/impacts are taken into account.
What is the RTO?
Recovery Time Objective
What are the 5 key steps in Business Impact Analysis (IRLIR)?
IRLIR
- Identify priorities
- Risk Identification
- Likelihood assessment
- Impact assessment
- Resource Prioritization
What are some of the activities performed in the Identify Priorities stage of BIA?
Determining A-R-M
- Asset value (AV),
- Recovery Time Objectives (RTO)
- Maximum Tolerable Downtime (MTD)
What important activity is performed in the Likelihood Assessment?
Determine # of times event could occur in a year ARO (Annulized Rate of Occurence)
What are some of the activities performed during the Impact Assessment (ESA)?
EF SLE ALE
Determining the impacts of identified risks and the likelihood of them occurring, the impact is determined using EF (Exposure factor), SLE (Single Loss Expectancy), and the ALE (Annualized Loss Expectancy)
How do you calculate the SLE (Single Loss Expectancy)?
SLE = AV x EF
Asset Value * Exposure factor
How do you calculate the ALE (Annualized Loss Expectancy)?
First it is the monetary loss that a business expects to occur as a result of the risk harming the asset over the course of a year.
What is the SLE (Single Loss Expectancy)?
It is the monetary loss that is expected EACH time the risk materializes.
What is the ALE (Annualized Loss Expectancy)?
It is the monetary loss that a business expects to occur as a result of the risk harming the asset over the course of a year.
How do you calculate the ALE (Annualized Loss Expectancy)?
ALE= SLE x ARO
Calculate the ALE for a building costing $350,000 where a fire could occur every 30 years?
If the fire could occur every 30 years then the ARO is 1/30 or .03. The 350,000 is the SLE, if the building were to burn down 1 time, that is how much it would cost. So using the formula ALE= SLE x ARO 350,000 x .03 = $11,667 (ALE)
What are the 5 major areas of Continuity Planning? (SPPPT)
- Strategy development
- Provisions and Processes
- Plan approval
- Plan implementation
- Training and Education