Business Continuity Planning (BCP) Flashcards
activation
to start business continuity processes
alert
Notification that a potential disaster situation exists or has occurred
alternate site
location to perform the business function
Backup
A copy of files and programs made to facilitate recovery if necessary.
Business Continuity Plan
documentation of a predetermined set of instructions or procedures that describe how an organization’s mission/business processes will be sustained during and after a significant disruption.
business continuity program
ongoing process supported and funded by executive staff to ensure business continuity requirements are assessed, resources are allocated and, recovery and continuity strategies and procedures are completed and tested
business continuity steering committee
group of decision makers, business owners, technology experts and continuity professionals, tasked with making strategic recovery and continuity planning decisions for the organization.
Business Impact Analysis
detailed review of information system’s requirements, functions, and interdependencies used to characterize system contingency requirements and priorities in the event of a significant disruption.
business interruption
Any event, whether anticipated or unanticipated which stops the normal course of business operations at an organization location.
business interruption insurance
contract to pay for disaster related expenses that may be incurred until operations are fully recovered.
business recovery team
group of individuals responsible for maintaining the procedures and coordinating return of business functions and processes.
business recovery timeline
chronological sequence of recovery activities, or critical path, that must be followed to resume an acceptable level of operations following a business interruption. may range from minutes to weeks, depending upon requirements and methodology.
business unit recovery
component which deals specifically with the relocation of a key function or department in the event of a disaster.
call tree
internal list of contact information used for the communication of incident information, designed in a distributed manor so that no one person is responsible for contacting everyone.
checklist test
(desk check) a test that answers the questions: Does the organization have the documentation it needs? Can it be located?
cold site
recovery alternative, a building only with sufficient power, and HVAC
Continuity of Operations Plan
A predetermined set of instructions or procedures that describe how an organization’s mission essential functions will be sustained within 12 hours and for up to 30 days as a result of a disaster event before returning to normal operations.
coordinator
person responsible for overall recovery of an organization or unit(s).
crisis
A critical event, which may dramatically impact an organization’s profitability, reputation, or ability to operate.
critical functions
Business activities or information that could not be interrupted or unavailable for several business days without significantly jeopardizing operation of the organization.
critical infrastructure
Systems whose incapacity or destruction would have a debilitating impact on the economic security of an organization
critical records
documents that, if lost, would cause considerable inconvenience and/or require replacement or recreation at considerable expense.
data backup strategies
processes determined by an organization to be necessary to meet its recovery and restoration objectives. these will determine the timeframes, technologies, media and offsite storage of the backups, and will ensure that recovery point and time objectives can be met.
data backups
confidential system, application, program and/or production files on media that can be stored both on and/or offsite.
data recovery
restoration of computer files from backup media to restore programs and production data to the state that existed at the time of the last safe backup.
database replication
partial or full duplication of data from source to one or more destinations.
declaration
formal announcement by pre-authorized personnel that a disaster or severe outage is predicted or has occurred and that triggers pre-arranged mitigating actions.
desk check test
test that answers the questions: Does the organization have the documentation and people it needs. Do they understand the documentation?
disaster
an event which stops business from continuing.
Disaster Recovery Plan
A written plan for recovering one or more information systems at an alternate facility in response to a major hardware or software failure or destruction of facilities.
disaster recovery teams
A structured group of teams ready to take control of the recovery operations if a disaster should occur.
disk mirroring
Disk mirroring is the duplication of data on separate disks in real time to ensure its continuous availability, currency and accuracy.
Disruption
An unplanned event that causes an information system to be inoperable for a length of time (e.g., minor or extended power outage, extended unavailable network, or equipment or facility damage or destruction).
distributed processing
a back up type, where the organization has excess capacity in another location.
Drills - Test
practice of activity typically targeted to a specific response. The purpose is to have the participants follow the designated response activities specified in their plans to become more proficient in executing the response activity.
electronic vaulting
transmission of backup data to an offsite facility; it eliminates the need for tape shipment and therefore significantly shortens the time required to move the data offsite.
emergency
sudden, unexpected event requiring immediate action due to potential threat to health and safety, the environment, or property.
Emergency Operations Center
location where coordination and execution of BCP or DRP is directed
emergency procedures
plan of action to commence immediately to prevent the loss of life and minimize injury and property damage.
executive succession
planning for the delegation of authority required when decisions must be made without the normal chain of command
exercise
activity that is performed for the purpose of training and conditioning team members, and improving their performance.
file shadowing
asynchronous duplication of the production database on separate media to ensure data availability, currency and accuracy.
forward recovery
process of recovering a database to the point of failure by applying active journal or log data to the current backup files of the database.
