Business Continuity Planning Flashcards

1
Q

What are the four main steps in Business Continuity Planning? (PBCA)

A
  1. Project scope and planning
  2. Business impact assessment
  3. Continuity planning
  4. Approval for implementation
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

One of the first steps in business continuity planning is to_________________.

A

Identify all departments, individuals who need to participate- who is critical to the process.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is a BIA and when do you perform one and name three critical activities?

A

Business Impact Analysis

You complete a BIA is completed once the Business Continutiy Plan has been completed.

  • Critical resources
  • Threat identification
  • Qualitative and quantitative analysis

Identifies the critical resources to an organization’s ongoing viability and the threats posed to those resources. Quantitative and Qualitative measures/impacts are taken into account.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the RTO?

A

Recovery Time Objective

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the 5 key steps in Business Impact Analysis (IRLIR)?

A

IRLIR

  1. Identify priorities
  2. Risk Identification
  3. Likelihood assessment
  4. Impact assessment
  5. Resource Prioritization
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are some of the activities performed in the Identify Priorities stage of BIA?

A

Determining A-R-M

  • Asset value (AV),
  • Recovery Time Objectives (RTO)
  • Maximum Tolerable Downtime (MTD)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What important activity is performed in the Likelihood Assessment?

A

Determine # of times event could occur in a year ARO (Annulized Rate of Occurence)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are some of the activities performed during the Impact Assessment (ESA)?

A

EF SLE ALE

Determining the impacts of identified risks and the likelihood of them occurring, the impact is determined using EF (Exposure factor), SLE (Single Loss Expectancy), and the ALE (Annualized Loss Expectancy)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

How do you calculate the SLE (Single Loss Expectancy)?

A

SLE = AV x EF

Asset Value * Exposure factor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

How do you calculate the ALE (Annualized Loss Expectancy)?

A

First it is the monetary loss that a business expects to occur as a result of the risk harming the asset over the course of a year.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is the SLE (Single Loss Expectancy)?

A

It is the monetary loss that is expected EACH time the risk materializes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the ALE (Annualized Loss Expectancy)?

A

It is the monetary loss that a business expects to occur as a result of the risk harming the asset over the course of a year.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

How do you calculate the ALE (Annualized Loss Expectancy)?

A

ALE= SLE x ARO

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Calculate the ALE for a building costing $350,000 where a fire could occur every 30 years?

A

If the fire could occur every 30 years then the ARO is 1/30 or .03. The 350,000 is the SLE, if the building were to burn down 1 time, that is how much it would cost. So using the formula ALE= SLE x ARO 350,000 x .03 = $11,667 (ALE)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are the 5 major areas of Continuity Planning? (SPPPT)

A
  1. Strategy development
  2. Provisions and Processes
  3. Plan approval
  4. Plan implementation
  5. Training and Education
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What activities occur during Strategy Development?

A

The contingencies identified as part of the qualitative and quantitative prioritization must be identified to be acted upon in the contingency plan.

Looking at the MTD (Maximum Tolerable Downtime) determine which risks need to be prioritized over others.

17
Q

During Strategy Development, what decisions are made in regards to RISK?

A
  1. Reduce the risk
  2. Assign the risk
  3. Accept the risk
  4. Reject the risk
18
Q

What activities are done during the Provisions and Processes part of the BCP?

A

The specific procedures and mechanisms that will mitigate the risks deemed unacceptable.

19
Q

What are the three categories of assets that must be protected as part of the BCP?

A
  1. People
  2. Buildings and Facilities
  3. Infrastructure
20
Q

What are some of the 11 sections that should be included in the BCP documentation?

A
  1. Continuity planning goals
  2. Statement of importance
  3. Statement of priorities
  4. Statement of Organizational Responsibility
  5. Statement of urgency/timing
  6. Risk Assessment
  7. Risk Acceptance/Mitigation
  8. Vital records program
  9. Emergency-response guidelines
  10. Maintenance
  11. Testing and Exercises
21
Q

What are the components of Project Scope and Planning?

A

1.

  1. Business organization analysis
  2. Creation of the BCP team
  3. Assessment of available resources
  4. Analysis of regulaory and legal landscape