Full Interruption Test
live, very high risk test.
hot site
recovery alternative, everything needed for the business function, except people and last backup
Impact
magnitude of harm that can be expected to result from consequences of unauthorized disclosure of information, unauthorized modification of information, unauthorized destruction of information, or loss of information or information system availability.
Impact Level
classify the intensity of a potential impact that may occur if the information system is jeopardized.
incident manager
highest level of authority at EOC with knowledge of the business process and the resources available
incident response
reaction of an organization to a significant event that may impact the organization, its people, or its ability to function productively.
Incident Response Plan
documentation of a predetermined set of instructions or procedures to detect, respond to, and limit consequences of a malicious cyber attacks against an organization’s information system(s).
Information System Contingency Plan
management policy and procedures designed to maintain or restore business operations, including computer operations, possibly at an alternate location, in the event of emergencies, system failures, or disasters.
integrated test
test conducted on multiple components of a plan, in conjunction with each other, typically under simulated operating conditions
journaling
process of logging single changes or updates to a database since the last full backup.
Live Walk-Through Test
an exercise where the plan is executed as if a real disaster has taken place at a specific point in the facility and is typically conducted with multiple BC/DR teams. (simulation test)
Maximum Tolerable Downtime
amount of time mission/business process can be disrupted without causing significant harm to the organization’s mission.
mirrored site
recovery alternative, complete duplication of services including personnel
mission-critical application
essential to the organization’s ability to perform necessary business functions.
mobile site
recovery alternative, short-term, high cost movable processing location
near site
backup of data located where staff can gain access readily and a localized disaster will not cause harm
off site
backup of data located where staff can not gain access readily and a regional disaster will not cause harm
off-site storage
Alternate location where duplicated vital records and documentation may be stored for use during disaster recovery.
on-site
backup of data located where staff can gain access immediately
operational impact analysis
determines the significance of the loss of an operational or technological resource. The loss of a system, network or other critical resource may affect a number of business processes.
operational test
test conducted on one or more components of a plan under actual operating conditions.
Parallel Test
operational test is held at the same time with the actual processing of critical systems to ensure that the systems will run correctly at the alternative site.
reciprocal agreement
between two organizations (or two internal business groups) with basically the same equipment/same environment that allows each one to recover at each other’s site.
recovery period
time period between a disaster and a return to normal functions, during which the disaster recovery plan is employed.
Recovery Point Objective
determinant of the amount of data that may need to be recreated after the systems or functions have been recovered.
stipulates the amount of data an organization can lose when a disaster occurs
Recovery Time Objective
target time which respects tolerance for loss of certain business function, basis of strategy
stipulates the amount of time an organization needs to recover from a disaster
remote journaling
database backup type which records at the transaction level
replication
backup type which creates a complete copy
Resilience
ability to quickly adapt and recover from any known or unknown changes to the environment through holistic implementation of risk management, contingency, and continuity planning.
restoration
planning with a goal of returning to the normal business function
resumption
process of planning for and/or implementing the restarting of defined business operations following a disaster, usually beginning with the most critical or time-sensitive functions first.
risk assessment / analysis
assessing the critical functions necessary for an organization to continue business operations, defining the controls in place to reduce organization exposure and evaluating the cost for such controls; involves an evaluation of the probabilities of a particular negative event.
risk mitigation
Implementation of measures to limit specific threats to the continuity of business operations, and/or respond to any occurrence of such threats in a timely and appropriate manner.
service bureau
recovery alternative which outsources a business function at a cost
shadowing
backup type, for databases at a point in time
simulation
scenario based test that answers the question: Can the organization replicate the business process?
standalone test
test conducted on a specific component of a plan, in isolation from other components, typically under simulated operating conditions.
structured walkthrough
One method of testing a specific component of a plan. Typically, a team member makes a detailed presentation of the component to other team members (and possibly non-members) for their critique and evaluation.
System Development Life Cycle
The scope of activities associated with initiation, development and acquisition, implementation, operation and maintenance, and ultimately its disposal
system downtime
planned or unplanned interruption in system availability
Tabletop Walk-Through Test
A is a test that exercises all or part of the BC/DR plan as specified in the scope of the test plan.
test plan
document designed to periodically exercise specific action tasks and procedures to ensure viability in a real disaster.
triage
to evaluate the current situation and make basic decisions as to what to do
Walk-Through Test
first test conducted to familiarize the team leader and members with the plan. It addresses all components of the BC/ DR plan.
warm site
recovery alternative which includes cold site and some equipment and infrastructure is available
